概述 #
GitLab CI/CD 是 GitLab 内置的持续集成和持续部署工具,无需额外配置即可使用。
核心概念 #
Pipeline (流水线) #
由多个 Stage 组成的工作流,每个 Stage 包含多个 Job。
Pipeline
├── build
├── test
└── deployJob (任务) #
执行具体工作的单元,多个 Job 可以并行执行。
Stage (阶段) #
Job 的逻辑分组,Stage 顺序执行。
.gitlab-ci.yml 基础 #
最小配置 #
stages:
- build
- test
- deploy
build_job:
stage: build
script:
- echo "Building application"
artifacts:
paths:
- dist/
test_job:
stage: test
script:
- echo "Running tests"
needs:
- build_job
deploy_job:
stage: deploy
script:
- echo "Deploying to production"
needs:
- test_job
when: manual常用指令 #
| 指令 | 说明 |
|---|---|
image |
指定 Docker 镜像 |
script |
要执行的命令 |
stage |
所在阶段 |
needs |
依赖的 Job |
only |
仅在特定分支/标签运行 |
except |
排除的分支/标签 |
artifacts |
产出物 |
cache |
缓存 |
实战示例 #
Node.js 项目 #
stages:
- build
- test
- deploy
variables:
NODE_ENV: production
npm_config_cache: "$CI_PROJECT_DIR/.npm"
cache:
key: "$CI_COMMIT_REF_SLUG"
paths:
- .npm/
- node_modules/
build:
stage: build
image: node:20-alpine
script:
- npm ci --cache .npm
- npm run build
artifacts:
paths:
- dist/
expire_in: 1 week
test:
stage: test
image: node:20-alpine
script:
- npm ci --cache .npm
- npm run test
- npm run lint
dependencies:
- build
deploy:
stage: deploy
image: alpine:latest
script:
- apk add --no-cache rsync
- rsync -avz dist/ $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH
environment:
name: production
only:
- main
when: manualPython 项目 #
stages:
- build
- test
- deploy
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.pip"
cache:
key: "$CI_COMMIT_REF_SLUG"
paths:
- .pip/
- venv/
build:
stage: build
image: python:3.11-slim
script:
- python -m venv venv
- source venv/bin/activate
- pip install -r requirements.txt
- pip install .
artifacts:
paths:
- venv/
test:
stage: test
image: python:3.11-slim
script:
- source venv/bin/activate
- pytest
- flake8
dependencies:
- build
deploy:
stage: deploy
image: python:3.11-slim
script:
- source venv/bin/activate
- pip install boto3
- python deploy.py
environment:
name: production
only:
- mainDocker 构建 #
stages:
- build
- push
- deploy
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
LATEST_TAG: $CI_REGISTRY_IMAGE:latest
build:
stage: build
image: docker:24.0
services:
- docker:24.0-dind
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $IMAGE_TAG -t $LATEST_TAG .
artifacts:
paths:
-.docker/config.json
expire_in: 1 hour
push:
stage: push
image: docker:24.0
services:
- docker:24.0-dind
script:
- docker push $IMAGE_TAG
- docker push $LATEST_TAG
needs:
- build
only:
- main
deploy:
stage: deploy
image: alpine:latest
script:
- apk add --no-cache curl
- curl -X POST $DEPLOY_WEBHOOK_URL
needs:
- push
only:
- main
when: manual高级技巧 #
并行执行 #
test_suite_1:
stage: test
script: npm run test:suite1
parallel: 5
test_suite_2:
stage: test
script: npm run test:suite2
parallel: 3条件执行 #
deploy_staging:
stage: deploy
script: echo "Deploy to staging"
environment:
name: staging
only:
- develop
when: manual
deploy_production:
stage: deploy
script: echo "Deploy to production"
environment:
name: production
only:
- main
when: manual自动回滚 #
rollback:
stage: deploy
script:
- kubectl rollout undo deployment/my-app
when: on_failurePipeline 视图优化 #
使用模板 #
# .gitlab-ci.yml
include:
- template: Jobs/Deploy.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml代码复用 #
.base_job:
image: node:20-alpine
before_script:
- echo "Starting job"
after_script:
- echo "Job completed"
build_job:
extends: .base_job
stage: build
script:
- npm ci
- npm run build最佳实践 #
- 快速失败 - test 失败立即停止
- 缓存依赖 - 加速构建
- 并行测试 - 减少 CI 时间
- 环境特定配置 - 使用 variables
- 通知 - 部署成功/失败通知
- 安全扫描 - 集成 SAST/DAST
总结 #
GitLab CI/CD 功能强大,适合中大型项目使用。