关于cicd:gitlabCICD共享runner基本配置

gitlab-CICD共享runner根本配置

应用docker部署runner
多个我的项目应用共享runner
部署机器与runner不在同一台服务器上（应用ssh部署）

部署runner

部署镜像

docker pull gitlab/gitlab-runner:latestdocker run -d --name gitlab-runner-shared \    --restart always \    -v /var/run/docker.sock:/var/run/docker.sock \    gitlab/gitlab-runner:latest

注册runner

docker exec -it gitlab-runner-shared gitlab-runner \    register -n \    --tag-list "gitlab-runner-shared" \    --description "形容" \    --url <公有gitlab地址> \    --registration-token <我的项目/共享token> \    --executor docker \    --docker-privileged \    --docker-image "alpine:latest" \    --docker-pull-policy "if-not-present" \    --docker-volumes "/var/run/docker.sock:/var/run/docker.sock"

SSH相干配置

在linux服务器应用ssh-keygen创立一个ssh key
```
ssh-keygen -t rsa -P "" ~/.ssh/id_rsa
```

推送到部署服务器上

ssh-copy-id -i ~/.ssh/id_rsa.pub <近程服务器ip>

测试登录

ssh <近程服务器登录名>@<近程服务器ip># 按提醒输出明码

将私钥复制下来
```
cat ~/.ssh/id_rsa
```
将私钥设置到Gitlab的变量中（例如：SSH_PRIVATE_KEY）

近程部署（编写ci文件）

image_build:stage: buildimage: alpine:latestbefore_script:  - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories # 设置国内镜像源  - 'which ssh-agent || ( apk update && apk add openssh-client )' # 装置ssh  - eval $(ssh-agent -s)  - echo "$SSH_PRIVATE_KEY" > deploy.key # 设置ssh私钥  - chmod 0600 deploy.key # 设置私钥权限  - ssh-add deploy.key # 增加到缓存中  - mkdir -p ~/.ssh  - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' # 第一次登录不须要询问script:  - ssh <用户名>@<服务器ip> "ls && exit" # 近程执行语句

应用docker打包

image-build:  stage: build  image: docker:18.09.7  services:    - docker:18.09.7-dind  script:    - docker build --no-cache -t <镜像>:<镜像tag> . # 生成镜像    - docker login -u <docker用户名> -p <docker明码> <docker库地址> # 登录云端    - docker push <镜像>:<镜像tag> # 镜像推送到云端  after_script:    - docker rmi -f <镜像>:<镜像tag> # 已上传云端，清理本地镜像，缩小占用内存  retry:    max: 2    when: always

告诉（curl）

build-job-failure:  stage: build-notify  when: on_failure  # 失败时告诉  image: alpine:latest  before_script:    - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories # 设置国内镜像源    - apk update && apk add curl # 装置curl  script:    - if [ "$CI_COMMIT_REF_NAME" == "dev" ]; then env_name="dev"; else env_name="prod"; fi    - echo '{"content":"@'$GITLAB_USER_LOGIN' '${CI_COMMIT_TITLE}'\n'$CI_PROJECT_NAME' 构建'$env_name'环境 [ 失败 ]"}' > content.json # 防止提交文字中有空格导致报错，应用json的形式    - curl -X POST -H "Content-Type:application/json" -d @content.json "$NOTIFY_URL"

残缺.gitlab-ci.yml

default:    tags:      - gitlab-runner-shared variables:  NOTIFY_URL: "告诉地址"  IMAGE_REPOSITORIES: "docker地址"  IMAGE_NAME: "docker镜像名"  SSH_USERNAME: "SSH用户名"  SSH_IP: "部署服务端IP"workflow:  rules:    - if: $CI_COMMIT_TITLE =~ /^[skip ci]/      when: never    - when: alwaysstages:  - build  - deploy  - notify# 应用docker构建镜像image-build:  stage: build  image: docker:18.09.7  services:    - docker:18.09.7-dind  script:    - docker build --no-cache -t $IMAGE_NAME:$CI_COMMIT_REF_NAME .    - docker login -u $IMAGE_REPOSITORY_USER -p $IMAGE_REPOSITORY_PASSWORD $IMAGE_REPOSITORIES    - docker push $IMAGE_NAME:$CI_COMMIT_REF_NAME  after_script:    - docker rmi -f $IMAGE_NAME:$CI_COMMIT_REF_NAME  retry:    max: 2    when: always# 部署镜像image-deploy:  stage: deploy  image: alpine:latest  rules:    - if: $CI_COMMIT_REF_NAME == "dev"      variables:        PORT: "8180"    - if: $CI_COMMIT_REF_NAME == "master"      variables:        PORT: "8181"  before_script:    - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories    - 'which ssh-agent || ( apk update && apk add openssh-client )'    - eval $(ssh-agent -s)    - echo "$SSH_PRIVATE_KEY" > deploy.key    - chmod 0600 deploy.key    - ssh-add deploy.key    - mkdir -p ~/.ssh    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'  script:    - ssh $SSH_USERNAME@$SSH_IP "docker rm -f frontend-$CI_COMMIT_REF_NAME && docker run -itd --restart=always --name frontend-$CI_COMMIT_REF_NAME -p $PORT:80 $IMAGE_NAME:$CI_COMMIT_REF_NAME && exit"  retry:    max: 2    when: alwayssuccess:  stage: notify  when: on_success  image: alpine:latest  before_script:    - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories    - apk update && apk add curl  script:    - if [ "$CI_COMMIT_REF_NAME" == "dev" ]; then env_name="dev"; else env_name="prod"; fi    - echo '{"content":"@'$GITLAB_USER_NAME'\n'$CI_PROJECT_NAME' 部署'$env_name'环境 [ 胜利 ]\n'${CI_COMMIT_TITLE}'"}' > content.json    - curl -X POST -H "Content-Type:application/json" -d @content.json "$NOTIFY_URL"  retry:    max: 2    when: alwaysfailure:  stage: notify  when: on_failure  image: alpine:latest  before_script:    - sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories    - apk update && apk add curl  script:    - if [ "$CI_COMMIT_REF_NAME" == "dev" ]; then env_name="dev"; else env_name="prod"; fi    - echo '{"content":"@'$GITLAB_USER_NAME'\n'$CI_PROJECT_NAME' 部署'$env_name'环境 [ 失败 ]\n'${CI_COMMIT_TITLE}'\n'$CI_PIPELINE_URL'"}' > content.json    - curl -X POST -H "Content-Type:application/json" -d @content.json "$NOTIFY_URL"  retry:    max: 2    when: always

参考文章：

gitlab ssh ci文件

apline ssh 免密登录