GITLIbCICD流水线搭建
1,搭建gitLIb服务器,创建gitlibRunner 并且注册,
2. 写dockerfile 包块java程序运行的环境,jdk,参数等 ,
2.1ai生成版本,
# 基础镜像(JDK 17)
FROM eclipse-temurin:17-jdk-alpine
# 设置工作目录
WORKDIR /app
# 复制Maven配置(可选)
COPY .m2/settings.xml /root/.m2/
# 复制项目文件
COPY pom.xml .
COPY src/ src/
# 构建应用(跳过测试)
RUN mvn -B -DskipTests clean package
# 使用JRE运行时镜像
FROM eclipse-temurin:17-jre-alpine
# 复制构建好的应用
COPY target/*.jar app.jar
# 配置端口
EXPOSE 8080
# 定义启动命令
ENTRYPOINT ["java","-jar","app.jar"]2.2实战版本 这里还不完全,实战中应该dockerfile中还应该写日志挂载等目录同步到服务器上,
# 使用更小的基础镜像
FROM openjdk:17-jdk
WORKDIR /app
# 创建自定义java.security(保持原有安全配置)
RUN echo "jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \\" > /app/java.security && \
echo " EC keySize < 224, 3DES_EDE_CBC, anon, NULL" >> /app/java.security
# 直接复制CI生成的JAR文件(需确保文件路径正确)
COPY *.jar app.jar
# 环境变量配置(保持原有)
ENV JDK_TLS_CLIENT_PROTOCOLS="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"
ENV HTTPS_PROTOCOLS="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"
EXPOSE 48080
# 合并JAVA_OPTS定义(更清晰)
ENV JAVA_OPTS="-Xms512m -Xmx1024m \
-Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 \
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 \
-Djava.security.properties=/app/java.security"
# 使用exec格式启动(保持原有最佳实践)
ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /app/app.jar"]
3.编写.gitlib-ci.yml文件 放置在根目录下 ,
3.1ai生成版本,
# GitLab CI/CD配置
image: eclipse-temurin:17-jdk-alpine
stages:
- build
- test
- deploy
variables:
DOCKER_IMAGE: "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}"
DOCKER_COMPOSE_FILE: docker-compose.yml
before_script:
- echo "$DOCKER_PASSWORD" | docker login "${CI_REGISTRY}" -u "$DOCKER_USER" --password-stdin
- mvn -v
build-job:
stage: build
script:
- mvn clean package -DskipTests
- docker build -t "${DOCKER_IMAGE}" .
artifacts:
paths:
- target/*.jar
test-job:
stage: test
script:
- mvn test
dependencies:
- build-job
docker-push:
stage: deploy
script:
- docker push "${DOCKER_IMAGE}"
dependencies:
- test-job
deploy-dev:
stage: deploy
script:
- docker-compose -f "${DOCKER_COMPOSE_FILE}" down
- docker-compose -f "${DOCKER_COMPOSE_FILE}" pull
- docker-compose -f "${DOCKER_COMPOSE_FILE}" up -d
only:
- main
# 生产环境部署(示例)
deploy-prod:
stage: deploy
script:
- ssh -i ~/.ssh/deploy_key "root@production-server" "docker stop spring-app || true"
- ssh -i ~/.ssh/deploy_key "root@production-server" "docker rm spring-app || true"
- ssh -i ~/.ssh/deploy_key "root@production-server" "docker pull ${DOCKER_IMAGE}"
- ssh -i ~/.ssh/deploy_key "root@production-server" "docker run -d --name spring-app -p 8080:8080 ${DOCKER_IMAGE}"
only:
- main
when: manual
environment:
name: production
url: http://your-production-url.com3.2实战使用版本,
stages:
- package
- build
- deploy
variables:
APP_NAME: "process-app"
TARGET_USER: "root"
package:
stage: package
image: maven:3.8.5-openjdk-17
variables:
MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository"
cache:
key: ${CI_JOB_NAME}-maven
paths:
- ./.m2/repository
- target/
policy: pull-push
before_script:
- mkdir -p ~/.m2
- cp settings.xml ~/.m2/settings.xml # 强制覆盖
script:
- mvn -s settings.xml help:effective-settings # 验证配置生效
- mvn -s ~/.m2/settings.xml clean package -DskipTests -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" -Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2"
- mkdir -p target
- cp sdn-server/target/*.jar target/
- cp sdn-server/Dockerfile .
artifacts:
paths:
- target/*.jar
- Dockerfile
# rules:
# - if: $CI_COMMIT_BRANCH == "main"
docker-build:
stage: build
image: alpine:latest
dependencies:
- package
before_script:
# SSH密码认证方式
- apk add --no-cache openssh-client sshpass
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $TARGET_SERVER >> ~/.ssh/known_hosts
script:
# 验证文件存在
- ls -lth target/*.jar
- cat Dockerfile
# 预拉取基础镜像步骤
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker pull openjdk:17-jdk || true"
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker pull alpine:latest || true"
# 停止并删除旧容器
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker stop $APP_NAME || true"
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker rm $APP_NAME || true"
# 删除旧镜像
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker rmi $APP_NAME || true"
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "rm -f /opt/app/$APP_NAME || true"
# 删除目录
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "rm -rf /opt/app/$APP_NAME/*"
# 准备目标服务器目录
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "mkdir -p /opt/app/$APP_NAME"
# - ssh $TARGET_USER@$TARGET_SERVER "mkdir -p /opt/app/$APP_NAME" # 密钥认证时使用
# 传输构建文件
- sshpass -p "$SSH_PASSWORD" scp -v target/*.jar Dockerfile $TARGET_USER@$TARGET_SERVER:/opt/app/$APP_NAME/
# - scp -v target/*.jar Dockerfile $TARGET_USER@$TARGET_SERVER:/opt/app/$APP_NAME/ # 密钥认证时使用
# 执行Docker构建(确保在目标服务器安装有Docker)
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "DOCKER_BUILDKIT=1 docker build --build-arg BUILDKIT_INLINE_CACHE=1 -t $APP_NAME ."
# - ssh $TARGET_USER@$TARGET_SERVER "cd /opt/app/$APP_NAME && docker build --no-cache --memory=3g -t $APP_NAME ." # 密钥认证时使用
# rules:
# - if: $CI_COMMIT_BRANCH == "main"
deploy:
stage: deploy
image: alpine:latest
before_script:
- apk add --no-cache openssh-client sshpass
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $TARGET_SERVER >> ~/.ssh/known_hosts
script:
# 启动新容器(添加健康检查参数)
- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker run -d --name $APP_NAME -p 48080:48080 --memory=3g --restart=unless-stopped $APP_NAME"
retry:
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
# rules:
# - if: $CI_COMMIT_BRANCH == "main"
3.4 对应的一些私钥应该配置在 gitlib的变量当中,
如 sshkey私钥等。
原文地址:https://blog.csdn.net/qq_53170175/article/details/148130560
免责声明:本站文章内容转载自网络资源,如侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!