Emil Miler

Zola website deployment with Drone CI

NOTE: This article is outdated and superseded by native Gitea Actions.

Zola is my SSG of choice, as it it fast, powerful and packed in a single statically linked binary. Here is how I use with in conjunction with Drone CI for automatic building and deployment to my webserver.

I have written a bachelor’s thesis on static site generators and implementing a sample website with Zola in particular. Where my thesis lacks, though, is in the automatic deployment, where I glued together some Git hooks and shell scripts. It works fairly well, but it does not provide much feedback or code validity checks.

Pipeline

We start with a simple header in which we define the basics.

kind: pipeline
name: default

steps:

The Drone pipeline has two main parts – build and deployment. Best way of building the source is by pulling the official Zola container from ghcr. Since the container does not have a shell, we need to use entrypoint and command options, instead of a set of shell commands.

- name: build
  image: ghcr.io/getzola/zola:v0.16.1
  entrypoint: [ "/bin/zola" ]
  command: [ "build" ]

Deployment is done using drone-rsync plugin, which handles connection to a remove webserver and can work with private keys via Drone secrets, which we configure later.

- name: deploy
  image: drillster/drone-rsync
  settings:
    hosts: [ "0x45.cz" ]
    user: drone
    source: public/*
    target: /srv/www/em.0x45.cz
    recursive: true
    delete: true
  environment:
    RSYNC_KEY:
      from_secret: rsync_key

Webserver configuration

The server needs a new user with write access to the website root directory.

useradd drone
mkdir -p /srv/www/em.0x45.cz
chown drone:drone /srv/www/em.0x45.cz

SSH keys

Create a keypair for SSH connection from Drone to our deployment server.

ssh-keygen -t ed25519

Public key has to be added to ~/.ssh/authorized_keys of drone user on our webserver. The private key has to be inserted to Drone as a secret. This can be easily done trough the web UI, or by using commands. The secret name has to match from_secret option, so in our case: rsync_key. Drone can then easily authenticate and push content to our webroot.

2022-09-28, Emil Miler