git/gitflow/gitlib>> gitlab-ci-configuration>> 返回
项目作者: codica2

项目描述 :
Example of configuration Gitlab CI for Rails Application
高级语言:
项目地址: git://github.com/codica2/gitlab-ci-configuration.git
创建时间: 2019-04-12T05:32:14Z
项目社区:https://github.com/codica2/gitlab-ci-configuration
开源协议:
下载


GitLab CI for Rails

GitLab CI/CD is GitLab’s built-in tool for software development using continuous methodology:

Continuous integration (CI).
Continuous delivery and deployment (CD).

Gitlab Documentation

Configure the project

GitLab CI/CD pipelines are configured using a YAML file called .gitlab-ci.yml within each project. The .gitlab-ci.yml file defines the structure and order of the pipelines and determines:
This is what the .gitlab-ci.yml file looks like for this project:

Creating a .gitlab-ci.yml file

The .gitlab-ci.yml file is where you configure what CI does with your project. It lives in the root of your repository.

On any push to your repository, GitLab will look for the .gitlab-ci.yml file and start jobs on Runners according to the contents of the file, for that commit.

  3. stages:
  4.   - build 
  5.   # running build 
  6.   - linters
  7.   # running code quality tools (rubocop, brakeman)
  8.   - tests
  9.   # running tests
  10.   - scanners 
  11.   # image and application scanning
  12.   - deploy
  13.   # application deployment
  15. # All variables you will set up in your repo settings (Settings->CI/CD->Variables)
  16. variables:
  17.   RAILS_MASTER_KEY: $RAILS_MASTER_KEY
  18.   AWS_REGISTRY_URL: $AWS_REGISTRY_URL
  19.   AWS_REGION: $AWS_REGION
  20.   REGISTRY_IMAGE: $AWS_REGISTRY_URL:$CI_COMMIT_REF_SLUG
  21.   REGISTRY_IMAGE_PRODUCTION: $AWS_REGISTRY_URL_PRODUCTION:$CI_COMMIT_REF_SLUG
  22.   ECS_CLUSTER_STAGING: $ECS_CLUSTER_STAGING
  23.   ECS_CLUSTER_PRODUCTION: $ECS_CLUSTER_PRODUCTION
  24.   ECS_SERVICE_STAGING: $ECS_SERVICE_STAGING
  25.   GITLEAKS_CONFIG: gitleaks.toml
  26.   DOCKER_DRIVER: overlay2
  27.   SENTRY_AUTH_TOKEN: $SENTRY_AUTH_TOKEN
  28.   SENTRY_ORG: $SENTRY_ORG
  29.   SENTRY_PROJECT: $SENTRY_PROJECT
  32. # Perform private ECR registry authentication
  33. .registry_auth: ®istry_auth
  34.   image: public.ecr.aws/o0j8c5i3/codica:registry-auth-leaks
  35.   before_script:
  36.     - aws ecr get-login-password --region $AWS_REGION | docker login -u AWS --password-stdin $AWS_REGISTRY_URL
  39. # Rubocop linter
  40. rubocop:
  41.   stage: linters
  42.   needs: [Build]
  43.   image: $REGISTRY_IMAGE_ID
  44.   except:
  45.     - master
  46.   script:
  47.     - bundle exec rubocop
  50. # Brakeman linter
  51. brakeman:
  52.   stage: linters
  53.   needs: [Build]
  54.   image: $REGISTRY_IMAGE_ID
  55.   except:
  56.     - master
  57.   script:
  58.     - brakeman
  61. # Bundle audit
  62. bundle_audit:
  63.   stage: linters
  64.   needs: [Build]
  65.   image: $REGISTRY_IMAGE_ID
  66.   except:
  67.     - master
  68.   script:
  69.     - bundle exec bundle-audit
  72. # Trivy to scan image vulnerabilities
  73. Trivy:
  74.   stage: linters
  75.   allow_failure: true
  76.   image:
  77.     name: aquasec/trivy:0.31.3
  78.     entrypoint: [""]
  79.   needs: [Build]
  80.   except:
  81.     - main
  82.   script:
  83.     - trivy image --security-checks vuln $REGISTRY_IMAGE_ID
  86. # Gitleaks to detect credentials leak
  87. Gitleaks:
  88.   <<: *registry_auth
  89.   stage: linters
  90.   allow_failure: true
  91.   needs: []
  92.   except:
  93.     - main
  94.     - master
  95.   script:
  96.     - gitleaks detect --verbose --no-git | jq -r '["Description:", .Description], ["File:", .File], ["Line:", .StartLine, "Column:", .StartColumn, "--------------"]' | tr -d '[],""'
  99. # Hadolint to check dockerfiles syntax
  100. Hadolint:
  101.   needs: []
  102.   image: hadolint/hadolint:latest-debian
  103.   stage: scanners
  104.   allow_failure: false
  105.   script:
  106.     - hadolint Dockerfile
  107.     - hadolint Dockerfile.dev
  108.   rules: 
  109.     - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
  110.       when: never
  111.     - changes: 
  112.         - Dockerfile*
  115. # Yamllint to check yaml files syntax
  116. Yamllint:
  117.   needs: []
  118.   image:
  119.     name: public.ecr.aws/**/codica:yamllint
  120.     entrypoint: [""]
  121.   stage: scanners
  122.   allow_failure: false
  123.   script:
  124.     - rm -rf spec
  125.     - yamllint .
  126.   rules:
  127.     - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
  128.       when: never
  129.     - changes:
  130.         - "**/*.yml"
  131.         - "**/*.yaml"
  134. # Rspec tests
  135. rspec:
  136.   stage: tests
  137.   image: $REGISTRY_IMAGE
  138.   needs: [Build | Staging]
  139.   variables:
  140.     DB_HOST: postgres
  141.     DB_USERNAME: postgres
  142.     DB_PASSWORD: $DB_PASSWORD
  143.     DB_PORT: 5432
  144.     REDIS_URL: "redis://redis:6379"
  145.   script:
  146.     - bundle exec rails db:migrate RAILS_ENV=test
  147.     - bundle exec rspec
  148.   except:
  149.     - master
  152. # We use Kaniko as main image builder
  153. Build:
  154.   stage: build
  155.   image:
  156.     name: gcr.io/kaniko-project/executor:debug
  157.     entrypoint: [""]
  158.   except: 
  159.     - master
  160.   before_script: 
  161.     - mkdir -p /kaniko/.docker
  162.     - echo "{\"credHelpers\":{\"$AWS_REGISTRY_URL\":\"ecr-login\"}}" > /kaniko/.docker/config.json
  163.   script:
  164.     - /kaniko/executor --destination "${REGISTRY_IMAGE}"  
  165.        --build-arg RAILS_MASTER_KEY=${RAILS_MASTER_KEY}  # if we need to use RAILS_MASTER_KEY to build our app
  166.        --context "${CI_PROJECT_DIR}"
  167.        --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
  170. # Deploy application to staging or production environment 
  171. Deploy:
  172.   stage: deploy
  173.   variables:
  174.     ASG_NAME: $ASG_STAGE
  175.     CLUSTER_NAME: $ECS_CLUSTER_STAGING
  176.     SERVICE_NAME: $SERVICE_STAGING
  177.     AWS_REGION: $AWS_REGION
  178.     REGISTRY_IMAGE: $REGISTRY_IMAGE_ID
  179.   only:
  180.     - develop
  181.   <<: *registry_auth
  182.   script:
  183.     - aws ecs update-service --cluster $ECS_CLUSTER_STAGING --service $ECS_SERVICE_STAGING --force-new-deployment
  184.     # We use sentry to push our release to our sentry account
  185.     - VERSION=$(sentry-cli releases propose-version) && sentry-cli releases -o $SENTRY_ORG new -p $SENTRY_PROJECT $VERSION
  186.     - sentry-cli releases -o $SENTRY_ORG -p $SENTRY_PROJECT --auth-token $SENTRY_AUTH_TOKEN set-commits --auto $VERSION
  187.   environment:
  188.     name: Staging

