Drone — Container-Native Continuous Integration Platform

Introduction

Drone is a container-native CI/CD platform built on Docker. Every step in a Drone pipeline runs inside an isolated container, guaranteeing clean and reproducible builds. Originally created by Brad Rydzewski and now maintained by Harness, Drone powers CI for thousands of organizations with minimal configuration overhead.

What Drone Does

• Executes every pipeline step in an isolated Docker container
• Reads pipeline definitions from a .drone.yml file in the repository root
• Integrates with GitHub, GitLab, Bitbucket, and Gitea for webhook-driven builds
• Supports parallel steps, matrix builds, and multi-platform pipelines (arm64, amd64)
• Provides a built-in secrets manager and extension system for custom logic

Architecture Overview

Drone uses a server-runner architecture. The server handles webhook events, authentication, and the web UI, while runners pull jobs from a queue and execute them. Docker Runner spawns containers per step, Kubernetes Runner creates pods, and Exec Runner runs commands directly on the host. Communication between server and runners uses an RPC protocol secured by a shared secret.

Self-Hosting & Configuration

• Deploy the server with docker run drone/drone:2 and set OAuth credentials
• Connect a runner (Docker, Kubernetes, or Exec) using DRONE_RPC_HOST and DRONE_RPC_SECRET
• Configure SCM integration via environment variables for GitHub, GitLab, or Bitbucket
• Store secrets at the repository or organization level through the web UI or CLI
• Use SQLite for small setups or PostgreSQL/MySQL for production workloads

Key Features

• True container isolation ensures no build pollution between jobs
• Configuration as code in .drone.yml lives alongside application source
• Multi-platform support with native ARM and Windows runners
• Plugin marketplace with 100+ community-built Docker-based plugins
• Autoscale runners on cloud VMs with the autoscaler extension

Comparison with Similar Tools

• Jenkins — Feature-rich but heavier; requires plugin management and JVM overhead
• GitHub Actions — Hosted convenience but vendor-locked; Drone is fully self-hosted
• Woodpecker CI — Community fork of Drone with a similar architecture and config format
• GitLab CI — Tightly coupled with GitLab; Drone works with any Git provider
• Concourse CI — Resource-based pipeline model; steeper learning curve than Drone

FAQ

Q: Is Drone free for open-source projects? A: Yes. The Community Edition is free and open source under the Apache 2.0 license, suitable for most teams.

Q: How does Drone handle secrets? A: Secrets are stored encrypted in the database and injected as environment variables at runtime. They can be scoped per repository or organization and are never exposed in logs.

Q: Can Drone run pipelines on Kubernetes? A: Yes. The Kubernetes Runner executes each pipeline step as a pod, leveraging cluster resources and native scheduling.

Q: How does Drone compare to GitHub Actions for self-hosted use? A: Drone is purpose-built for self-hosting with full control over data and runners. GitHub Actions self-hosted runners still depend on GitHub's orchestration layer.

Sources

• https://github.com/harness/drone
• https://docs.drone.io