轻量级流水线可以选择以下2种组合,'gitea + gitea actions' or 'gitea + drone',感觉当前drone比actions更加成熟一些
* https://cloud.tencent.com/developer/article/2145626?areaSource=102001.10&traceId=7e8h39s3ka0YtkAAu5jx_
* 参考
https://www.bboy.app/2023/04/12/%E8%AF%B4%E4%B8%80%E4%B8%8B%E5%AE%B6%E9%87%8C%E7%9A%84%E6%B5%81%E6%B0%B4%E7%BA%BF/
CI/CD的全称是Continuous Integration and Continuous Delivery/Deployment,中文翻译为“持续集成和持续交付/部署”。
CI/CD是一种软件开发流程模型,旨在通过自动化和持续性的构建、测试、部署和交付过程,来提高软件开发和发布的效率和质量。
CI/CD的目标是缩短软件开发和发布的周期,降低开发和发布的成本和风险,以满足快速变化和不断迭代的业务需求。
通常,CI/CD包括以下几个环节:
* 持续集成(Continuous Integration,CI):开发人员将代码不断地提交到源代码管理系统中,该过程中,自动化的测试和构建工具会自动从源代码库中获取最新的代码,进行编译、测试、打包等操作,并生成相应的构建产物。
* 持续交付(Continuous Delivery,CD):将构建产物部署到测试环境,进行测试和验证,最终生成可部署的产物。
* 持续部署(Continuous Deployment,CD):将构建产物部署到生产环境,实现自动化的部署和发布,从而实现快速的交付和迭代。
* 参考 *
https://seepine.com/git/gitea/actions
https://www.rasukarusan.com/entry/2021/01/27/224725
1. 本地容器仓库 registry
安装方法 -> 请点击 docker registry 私有仓库安装
内网域名 -> hub.example.com
下载支持act的runner和docker镜像写入本地容器仓库
gitea也可以用做容器仓库 Container Registry
2. 代码仓库 gitea
- 安装
# mkdir -p /data/{gitea,gitea-db}
# cat > /data/compose/gitea/docker-compose.yml << EOF
version: "3"
services:
gitea:
image: gitea/gitea
container_name: gitea
restart: always
networks:
- gitea-net
volumes:
- /data/gitea:/data:rw
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:22"
depends_on:
- gitea-db
gitea-db:
image: mariadb:11.0.2
container_name: gitea-db
restart: always
networks:
- gitea-net
ports:
- "3306:3306"
volumes:
- /data/gitea-db:/var/lib/mysql
environment:
MYSQL_DATABASE: gitea
MYSQL_USER: gitea
MYSQL_PASSWORD: gitea
MYSQL_ROOT_PASSWORD: Abcd@1234
networks:
gitea-net:
driver: bridge
EOF
# cd /data/compose/gitea && docker compose up -d
- 配置
# 开启gitea action 功能
配置文件 /data/gitea/gitea/conf/app.ini,添加以下内容
+ [actions]
+ ENABLED = true
[repository]
+ DEFAULT_REPO_UNITS = ...,repo.actions
# 重启容器
# docker compose down && docker compose up -d
# 开启仓库 action 功能
访问 http://192.168.10.32:3000/<user_name>/<repo_name>/settings
勾选 action enable repository actions
3. job工具 act runner
- 安装
# mkdir -p /data/compose/act_runner /data/act_runner/cache
# 获取gitea runner token
访问 http://192.168.10.32:3000/admin/actions/runners, 点击 Create New Runner,建立全局runner,
获取 runner token,用来替换 docker-compose.yml 文件中 GITEA_RUNNER_REGISTRATION_TOKEN
# cat > /data/compose/act_runner/docker-compose.yml << EOF
version: "3"
services:
act_runner:
image: gitea/act_runner
container_name: act_runner
restart: always
volumes:
- /data/act_runner/data:/data
- /data/act_runner/cache:/root/.cache
- /var/run/docker.sock:/var/run/docker.sock
environment:
GITEA_INSTANCE_URL: http://192.168.10.32:3000
GITEA_RUNNER_REGISTRATION_TOKEN: vcPY7PxBLluvNBy9w9lHWjmNDsDlciStFXoHAQUc
GITEA_RUNNER_NAME: runner-x86_64
GITEA_RUNNER_LABELS: ubuntu-22.04:docker://node:16-bullseye
EOF
runner所需要的镜像来源 -> [ https://github.com/nektos/act,https://github.com/catthehacker/docker_images ]
# cd /data/compose/act-runner && docker compose up -d
- 重注册
# 删除gitea runner
http://192.168.10.32:3000/admin/actions/runners 删除所有runner
# rm -rf /data/gitea-runner/{0,1}/.runner
# docker compose down && docker compose up -d
3. k3s 集群
部署方法 -> 请点击以下连接 (k3s cluster 部署)[https://www.cnblogs.com/liujitao79/p/17647657.html]
4. cicd 测试
# cat .gitea/workflows/action.yml
on:
push:
tags:
- 'test_v[0-9]+.[0-9]+.[0-9]+'
branches:
- 'main'
# 手工模式
# on:
# workflow_dispatch:
env:
registry: 192.168.10.32:5000
image_name: app
project_name: project_ci
jobs:
build:
name: Build image && Push to registry
runs-on: ubuntu-22.04
container:
image: catthehacker/ubuntu:act-22.04
steps:
- name: Checkout source code
id: checkout
uses: http://192.168.10.32:3000/liujitao/checkout@v3
with:
fetch-depth: 0
# echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Get version
run: |
echo "RELEASE_VERSION=$(git describe --tags --always --abbrev=0)" >> $GITHUB_ENV
echo ${{ env.RELEASE_VERSION }}
echo ${{ github.sha }}
- name: Set up qemu
uses: http://192.168.10.32:3000/liujitao/setup-qemu-action@v2
- name: Download ca cert
run: |
mkdir -p /etc/docker/certs.d/192.168.10.32:5000
echo -n | openssl s_client -showcerts -connect 192.168.10.32:5000 2>/dev/null |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/192.168.10.32:5000/ca.crt
cat /etc/docker/certs.d/192.168.10.32:5000/ca.crt
- name: Set up docker context
id: buildx-context
run: docker context create builders || docker context use builders
- name: Set up docker buildx
uses: http://192.168.10.32:3000/liujitao/setup-buildx-action@v2
with:
endpoint: builders
buildkitd-flags: --debug
config-inline: |
[registry."192.168.10.32:5000"]
http = false
insecure = false
ca=["/etc/docker/certs.d/192.168.10.32:5000/ca.crt"]
- name: Login to registry
uses: http://192.168.10.32:3000/liujitao/login-action@v2
with:
registry: ${{ secrets.DOCKERHUB_REGISTRY }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build and push
uses: http://192.168.10.32:3000/liujitao/build-push-action@v4
with:
context: .
