gitlab+ci部署


.gitlab-ci.yml文件编写说明

大概念

  • gitlab8.0开始:整合了gitlab CI,项目中增加.gitlab-ci.yml即可。
  • GitLab CI:管理各个项目的构建状态。
  • Runner:可安装在任意机器,连接gitlab,执行构建任务,进行持续集成。(不影响gitlab性能)
  • 在项目根目录添加.gitlab-ci.yml之后,每次提交或者合并都会自动运行构建任务。

小概念

  • Pipeline 流水线 构建任务
  • Stages 流程 构建阶段
  • Jobs 作业 构建工作

明细

  • 一个pipeline就是一次构建,一个构建包括多个构建阶段stages(编译,测试,部署),每个构建阶段由具体作业jobs组成。
  • 构建阶段stages是顺序执行,一个失败则后面的阶段不执行,整个构建任务失败。
  • 每个构建阶段stages可以有一个或多个jobs,jobs是并行执行,全部成功,stages才会成功;任意jobs失败,整个构建任务失败。

注意

  • 部署公钥:gitlab服务端增加,各项目允许。私钥通过变量传到runner
  • 传输私钥放到runner(通过变量传到runner)
  • 可以在提交代码时备注上ci skip,即可忽略本次提交的CI流程

安装gitlab

https://www.gitlab.com.cn/
yum install curl policycoreutils openssh-server openssh-clients
yum install postfix
systemctl enable postfix
systemctl start postfix
curl -sS http://packages.gitlab.com.cn/install/gitlab-ce/script.rpm.sh | sudo bash
yum install gitlab-ce
https://gems.ruby-china.org 镜像加快 gems 安装
gitlab-ctl reconfigure

迁移gitlab数据(版本要一致)

gitlab-rake gitlab:backup:create
/var/opt/gitlab/backups
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
gitlab-rake gitlab:backup:restore BACKUP=[ID]
gitlab-ctl start

汉化

yum -y install patch
git clone https://gitlab.com/xhang/gitlab.git
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
cd gitlab/
git diff v9.5.4 v9.5.4-zh>../9.5.4-zh.diff
cd ../
gitlab-ctl stop
patch -d /opt/gitlab/embedded/service/gitlab-rails -p1 < 9.5.4-zh.diff
gitlab-ctl start
gitlab-ctl reconfigure

增加https支持

vi /etc/gitlab/gitlab.rb
external_url 'https://git.blizzmi.cn'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/1.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/1.key"
gitlab-ctl reconfigure

https+mail配置

grep -v "^#" /etc/gitlab/gitlab.rb|grep -v "^$"
external_url 'https://git.blizzmi.cn';
gitlab_rails['time_zone'] = 'PRC'
gitlab_rails['gitlab_email_from'] = 'system@blizzmi.com'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.partner.outlook.cn"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "system@blizzmi.com"
gitlab_rails['smtp_password'] = "Bx@mail@0066"
gitlab_rails['smtp_domain'] = "smtp.partner.outlook.cn"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/1.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/1.key"

gitlab-ci runner 安装

vi /etc/yum.repos.d/gitlab-ci-multi-runner.repo
[gitlab-ci-multi-runner]
name=gitlab-ci-multi-runner
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ci-multi-runner/yum/el7
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key
sudo yum makecache
sudo yum install gitlab-ci-multi-runner
HTTPS的git需要在runner服务器增加证书
echo -n | openssl s_client -showcerts -connect git.blizzmi.cn:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> /etc/ssl/certs/ca-certificates.crt
注册runner
gitlab-runner register

