GitLabCI模板库的流水线优化实践

时间:2022-06-01 16:37:27

GitLabCI模板库的流水线优化实践

还是按照之前的目录结构完成的,jobs目录用于存放作业模板。templates目录用于存放流水线模板。这次使用default-pipeline.yml作为所有作业的基础模板。

GitLabCI模板库的流水线优化实践

作业模板

作业分为Build、test、codeanalysis、artifactory、deploy部分,在每个作业中配置了rules功能开关,由变量控制最终作业的运行。

jobs/build.yml 构建作业模板

包含两个作业模板,分别是普通的构建模板(maven/npm/gradle)和docker 镜像构建模板。

  1. ## build相关作业
  2.  
  3. .build:
  4. stage: build
  5. script:
  6. - |
  7. ${BUILD_SHELL}
  8. variables:
  9. GIT_CHECKOUT: "true"
  10. rules:
  11. - if: " $RUN_PIPELINE_BUILD == 'no' "
  12. when: never
  13. - when: always
  14.  
  15.  
  16. ## 构建镜像
  17. .build-docker:
  18. stage: buildimage
  19. script:
  20. - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWD $CI_REGISTRY
  21. - docker build -t ${IMAGE_NAME} -f ${DOCKER_FILE_PATH} .
  22. - docker push ${IMAGE_NAME}
  23. - docker rmi ${IMAGE_NAME}
  24. rules:
  25. - if: " $RUN_BUILD_IMAGE == 'no' "
  26. when: never
  27. - when: always

jobs/test.yml 测试作业模板

主要用于运行项目单元测试,例如maven、gradle、npm单元测试。

  1. #单元测试
  2. .test:
  3. stage: test
  4. script:
  5. - $TEST_SHELL
  6. artifacts:
  7. reports:
  8. junit: ${JUNIT_REPORT_PATH}
  9. rules:
  10. - if: " $RUN_PIPELINE_TEST == 'no' "
  11. when: never
  12. - when: always

