涛子 - 简单就是美

成单纯魁增,永继振国兴,克复宗清政,广开家必升

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理
  428 随笔 :: 0 文章 :: 19 评论 :: 22万 阅读
轻量级流水线可以选择以下2种组合,'gitea + gitea actions' or 'gitea + drone',感觉当前drone比actions更加成熟一些 

* https://cloud.tencent.com/developer/article/2145626?areaSource=102001.10&traceId=7e8h39s3ka0YtkAAu5jx_
* 参考
https://www.bboy.app/2023/04/12/%E8%AF%B4%E4%B8%80%E4%B8%8B%E5%AE%B6%E9%87%8C%E7%9A%84%E6%B5%81%E6%B0%B4%E7%BA%BF/
CI/CD的全称是Continuous Integration and Continuous Delivery/Deployment,中文翻译为“持续集成和持续交付/部署”。
CI/CD是一种软件开发流程模型,旨在通过自动化和持续性的构建、测试、部署和交付过程,来提高软件开发和发布的效率和质量。
CI/CD的目标是缩短软件开发和发布的周期,降低开发和发布的成本和风险,以满足快速变化和不断迭代的业务需求。

通常,CI/CD包括以下几个环节:

* 持续集成(Continuous Integration,CI):开发人员将代码不断地提交到源代码管理系统中,该过程中,自动化的测试和构建工具会自动从源代码库中获取最新的代码,进行编译、测试、打包等操作,并生成相应的构建产物。

* 持续交付(Continuous Delivery,CD):将构建产物部署到测试环境,进行测试和验证,最终生成可部署的产物。

* 持续部署(Continuous Deployment,CD):将构建产物部署到生产环境,实现自动化的部署和发布,从而实现快速的交付和迭代。

* 参考 * 
https://seepine.com/git/gitea/actions
https://www.rasukarusan.com/entry/2021/01/27/224725

1. 本地容器仓库 registry

安装方法 -> 请点击 docker registry 私有仓库安装

内网域名 -> hub.example.com

下载支持act的runner和docker镜像写入本地容器仓库

gitea也可以用做容器仓库 Container Registry

2. 代码仓库 gitea

  • 安装
# mkdir -p /data/{gitea,gitea-db}

# cat > /data/compose/gitea/docker-compose.yml << EOF
version: "3"

services:
  gitea:
    image: gitea/gitea
    container_name: gitea
    restart: always
    networks:
      - gitea-net
    volumes:
      - /data/gitea:/data:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "2222:22"
    depends_on:
      - gitea-db
  
  gitea-db:
    image: mariadb:11.0.2
    container_name: gitea-db
    restart: always
    networks:
      - gitea-net
    ports: 
      - "3306:3306"
    volumes:
      - /data/gitea-db:/var/lib/mysql
    environment:
      MYSQL_DATABASE: gitea
      MYSQL_USER: gitea
      MYSQL_PASSWORD: gitea
      MYSQL_ROOT_PASSWORD: Abcd@1234

networks:
  gitea-net:
    driver: bridge
EOF

# cd /data/compose/gitea && docker compose  up -d
  • 配置
# 开启gitea action 功能
配置文件 /data/gitea/gitea/conf/app.ini,添加以下内容
+ [actions]
+ ENABLED = true

[repository]
+ DEFAULT_REPO_UNITS = ...,repo.actions

# 重启容器
# docker compose down && docker compose up -d

# 开启仓库 action 功能
访问 http://192.168.10.32:3000/<user_name>/<repo_name>/settings
勾选 action enable repository actions

3. job工具 act runner

  • 安装
# mkdir -p /data/compose/act_runner /data/act_runner/cache

# 获取gitea runner token
访问 http://192.168.10.32:3000/admin/actions/runners, 点击 Create New Runner,建立全局runner,
获取 runner token,用来替换 docker-compose.yml 文件中 GITEA_RUNNER_REGISTRATION_TOKEN