# platforms: linux/amd64,linux/arm64
platforms: linux/amd64
push: true
tags: |
192.168.10.32:5000/${{ env.project_name }}/${{ env.image_name }}:${{ github.sha }}
argocd:
name: Push mainfest to argocd
runs-on: ubuntu-22.04
needs: build
env:
namespace: dev
name: demo
app_name: demo
port: 80
target_port: 5000
container_port: 5000
host: demo.example.com
steps:
- name: Checkout source code
uses: http://192.168.10.32:3000/liujitao/checkout@v3
with:
token: ${{ secrets.PERSON_TOKEN }}
ref: ${{ github.head_ref }}
- name: Update the mainfest file
run: |
echo -n | sed -e "s|: NAME$|: $name|g" -e "s|: NAME_SPACE|: $namespace|g" \
-e "s|REGISTRY|$registry|g" -e "s|PROJECT|$project_name|g" -e "s|IMAGE_NAME|$image_name|g" -e "s|TAG|$GITHUB_SHA|g" \
-e "s|: CONTAINER_PORT|: $container_port|g" \
mainfest/deployment.tpl > mainfest/deployment.yml
echo "*** $(pwd)/deployment.yml ***"
cat mainfest/deployment.yml
echo -n | sed -e "s|: NAME$|: $name|g" -e "s|: NAME_SPACE|: $namespace|g" -e "s|APP|$app_name|g" \
-e "s|: PORT|: $port|g" -e "s|: TARGET_PORT|: $target_port|g" -e "s|: CONTAINER_PORT|: $container_port|g" \
mainfest/service.tpl > mainfest/service.yml
echo "*** $(pwd)/service.yml ***"
cat mainfest/service.yml
echo -n | sed -e "s|: NAME$|: $name|g" -e "s|: NAME_SPACE|: $namespace|g" \
-e "s|HOST|$host|g" -e "s|: PORT|: $port|g" \
mainfest/ingress.tpl > mainfest/ingress.yml
echo "*** $(pwd)/ingress.yml ***"
cat mainfest/ingress.yml
echo -n | sed -e "s|: NAME$|: $name|g" -e "s|: NAME_SPACE|: $namespace|g" -e "s|HOST|$host|g" \
mainfest/cert.tpl > mainfest/cert.yml
echo "*** $(pwd)/ingress.yml ***"
cat mainfest/cert.yml
- name: Push to ArgoCD repository
uses: http://192.168.10.32:3000/liujitao/github-action-push-to-another-repository@main
env:
API_TOKEN_GITHUB: ${{ secrets.PERSON_TOKEN }}
with:
source-directory: mainfest
destination-repository-name: project_cd
github-server: 192.168.10.32:3000
user-email: liujitao@sipop.cn
user-name: liujitao
destination-repository-username: liujitao
target-directory: mainfest
commit-message: "Done by Actions CI Job change manifest: ${{ github.sha }}"
EOF
# cat > mainfest/deployment.tpl << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: NAME
namespace: NAME_SPACE
spec:
replicas: 3
selector:
matchLabels:
app: NAME
template:
metadata:
labels:
app: NAME
spec:
containers:
- name: NAME
image: REGISTRY/PROJECT/IMAGE_NAME:TAG
ports:
- containerPort: CONTAINER_PORT
EOF
# cat > mainfest/service.tpl << EOF
apiVersion: v1
kind: Service
metadata:
name: NAME
namespace: NAME_SPACE
spec:
ports:
- name: http
port: PORT
protocol: TCP
targetPort: TARGET_PORT
selector:
app: APP
type: LoadBalancer
EOF
# cat > mainfest/ingress.tpl << EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: NAME
namespace: NAME_SPACE
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: selfsigned
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: HOST
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: NAME
port:
number: PORT
tls:
- hosts:
- HOST
secretName: HOST
EOF
# cat > mainfest/cert.tpl << EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: NAME
namespace: NAME_SPACE
spec:
commonName: HOST
secretName: HOST
dnsNames:
- HOST
issuerRef:
name: selfsigned
kind: ClusterIssuer
EOF
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 我与微信审核的“相爱相杀”看个人小程序副业
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求