jobs/codeanalysis.yml 代码扫描模板

包含两个作业模板,分别为扫描作业和获取扫描结果。这里面将扫描参数进行了分类,通用的项目参数、特殊的合并请求参数、自定义的项目参数。

  1. ##代码扫描
  2. ##
  3. ##
  4. ##
  5.  
  6. .code_analysis:
  7. variables:
  8. GLOBAL_PROJECT_ARGS: "-Dsonar.projectKey=${CI_PROJECT_NAME}
  9. -Dsonar.projectName=${CI_PROJECT_NAME}
  10. -Dsonar.projectVersion=${CI_COMMIT_REF_NAME}
  11. -Dsonar.projectDescription=${CI_PROJECT_TITLE}"
  12. GLOBAL_SERVER_ARGS: "-Dsonar.ws.timeout=30
  13. -Dsonar.links.homepage=${CI_PROJECT_URL}
  14. -Dsonar.host.url=${SONAR_SERVER_URL}
  15. -Dsonar.login=${SONAR_SERVER_LOGIN}
  16. -Dsonar.sourceEncoding=UTF-8 "
  17. GLOBAL_MR_ARGS: " -Dsonar.pullrequest.key=${CI_MERGE_REQUEST_IID}
  18. -Dsonar.pullrequest.branch=${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}
  19. -Dsonar.pullrequest.base=${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}
  20. -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
  21. -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
  22. -Dsonar.gitlab.project_id=${CI_PROJECT_PATH}
  23. -Dsonar.pullrequest.gitlab.repositorySlug=${CI_PROJECT_ID} "
  24. MULTI_BRANCH_ARGS: "-Dsonar.branch.name=${CI_COMMIT_REF_NAME}"
  25. stage: code_analysis
  26. script:
  27. - echo ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS} ${GLOBAL_MR_ARGS}
  28. #sonar-scanner $GLOBAL_PROJECT_ARGS $GLOBAL_SERVER_ARGS $SCAN_JAVA_ARGS
  29. - |
  30. if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]
  31.  
  32. then
  33. echo "sonar-scanner ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS} "
  34. sonar-scanner ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS}
  35. else
  36. echo "sonar-scanner ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS} ${MULTI_BRANCH_ARGS}"
  37. sonar-scanner ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS} ${MULTI_BRANCH_ARGS}
  38. fi
  39. rules:
  40. - if: " $RUN_CODE_ANALYSIS == 'no' "
  41. when: never
  42. - when: always
  43.  
  44.  
  45. #### 获取代码扫描结果
  46. .get_analysis_result:
  47. stage: get_analysis_result
  48. script:
  49. - |
  50. SONAR_REPORT_URL=$(grep "ceTaskUrl" .scannerwork/report-task.txt | awk -F = '{OFS="=";print $2,$3}')
  51. echo ${SONAR_REPORT_URL}
  52.  
  53.  
  54. for i in {1..10}
  55. do
  56. curl -k -u "${SONAR_SERVER_LOGIN}":"" ${SONAR_REPORT_URL} -o sonar_result.txt -s
  57. grep '"status":"SUCCESS"' sonar_result.txt && SONAR_SCAN_RESULT='SUCCESS'
  58.  
  59. if [ ${SONAR_SCAN_RESULT} == 'SUCCESS' ]
  60. then
  61. echo "${SONAR_SCAN_RESULT}"
  62. SONAR_SCAN_RESULT=SUCCESS
  63.  
  64. curl -k -u "${SONAR_SERVER_LOGIN}":"" "${SONAR_SERVER_URL}/api/qualitygates/project_status?projectKey=$CI_PROJECT_NAME&branch=$CI_COMMIT_REF_NAME" -o result.txt -s
  65. echo "result info ---->>>>>"
  66. cat result.txt
  67. result=`cat result.txt | awk -F ':' '{print $3}' | awk -F '"' '{print$2}'`
  68.  
  69. echo $result
  70.  
  71. if [ $result == 'ERROR' ]
  72. then
  73. echo "${result}"
  74. exit 122
  75. break;
  76. else
  77. echo "success!"
  78. break;
  79. fi
  80.  
  81. else
  82. SONAR_SCAN_RESULT='ERROR'
  83. echo "第$i次获取结果信息,不是成功状态,睡眠10秒!"
  84. cat sonar_result.txt
  85. sleep 10
  86. fi
  87. done
  88.  
  89. rules:
  90. - if: " $RUN_CODE_ANALYSIS == 'no' "
  91. when: never
  92. - when: always

jobs/artifactory.yml 制品管理作业

包含两个作业,制品上传与下载。使用artifactory制品库接口。

  1. ## 制品库相关
  2. ##
  3.  
  4. .deploy-artifact:
  5. stage: deploy-artifact
  6. script:
  7. - echo "curl -u${ARTIFACT_USER}:${ARTIFACT_PASSWD} -T ${ARTIFACT_PATH} $ARTIFACTORY_URL/$ARTIFACTORY_NAME/$TARGET_FILE_PATH/$TARGET_ARTIFACT_NAME"
  8. - curl -u${ARTIFACT_USER}:${ARTIFACT_PASSWD} -T ${ARTIFACT_PATH} "$ARTIFACTORY_URL/$ARTIFACTORY_NAME/$TARGET_FILE_PATH/$TARGET_ARTIFACT_NAME"
  9. rules:
  10. - if: " $RUN_DEPLOY_ARTIFACTS == 'no' "
  11. when: never
  12. - when: always
  13.  
  14.  
  15. .down-artifact:
  16. stage: down-artifact
  17. script:
  18. - curl -u${ARTIFACT_USER}:${ARTIFACT_PASSWD} -O "$ARTIFACTORY_URL/$ARTIFACTORY_NAME/$TARGET_FILE_PATH/$TARGET_ARTIFACT_NAME"
  19. - ls