# cat > /data/compose/act_runner/docker-compose.yml << EOF
version: "3"
  
services:
  act_runner:
    image: gitea/act_runner
    container_name: act_runner
    restart: always
    volumes:
      - /data/act_runner/data:/data
      - /data/act_runner/cache:/root/.cache
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      GITEA_INSTANCE_URL: http://192.168.10.32:3000
      GITEA_RUNNER_REGISTRATION_TOKEN: vcPY7PxBLluvNBy9w9lHWjmNDsDlciStFXoHAQUc
      GITEA_RUNNER_NAME: runner-x86_64
      GITEA_RUNNER_LABELS: ubuntu-22.04:docker://node:16-bullseye                                                                  
EOF

runner所需要的镜像来源 -> [ https://github.com/nektos/act,https://github.com/catthehacker/docker_images ]

# cd /data/compose/act-runner && docker compose up -d
  • 重注册
# 删除gitea runner
http://192.168.10.32:3000/admin/actions/runners 删除所有runner

# rm -rf /data/gitea-runner/{0,1}/.runner

# docker compose down && docker compose up -d

3. k3s 集群

部署方法 -> 请点击以下连接 (k3s cluster 部署)[https://www.cnblogs.com/liujitao79/p/17647657.html]

4. cicd 测试

# cat .gitea/workflows/action.yml
on:
  push:
    tags:
      - 'test_v[0-9]+.[0-9]+.[0-9]+'
    branches:
      - 'main'

# 手工模式
# on:
#   workflow_dispatch:

env:
  registry: 192.168.10.32:5000
  image_name: app
  project_name: project_ci

jobs:
  build:
    name: Build image && Push to registry
    runs-on: ubuntu-22.04

    container:
      image: catthehacker/ubuntu:act-22.04

    steps:
      - name: Checkout source code
        id: checkout
        uses: http://192.168.10.32:3000/liujitao/checkout@v3
        with:
          fetch-depth: 0

#          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
      - name: Get version
        run: | 
          echo "RELEASE_VERSION=$(git describe --tags --always --abbrev=0)" >> $GITHUB_ENV
          echo ${{ env.RELEASE_VERSION }}
          echo ${{ github.sha }}

      - name: Set up qemu
        uses: http://192.168.10.32:3000/liujitao/setup-qemu-action@v2

      - name: Download ca cert
        run: |
          mkdir -p /etc/docker/certs.d/192.168.10.32:5000
          echo -n | openssl s_client -showcerts -connect 192.168.10.32:5000 2>/dev/null |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/192.168.10.32:5000/ca.crt
          cat /etc/docker/certs.d/192.168.10.32:5000/ca.crt

      - name: Set up docker context
        id: buildx-context
        run: docker context create builders || docker context use builders

      - name: Set up docker buildx
        uses: http://192.168.10.32:3000/liujitao/setup-buildx-action@v2
        with:
          endpoint: builders
          buildkitd-flags: --debug
          config-inline: |
            [registry."192.168.10.32:5000"]
              http = false
              insecure = false
              ca=["/etc/docker/certs.d/192.168.10.32:5000/ca.crt"]      

      - name: Login to registry
        uses: http://192.168.10.32:3000/liujitao/login-action@v2
        with:
          registry: ${{ secrets.DOCKERHUB_REGISTRY }}
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Build and push
        uses: http://192.168.10.32:3000/liujitao/build-push-action@v4
        with:
          context: .
          # platforms: linux/amd64,linux/arm64
          platforms: linux/amd64   
          push: true
          tags: |
            192.168.10.32:5000/${{ env.project_name }}/${{ env.image_name }}:${{ github.sha }}

  argocd:
    name: Push mainfest to argocd
    runs-on: ubuntu-22.04
    needs: build
    env:
      namespace: dev
      name: demo
      app_name: demo
      port: 80
      target_port: 5000
      container_port: 5000
      host: demo.example.com

    steps:
      - name: Checkout source code
        uses: http://192.168.10.32:3000/liujitao/checkout@v3
        with:
           token: ${{ secrets.PERSON_TOKEN }}
           ref: ${{ github.head_ref }}

