gitlab通过pipeline实现ci/cd

运行环境 gitlab + gitlab runner运行环境

gitlab分gitlab/gitlab-ce, gitlab/gitlab-ee，社区版本和企业版本
系统: CentOS7.9
docker: 20.10.8
gitlab版本： GitLab Community Edition 14.1.2

gitlab安装部署

docker方式启动,镜像较大需要些时间, 拉取完启动

docker run --detach   --publish 443:443 --publish 80:80 --publish 2222:22   --name gitlab   --restart always \
    --volume /mnt/gitlabconfig:/etc/gitlab \
    --volume /mnt/gitlab/logs:/var/log/gitlab \
    --volume /mnt/gitlab/data:/var/opt/gitlab  \
    gitlab/gitlab-ce:latest

修改部分配置(gitlab_rails时间、邮件、oss key之类均可配置)
external_url ‘http://ip/' # 外网ip或域名
gitlab_rails[‘gitlab_ssh_host’] = ‘192.168.7.200’
gitlab_rails[‘gitlab_shell_ssh_port’] = 2222
registry_external_url ‘https://registry-gitlab.example.com'
nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/gitlab.example.com.pem”
nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/gitlab.example.com.key”
prometheus_monitoring[‘enable’] = false

为保安全性，需要重置密码，网上很多说使用gitlab-rails console production，可是有报错，使用gitlab-rails console -e production，前者应该是之前的版本：
运行gitlab-rails console production报错：

#gitlab-rails console production
Traceback (most recent call last):
    8: from bin/rails:4:in `<main>'
    7: from bin/rails:4:in `require'
    6: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/railties-6.1.3.2/lib/rails/commands.rb:18:in `<top (required)>'
    5: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/railties-6.1.3.2/lib/rails/command.rb:50:in `invoke'
    4: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/railties-6.1.3.2/lib/rails/command/base.rb:69:in `perform'
    3: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
    2: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
    1: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/railties-6.1.3.2/lib/rails/commands/console/console_command.rb:95:in `perform': wrong number of arguments (given 1, expected 0) (ArgumentError)
    9: from bin/rails:4:in `<main>'
    8: from bin/rails:4:in `require'
    7: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/railties-6.1.3.2/lib/rails/commands.rb:18:in `<top (required)>'
    6: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/railties-6.1.3.2/lib/rails/command.rb:50:in `invoke'
    5: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/railties-6.1.3.2/lib/rails/command/base.rb:69:in `perform'
    4: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
    3: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
    2: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/thor-1.1.0/lib/thor/command.rb:20:in `run'
    1: from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/thor-1.1.0/lib/thor/command.rb:34:in `rescue in run'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/thor-1.1.0/lib/thor/base.rb:525:in `handle_argument_error': ERROR: "rails console" was called with arguments ["production"] (Thor::InvocationError)
Usage: "rails console [options]"


运行gitlab-rails console -e production
#gitlab-rails console -e production
--------------------------------------------------------------------------------
Ruby:         ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux]
GitLab:       14.1.2 (8c67b499146) FOSS
GitLab Shell: 13.19.1
PostgreSQL:   12.6
--------------------------------------------------------------------------------
Loading production environment (Rails 6.1.3.2)
irb(main):001:0> user=User.where(id:1).first
=> #<User id:1 @root>
irb(main):002:0> user.password='mypassword'
irb(main):002:0> user.password='mypassword'
=> "mypassword"
irb(main):004:0> user.password_confirmation='mypassword'
=> "mypassword"
irb(main):005:0> user.save
Enqueued ActionMailer::MailDeliveryJob (Job ID: d2188216-9afb-4b87-aa33-bbd07d8931c9) to Sidekiq(mailers) with arguments: "DeviseMailer", "password_change", "deliver_now", {:args=>[#<GlobalID:0x00007fd186dba088 @uri=#<URI::GID gid://gitlab/User/1>>]}
=> true

gitlab就完成了，可以登录添加项目了。

gitlab-runner安装配置

gitlab-runner作为gitlab ci/cd的执行者，可以支持各种环境如：shell, docker，以docker为例

启动gitlab-runner

1 2	docker run -d --name gitlab-runner --restart always -v /mnt/gitlab-runner/config:/etc/gitlab-runner -v /var/run/docker.sock:/var/run/docker.sock gitlab/gitlab-runner:latest

