当前位置:
  1. 首页
  2. 未分类
  3. 正文

GitLab CI/CD 全面指南:从入门到生产环境部署

未分类 0 1

GitLab CI/CD 简介

GitLab CI/CD 是 GitLab 内置的持续集成、持续交付和持续部署功能,与 GitLab 代码仓库无缝集成,是 DevOps 流水线的强大工具。

核心概念

  • Pipeline - 完整的 CI/CD 流程
  • Stage - 流水线中的阶段(如 build、test、deploy)
  • Job - 具体的任务执行
  • Runner - 执行 Job 的代理
  • Artifact - 阶段之间传递的文件

.gitlab-ci.yml 基础语法

# .gitlab-ci.yml
stages:
  - build
  - test
  - deploy

variables:
  DOCKER_IMAGE: registry.example.com/myapp
  DOCKER_TAG: $CI_COMMIT_SHA

before_script:
  - echo "Before script"

after_script:
  - echo "After script"

build:
  stage: build
  script:
    - echo "Building..."
    - npm run build
  artifacts:
    paths:
      - dist/
    expire_in: 1 week

test:unit:
  stage: test
  script:
    - echo "Running unit tests..."
    - npm run test:unit
  coverage: '/Coverage: \d+\.\d+%/'
  artifacts:
    reports:
      junit: test-results.xml

test:integration:
  stage: test
  script:
    - echo "Running integration tests..."
    - npm run test:integration
  services:
    - postgres:15
  variables:
    POSTGRES_DB: testdb
    POSTGRES_USER: test
    POSTGRES_PASSWORD: test

deploy:staging:
  stage: deploy
  script:
    - echo "Deploying to staging..."
    - kubectl config use-context staging
    - kubectl apply -f k8s/staging/
  environment:
    name: staging
    url: https://staging.example.com
  only:
    - develop

deploy:production:
  stage: deploy
  script:
    - echo "Deploying to production..."
    - kubectl config use-context production
    - kubectl apply -f k8s/production/
  environment:
    name: production
    url: https://example.com
  when: manual
  only:
    - main

Docker 镜像构建与推送

build:docker:
  stage: build
  image: docker:24.0.5
  services:
    - docker:24.0.5-dind
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build -t $DOCKER_IMAGE:$CI_COMMIT_SHA .
    - docker build -t $DOCKER_IMAGE:latest .
    - docker push $DOCKER_IMAGE:$CI_COMMIT_SHA
    - docker push $DOCKER_IMAGE:latest
  rules:
    - if: $CI_COMMIT_BRANCH

缓存加速构建

cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - node_modules/
    - .npm/
    - .cache/

build:
  stage: build
  script:
    - npm ci
    - npm run build
  cache:
    - node_modules/

矩阵构建(Matrix Jobs)

test:matrix:
  stage: test
  script:
    - npm test
  matrix:
    - NODE_VERSION: 16
      DATABASE: postgres
    - NODE_VERSION: 18
      DATABASE: postgres
    - NODE_VERSION: 20
      DATABASE: mysql

GitOps 部署

deploy:argo:
  stage: deploy
  image: bitnami/argo-cd:latest
  script:
    - argocd login $ARGOCD_SERVER --username $ARGOCD_USER --password $ARGOCD_PASSWORD --insecure
    - argocd app set myapp --sync-policy automated
    - argocd app sync myapp
  environment:
    name: production
  only:
    - main

安全扫描

security:trivy:
  stage: test
  image: aquasec/trivy:latest
  script:
    - trivy image --exit-code 0 --severity HIGH,CRITICAL $DOCKER_IMAGE:$CI_COMMIT_SHA
  allow_failure: true

security:sonarqube:
  stage: test
  image: sonarsource/sonar-scanner-cli:latest
  variables:
    SONAR_USER_HOME: $CI_PROJECT_DIR/.sonar
    GIT_DEPTH: 0
  script:
    - sonar-scanner -Dsonar.projectKey=$CI_PROJECT_NAME
  artifacts:
    reports:
      sonarquality: sonar-report.json

GitLab 依赖扫描

dependency_scanning:
  stage: test
  include:
    - template: Dependency-Scanning.gitlab-ci.yml
  variables:
    DS_ANALYZER_IMAGE: $DEPENDENCY_SCANNING_CONTAINER
    SECURE_LOG_LEVEL: debug

Review Apps

deploy:review:
  stage: deploy
  script:
    - kubectl create namespace review-$CI_COMMIT_REF_SLUG
    - kubectl set image deployment/app app=$DOCKER_IMAGE:$CI_COMMIT_SHA -n review-$CI_COMMIT_REF_SLUG
    - echo "https://$CI_COMMIT_REF_SLUG.example.com"
  environment:
    name: review/$CI_COMMIT_REF_SLUG
    url: https://$CI_COMMIT_REF_SLUG.example.com
    on_stop: cleanup:review
  only:
    - merge_requests

cleanup:review:
  stage: deploy
  script:
    - kubectl delete namespace review-$CI_COMMIT_REF_SLUG
  environment:
    name: review/$CI_COMMIT_REF_SLUG
    action: stop
  when: manual

Runner 配置

# 安装 Runner
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash
sudo apt-get install gitlab-runner
sudo gitlab-runner register

# 注册 Runner
# URL: https://gitlab.com
# Token: 在 Settings -> CI/CD -> Runners 获取
# Tags: docker,linux
# Executor: docker
# Default image: alpine:latest

最佳实践

  • 使用模板 - 利用 GitLab CI/CD 模板
  • 缓存依赖 - 加速构建
  • 并行执行 - 用 needs 加速
  • 安全扫描 - 集成安全工具
  • Review Apps - 每次 MR 自动部署预览

总结

GitLab CI/CD 是功能完整的 DevOps 平台,从代码提交到生产部署,提供完整的流水线支持。掌握其配置语法和最佳实践,能够显著提升团队的开发效率。

参考资源:GitLab CI/CD 官方文档

上一篇 Kubernetes(K8s)完全指南:集群搭建与核心概念
下一篇 Ansible 自动化运维完全指南:配置管理一把抓

相关文章

发表回复

后才能评论