jobs/deploy.yml 发布作业模板

发布基于k8s的发布和回滚配置。

  1. ## 应用发布
  2.  
  3.  
  4. ## 使用kubectl镜像发布
  5. .deploy_k8s:
  6. stage: deploy
  7. script:
  8. - echo $KUBE_TOKEN
  9. - kubectl config set-cluster my-cluster --server=${KUBE_URL} --certificate-authority="${KUBE_CA_PEM_FILE}"
  10. - kubectl config set-credentials admin --token=${KUBE_TOKEN}
  11. - ls -a
  12. - sed -i "s#__namespace__#${NAMESPACE}#g" ${DEPLOY_FILE}
  13. - sed -i "s#__appname__#${APP_NAME}#g" ${DEPLOY_FILE}
  14. - sed -i "s#__containerport__#${CONTAINER_PORT}#g" ${DEPLOY_FILE}
  15. - sed -i "s#__nodeport__#${NODE_PORT}#g" ${DEPLOY_FILE}
  16. - sed -i "s#__imagename__#${IMAGE_NAME}#g" ${DEPLOY_FILE}
  17. - sed -i "s#__CI_ENVIRONMENT_SLUG__#${CI_ENVIRONMENT_SLUG}#g" ${DEPLOY_FILE}
  18. - sed -i "s#__CI_PROJECT_PATH_SLUG__#${CI_PROJECT_PATH_SLUG}#g" ${DEPLOY_FILE}
  19. - sed -i "s#__ingressdomain__#${ENV_URL}#g" ${DEPLOY_FILE}
  20. - cat ${DEPLOY_FILE}
  21. - "kubectl create secret docker-registry ${APP_NAME} \
  22. --docker-server=${CI_REGISTRY} \
  23. --docker-username=$CI_REGISTRY_USER \
  24. --docker-password=${CI_REGISTRY_PASSWD} \
  25. --docker-email=test@test.com -n ${NAMESPACE} || echo 'secrets already exists'"
  26. - kubectl apply -f ${DEPLOY_FILE}
  27. rules:
  28. - if: " $RUN_DEPLOY_K8S == 'no'"
  29. when: never
  30. - when: manual
  31. environment:
  32. name: "${ENV_NAME}"
  33. url: "http://${ENV_NAME}.${CI_PROJECT_NAMESPACE}.${CI_PROJECT_NAME}.devops.com"
  34.  
  35.  
  36.  
  37.  
  38. ## 回滚
  39. .rollout_k8s:
  40. stage: deploy
  41. script:
  42. - rm -rf $HOME/.kube
  43. - kubectl config set-cluster my-cluster --server=${KUBE_URL} --certificate-authority="${KUBE_CA_PEM_FILE}"
  44. - kubectl config set-credentials admin --token=${KUBE_TOKEN}
  45. - kubectl rollout history deployment ${APP_NAME} -n ${NAMESPACE}
  46. - kubectl rollout undo deployment ${APP_NAME} -n ${NAMESPACE}
  47. rules:
  48. - if: " $RUN_DEPLOY_K8S == 'no' "
  49. when: never
  50. - when: manual
  51. environment:
  52. name: "${ENV_NAME}"
  53. action: stop

default流水线模板

templates/default-pipeline.yml 模板分成个部分:

  • include导入作业模板
  • variables 定义全局变量
  • workflow 定义流水线控制
  • jobs 构建与发布作业

include导入作业模板

  1. include:
  2. - project: 'cidevops/cidevops-newci-service'
  3. ref: master
  4. file: 'jobs/build.yml'
  5. - project: 'cidevops/cidevops-newci-service'
  6. ref: master
  7. file: 'jobs/test.yml'
  8. - project: 'cidevops/cidevops-newci-service'
  9. ref: master
  10. file: 'jobs/codeanalysis.yml'
  11. - project: 'cidevops/cidevops-newci-service'
  12. ref: master
  13. file: 'jobs/deploy.yml'
  14. - project: 'cidevops/cidevops-newci-service'
  15. ref: master
  16. file: 'jobs/artifactory.yml'

