大纲

gitlab

gitlab pipeline

gitlab illustration

  • gitlab’s pipeline一体两面
    • pipeline定义在项目的 .gitlab-ci.yml里, 由stages串联组成。(每个stages里面并行多个job)
    • 外在表现就为:pipeline
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

image: alpine:latest
variables:
stages:
  - build
  - test
  - deploy  # dummy stage to follow the template guidelines
  - review
  - staging
  - production

.build:
  image: "xxxx/auto-build-image:latest" # in order to connect docker:dind, this base image should install docker.
  stage: build # this points out which stage.
  services:
  before_script:
  script:

.auto-deploy:
  image: "xxxx/auto-deploy-image:latest"
  stage: deploy # this points out which stage.
  script:
    - auto-deploy download
    - auto-deploy update
    - auto-deploy upgrade
  tags:   # this points out which gitlab-runner.
    - deploy
  environment: # deploy to kubernets.
    name: develop
    kubernetes:
      namespace: develop

docker(api):  # name
  extends: .build # directly reference above .build.
  variables:
    SERVICE: "api"
  only:
    refs:
      - develop
      - /^release_.*$/
      - /^hotfix_.*$/
    changes:
      - api/**/*
develop:
  extends: .auto-deploy # directly reference above .auto-deploy.
  extends: .auto-deploy # directly reference above .auto-deploy.

GitLab Runner

20210105202933

有了.gitlab-ci.yaml, 需要执行pipeline的地方,这个就是gitlab-runner. 在这里使用的是helm安装方法

should install docker in base container

应该要安装docker client,才能与docker daemon进行交流。

1
2
3
4
5
6
7

.build:
  image: docker:20.10.1 # in order to connect docker:dind, this base image should install docker.
  #image: "xxx/auto-build-image:v0.0.0.7" # in order to connect docker:dind, this base image should install docker.
  stage: build
  services:
    - name: docker:19.03.14-dind
      alias: docker # alias

验证结果如下: 20210105202813

alias

这里重点提一下:从上面的图中可以知道baseImage可以连接Services,

  • # The 'docker' hostname is the alias of the service container as described at

所以,这里需要给Servers起一个别名:

1
2
3
4
5
6
7

.build:
  image: docker:20.10.1 # in order to connect docker:dind, this base image should install docker.
  #image: "xxx/auto-build-image:v0.0.0.7" # in order to connect docker:dind, this base image should install docker.
  stage: build
  services:
    - name: docker:19.03.14-dind
      alias: docker # alias

下面是专门只改了services中的版本号,可以发现Engine的确是改变了。 20210105201014

gitlab CI/CD Variables

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

ACCESS_TOKEN_PWD
ACCESS_TOKEN_USR
API_ADMIN_VAR_URL
CHART_REPOSITORY
CHART_REPOSITORY_PASSWORD
CHART_REPOSITORY_USER
CI_REGISTRY
CI_REGISTRY_PASSWORD
CI_REGISTRY_USER
develop_codesprite_helm_chart_values_yaml
develop_micro_api
develop_micro_core
develop_micro_grpcgw
develop_micro_pbgw
develop_micro_worker
develop_web_admin
develop_web_ai
develop_web_wechat
PRIVATE_TOKEN

附录

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

image: alpine:latest

variables:
  # When using dind service, we need to instruct docker to talk with
  # the daemon started inside of the service. The daemon is available
  # with a network connection instead of the default
  # /var/run/docker.sock socket.
  DOCKER_HOST: tcp://docker:2376
  #
  # The 'docker' hostname is the alias of the service container as described at
  # https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services.
  # If you're using GitLab Runner 12.7 or earlier with the Kubernetes executor and Kubernetes 1.6 or earlier,
  # the variable must be set to tcp://localhost:2376 because of how the
  # Kubernetes executor connects services to the job container
  # DOCKER_HOST: tcp://localhost:2376
  #
  # Specify to Docker where to create the certificates, Docker will
  # create them automatically on boot, and will create
  # `/certs/client` that will be shared between the service and job
  # container, thanks to volume mount from config.toml
  DOCKER_TLS_CERTDIR: "/certs"
  # These are usually specified by the entrypoint, however the
  # Kubernetes executor doesn't run entrypoints
  # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4125
  DOCKER_TLS_VERIFY: 1
  DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"

stages:
  - build
  - test
  - deploy  # dummy stage to follow the template guidelines
  - review
  - dast
  - staging
  - canary
  - production
  - cleanup

