搭建gitlab CI/CD 持续集成系统

[wuyuedefeng]

配置CI/CD

配置runner

1. 进入项目目录中的`setting/CI/CD/查看配置
2. /data/gitlab-runner/config(后续volumn到docker的配置目录)新建config.toml

   concurrent = 1
   log_level = "debug"
   check_interval = 10

3. 下载gitlab对应版本的gitlab-runner

   # pull image
   $ docker pull gitlab/gitlab-runner:latest
   # 启动
   $ docker run -d --name gitlab-runner --restart always   -v /data/gitlab-runner/config:/etc/gitlab-runner   -v /var/run/docker.sock:/var/run/docker.sock   gitlab/gitlab-runner:latest

4. 查看log

   $ docker logs -f 43ea7fb878fa
   # 进入容器命令行如果需要，比如修改/etc/hosts
   $ docker exec -it [container id] /bin/bash

5. 注册runner

   docker exec -it gitlab-runner gitlab-ci-multi-runner register \
   --non-interactive \
   --registration-token Ef4TsExLAs3TqsGj6KVZ \
   --url https://git.51iwifi.com/ \
   --tls-ca-file /data/gitlab-runner/ca.certs.crt 
   --executor shell \

---

错误: status=couldn't execute POST against https://gitlab.example.com/api/v4/runners: Post https://gitlab.example.com/api/v4/runners: x509: certificate signed by unknown authority PANIC: Failed to register this runner. Perhaps you are having network problems

1. 获取ca证书 备注: crt和pem只是文件结尾不同，重命名即可， 参考自： https://www.fujieace.com/jingyan/pem-crt-key.html

   openssl s_client -showcerts -connect baidu.com:443

2. 注册时候带入ca证书

   # 进入容器内部
   $ docker exec -it 43ea7fb878fa /bin/bash
   # 注册
   $ gitlab-runner register \
     --non-interactive \
     --registration-token YOUTOKEN \
     --url https://example.com/ \
     --tls-ca-file /etc/gitlab-runner/ca.certs.crt
    --executor shell

   https://blog.csdn.net/qq_34206560/article/details/88802893 https://stackoverflow.com/questions/55622960/gitlab-runner-x509-certificate-signed-by-unknown-authority

错误： gitlab-runner SSL certificate problem: unable to get issuer certificate Edit your config.toml

[[runners]]
environment = [
"GIT_SSL_NO_VERIFY=1"
]

参考自： https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4805

拉取代码， 默认每次都从远程重新拉取

[[runners]]
[runners.docker]
pull_policy = "if-not-present" # https://docs.gitlab.com/runner/executors/docker.html#how-pull-policies-work    

需要更改/etc/hosts的配置, 可以通过更改config.toml的方式.

[[runners]]
[runners.docker]
extra_hosts = ["git.zezeping.com:134.96.146.28"]

[wuyuedefeng]

Dockfile 注册runner

Dockerfile

FROM gitlab/gitlab-runner:v11.8.0

ARG build_env=staging

WORKDIR /app

COPY ./ca.crt /app

构建镜像

$ docker build -t staging-gitlab-runner:v1 .

启动容器

$ docker run \
# --add-host git.51xxx.com:134.96.1xx.28 \
-d --name staging-gitlab-runner \
--restart always \
-v /data/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
staging-gitlab-runner:v1

注册runner

docker exec -it staging-gitlab-runner gitlab-runner register \
  --non-interactive \
  --tls-ca-file /app/ca.crt \
  --url https://git.51xxx.com/ \
  --registration-token Ef4TsExLAs3TqsGj6Kxx \
  --tag-list stagingRunInDk \
  --description "stagingRunInDk" \
  --executor docker \
  --docker-image "docker:lastest" \
  --docker-privileged \
  --docker-volumes /var/run/docker.sock:/var/run/docker.sock

或者进入容器中执行

# 进入docker容器内
$ docker logs -f aac29379c413
$ docker exec -it aac29379c413 /bin/bash
# 注册runner, 可添加自定义ca证书 eg: $ gitlab-runner register --tls-ca-file /app/ca.crt 
# docker executor:  gitlab-runner register --tls-ca-file /app/ca.crt  --docker-privileged
$ gitlab-runner register

