GitLab CI/CD 脚本改进

GitLab CI/CD Script Improvement

下面是我的第一个静态网站的 gitlab-ci.yml 脚本。它正是我需要的。它不需要每个 Angular 或 React 的构建过程。有人认为有改进的余地吗?任何明显的新手错误? exit 命令是必要的还是会在脚本终止时自动注销?另外,是否需要在每个部署部分末尾删除部署密钥?

  - build
  - deploy_staging
  - deploy_production

build:
  image: alpine
  stage: build
  before_script:
    - apk add zip
  script:  
    - zip -r website.zip * -x "composer.json" -x "composer.lock" -x "gruntfile.js" -x "package-lock.json" -x "package.json" -x "Read Me" -x "_/" -x "deploy_production.sh" -x "deploy_staging.sh" -x "README.md" -x "Read Me Custom.txt" -x "gitlab-ci.yml"
  artifacts:
    paths:
     - website.zip

deploy_to_staging:
  image: alpine
  stage: deploy_staging
  before_script:
  - apk add unzip openssh-client
  - eval $(ssh-agent -s)
  - echo "$DEPLOYMENT_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  - ssh-keyscan -H "$DEPLOYMENT_SERVER" >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  script:
    - scp website.zip "$DEPLOYMENT_LOGIN":"$DEPLOYMENT_PATH"
    - ssh -p 2222 "$DEPLOYMENT_LOGIN" "
      cd temp;
      rm website.zip;
      cd ../staging;
      bash -O extglob -c 'rm -rf !(website.zip)';
      unzip website.zip;
      "cp website.zip ../../temp/";
      rm website.zip;
      exit; "
      rm -f ~/.ssh/id_rsa
  only:
    - main

deploy_to_production:
  image: alpine
  stage: deploy_production
  before_script:
    - apk add unzip openssh-client
    - eval $(ssh-agent -s)
    - echo "$DEPLOYMENT_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan -H "$DEPLOYMENT_SERVER" >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
  script:
    - ssh -p 2222 "$DEPLOYMENT_LOGIN" "
      cp temp/website.zip portal/;
      cd portal;
      bash -O extglob -c 'rm -rf !(website.zip)';
      unzip website.zip;
      rm website.zip;
      exit; "
      rm -f ~/.ssh/id_rsa
  when: manual
  only:
    - main

这些脚本看起来很简单,它做了它应该做的。但有些事情你应该考虑。

  1. 在执行生命部署之前,您依赖的事实是没有部署管道 运行。但理论上有可能 temp 文件夹中服务器上的 zip 不是来自同一个管道。当例如。另一个管道已经执行了暂存调用。这样您将部署较新的包,尽管您执行的是旧管道。因此,为了安全起见,我建议重新上传。

  2. 您的脚本包含一些重复项,当您需要调整这些重复代码时会导致错误。我给你加了一个继承的例子。

  3. 使用环境。 GitLab 有一个非常好的功能,称为环境,您可以在其中概述现有环境以及通过哪个管道将什么部署到哪个环境。 https://docs.gitlab.com/ee/ci/yaml/#environment

  4. 使用资源组来防止在同一环境中并行执行作业。 https://docs.gitlab.com/ee/ci/yaml/#resource_group

  5. 另外,在后期阶段要考虑的事情是为您的项目添加真正的发布和标记 - 但总体而言这是一个自己的主题:)

免责声明:我也不是专业人士,但这些是我会考虑的更改和注意事项:)

stages:
  - build
  - deploy_staging
  - deploy_production

build:
  image: alpine
  stage: build
  before_script:
    - apk add zip
  script:  
    - zip -r website.zip * -x "composer.json" -x "composer.lock" -x "gruntfile.js" -x "package-lock.json" -x "package.json" -x "Read Me" -x "_/" -x "deploy_production.sh" -x "deploy_staging.sh" -x "README.md" -x "Read Me Custom.txt" -x "gitlab-ci.yml"
  artifacts:
    paths:
     - website.zip

.deploy:
  image: alpine
  before_script:
  - apk add unzip openssh-client
  - eval $(ssh-agent -s)
  - echo "$DEPLOYMENT_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  - ssh-keyscan -H "$DEPLOYMENT_SERVER" >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  script:
    - scp website.zip "$DEPLOYMENT_LOGIN":"$DEPLOYMENT_PATH"
    - ssh -p 2222 "$DEPLOYMENT_LOGIN" "
      cd $DEPLOYMENT_PATH;
      bash -O extglob -c 'rm -rf !(website.zip)';
      unzip website.zip;
      rm website.zip;
      exit; "
  after_script:
  - rm -f ~/.ssh/id_rsa
  only:
    - main

deploy_to_staging:
  stage: deploy_staging
  variables:
    DEPLOYMENT_PATH: "../staging"
  extends: .deploy # inheritance to reduce duplicated code
  environment: 
    name: staging
  resource_group: staging

deploy_to_production:
  stage: deploy_production
  variables:
    DEPLOYMENT_PATH: "portal"
  extends: .deploy # inheritance to reduce duplicated code
  environment: 
    name: production
  resource_group: production
  when: manual