持续集成-droneCI-docker项目案例nodejs
实例1 - nodejs 项目
.drone.yml 文件示例
注解:
- 需要在 ui 页面上配置2个 secrets 密钥;
dockerconfigjson 是私有 docker 仓库的配置,
wcn7_wait_key 是目标 ssh 主机的ssh密钥。
- 离线部署时,可以先将需要的镜像都上传到私有镜像仓库,
本例 registry.wait 即内部仓库地址
- drone-volume-cache 目的是将 node_modules 内容进行缓存和加载,避免反复拉取;
- http://10.2.1.5:4873/ 这个地址是私有化的 node 仓库
- gitea-release 插件的目的是在 tag 编译后,将 release 发布到仓库
- 效果就是普通的提交,走普通流程,发布到测试环境;
带 tag 的提交走新流程, 发布 release 到 gitea 仓库。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
kind: pipeline
name: ctools
type: docker
# 私有镜像站认证信息
image_pull_secrets:
- dockerconfigjson
# 因为有个性化的 clone 需求,所以这里关闭默认的 clone 动作
clone:
disable: true
steps:
- name: 克隆仓库
# image: drone/git
image: registry.wait/cwx/drone/git
pull: if-not-exists
settings:
# clone 时截断以前的提交记录, 即克隆深度
depth: 1
skip_verify: true
# 读取 git 的 tag 作为环境变量 ${DRONE_TAG}
tags: true
# 因为没能解析到名字,临时加一下 hosts
# extra_hosts:
# - "git.services.wait:10.2.1.5"
commands:
- git config --global http.sslVerify false
- git clone https://git.services.wait/chenwx/ctools.git .
- ls -a
- git log --oneline -n 5
# 使用缓存避免反复从网络上下载依赖包
# - name: restore-cache
- name: 加载编译缓存
image: registry.wait/cwx/drone/drillster/drone-volume-cache
# image: drillster/drone-volume-cache
# 默认各阶段是并行处理的, 需要定义依赖关系
depends_on: [克隆仓库]
volumes:
- name: cache
path: /cache
settings:
# 从以前的构建中恢复缓存,即拷贝这个目录下的内容到容器内
restore: true
mount:
- ./node_modules
# - name: build
- name: 开发环境-编译
# image: node:19.9.0
image: registry.wait/cwx/node:19.9.0
pull: if-not-exists
depends_on: [加载编译缓存]
commands:
- ls -a
- node -v
- npm get registry
- npm config set registry http://10.2.1.5:4873/
- npm install
- npm run build
- cd dist
- tar zcvf ctools-0.1.tar.gz ./*
# 排除全部tag,即不匹配任何 tag
when:
ref:
exclude:
- refs/tags/**
# 具有 tag 时的编译动作
# - name: build-tag
- name: 生产环境-编译
# image: node:19.9.0
image: registry.wait/cwx/node:19.9.0
pull: if-not-exists
depends_on: [加载编译缓存]
commands:
- ls -a
- node -v
- npm install
- npm run build
- cd dist
- tar zcvf ctools-${DRONE_TAG##v}.tar.gz ./*
- ls
# 匹配全部tag
when:
ref:
- refs/tags/**
# 将缓存文件卸载
# - name: rebuild-cache
- name: 开发环境-卸载缓存
image: registry.wait/cwx/drone/drillster/drone-volume-cache
# image: drillster/drone-volume-cache
pull: if-not-exists
depends_on: [开发环境-编译]
volumes:
- name: cache
path: /cache
settings:
# 重新创建缓存, 即将文件写回到宿主机
rebuild: true
mount:
- ./node_modules
when:
ref:
exclude:
- refs/tags/**
# 为有 tag 的情况
# - name: rebuild-cache-tag
- name: 生产环境-卸载缓存
# image: drillster/drone-volume-cache
image: registry.wait/cwx/drone/drillster/drone-volume-cache
pull: if-not-exists
depends_on: [生产环境-编译]
volumes:
- name: cache
path: /cache
settings:
rebuild: true
mount:
- ./node_modules
when:
ref:
- refs/tags/**