注册执行器

1 2	gitlab-ci-multi-runner register 或 docker exec -it gitlab-runner gitlab-ci-multi-runner register

config.toml配置文件(此处注意volumes的设置, build_dir）：

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800


[[runners]]
  name = "test-env"
  url = "https://gitlab.example.com/"
  token = "tW-N66wByFxCk"
  executor = "docker"
  builds_dir = "/mnt"
  [runners.custom_build_dir]
    enabled = true
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "alpine:latest"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/mnt/php-src:/mnt/php-src:rw", "/var/run/docker.sock:/var/run/docker.sock", "/cache", "/mnt/openresty:/mnt/openresty:rw"]
    shm_size = 0

Dockerfile

# Version 0.1 
FROM nginx:1.20-alpine 

# 复制nginx配置文件
RUN pwd
RUN ls -al
COPY ./config/nginx.conf /etc/nginx/nginx.conf
COPY ./config/default.conf /etc/nginx/conf.d/default.conf
COPY ./config/nginx_logrotate /etc/logrotate.d/nginx_logrotate

# 设置执行权限(注意权限 一定要是644)
RUN chmod 644 /etc/logrotate.d/nginx_logrotate

# 复制项目
ADD ./dist /usr/share/nginx/html/ejy-finance-ui

# 暴露端口
EXPOSE 80

# 容器创建启动
CMD ["nginx", "-g", "daemon off;"]

FROM registry-vpc.cn-hangzhou.aliyuncs.com/example/alpine-oraclejdk8:slim
ADD demo-service/target/demo-service.jar demo-service.jar
ENTRYPOINT exec java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar /demo-service.jar

.gitlab-ci.yml

stages:
  - maven-build
  - docker-build
  - deploy

variables:
  MAVEN_OPTS: -Dmaven.repo.local=.m2/repository
  PROJECT_NAME: $CI_PROJECT_NAME
  LOG_PATH_MAPPING: /mnt/logs/$CI_PROJECT_NAME:/mnt/logs/$CI_PROJECT_NAME
  PORT_MAPPING: 9988:8080
  DEV_IMAGE: $CI_REGISTRY/$CI_REGISTRY_NAMESPACE_DEV/$CI_PROJECT_NAME:$CI_COMMIT_SHORT_SHA-$CI_PIPELINE_ID
  EXTDEV_IMAGE: $CI_REGISTRY/$CI_REGISTRY_NAMESPACE_DEV/ext-$CI_PROJECT_NAME:$CI_COMMIT_SHORT_SHA-$CI_PIPELINE_ID

cache:
  paths:
    - .m2/repository/
    - demo-service/target/

maven-build:
  stage: maven-build
  image: registry-vpc.cn-hangzhou.aliyuncs.com/example/maven:3.6.3-jdk-8-v1
  script:
    - mvn clean package -Dautoconfig.skip=true -Dmaven.test.skip=true -Dmaven.test.failure.ignore=true
  only:
    - web
  tags:
    - $PROJECT_DST

docker-build:
  stage: docker-build
  image: docker:19.03.1
  before_script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
    - ls -l
    - ls -l demo-service/target
    - docker build -t $DEV_IMAGE -f Dockerfile .
    - docker push $DEV_IMAGE
  only:
    - web
  tags:
    - $PROJECT_DST

deploy-dev:
  stage: deploy
  image: docker:19.03.1
  variables:
    JAVA_OPTS: '-Dspring.profiles.active=dev -Dserver.port=8080 -Xmx512m -Xms512m -Duser.timezone=Asia/Shanghai -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap'
  before_script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
    - if [ -n "`docker ps -a|grep -w $PROJECT_NAME |awk {'print $1'}`" ];
      then docker rm -f $PROJECT_NAME;
      fi
    - docker run --restart always -d --name $PROJECT_NAME -v $LOG_PATH_MAPPING -p $PORT_MAPPING --env JAVA_OPTS="$JAVA_OPTS" $DEV_IMAGE
  only:
    - web
  tags:
    - $PROJECT_DST
  environment:
    name: dev
    url: https://dev.example.com/demo-service/monitor/health

gitlab及gitlab-runner注意事项

gitlab中的一些全局变量是针对项目还是针对项目组的，否则会变量没声明
gitlab-runner中 volumes配置是下载放置的目录(如nginx配置这种)，需要添加上
gitlab可设置自定义变量，在pipeline run的时候传过去，如(dev、stg、prd各环境)
gitlab ci/cd master下面需要有.gitlab-ci.yml，不管用不用