variables 定义全局变量

  1. variables:
  2. ## 全局配置
  3. GIT_CLONE_PATH: ${CI_BUILDS_DIR}/builds/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/${CI_PIPELINE_ID}
  4. GIT_CHECKOUT: "false"
  5. CACHE_DIR: ""
  6.  
  7. ## 作业控制
  8. RUN_PIPELINE_BUILD: "" #是否运行构建 yes/no
  9. RUN_PIPELINE_TEST: "" #是否运行测试 yes/no
  10. RUN_CODE_ANALYSIS: "" #是否代码扫描 yes/no
  11. RUN_BUILD_IMAGE: "" #是否生成镜像 yes/no
  12. RUN_DEPLOY_ARTIFACTS: "" #是否上传制品 yes/no
  13. RUN_DEPLOY_K8S: "" #是否发布K8S yes/no
  14.  
  15. ## 依赖容器镜像
  16. BUILD_IMAGE: ""
  17. CURL_IMAGE: "curlimages/curl:7.70.0"
  18. SONAR_IMAGE: "sonarsource/sonar-scanner-cli:latest"
  19. KUBECTL_IMAGE: "lucj/kubectl:1.17.2"
  20.  
  21.  
  22. ## 构建测试参数
  23. MAVEN_OPTS: "" #maven构建参数
  24. GRADLE_OPTS: "" #gradle构建参数
  25. BUILD_SHELL: '' #构建命令
  26.  
  27. ## 单元测试参数
  28. TEST_SHELL : 'mvn test --settings=./settings.xml ' #测试命令
  29. JUNIT_REPORT_PATH: 'target/surefire-reports/TEST-*.xml' #单元测试报告
  30.  
  31. ## 代码扫描
  32. SONAR_SOURCE_DIR : "src" #项目源码目录
  33. SONAR_SERVER_URL: "http://192.168.1.200:30090" #SonarQube服务器信息
  34. SONAR_SERVER_LOGIN: "ee2bcb37deeb6dfe3a07fe08fb529559b00c1b7b" #Sonar Token最好在项目中定义。
  35. SONAR_SCAN_ARGS: "-Dsonar.sources=${SONAR_SOURCE_DIR}" #项目扫描参数
  36.  
  37. ## 构建镜像
  38. CI_REGISTRY: 'registry.cn-beijing.aliyuncs.com' #镜像仓库地址
  39. CI_REGISTRY_USER: 'xxxxxx' #仓库用户信息
  40. #CI_REGISTRY_PASSWD: 'xxxxxxxx.' #仓库用户密码
  41. IMAGE_NAME: "${CI_REGISTRY}/${CI_PROJECT_PATH}:${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}" #镜像名称
  42. DOCKER_FILE_PATH: "./Dockerfile" #Dockerfile位置
  43.  
  44. ## 上传制品库(artifactory)
  45. ARTIFACTORY_URL: "http://192.168.1.200:30082/artifactory" #制品库地址
  46. ARTIFACTORY_NAME: "${CI_PROJECT_NAMESPACE}" #制品库名称
  47. ARTIFACT_PACKAGE: "jar" #制品类型
  48. ARTIFACT_PATH: "target/*.${ARTIFACT_PACKAGE}" #制品位置
  49. TARGET_FILE_PATH: "${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}" #目标制品位置(目录结构)
  50. TARGET_ARTIFACT_NAME: "${CI_PROJECT_NAME}-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}.${ARTIFACT_PACKAGE}" #目标制品名称
  51.  
  52. ## 部署应用k8s
  53. APP_NAME: "$CI_PROJECT_NAME" #应用名称 <--> deploymentName
  54. CONTAINER_PORT: "8081" #服务端口 <--> servicesPort
  55. NAMESPACE: "$CI_PROJECT_NAME-$CI_PROJECT_ID-$CI_ENVIRONMENT_SLUG" #名称空间
  56. ENV_URL: "${ENV_NAME}.${CI_PROJECT_NAMESPACE}.${CI_PROJECT_NAME}.devops.com" #IngressHosts

