From 6ad042a62bfb8e239e3222c3a2120d4c8d49ba30 Mon Sep 17 00:00:00 2001
From: Alexander Simonov <alex@simonov.me>
Date: Mon, 13 Jul 2015 22:26:36 +0300
Subject: [PATCH] Add support for Docker TLS

---
 pkg/runner/builtin/runner.go | 32 +++++++++++++++++++++++++++++++-
 pkg/server/hooks.go          |  2 +-
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/pkg/runner/builtin/runner.go b/pkg/runner/builtin/runner.go
index 3b7240d7a..428181a5e 100644
--- a/pkg/runner/builtin/runner.go
+++ b/pkg/runner/builtin/runner.go
@@ -8,6 +8,8 @@ import (
 	"io/ioutil"
 	"os"
 	"time"
+	"crypto/tls"
+	"crypto/x509"
 
 	"github.com/drone/drone/Godeps/_workspace/src/github.com/samalba/dockerclient"
 	"github.com/drone/drone/pkg/docker"
@@ -23,6 +25,11 @@ var (
 
 	// Docker host address from environment variable
 	DockerHost = os.Getenv("DOCKER_HOST")
+
+	// Docker TLS variables
+	DockerHostCa = os.Getenv("DOCKER_CA")
+	DockerHostKey = os.Getenv("DOCKER_KEY")
+	DockerHostCert = os.Getenv("DOCKER_CERT")
 )
 
 func init() {
@@ -40,6 +47,7 @@ type Runner struct {
 func (r *Runner) Run(w *queue.Work) error {
 	var workers []*worker
 	var client dockerclient.Client
+	var tlc *tls.Config
 
 	defer func() {
 		recover()
@@ -86,14 +94,34 @@ func (r *Runner) Run(w *queue.Work) error {
 	w.Build.Status = types.StateRunning
 	err := r.SetBuild(w.User, w.Repo, w.Build)
 	if err != nil {
+		log.Errorf("failure to set build. %s", err)
 		return err
 	}
 
+	// create the Docket client TLS config
+	if len(DockerHostCert) > 0 && len(DockerHostKey) > 0 && len(DockerHostCa) > 0 {
+		cert, err := tls.LoadX509KeyPair(DockerHostCert, DockerHostKey)
+		if err != nil {
+			log.Errorf("failure to load SSL cert and key. %s", err)
+		}
+		caCert, err := ioutil.ReadFile(DockerHostCa)
+		if err != nil {
+			log.Errorf("failure to load SSL CA cert. %s", err)
+		}
+		caCertPool := x509.NewCertPool()
+		caCertPool.AppendCertsFromPEM(caCert)
+		tlc = &tls.Config{
+			Certificates:       []tls.Certificate{cert},
+			RootCAs:            caCertPool,
+		}
+	}
+
 	// create the Docker client. In this version of Drone (alpha)
 	// we do not spread builds across clients, but this can and
 	// (probably) will change in the future.
-	client, err = dockerclient.NewDockerClient(DockerHost, nil)
+	client, err = dockerclient.NewDockerClient(DockerHost, tlc)
 	if err != nil {
+		log.Errorf("failure to connect to docker. %s", err)
 		return err
 	}
 
@@ -106,6 +134,7 @@ func (r *Runner) Run(w *queue.Work) error {
 		job.Started = time.Now().UTC().Unix()
 		err = r.SetJob(w.Repo, w.Build, job)
 		if err != nil {
+			log.Errorf("failure to set job. %s", err)
 			return err
 		}
 
@@ -121,6 +150,7 @@ func (r *Runner) Run(w *queue.Work) error {
 		}
 		in, err := json.Marshal(work)
 		if err != nil {
+			log.Errorf("failure to marshalise work. %s", err)
 			return err
 		}
 
diff --git a/pkg/server/hooks.go b/pkg/server/hooks.go
index aeca92c8b..4d68299a7 100644
--- a/pkg/server/hooks.go
+++ b/pkg/server/hooks.go
@@ -91,7 +91,7 @@ func PostHook(c *gin.Context) {
 	build.Status = common.StatePending
 	build.RepoID = repo.ID
 
-	// featch the .drone.yml file from the database
+	// fetch the .drone.yml file from the database
 	raw, err := remote.Script(user, repo, build)
 	if err != nil {
 		log.Errorf("failure to get .drone.yml for %s. %s", repo.FullName, err)