Push .gitlab-ci.yml to GitLab

Once you’ve created .gitlab-ci.yml, you should add it to your Git repository and push it to GitLab.

  1. git add .gitlab-ci.yml
  2. git commit -m "Add .gitlab-ci.yml"
  3. git push origin master

Configuring a Runner

In GitLab, Runners run the jobs that you define in .gitlab-ci.yml. A Runner can be a virtual machine, a VPS, a bare-metal machine, a docker container or even a cluster of containers. GitLab and the Runners communicate through an API, so the only requirement is that the Runner’s machine has network access to the GitLab server.

A Runner can be specific to a certain project or serve multiple projects in GitLab. If it serves all projects it’s called a Shared Runner.

Find more information about different Runners in the Runners documentation.

Regular pipeline graphs

Regular pipeline graphs show the names of the jobs of each stage. Regular pipeline graphs can be found when you are on a single pipeline page. For example:
pipline

Status of your pipeline and jobs

After configuring the Runner successfully, you should see the status of your last commit change from pending to either running, success or failed.

status

By clicking on a job’s status, you will be able to see the log of that job. This is important to diagnose why a job failed or acted differently than you expected.

error-log

Examples

Visit the examples README to see a list of examples using GitLab CI with various languages.

License

Copyright © 2015-2022 Codica. It is released under the MIT License.

About Codica

Codica logo

The names and logos for Codica are trademarks of Codica.

We love open source software! See our other projects or hire us to design, develop, and grow your product.