ca-certificates.crt

/etc/gitlab-runner/config.toml配置实例-old
concurrent = 100
check_interval = 0
[[runners]]
  name = "centos"
  url = "https://git.blizzmi.com";;
  token = "0f3902486ddb57314eee58cb36f42d"
  executor = "shell"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.cache]
[[runners]]
  name = "testcentos"
  url = "https://git.blizzmi.cn";;
  token = "2fbedbb7b8f163beb5340d25f20543"
  executor = "shell"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.cache]
[[runners]]
  name = "testdocker"
  url = "https://git.blizzmi.cn";;
  token = "447ed7cb74eb680ebdce7db6064e1a"
  executor = "docker"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.docker]
    tls_verify = false
    image = "cerl"
    privileged = false
    disable_cache = false
    volumes = ["/cache","/var/log/test:/builds:rw"]
    pull_policy = "if-not-present"
    shm_size = 0
  [runners.cache]
[[runners]]
  name = "dockers"
  url = "https://git.blizzmi.com";;
  token = "ff943f4de586a66a9c9b8b4b15e952"
  executor = "docker"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.docker]
    tls_verify = false
    image = "cerl"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    pull_policy = "if-not-present"
    shm_size = 0
  [runners.cache]
/etc/gitlab-runner/config.toml配置实例-last
concurrent = 100
check_interval = 0
[[runners]]
  name = "centos"
  url = "https://git.blizzmi.com";
  token = "0f3902486ddb57314eee58cb36f42d"
  executor = "shell"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.cache]
[[runners]]
  name = "testcentos"
  url = "https://git.blizzmi.cn";
  token = "2fbedbb7b8f163beb5340d25f20543"
  executor = "shell"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.cache]
[[runners]]
  name = "testdocker"
  url = "https://git.blizzmi.cn";
  token = "447ed7cb74eb680ebdce7db6064e1a"
  executor = "docker"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.docker]
    tls_verify = false
    image = "cerl"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    pull_policy = "if-not-present"
    shm_size = 0
  [runners.cache]
[[runners]]
  name = "dockers"
  url = "https://git.blizzmi.com";
  token = "ff943f4de586a66a9c9b8b4b15e952"
  executor = "docker"
  environment = ["GIT_SSL_NO_VERIFY=true"]
  [runners.docker]
    tls_verify = false
    image = "cerl"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    pull_policy = "if-not-present"
    shm_size = 0
  [runners.cache]
客户端开发 .gitlab-ci.yml
#image: gulp
stages:
- build
- deploy
before_script:
#内网
- $SSH_URL=echo $CI_REPOSITORY_URL | perl -pe 's#.*@(.+?(\\:\\d+)?)/#git@\\1:#'
#外网
# - $SSH_URL=echo $CI_REPOSITORY_URL | perl -pe 's#.*@(.+?(\\:\\d+)?)/#ssh://git@\\1:#'|sed 's#com:#com:8888/#'
- $env:USERPROFILE="C:\\Windows\\System32\\config\\systemprofile\\user_profile\\$env:GITLAB_USER_EMAIL"
- New-Item $env:USERPROFILE -type directory -force

#after_script:
# - git branch -D temp
build:
stage: build
only:
- master
script:
- env
- git config --global user.name "$env:GITLAB_USER_NAME"
- git config --global user.email "$env:GITLAB_USER_EMAIL"
- cp C:\\Windows\\System32\\config\\systemprofile\\user_profile\\config $env:USERPROFILE\\.ssh\\
- gulp pack
# - git checkout -b temp
- git checkout master
- git pull
- git add .\\bin\\.
- git commit -m "[ci skip]auto add bin\\* with job $env:CI_JOB_ID"
- git push $SSH_URL

tags:
- win
deploy:
stage: deploy
only:
- sit
script:
- gulp pack
- $DIR=C:\\cygwin64\\bin\\ls.exe dist; $DIR
- ssh test-php-1@192.168.200.27 "! [[ $(dirname /home/sftp/fgslot/fgslot/) == $(dirname /home/sftp/fgslot/fgslot/$DIR/) ]] && rm -rf /home/sftp/fgslot/fgslot/$DIR || exit 1"
- scp -r dist/$DIR test-php-1@192.168.200.27:/home/sftp/fgslot/fgslot/
- ssh test-php-1@192.168.200.27 "chmod -R 775 /home/sftp/fgslot/fgslot/$DIR && ls /home/sftp/fgslot/fgslot/$DIR"
tags:
- win
服务端开发.gitlab-ci.yml
image: cerl
before_script:
  - eval $(ssh-agent -s)
  - ssh-add <(echo "$SSH_PRIVATE_KEY")
  - export SSH_URL=`echo $CI_REPOSITORY_URL | perl -pe 's#.*@(.+?(\\:\\d+)?)/#git@\\1:#'`
  - git config --global user.name "$GITLAB_USER_ID"
  - git config --global user.email "$GITLAB_USER_EMAIL"
#  - '[[ -f /.dockerenv ]] &&  echo "$SSH_PRIVATE_KEY" >~/.ssh/id_rsa'
stages:
  - build
  - test
  - deploy
build:
  stage: build
#  variables:
#    CI_DEBUG_TRACE: "true"
  only:
    - master
#    - /^bug-.*$/
#    - branches
#    - tags
  except:
    - tags
#    - branches
  script:
    - rebar3 compile
#    - export
  cache:
    key: aa
    paths:
      - _build/
#  artifacts:
#    paths:
#    - $CI_PROJECT_DIR/_build/
  tags:
    - testdocker

test:
  stage: test
  only:
    - master
  except:
    - tags
  script:
    - rebar3 eunit
    - git tag -a eunit$CI_JOB_ID -m "my version eunit$CI_JOB_ID"
    - git push $SSH_URL eunit$CI_JOB_ID
  cache:
    key: aa
    paths:
      - _build/