# 提交一个 release 版本到 gitea
# gitea-release 插件只适用于有 tag 的情况
# - name: gitea_release
- name: 生产环境-gitea-release
# image: plugins/gitea-release
image: registry.wait/cwx/drone/plugins/gitea-release
pull: if-not-exists
depends_on: [生产环境-编译]
settings:
api_key: 2a5ab57061a66a6f37233a3fac07029cb5ad6b76
base_url: https://git.services.wait/
files:
# 上传文件时,把那个 v 前缀去掉
- dist/ctools-${DRONE_TAG##v}.tar.gz
# 如果存在则覆盖
file_exists: overwrite
title: 新版本发布-${DRONE_TAG}
# 忽略 https 证书
insecure: true
volumes:
- name: cwxCA
path: /etc/ssl/certs/ca-certificates.crt
# extra_hosts:
# - "git.services.wait:10.2.1.5"
when:
ref:
- refs/tags/**
# 使用 scp 传输到其它主机
# - name: deployment
- name: 开发环境-推送
# image: appleboy/drone-scp
image: registry.wait/cwx/drone/appleboy/drone-scp
pull: if-not-exists
depends_on: [开发环境-编译]
settings:
host: 10.2.1.5
username: wait
# password:
# # 密码使用单独存储在 drone 上的密码
# from_secret: wcn7_wait_pw
key:
from_secret: wcn7_wait_key
port: 22
# 目标: /home/wait/chenwx/ctools/ctools-0.1.tar.gz
target: /home/wait/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}
source: dist/ctools-0.1.tar.gz
when:
ref:
exclude:
- refs/tags/**
# 推送到生产环境
# - name: deployment-production
- name: 生产环境-推送
# image: appleboy/drone-scp
image: registry.wait/cwx/drone/appleboy/drone-scp
pull: if-not-exists
depends_on: [生产环境-编译]
settings:
host: 10.3.0.2
username: wait
key:
from_secret: wcn7_wait_key
port: 39022
# 目标: /home/wait/data/pkg/ctools-0.1.tar.gz
target: /home/wait/data/pkg
source: dist/ctools-${DRONE_TAG##v}.tar.gz
when:
ref:
- refs/tags/**
# 到远程主机执行命令
# - name: ssh
- name: 开发环境-部署
# image: appleboy/drone-ssh
image: registry.wait/cwx/drone/appleboy/drone-ssh
pull: if-not-exists
depends_on: [开发环境-推送]
settings:
host:
- 10.2.1.5
username: wait
# password:
# from_secret: wcn7_wait_pw
key:
from_secret: wcn7_wait_key
port: 22
command_timeout: 1m
script:
- cd /home/wait/chenwx/ctools
- rm -rf tmp2 && mkdir tmp2
- tar xvf dist/ctools-0.1.tar.gz -C tmp2/
- rm -rf /home/wait/data/tools/*
- mv tmp2/* /home/wait/data/tools/
when:
ref:
exclude:
- refs/tags/**
# 生产环境-部署命令
# - name: ssh-production
- name: 生产环境-部署
# image: appleboy/drone-ssh
image: registry.wait/cwx/drone/appleboy/drone-ssh
pull: if-not-exists
depends_on: [生产环境-推送]
settings:
host:
- 10.3.0.2
username: wait
key:
from_secret: wcn7_wait_key
port: 39022
command_timeout: 1m
script:
- cd /home/wait/data/pkg
- rm -rf tmp2 && mkdir tmp2
- tar xvf dist/ctools-${DRONE_TAG##v}.tar.gz -C tmp2/
- rm -rf /home/wait/data/tools/*
- mv tmp2/* /home/wait/data/tools/
when:
ref:
- refs/tags/**
volumes:
- name: cache
host:
path: /data/cache
- name: cwxCA
host:
path: /home/wait/data/ca/cwxCA.pem
# path: /home/wait/code/ssl/ca/cwxCA.pem
|
开发环境发布
git push
生产环境发布
git tag v0.0.9
git push origin v0.0.9