流水线设置

  1. ## 流水线控制
  2. workflow:
  3. rules:
  4. - if: "$CI_MERGE_REQUEST_ID" #过滤合并请求
  5. when: never
  6. - if: "$CI_PIPELINE_SOURCE == 'web'" #允许在web页面发布
  7. - if: "$CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ " #过滤版本分支和主干分支提交代码触发
  8. when: never
  9. - if: "$CI_COMMIT_BEFORE_SHA == '0000000000000000000000000000000000000000'" #过滤分支创建请求
  10. when: never
  11. ### 默认策略
  12. - when: always
  13.  
  14.  
  15. ## 运行阶段
  16. stages:
  17. - build
  18. - test
  19. - parallel01
  20. - get_analysis_result
  21. - deploy-artifact
  22. - deploy-feature
  23. - rollout-feature
  24. - deploy-uat
  25. - rollout-uat
  26. - deploy-stag
  27. - rollout-stag
  28. - deploy-prod
  29. - rollout-prod
  30.  
  31. cache:
  32. paths:
  33. - ${CACHE_DIR}
  34.  
  35. before_script:
  36. - export

构建作业配置

  1. ################# Jobs Configure #####################
  2. ## 构建作业
  3. build:
  4. image: ${BUILD_IMAGE}
  5. extends: .build
  6.  
  7. ## 测试作业
  8. test:
  9. image: ${BUILD_IMAGE}
  10. extends: .test
  11. before_script:
  12. - ls
  13. - ls ${CACHE_DIR}
  14.  
  15. ## 代码扫描
  16. code_analysis:
  17. stage: parallel01
  18. image: ${SONAR_IMAGE}
  19. extends: .code_analysis
  20.  
  21. ## 获取构建结果
  22. get_analysis_result:
  23. image: ${CURL_IMAGE}
  24. extends: .get_analysis_result
  25. needs:
  26. - code_analysis
  27.  
  28.  
  29. ## 构建镜像
  30. build_image:
  31. image: docker:latest
  32. services:
  33. - name: docker:dind
  34. stage: parallel01
  35. extends: .build-docker
  36.  
  37.  
  38. ## 上传制品
  39. deploy_artifact:
  40. image: ${CURL_IMAGE}
  41. stage: deploy-artifact
  42. extends: .deploy-artifact
  43.  
  44. ## 下载制品
  45. #down_artifact:
  46. # image: ${CURL_IMAGE}
  47. # stage: down_artifact
  48. # extends: .down-artifact