#  artifacts:
#    paths:
#    - $CI_PROJECT_DIR/_build/prod/rel/myapp/
#  cache:
#    untracked: true
#    paths:
#      - _build/
  tags:
    - testdocker

sit-deploy:
  stage: deploy
  only:
    - sit
  except:
    - tags
  script:
    - rebar3 as prod tar
    - APP=`basename /builds/root/myapp/_build/prod/rel/myapp/myapp-*.tar.gz`
    - scp -r /builds/root/myapp/_build/prod/rel/myapp/$APP test-php-1@192.168.200.27:~/
    - ssh test-php-1@192.168.200.27 "myapp/bin/myapp stop;rm -rf myapp;mkdir -p myapp;tar -zxf $APP -C myapp;myapp/bin/myapp start"
    - git tag -a SIT$CI_JOB_ID-$APP -m "my version SIT$CI_JOB_ID-$APP"
    - git push $SSH_URL SIT$CI_JOB_ID-$APP
  tags:
    - testdocker

uat-deploy:
  stage: deploy
  only:
    - uat
  except:
    - tags
  script:
    - rebar3 as prod tar
    - APP=`basename /builds/root/myapp/_build/prod/rel/myapp/myapp-*.tar.gz`
    - scp -r /builds/root/myapp/_build/prod/rel/myapp/$APP test-php-1@192.168.200.27:~/
    - ssh test-php-1@192.168.200.27 "myapp/bin/myapp stop;rm -rf myapp;mkdir -p myapp;tar -zxf $APP -C myapp;myapp/bin/myapp start"
    - git tag -a UAT$CI_JOB_ID-$APP -m "my version UAT$CI_JOB_ID-$APP"
    - git push $SSH_URL UAT$CI_JOB_ID-$APP
#  dependencies: []
#  dependencies:
#  - build
  tags:
    - testdocker
README.md
Matser:[![build status](https://git.blizzmi.cn/root/myapp/badges/master/build.svg)](https://git.blizzmi.cn/root/myapp/commits/master)
[![coverage report](https://git.blizzmi.cn/root/myapp/badges/master/coverage.svg)](https://git.blizzmi.cn/root/myapp/commits/master)
  Sit:[![build status](https://git.blizzmi.cn/root/myapp/badges/sit/build.svg)](https://git.blizzmi.cn/root/myapp/commits/sit)
  Uat :[![build status](https://git.blizzmi.cn/root/myapp/badges/uat/build.svg)](https://git.blizzmi.cn/root/myapp/commits/uat)
MYAPP
=====

An OTP application

Build
-----
$rebar3 new release myapp
$rebar3 compile
$rebar3 eunit
$rebar3 release
$rebar3 as prod tar

环境

erlang 19.3.6
https://packages.erlang-solutions.com/erlang/esl-erlang/FLAVOUR_1_general/esl-erlang_19.3.6-1~centos~7_amd64.rpm

nodejs 6.x
curl --silent --location https://rpm.nodesource.com/setup_6.x| bash -

elixir last
git clone https://github.com/elixir-lang/elixir.git /opt/elixir
cd elixir
export LANG=en_US.UTF-8
make clean test
ln -s /opt/elixir/bin/iex /usr/local/bin/iex
ln -s /opt/elixir/bin/mix /usr/local/bin/mix
ln -s /opt/elixir/bin/elixir /usr/local/bin/elixir
ln -s /opt/elixir/bin/elixirc /usr/local/bin/elixirc
mix local.hex
mix archive.install https://github.com/phoenixframework/archives/raw/master/phx_new.ez
mix local.rebar

rebar3
git clone https://github.com/erlang/rebar3.git
cd rebar3
./bootstrap
./rebar3 local install

docker
yum remove docker docker-common docker-selinux docker-engine
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --enable docker-ce-edge
yum-config-manager --enable docker-ce-test
yum install docker-ce
vi /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --registry-mirror=http://hub-mirror.c.163.com
systemctl daemon-reload
service docker restart
依赖需要git权限或者提交需要权限的解决办法
before_script:
  - git config --global credential.helper store
  - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@git.blizzmi.com"; > ~/.git-credentials
after_script:
  - rm -rf ~/.git-credentials
before_script:
  - git config --global credential.helper store
  - echo "https://$user:$password@git.blizzmi.com" > ~/.git-credentials
after_script:
  - rm -rf ~/.git-credentials