gitlab结合docker实现CI/CD

本文主要是介绍gitlab结合docker实现CI/CD，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

gitlab的continue integration 和 continue delivery，因为高可用尚未实现暂时不做continue deployment

1.部署gitlab-runner

官网：https://docs.gitlab.com/runner/install/docker.html

centos7下docker部署方式。

   docker run -d --name gitlab-runner --restart always \-v /srv/gitlab-runner/config:/etc/gitlab-runner \-v /var/run/docker.sock:/var/run/docker.sock \gitlab/gitlab-runner:latest

2.注册gitlab-runner

官网：https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding

因为项目需要构建成docker镜像所以采用docker in docker的方式，当然这里有很多缺点大家可以自行研究（hub.docker.com的docker镜像上有详细说明）

use socket binding

enter gitlab-runner container

docker exec -it gitlab-runner bash

register

sudo gitlab-runner register -n \--url https://gitlab.com/ \--registration-token REGISTRATION_TOKEN \--executor docker \--description "My Docker Runner" \--docker-image "docker:19.03.12" \--docker-volumes /var/run/docker.sock:/var/run/docker.sock

3.搭建Harbor

官网：https://goharbor.io/docs/2.3.0/install-config/

构建的镜像需要放到镜像站上，这里采用Harbor搭建

这里安装的是2.3.1版本，安装要求如下

online安装方式：

github上下载安装程序：https://github.com/goharbor/harbor/releases

解压：

bash $ tar xzvf harbor-online-installer-version.tgz

配置https：

yourdomain.com换成自己的域名

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \-key ca.key \-out ca.crtopenssl genrsa -out yourdomain.com.key 4096openssl req -sha512 -new \-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \-key yourdomain.com.key \-out yourdomain.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=yourdomain.com
DNS.2=yourdomain
DNS.3=hostname
EOF

openssl x509 -req -sha512 -days 3650 \-extfile v3.ext \-CA ca.crt -CAkey ca.key -CAcreateserial \-in yourdomain.com.csr \-out yourdomain.com.crt

cp yourdomain.com.crt /data/cert/
cp yourdomain.com.key /data/cert/
openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert
cp yourdomain.com.cert /etc/docker/certs.d/yourdomain.com/
cp yourdomain.com.key /etc/docker/certs.d/yourdomain.com/
cp ca.crt /etc/docker/certs.d/yourdomain.com/
systemctl restart docker

从harbor刚刚解压的安装包里复制harbor.yml.tmpl成harbor.yml修改如下：

# Configuration file of Harbor# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
# 这个改成自己滴
hostname: yourdomain.com# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https port# 这个一定要确认有没有被占用，即使你是用https也得看这个接口，他会重定向回https端口port: 8088# https related config
https:# https port for harbor, default is 443# 注意占用port: 4443# The path of cert and key files for nginxcertificate: /data/cert/tcap.thunisoft.com.crtprivate_key: /data/cert/tcap.thunisoft.com.key# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
# 默认账户admin，这里设置密码
harbor_admin_password: Harbor12345

跑起来，恭喜完成，访问地址看看

sudo ./install.sh

4.编写.gitlab-ci.yml

注册了两个runner一个maven环境打包，一个dind环境制作镜像

variables:harborurl: yourdomain:4443username: adminpassword: Harbor123456SOURCE_PATH: source/xxxstages:- build- publish- deploybefore_script:- pwd- ls- cd ${SOURCE_PATH}mvnPackage:stage: buildonly:refs:- releaseimage: maven:3.6.3-openjdk-11tags:- dockerscript:- tag=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)- image=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)- echo ${image}:${tag}- mvn package -U -Dmaven.test.skip=true# jobs之间传递参数只能通过文件- echo "export tag=${tag} \n export image=${image}">env.txtartifacts:paths:- ${SOURCE_PATH}/target/xxx-*.jar- ${SOURCE_PATH}/env.txtdockerPublish:stage: publishimage: docker:20.10.8only:- releasetags:- dindscript:- source env.txt- echo ${image}:${tag}- mkdir artices- cp Dockerfile artices- cp target/${image}-${tag}.jar artices- cd artices- ls- docker build --build-arg article=${image}-${tag}.jar -t ${image}:${tag} .- docker login --username=${username} --password=${password} ${harborurl}- docker tag ${image}:${tag} ${harborurl}/yourproject/${image}:${tag}- docker images- docker push ${harborurl}/yourproject/${image}:${tag}

5.编写Dockerfile

FROM maven:3.6.3-openjdk-11ARG articleENV env_article=$articleMAINTAINER mynameADD $article /optCOPY xxx /opt
COPY yyy /optEXPOSE 80/tcpWORKDIR /optENTRYPOINT java ${before} -jar ${env_article} ${after}

6.启动

docker run -e befor="" -e after="spring.profiles.active=prod" -d -name test article.jar

总结

        凡事按照官网来，官网说的不清楚的或者理解不到位的再去度娘找答案。不然，吃亏！（上面很多小细节一开始没看官网，大街上随便拉个博客来踩坑啊，浪费的都是青春啊~）

这篇关于gitlab结合docker实现CI/CD的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---