KenaitoDevOps平台流水线构建产物上传测试
前提准备
编写.gitlab-ci.yml文件
https://github.com/odboy-tianjun/kenaito-devops/blob/master/.gitlab-ci.yml
编写产物上传反馈中间件
未来业务逻辑多且杂,适合分开处理
https://github.com/odboy-tianjun/kenaito-devops-tools/tree/master/BuildArtifactReporter
kenaito-devops启动流水线
观察gitlab流水线运行情况
.gitlab-ci.yml
yaml
variables:
REPORT_ARTIFACT_API: "http://192.168.9.103:8000/openapi/pipeline/reportBuildArtifactInfo"
MAVEN_OPTS: "-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository"
MINIO_BUCKET_NAME: "kenaito-devops"
stages:
- build
build:
stage: build
image: maven:3.8.6-openjdk-11
cache:
key: "$CI_COMMIT_REF_NAME"
paths:
- .m2/repository/
tags:
- docker-build
before_script:
- mkdir -p ~/.m2
- echo "<settings><mirrors><mirror><id>aliyunmaven</id><mirrorOf>central</mirrorOf><name>阿里云公共仓库</name><url>https://maven.aliyun.com/repository/public</url></mirror></mirrors></settings>" > ~/.m2/settings.xml
- rm -f $CONTEXT_NAME.tgz
script:
- pwd
- mvn clean package -DskipTests -T 1C
- echo "压缩构建产物"
- find . -type f -name "$CONTEXT_NAME.jar" |xargs -I {} tar -czvf ${CONTEXT_NAME}_${CI_COMMIT_REF_NAME}.tgz {}
- echo "上传构建产物"
- curl -O "http://192.168.100.128:9000/$MINIO_BUCKET_NAME/tools/buildarepoter" && chmod +x buildarepoter
- ./buildarepoter -endpoint "192.168.100.128:9000" -accessKey "root" -secretKey "cGejcXBVyn5QtqzFWTkj" -bucketName "$MINIO_BUCKET_NAME" -fileName "artifacts/${CONTEXT_NAME}_${CI_COMMIT_REF_NAME}.tgz" -filePath="./${CONTEXT_NAME}_${CI_COMMIT_REF_NAME}.tgz" -reportArtifactApi "$REPORT_ARTIFACT_API" -reportInstanceId "$PIPELINE_INSTANCE_ID"
only:
- api执行结果
总结(存在的问题与解决方案)
1、.gitlab-ci.yml文件中存在上报服务器的地址,以及密码相关信息,容易导致密码泄露,存在安全风险
那么下期的目标显而易见,小编将带领你们定制不同版本的MavenJDK编译镜像,将上报地址和存储桶秘钥,一同集成在MavenJDK编译镜像内
1、.gitlab-ci.yml构建内容可见性太高,开发同学们可能会私自修改,存在安全风险
为了流水线规范,下期的将把.gitlab-ci.yml文件变成引用其他.gitlab-ci.yml的方式,呈现给大家。