发布部署作业配置

  1. #################Deploy Feature Jobs Configure #####################
  2. ## feature发布应用
  3. deploy_feature:
  4. variables:
  5. DEPLOY_FILE: 'deployment.yaml'
  6. ENV_NAME: 'feature'
  7. stage: deploy-feature
  8. image: ${KUBECTL_IMAGE}
  9. extends: .deploy_k8s
  10. environment:
  11. on_stop: "rollout_feature"
  12. rules:
  13. - if: $RUN_DEPLOY_K8S == 'no'
  14. when: never
  15. - if: $CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ || $CI_COMMIT_TAG
  16. when: never
  17. - when: manual
  18.  
  19. ## 应用回滚
  20. rollout_feature:
  21. variables:
  22. DEPLOY_FILE: 'deployment.yaml'
  23. ENV_NAME: 'feature'
  24. stage: rollout-feature
  25. image: ${KUBECTL_IMAGE}
  26. extends: .rollout_k8s
  27. needs:
  28. - deploy_feature
  29. rules:
  30. - if: $RUN_DEPLOY_K8S == 'no'
  31. when: never
  32. - if: $CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ || $CI_COMMIT_TAG
  33. when: never
  34. - when: on_failure
  35.  
  36.  
  37. #################Deploy UAT Jobs Configure #####################
  38. ## UAT
  39. deploy_uat:
  40. variables:
  41. DEPLOY_FILE: 'config/deployment-uat.yaml'
  42. ENV_NAME: 'uat'
  43. stage: deploy-uat
  44. image: ${KUBECTL_IMAGE}
  45. extends: .deploy_k8s
  46. environment:
  47. on_stop: "rollout_uat"
  48. rules:
  49. - if: $RUN_DEPLOY_K8S == 'no'
  50. when: never
  51. - if: $CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ || $CI_COMMIT_TAG
  52. when: manual
  53. - when: never
  54.  
  55. ## UAT应用回滚
  56. rollout_uat:
  57. variables:
  58. DEPLOY_FILE: 'config/deployment-uat.yaml'
  59. ENV_NAME: 'uat'
  60. stage: rollout-uat
  61. image: ${KUBECTL_IMAGE}
  62. extends: .rollout_k8s
  63. needs:
  64. - deploy_uat
  65. rules:
  66. - if: $RUN_DEPLOY_K8S == 'no'
  67. when: never
  68. - if: $CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ || $CI_COMMIT_TAG
  69. when: on_failure
  70. - when: never
  71.  
  72. #################Deploy STAG Jobs Configure #####################
  73. ## STAG
  74. deploy_stag:
  75. variables:
  76. DEPLOY_FILE: 'config/deployment-stag.yaml'
  77. ENV_NAME: 'stag'
  78. stage: deploy-stag
  79. image: ${KUBECTL_IMAGE}
  80. extends: .deploy_k8s
  81. environment:
  82. on_stop: "rollout_stag"
  83. needs:
  84. - deploy_uat
  85. rules:
  86. - if: $RUN_DEPLOY_K8S == 'no'
  87. when: never
  88. - if: $CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ || $CI_COMMIT_TAG
  89. when: manual
  90. - when: never
  91.  
  92. ## STAG应用回滚
  93. rollout_stag:
  94. variables:
  95. DEPLOY_FILE: 'config/deployment-stag.yaml'
  96. ENV_NAME: 'stag'
  97. stage: rollout-stag
  98. image: ${KUBECTL_IMAGE}
  99. extends: .rollout_k8s
  100. needs:
  101. - deploy_stag
  102. rules:
  103. - if: $RUN_DEPLOY_K8S == 'no'
  104. when: never
  105. - if: $CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ || $CI_COMMIT_TAG
  106. when: on_failure
  107. - when: never
  108.  
  109. #################Deploy PROD Jobs Configure #####################
  110. ## PROD
  111. deploy_prod:
  112. variables:
  113. DEPLOY_FILE: 'config/deployment-prod.yaml'
  114. ENV_NAME: 'prod'
  115. stage: deploy-prod
  116. image: ${KUBECTL_IMAGE}
  117. extends: .deploy_k8s
  118. environment:
  119. on_stop: "rollout_prod"
  120. needs:
  121. - deploy_stag
  122. rules:
  123. - if: $RUN_DEPLOY_K8S == 'no'
  124. when: never
  125. - if: $CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ || $CI_COMMIT_TAG
  126. when: manual
  127. - when: never
  128.  
  129. ## PROD应用回滚
  130. rollout_prod:
  131. variables:
  132. DEPLOY_FILE: 'config/deployment-prod.yaml'
  133. ENV_NAME: 'prod'
  134. stage: rollout-prod
  135. image: ${KUBECTL_IMAGE}
  136. extends: .rollout_k8s
  137. needs:
  138. - deploy_prod
  139. rules:
  140. - if: $RUN_DEPLOY_K8S == 'no'
  141. when: never
  142. - if: $CI_COMMIT_REF_NAME =~ /^RELEASE-*/ || $CI_COMMIT_REF_NAME =~ /master/ || $CI_COMMIT_TAG
  143. when: on_failure
  144. - when: never

JAVA项目交付流水线

导入作业模板

  1. include:
  2. - project: 'cidevops/cidevops-newci-service'
  3. ref: master
  4. file: 'templates/default-pipeline.yml'