      - name: Update the mainfest file
        run: |
          echo -n | sed -e "s|: NAME$|: $name|g" -e "s|: NAME_SPACE|: $namespace|g" \
            -e "s|REGISTRY|$registry|g" -e "s|PROJECT|$project_name|g" -e "s|IMAGE_NAME|$image_name|g" -e "s|TAG|$GITHUB_SHA|g" \
            -e "s|: CONTAINER_PORT|: $container_port|g" \
            mainfest/deployment.tpl > mainfest/deployment.yml
          
          echo "*** $(pwd)/deployment.yml ***"
          cat mainfest/deployment.yml
          
          echo -n | sed -e "s|: NAME$|: $name|g" -e "s|: NAME_SPACE|: $namespace|g" -e "s|APP|$app_name|g" \
            -e "s|: PORT|: $port|g" -e "s|: TARGET_PORT|: $target_port|g" -e "s|: CONTAINER_PORT|: $container_port|g" \
            mainfest/service.tpl > mainfest/service.yml
          
          echo "*** $(pwd)/service.yml ***"
          cat mainfest/service.yml

          echo -n | sed -e "s|: NAME$|: $name|g" -e "s|: NAME_SPACE|: $namespace|g" \
            -e "s|HOST|$host|g" -e "s|: PORT|: $port|g" \
            mainfest/ingress.tpl > mainfest/ingress.yml
          
          echo "*** $(pwd)/ingress.yml ***"
          cat mainfest/ingress.yml

          echo -n | sed -e "s|: NAME$|: $name|g" -e "s|: NAME_SPACE|: $namespace|g" -e "s|HOST|$host|g" \
            mainfest/cert.tpl > mainfest/cert.yml
          
          echo "*** $(pwd)/ingress.yml ***"
          cat mainfest/cert.yml

      - name: Push to ArgoCD repository
        uses: http://192.168.10.32:3000/liujitao/github-action-push-to-another-repository@main
        env:
          API_TOKEN_GITHUB: ${{ secrets.PERSON_TOKEN }}
        with:
          source-directory: mainfest
          destination-repository-name: project_cd
          github-server: 192.168.10.32:3000
          user-email: liujitao@sipop.cn
          user-name: liujitao
          destination-repository-username: liujitao
          target-directory: mainfest
          commit-message: "Done by Actions CI Job change manifest: ${{ github.sha }}"
EOF
# cat > mainfest/deployment.tpl << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: NAME
  namespace: NAME_SPACE
spec:
  replicas: 3
  selector:
    matchLabels:
      app: NAME
  template:
    metadata:
      labels:
        app: NAME
    spec: 
      containers:                                                                                                   
      - name: NAME
        image: REGISTRY/PROJECT/IMAGE_NAME:TAG
        ports:
          - containerPort: CONTAINER_PORT
EOF
# cat > mainfest/service.tpl << EOF
apiVersion: v1
kind: Service
metadata:
  name: NAME
  namespace: NAME_SPACE
spec:
  ports:
  - name: http
    port: PORT
    protocol: TCP
    targetPort: TARGET_PORT
  selector:
    app: APP
  type: LoadBalancer
EOF
# cat > mainfest/ingress.tpl << EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: NAME
  namespace: NAME_SPACE
  annotations:
    kubernetes.io/ingress.class: traefik
    cert-manager.io/cluster-issuer: selfsigned
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  rules:
  - host: HOST
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: NAME
            port:
              number: PORT
  tls:
  - hosts:
    - HOST
    secretName: HOST
EOF
# cat > mainfest/cert.tpl << EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: NAME
  namespace: NAME_SPACE
spec:
  commonName: HOST
  secretName: HOST
  dnsNames:
    - HOST
  issuerRef:
    name: selfsigned
    kind: ClusterIssuer
EOF
posted on   北京涛子  阅读(168)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 我与微信审核的“相爱相杀”看个人小程序副业
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
点击右上角即可分享
微信分享提示