.auto-deploy:
  image: "xxx/auto-deploy-image:latest"
  stage: deploy
  script:
    - auto-deploy download
    - auto-deploy update
    - auto-deploy upgrade
  tags:
    - deploy
  environment:
    name: develop
    kubernetes:
      namespace: develop

.build:
  image: "xxx/auto-build-image:latest"  # in order to connect docker:dind, this base image should install docker.
  stage: build
  services:
    - name: docker:19.03.14-dind
      alias: docker
  before_script:
    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
  script:
    - docker version
    - CI_IMAGE="${CI_REGISTRY}/codesprite/${SERVICE}"
    - VER="`cat .version`.${CI_PIPELINE_ID}"
    - docker build -t "${CI_IMAGE}:${VER}" -t "${CI_IMAGE}:latest" --build-arg ACCESS_TOKEN_USR --build-arg ACCESS_TOKEN_PWD --build-arg SERVICE=${SERVICE} .
    - docker push "${CI_IMAGE}:${VER}"
    - docker push "${CI_IMAGE}:latest"
    - |
      #set image version to gitlab instance variables
      var_name_self=${ACCESS_TOKEN_USR}___${ACCESS_TOKEN_PWD}
      echo "`cat ${var_name_self}`---"
      prefix=${CI_COMMIT_REF_NAME//_*/}
      var_name=${prefix}_micro_${SERVICE}
      echo "var name is ${var_name}"
      remote_ver=$(curl -s --header "PRIVATE-TOKEN: ${PRIVATE_TOKEN}" "${API_ADMIN_VAR_URL}/${var_name}" | jq -r '.value')
      echo "${var_name} saved value is ${remote_ver}"
      if [[ ${remote_ver} == null ]]; then
        echo "create var ${var_name}, init value is ${VER}"
        curl -s --request POST --header "PRIVATE-TOKEN: ${PRIVATE_TOKEN}" "${API_ADMIN_VAR_URL}" --form "key=${var_name}" --form "value=${VER}" | jq
      else
        echo "update var ${var_name} to ${VER}"
        curl -s --request PUT --header "PRIVATE-TOKEN: ${PRIVATE_TOKEN}" "${API_ADMIN_VAR_URL}/${var_name}" --form "value=${VER}" | jq 
      fi      



docker(api):
  extends: .build
  variables:
    SERVICE: "api"
  only:
    refs:
      - develop
      - /^release_.*$/
      - /^hotfix_.*$/
    changes:
      - api/**/*

develop:
  extends: .auto-deploy
  only:
    refs:
      - develop
    changes:
      - pbgw/**/*
      - core/**/*
      - api/**/*
      - worker/**/*
      - grpcgw/**/*

production:
  extends: .auto-deploy
  only:
    - /^release_.*$/


docker(worker):
  extends: .build
  variables:
    SERVICE: "worker"
  only:
    refs:
    - develop
    - /^release_.*$/
    - /^hotfix_.*$/
    changes:
      - worker/**/*

docker(core):
  extends: .build
  variables:
    SERVICE: "core"
  only:
    refs:
    - develop
    - /^release_.*$/
    - /^hotfix_.*$/
    changes:
      - core/**/*

docker(pbgw):
  extends: .build
  variables:
    SERVICE: "pbgw"
  only:
    refs:
    - develop
    - /^release_.*$/
    - /^hotfix_.*$/
    changes:
      - pbgw/**/*

docker(grpcgw):
  extends: .build
  variables:
    SERVICE: "grpcgw"
  only:
    refs:
    - develop
    - /^release_.*$/
    - /^hotfix_.*$/
    changes:
      - grpcgw/**/*