# Drone — Container-Native Continuous Integration Platform > A self-service CI/CD platform that uses containers for every pipeline step. Drone pipelines are defined in simple YAML and run in isolated Docker containers, making builds reproducible and portable. ## Install Save in your project root: # Drone — Container-Native Continuous Integration Platform ## Quick Use ```bash docker run --volume=/var/run/docker.sock:/var/run/docker.sock --env=DRONE_GITHUB_CLIENT_ID=your-id --env=DRONE_GITHUB_CLIENT_SECRET=your-secret --env=DRONE_RPC_SECRET=shared-secret --env=DRONE_SERVER_HOST=drone.example.com --env=DRONE_SERVER_PROTO=https --publish=80:80 drone/drone:2 ``` ## Introduction Drone is a container-native CI/CD platform built on Docker. Every step in a Drone pipeline runs inside an isolated container, guaranteeing clean and reproducible builds. Originally created by Brad Rydzewski and now maintained by Harness, Drone powers CI for thousands of organizations with minimal configuration overhead. ## What Drone Does - Executes every pipeline step in an isolated Docker container - Reads pipeline definitions from a `.drone.yml` file in the repository root - Integrates with GitHub, GitLab, Bitbucket, and Gitea for webhook-driven builds - Supports parallel steps, matrix builds, and multi-platform pipelines (arm64, amd64) - Provides a built-in secrets manager and extension system for custom logic ## Architecture Overview Drone uses a server-runner architecture. The server handles webhook events, authentication, and the web UI, while runners pull jobs from a queue and execute them. Docker Runner spawns containers per step, Kubernetes Runner creates pods, and Exec Runner runs commands directly on the host. Communication between server and runners uses an RPC protocol secured by a shared secret. ## Self-Hosting & Configuration - Deploy the server with `docker run drone/drone:2` and set OAuth credentials - Connect a runner (Docker, Kubernetes, or Exec) using `DRONE_RPC_HOST` and `DRONE_RPC_SECRET` - Configure SCM integration via environment variables for GitHub, GitLab, or Bitbucket - Store secrets at the repository or organization level through the web UI or CLI - Use SQLite for small setups or PostgreSQL/MySQL for production workloads ## Key Features - True container isolation ensures no build pollution between jobs - Configuration as code in `.drone.yml` lives alongside application source - Multi-platform support with native ARM and Windows runners - Plugin marketplace with 100+ community-built Docker-based plugins - Autoscale runners on cloud VMs with the autoscaler extension ## Comparison with Similar Tools - **Jenkins** — Feature-rich but heavier; requires plugin management and JVM overhead - **GitHub Actions** — Hosted convenience but vendor-locked; Drone is fully self-hosted - **Woodpecker CI** — Community fork of Drone with a similar architecture and config format - **GitLab CI** — Tightly coupled with GitLab; Drone works with any Git provider - **Concourse CI** — Resource-based pipeline model; steeper learning curve than Drone ## FAQ **Q: Is Drone free for open-source projects?** A: Yes. The Community Edition is free and open source under the Apache 2.0 license, suitable for most teams. **Q: How does Drone handle secrets?** A: Secrets are stored encrypted in the database and injected as environment variables at runtime. They can be scoped per repository or organization and are never exposed in logs. **Q: Can Drone run pipelines on Kubernetes?** A: Yes. The Kubernetes Runner executes each pipeline step as a pod, leveraging cluster resources and native scheduling. **Q: How does Drone compare to GitHub Actions for self-hosted use?** A: Drone is purpose-built for self-hosting with full control over data and runners. GitHub Actions self-hosted runners still depend on GitHub's orchestration layer. ## Sources - https://github.com/harness/drone - https://docs.drone.io --- Source: https://tokrepo.com/en/workflows/3c27cec9-398f-11f1-9bc6-00163e2b0d79 Author: AI Open Source