---

文档 【executor docker】如何使用docker和gitlab-runner自动化部署node项目

[wuyuedefeng]

node .gitlab-ci.yml

stages: # 定义Pipeline的阶段，可以多个
  - test
  - deploy
  - try_version

# 内部没定义before_script的stage才会使用这个
before_script: # 定义在job执行之前的执行脚本(就一次)
  - echo "hello gitlab ci"
  # 添加mirrors镜像, 加速apk安装插件
  # - echo -e "https://mirrors.ustc.edu.cn/alpine/latest-stable/main\nhttps://mirrors.ustc.edu.cn/alpine/latest-stable/community" > /etc/apk/repositories && apk update
  #- apk --update add nodejs # 安装nodejs
  - npm install --registry=https://registry.npm.taobao.org

# 部分需要重复利用又被gitignore的文件
cache:
  paths:
    - node_modules/

test_develop:
  image: node:12.6.0-alpine
  stage: test
  script:
    - npm test
  # 在哪个分支上可用
  only:
    - develop
  # 指定哪个ci runner跑该工作
  tags:
    - stagingRunInDk

deploy_develop:
  stage: deploy
  #variables: 
  #  GIT_SSL_NO_VERIFY: 1
  before_script: # 定义在job执行之前的执行脚本(就一次)
    - echo "gitlab ci deploy"
    - docker rm -f wechat-auth-service
    # 备份老的镜像
    - docker tag wechat-auth-service:v1.0 wechat-auth-service:v1.0.old
    # 删除镜像操作，可以使用Docker Hub远程管理镜像的版本，而不是删除，这里只是为了方便
    - docker rmi wechat-auth-service:v1.0
  script:
    - docker build -t wechat-auth-service:v1.0 .
    - docker run -it -d -p 3333:3333 --name=wechat-auth-service:v1.0
  # 在哪个分支上可用
  only:
    - develop
  # 指定哪个ci runner跑该工作
  tags:
    - stagingRunInDk

try_production_version:
  image: node:12.6.0-alpine
  stage: try_version
  script:
    - export CI_NODE_VERSION=$(node -e "(function () { console.log(require('./package.json').version) })()")
    - echo "$CI_NODE_VERSION"
  # 在哪个分支上可用
  only:
    - master
  # 指定哪个ci runner跑该工作
  tags:
    - stagingRunInDk

[wuyuedefeng]

.gitlab-ci.yml 中使用docker-compose部署命令

image: docker/compose:last 内集成了docker-compose 命令

# https://docs.gitlab.com/ee/ci/docker/using_docker_images.html
stages: # 定义Pipeline的阶段，可以多个
  - deploy

image:
  name: docker/compose:latest
  pull: always # available: always, if-not-present, never [defualt: always](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3279)
  # entrypoint: ["/bin/sh", "-c"]

# variables:
#   DOCKER_DRIVER: overlay

# services:
#   - docker:dind

before_script: # 定义在job执行之前的执行脚本(就一次)
  - echo "hello gitlab ci"
  - docker version
  - docker-compose version

deploy_staging_v3:
  stage: deploy
  variables:
    GIT_SSL_NO_VERIFY: 1
    DOCKER_DRIVER: overlay
  before_script:
    # https://www.cnblogs.com/sunsky303/p/11548343.html
    - echo -e "https://mirrors.ustc.edu.cn/alpine/latest-stable/main\nhttps://mirrors.ustc.edu.cn/alpine/latest-stable/community\nhttps://mirror.tuna.tsinghua.edu.cn/alpine/edge/testing\nhttps://mirror.tuna.tsinghua.edu.cn/alpine/edge/main" > /etc/apk/repositories && apk update
    # Install Docker Compose
    # - apk update
    # - apk upgrade
    - apk add nodejs npm
    - npm config set registry http://registry.cnpmjs.com
    - npm install -g cnpm --registry=https://registry.npm.taobao.org
    - cd ./npfrontend
    - cnpm install #--registry=https://registry.npm.taobao.org
    - npm run build:all
    - cd ..
    - cd ./backend
    - echo -e "fca33744418a210e95d73b7ecexxxxfc" > ./config/master.key
    - docker build -t np_staging2 .
    - cd ..
  script:
    - echo $PWD
    - docker-compose rm -sf
    - docker-compose up -d
  # 在哪个分支上可用
  only:
    - v3-ci
  # 指定哪个ci runner跑该工作
  tags:
    - stagingRunInDk