GitLab CI/CD 全面指南:从入门到生产环境部署
GitLab CI/CD 简介
GitLab CI/CD 是 GitLab 内置的持续集成、持续交付和持续部署功能,与 GitLab 代码仓库无缝集成,是 DevOps 流水线的强大工具。
核心概念
- Pipeline - 完整的 CI/CD 流程
- Stage - 流水线中的阶段(如 build、test、deploy)
- Job - 具体的任务执行
- Runner - 执行 Job 的代理
- Artifact - 阶段之间传递的文件
.gitlab-ci.yml 基础语法
# .gitlab-ci.yml
stages:
- build
- test
- deploy
variables:
DOCKER_IMAGE: registry.example.com/myapp
DOCKER_TAG: $CI_COMMIT_SHA
before_script:
- echo "Before script"
after_script:
- echo "After script"
build:
stage: build
script:
- echo "Building..."
- npm run build
artifacts:
paths:
- dist/
expire_in: 1 week
test:unit:
stage: test
script:
- echo "Running unit tests..."
- npm run test:unit
coverage: '/Coverage: \d+\.\d+%/'
artifacts:
reports:
junit: test-results.xml
test:integration:
stage: test
script:
- echo "Running integration tests..."
- npm run test:integration
services:
- postgres:15
variables:
POSTGRES_DB: testdb
POSTGRES_USER: test
POSTGRES_PASSWORD: test
deploy:staging:
stage: deploy
script:
- echo "Deploying to staging..."
- kubectl config use-context staging
- kubectl apply -f k8s/staging/
environment:
name: staging
url: https://staging.example.com
only:
- develop
deploy:production:
stage: deploy
script:
- echo "Deploying to production..."
- kubectl config use-context production
- kubectl apply -f k8s/production/
environment:
name: production
url: https://example.com
when: manual
only:
- main
Docker 镜像构建与推送
build:docker:
stage: build
image: docker:24.0.5
services:
- docker:24.0.5-dind
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $DOCKER_IMAGE:$CI_COMMIT_SHA .
- docker build -t $DOCKER_IMAGE:latest .
- docker push $DOCKER_IMAGE:$CI_COMMIT_SHA
- docker push $DOCKER_IMAGE:latest
rules:
- if: $CI_COMMIT_BRANCH
缓存加速构建
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
- .npm/
- .cache/
build:
stage: build
script:
- npm ci
- npm run build
cache:
- node_modules/
矩阵构建(Matrix Jobs)
test:matrix:
stage: test
script:
- npm test
matrix:
- NODE_VERSION: 16
DATABASE: postgres
- NODE_VERSION: 18
DATABASE: postgres
- NODE_VERSION: 20
DATABASE: mysql
GitOps 部署
deploy:argo:
stage: deploy
image: bitnami/argo-cd:latest
script:
- argocd login $ARGOCD_SERVER --username $ARGOCD_USER --password $ARGOCD_PASSWORD --insecure
- argocd app set myapp --sync-policy automated
- argocd app sync myapp
environment:
name: production
only:
- main
安全扫描
security:trivy:
stage: test
image: aquasec/trivy:latest
script:
- trivy image --exit-code 0 --severity HIGH,CRITICAL $DOCKER_IMAGE:$CI_COMMIT_SHA
allow_failure: true
security:sonarqube:
stage: test
image: sonarsource/sonar-scanner-cli:latest
variables:
SONAR_USER_HOME: $CI_PROJECT_DIR/.sonar
GIT_DEPTH: 0
script:
- sonar-scanner -Dsonar.projectKey=$CI_PROJECT_NAME
artifacts:
reports:
sonarquality: sonar-report.json
GitLab 依赖扫描
dependency_scanning:
stage: test
include:
- template: Dependency-Scanning.gitlab-ci.yml
variables:
DS_ANALYZER_IMAGE: $DEPENDENCY_SCANNING_CONTAINER
SECURE_LOG_LEVEL: debug
Review Apps
deploy:review:
stage: deploy
script:
- kubectl create namespace review-$CI_COMMIT_REF_SLUG
- kubectl set image deployment/app app=$DOCKER_IMAGE:$CI_COMMIT_SHA -n review-$CI_COMMIT_REF_SLUG
- echo "https://$CI_COMMIT_REF_SLUG.example.com"
environment:
name: review/$CI_COMMIT_REF_SLUG
url: https://$CI_COMMIT_REF_SLUG.example.com
on_stop: cleanup:review
only:
- merge_requests
cleanup:review:
stage: deploy
script:
- kubectl delete namespace review-$CI_COMMIT_REF_SLUG
environment:
name: review/$CI_COMMIT_REF_SLUG
action: stop
when: manual
Runner 配置
# 安装 Runner
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash
sudo apt-get install gitlab-runner
sudo gitlab-runner register
# 注册 Runner
# URL: https://gitlab.com
# Token: 在 Settings -> CI/CD -> Runners 获取
# Tags: docker,linux
# Executor: docker
# Default image: alpine:latest
最佳实践
- 使用模板 - 利用 GitLab CI/CD 模板
- 缓存依赖 - 加速构建
- 并行执行 - 用 needs 加速
- 安全扫描 - 集成安全工具
- Review Apps - 每次 MR 自动部署预览
总结
GitLab CI/CD 是功能完整的 DevOps 平台,从代码提交到生产部署,提供完整的流水线支持。掌握其配置语法和最佳实践,能够显著提升团队的开发效率。
参考资源:GitLab CI/CD 官方文档
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。