配置项目参数

  1. variables:
  2. ## 全局配置
  3. GIT_CLONE_PATH: ${CI_BUILDS_DIR}/builds/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/${CI_PIPELINE_ID}
  4. GIT_CHECKOUT: "false"
  5. CACHE_DIR: "target/"
  6.  
  7. ## 作业控制
  8. RUN_PIPELINE_BUILD: "yes" #是否运行构建 yes/no
  9. RUN_PIPELINE_TEST: "yes" #是否运行测试 yes/no
  10. RUN_CODE_ANALYSIS: "yes" #是否代码扫描 yes/no
  11. RUN_BUILD_IMAGE: "yes" #是否生成镜像 yes/no
  12. RUN_DEPLOY_ARTIFACTS: "no" #是否上传制品 yes/no
  13. RUN_DEPLOY_K8S: "yes" #是否发布K8S yes/no
  14.  
  15. ## 依赖容器镜像
  16. BUILD_IMAGE: "maven:3.6.3-jdk-8"
  17. CURL_IMAGE: "curlimages/curl:7.70.0"
  18. SONAR_IMAGE: "sonarsource/sonar-scanner-cli:latest"
  19. KUBECTL_IMAGE: "lucj/kubectl:1.17.2"
  20.  
  21.  
  22. ## 构建测试参数
  23. MAVEN_OPTS: "-Dmaven.repo.local=/home/gitlab-runner/ci-build-cache/maven " #maven构建参数
  24. BUILD_SHELL: 'mvn clean package -DskipTests --settings=./settings.xml ' #构建命令
  25. #GRADLE_OPTS: "" #gradle构建参数
  26.  
  27. ## 单元测试参数
  28. TEST_SHELL : 'mvn test --settings=./settings.xml ' #测试命令
  29. JUNIT_REPORT_PATH: 'target/surefire-reports/TEST-*.xml' #单元测试报告
  30.  
  31. ## 代码扫描
  32. SONAR_SOURCE_DIR : "src" #项目源码目录
  33. SONAR_SERVER_URL: "http://192.168.1.200:30090" #SonarQube服务器信息
  34. SONAR_SERVER_LOGIN: "ee2bcb37deeb6dfe3a07fe08fb529559b00c1b7b" #Sonar Token最好在项目中定义。
  35. SONAR_SCAN_ARGS: "-Dsonar.sources=${SONAR_SOURCE_DIR}
  36. -Dsonar.java.binaries=target/classes
  37. -Dsonar.java.test.binaries=target/test-classes
  38. -Dsonar.java.surefire.report=target/surefire-reports " #项目扫描参数
  39.  
  40. ## 构建镜像
  41. CI_REGISTRY: 'registry.cn-beijing.aliyuncs.com' #镜像仓库地址
  42. CI_REGISTRY_USER: 'xxxxxx' #仓库用户信息
  43. #CI_REGISTRY_PASSWD: 'xxxxxxxx.' #仓库用户密码
  44. IMAGE_NAME: "${CI_REGISTRY}/${CI_PROJECT_PATH}:${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}" #镜像名称
  45. DOCKER_FILE_PATH: "./Dockerfile" #Dockerfile位置
  46.  
  47. ## 上传制品库(artifactory)
  48. #ARTIFACTORY_URL: "http://192.168.1.200:30082/artifactory" #制品库地址
  49. #ARTIFACTORY_NAME: "${CI_PROJECT_NAMESPACE}" #制品库名称
  50. #ARTIFACT_PACKAGE: "jar" #制品类型
  51. #ARTIFACT_PATH: "target/*.${ARTIFACT_PACKAGE}" #制品位置
  52. #TARGET_FILE_PATH: "${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}" #目标制品位置(目录结构)
  53. #TARGET_ARTIFACT_NAME: "${CI_PROJECT_NAME}-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}.${ARTIFACT_PACKAGE}" #目标制品名称
  54.  
  55. ## 部署应用k8s
  56. APP_NAME: "$CI_PROJECT_NAME" #应用名称 <-->deploymentName
  57. CONTAINER_PORT: "8081" #服务端口 <--> servicesPort
  58. NAMESPACE: "$CI_PROJECT_NAME-$CI_PROJECT_ID-$CI_ENVIRONMENT_SLUG" #名称空间
  59. ENV_URL: "${ENV_NAME}.${CI_PROJECT_NAMESPACE}.${CI_PROJECT_NAME}.devops.com" #IngressHosts

指定CI文件

GitLabCI模板库的流水线优化实践

运行流水线测试

GitLabCI模板库的流水线优化实践

docker镜像仓库

GitLabCI模板库的流水线优化实践

部署环境演示

GitLabCI模板库的流水线优化实践

GitLabCI模板库的流水线优化实践

Kubernetes集群中应用状态

GitLabCI模板库的流水线优化实践

原文链接:https://mp.weixin.qq.com/s/M3Cz1rV1_fy5l1VChJPlGQ