乐趣区

关于cicd:gitlabCICD共享runner基本配置

jiezi

gitlab-CICD 共享 runner 根本配置

  • 应用 docker 部署 runner
  • 多个我的项目应用共享 runner
  • 部署机器与 runner 不在同一台服务器上(应用 ssh 部署)

部署 runner

  • 部署镜像 
docker pull gitlab/gitlab-runner:latest

docker run -d --name gitlab-runner-shared \
    --restart always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    gitlab/gitlab-runner:latest
  • 注册 runner
docker exec -it gitlab-runner-shared gitlab-runner \
    register -n \
    --tag-list "gitlab-runner-shared" \
    --description "形容" \
    --url < 公有 gitlab 地址 > \
    --registration-token < 我的项目 / 共享 token> \
    --executor docker \
    --docker-privileged \
    --docker-image "alpine:latest" \
    --docker-pull-policy "if-not-present" \
    --docker-volumes "/var/run/docker.sock:/var/run/docker.sock"

SSH 相干配置

  • 在 linux 服务器应用 ssh-keygen 创立一个 ssh key

    ssh-keygen -t rsa -P "" ~/.ssh/id_rsa

  • 推送到部署服务器上 

    ssh-copy-id -i ~/.ssh/id_rsa.pub < 近程服务器 ip>
  • 测试登录 
ssh < 近程服务器登录名 >@< 近程服务器 ip>
# 按提醒输出明码

  • 将私钥复制下来 

    cat ~/.ssh/id_rsa
  • 将私钥设置到 Gitlab 的变量中(例如:SSH_PRIVATE_KEY)

  • 近程部署(编写 ci 文件)

    image_build:
stage: build
image: alpine:latest
before_script:
  - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories # 设置国内镜像源
  - 'which ssh-agent || (apk update && apk add openssh-client)' # 装置 ssh
  - eval $(ssh-agent -s)
  - echo "$SSH_PRIVATE_KEY" > deploy.key # 设置 ssh 私钥
  - chmod 0600 deploy.key # 设置私钥权限
  - ssh-add deploy.key # 增加到缓存中
  - mkdir -p ~/.ssh
  - '[[-f /.dockerenv]] && echo -e"Host *\n\tStrictHostKeyChecking no\n\n"> ~/.ssh/config' # 第一次登录不须要询问
script:
  - ssh < 用户名 >@< 服务器 ip> "ls && exit" # 近程执行语句

应用 docker 打包 

image-build:
  stage: build
  image: docker:18.09.7
  services:
    - docker:18.09.7-dind
  script:
    - docker build --no-cache -t < 镜像 >:< 镜像 tag> . # 生成镜像
    - docker login -u <docker 用户名 > -p <docker 明码 > <docker 库地址 > # 登录云端
    - docker push < 镜像 >:< 镜像 tag> # 镜像推送到云端
  after_script:
    - docker rmi -f < 镜像 >:< 镜像 tag> # 已上传云端,清理本地镜像,缩小占用内存
  retry:
    max: 2
    when: always

告诉(curl)

build-job-failure:
  stage: build-notify
  when: on_failure  # 失败时告诉
  image: alpine:latest
  before_script:
    - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories # 设置国内镜像源
    - apk update && apk add curl # 装置 curl
  script:
    - if ["$CI_COMMIT_REF_NAME" == "dev"]; then env_name="dev"; else env_name="prod"; fi
    - echo '{"content":"@'$GITLAB_USER_LOGIN' '${CI_COMMIT_TITLE}'\n'$CI_PROJECT_NAME' 构建 '$env_name' 环境 [失败]"}' > content.json # 防止提交文字中有空格导致报错,应用 json 的形式
    - curl -X POST -H "Content-Type:application/json" -d @content.json "$NOTIFY_URL"

残缺.gitlab-ci.yml

default:
    tags:
      - gitlab-runner-shared
 
variables:
  NOTIFY_URL: "告诉地址"
  IMAGE_REPOSITORIES: "docker 地址"
  IMAGE_NAME: "docker 镜像名"
  SSH_USERNAME: "SSH 用户名"
  SSH_IP: "部署服务端 IP"

workflow:
  rules:
    - if: $CI_COMMIT_TITLE =~ /^[skip ci]/
      when: never
    - when: always

stages:
  - build
  - deploy
  - notify

# 应用 docker 构建镜像
image-build:
  stage: build
  image: docker:18.09.7
  services:
    - docker:18.09.7-dind
  script:
    - docker build --no-cache -t $IMAGE_NAME:$CI_COMMIT_REF_NAME .
    - docker login -u $IMAGE_REPOSITORY_USER -p $IMAGE_REPOSITORY_PASSWORD $IMAGE_REPOSITORIES
    - docker push $IMAGE_NAME:$CI_COMMIT_REF_NAME
  after_script:
    - docker rmi -f $IMAGE_NAME:$CI_COMMIT_REF_NAME
  retry:
    max: 2
    when: always

# 部署镜像
image-deploy:
  stage: deploy
  image: alpine:latest
  rules:
    - if: $CI_COMMIT_REF_NAME == "dev"
      variables:
        PORT: "8180"
    - if: $CI_COMMIT_REF_NAME == "master"
      variables:
        PORT: "8181"
  before_script:
    - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
    - 'which ssh-agent || (apk update && apk add openssh-client)'
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" > deploy.key
    - chmod 0600 deploy.key
    - ssh-add deploy.key
    - mkdir -p ~/.ssh
    - '[[-f /.dockerenv]] && echo -e"Host *\n\tStrictHostKeyChecking no\n\n"> ~/.ssh/config'
  script:
    - ssh $SSH_USERNAME@$SSH_IP "docker rm -f frontend-$CI_COMMIT_REF_NAME && docker run -itd --restart=always --name frontend-$CI_COMMIT_REF_NAME -p $PORT:80 $IMAGE_NAME:$CI_COMMIT_REF_NAME && exit"
  retry:
    max: 2
    when: always

success:
  stage: notify
  when: on_success
  image: alpine:latest
  before_script:
    - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
    - apk update && apk add curl
  script:
    - if ["$CI_COMMIT_REF_NAME" == "dev"]; then env_name="dev"; else env_name="prod"; fi
    - echo '{"content":"@'$GITLAB_USER_NAME'\n'$CI_PROJECT_NAME' 部署 '$env_name' 环境 [ 胜利]\n'${CI_COMMIT_TITLE}'"}' > content.json
    - curl -X POST -H "Content-Type:application/json" -d @content.json "$NOTIFY_URL"
  retry:
    max: 2
    when: always

failure:
  stage: notify
  when: on_failure
  image: alpine:latest
  before_script:
    - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
    - apk update && apk add curl
  script:
    - if ["$CI_COMMIT_REF_NAME" == "dev"]; then env_name="dev"; else env_name="prod"; fi
    - echo '{"content":"@'$GITLAB_USER_NAME'\n'$CI_PROJECT_NAME' 部署 '$env_name' 环境 [ 失败]\n'${CI_COMMIT_TITLE}'\n'$CI_PIPELINE_URL'"}' > content.json
    - curl -X POST -H "Content-Type:application/json" -d @content.json "$NOTIFY_URL"
  retry:
    max: 2
    when: always

参考文章:

gitlab ssh ci 文件

apline ssh 免密登录

退出移动版