Gitlab-CI部署博客

0. 前言

去年的时候已经写过一篇Gitlab-CI的Get-started了。不过并没有应用到我的博客上，因为我的博客部署比较简单只需要打包上传腾讯云就可以了。后来换了arm的mac之后，在本地用Docker打镜像然后发布到公司的容器云每次都需要比x86架构多走几步操作，非常耗时。所以这两天又跑了个虚拟机，搭了个Gitlab，把这些繁琐的操作全部自动化。捎带手把我的博客发布流程也改成自动部署。

Gitlab-CI的入门篇在https://ytg2097.com/devops/gitlab-ci.html。

1. 注册Runner

version: '3.7'

services:
  gitlab:
    image: gitlab/gitlab-ce
    container_name: gitlab
    hostname: gitlab
    ports:
      - "2222:22"
      - "8081:80"
      - "8443:443"
    networks:
      - devops
    volumes:
      - gitlab-config:/etc/gitlab
      - gitlab-logs:/var/log/gitlab
      - gitlab-data:/var/opt/gitlab
    logging:
      driver: "json-file"
      options:
        max-size: "200k"
        max-file: "10"
  gitlab-runner:
    image: gitlab/gitlab-runner
    container_name: gitlab-runner
    depends_on:
      - gitlab
    networks:
      - devops
    volumes:
     # 与上一篇不同的是，gitlab-runner容器的gitlab-runner用户的家目录也挂载到了主机上
      - gitlab-runner-home:/home/gitlab-runner   
      - gitlab-runner-config:/etc/gitlab-runner
      - /var/run/docker.sock:/var/run/docker.sock

networks:
  devops:
    name: devops
    external: true

volumes:
  gitlab-config:
    name: gitlab-config
  gitlab-logs:
    name: gitlab-logs
  gitlab-data:
    name: gitlab-data
  gitlab-runner-config:
    name: gitlab-runner-config
  gitlab-runner-home:
    name: gitlab-runner-home

挂载gitlab-runner用户的家目录的原因是为了方便runner容器配置ssh密钥。

先启动gitlab和gitlab-runner容器，然后进入gitlab-runner容器配置ssh。

[root@centos7 _data]# docker exec -it gitlab-runner /bin/sh

# 先切换到gitlab-runner用户。gitlab-runner用户是gitlab-ci执行任务时的用户
# su gitlab-runner

gitlab-runner@68f1ef51a8b9:/$ pwd
/
gitlab-runner@68f1ef51a8b9:/$ cd /home/gitlab-runner

# 生成密钥
gitlab-runner@68f1ef51a8b9:~$ ssh-keygen -t ed25519 -C "ytg2097@163.com"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/gitlab-runner/.ssh/id_ed25519):
Created directory '/home/gitlab-runner/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/gitlab-runner/.ssh/id_ed25519
Your public key has been saved in /home/gitlab-runner/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:KsuzdKfwH0cKEiWnS7+AdGrXvA6ynzkWfK8ZBMoT6Ko ytg2097@163.com
The key's randomart image is:
+--[ED25519 256]--+
|    . o          |
| .   =           |
|. o *            |
|.o B B           |
| .B.= * S .      |
|.. oo+.= o       |
|. . =o*.+ .      |
|.  =+@ =.o       |
|E .oB+*o.        |
+----[SHA256]-----+

# copy密钥到博客服务器， 博客服务器中实现添加了gitlab-runner用户
gitlab-runner@68f1ef51a8b9:~$ ssh-copy-id -i /home/gitlab-runner/.ssh/id_ed25519.pub gitlab-runner@121.4.253.207
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/gitlab-runner/.ssh/id_ed25519.pub"
The authenticity of host '121.4.253.207 (121.4.253.207)' can't be established.
ECDSA key fingerprint is SHA256:zmVBsvjeBblNmSpDkG3j9RycGoAezeAouxW6Lie7FRE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
gitlab-runner@121.4.253.207's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'gitlab-runner@121.4.253.207'"
and check to make sure that only the key(s) you wanted were added.

# 测试一下ssh
gitlab-runner@68f1ef51a8b9:~$ ssh gitlab-runner@121.4.253.207
Last failed login: Fri Mar 11 14:19:46 CST 2022 from 39.91.73.48 on ssh:notty
There were 7 failed login attempts since the last successful login.
[gitlab-runner@VM-0-13-centos ~]$ exit

到这一步runner容器与博客服务器之间的ssh密钥已经配置好了。下一步将runner注册到gitlab的博客项目上。

注册runner的过程见第一篇Gitlab-CI博客。分别注册两个runner，一个runner用于打包，tag是node，一个runner用于上传，tag是scp。

然后修改gitlab-runner的config.toml文件，配置docker镜像拉取策略防止每次执行流水线任务都重新拉取镜像。

...
	[runners.docker]
    tls_verify = false
    image = "alpine:latest"
    privileged = false
    ## 加上下面这条配置
    pull_policy = "if-not-present"
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
...

2. 编排流水线

.gitlab-ci.yml文件

cache:
  paths:
  # 缓存 node_modules 目录，避免每次npm install都重新拉取
    - node_modules

stages:
  - build
  - scp

build:
 image: node:15.14.0-stretch-slim
  stage: build
  tags:
    - node
  script:
    - echo "开始打包---------------"
    - npm version
    - npm install
    - npm run build
  artifacts:
    paths:
    # dist目录放到artifacts中用于传递到下次 stage scp中
      - dist
scp:
  stage: scp
  tags:
    - scp
  script:
    - echo "上传---------------"
    - pwd
    - ls -al
    # 博客服务器的路径要开放权限允许 scp 上传文件
    - scp -r ./dist/* gitlab-runner@121.4.253.207:/docker/nginx/html/

3. 测试