SpringBoot项目的CI配置 # 安全变量

运行GitLab Runner容器

参考Run GitLab Runner in a container - Docker image installation and configuration

执行下述命令运行gitlab-runner容器。

docker run -d --name gitlab-runner --restart always \

  -v /srv/gitlab-runner/config:/etc/gitlab-runner \

  -v /var/run/docker.sock:/var/run/docker.sock \

  gitlab/gitlab-runner:latest

# 注册GitLab Runner

参考Registering Runners

使用 docker exec -it gitlab-runner /bin/bash 命令进入 gitlab-runner 容器命令行环境。

执行 gitlab-runner register 命令开始注册一个 runner。

注册时只有输入共享Runner的注册令牌（token）才能注册为共享Runner。关于Runner executor的介绍可以查看 Executors

。Runner executor选择Docker时会要求填写要使用的默认docker镜像。

安全变量

GitLab CI/CD的安全变量有两种，群组安全变量和项目安全变量，群组安全变量可作用于当前群组下所有项目以及子群组项目，递归继承；项目安全变量只作用当前项目。

实际项目配置的群组变量有：CI_REGISTRY（本地Docker Registry的地址），项目变量有：CI_REGISTRY_IMAGE（项目构建的docker镜像名称）

# Dockerfile

FROM java:8-jre

ADD target/discovery-server-1.0.0.jar app.jar

RUN bash -c 'touch /app.jar'

EXPOSE 10030

ENTRYPOINT ["java", "-Djava.security.edg=file:/dev/./urandom", "-Duser.timezone=Asia/Shanghai", "-Xmx128m", "-Xms64m", "-jar", "/app.jar"]

# .gitlab-ci.yml

.gitlab-ci.yml文件可以使用的变量除了手动配置的安全变量外，默认还可以使用预定义变量（详情见GitLab CI/CD Variables

）。

示例：

image: docker:latest

services:

  - name: docker:dind

    command: ["--insecure-registry=172.17.0.1:5000"]    # 将本地Docker Registry私服设置为insecure，避免registry默认需要https才能访问

stages:

  - package

  - build

  - deploy

maven-package:

  image: maven:3.5-jdk-8-alpine

  tags:

    - maven

  stage: package

  script:

    - mvn clean install -Dmaven.test.skip=true

  artifacts:

    paths:

      - target/*.jar    # 将maven构建成功的jar包作为构建产出导出，可在下一个stage的任务中使用

build-master:

  tags:

    - docker

  stage: build

  script:

    - docker build --pull -t "$CI_REGISTRY/$CI_REGISTRY_IMAGE" .

    - docker push "$CI_REGISTRY/$CI_REGISTRY_IMAGE"

  only:

    - master

build:

  tags:

    - docker

  stage: build

  script:

    - docker build --pull -t "$CI_REGISTRY/$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .

    - docker push "$CI_REGISTRY/$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"

  except:

    - master

# Runner容器的配置

将maven构建runner容器使用的maven仓库使用数据卷方式进行共享，解决容器每次构建时都要重新下载依赖的问题。具体方法为使用 docker exec -it gitlab-runner /bin/bash 进入gitlab-runner容器，编辑 /etc/gitlab-runner/config.toml 文件，在maven构建runner下的volumes加上 /root/.m2 本地仓库的数据卷映射关系。

docker构建runner的privileged设置为true，以root用户身份进入容器进行构建任务，避免了由于权限不足无法访问/var/run/docker.sock的问题。

concurrent = 6

check_interval = 0

[[runners]]

  name = "public docker runner"

  url = "http://172.17.0.1:800/"

  token = "5223e807ba2c42b18e2aadeceb0e0b"

  executor = "docker"

  [runners.docker]

    registry_mirrors = ["https://ub9x5g6o.mirror.aliyuncs.com/"]

    extra_hosts = ["git.yupaits.com:172.17.0.1"]

    tls_verify = false

    image = "docker:latest"

    privileged = true

    disable_cache = false

    volumes = ["/cache"]

    shm_size = 0

  [runners.cache]

[[runners]]

  name = "public maven runner"

  url = "http://172.17.0.1:800/"

  token = "b97734914a435c7f3409bea71e122a"

  executor = "docker"

  [runners.docker]

    extra_hosts = ["git.yupaits.com:172.17.0.1"]

    tls_verify = false

    image = "maven:3.5-jdk-8-alpine"

    privileged = true

    disable_cache = false

    volumes = ["/cache", "/home/maven/.m2:/root/.m2"]

    pull_policy = "if-not-present"

    shm_size = 0

  [runners.cache]

[[runners]]

  name = "public node runner"

  url = "http://172.17.0.1:800/"

  token = "e0dea1b0cb42a8d2e1df94ee442b82"

  executor = "docker"

  [runners.docker]

    extra_hosts = ["git.yupaits.com:172.17.0.1"]

    tls_verify = false

    image = "node:8-alpine"

    privileged = true

    disable_cache = false

    volumes = ["/cache"]

    shm_size = 0

  [runners.cache]

[[runners]]

  name = "public ssh runner"

  url = "http://172.17.0.1:800/"

  token = "266dc28d04f012a5ead3987c1f004e"

  executor = "ssh"

  [runners.ssh]

    user = "root"

    password = "password"

    host = "172.17.0.1"

    port = "22"

    identity_file = "/root/.ssh/id_rsa"

  [runners.cache]

巴特西