-
Gitlab: PHP项目CI/CD实践
目录
1 说明
- 以一个laravel blog项目为例,做dev分支的CI/CD实践
- 结合laravel envoy工具做多个远程服务器部署,分两种方式:A. 增量部署 B.镜像构建与部署
服务器:
Site Server IP 站点目录 team1-prj2.dev.ia host001.dev.ia 192.168.0.130 /www/wwwroot/team1-prj2.dev.ia team1-prj2.dev.ia host002.dev.ia 192.168.0.131 /www/wwwroot/team1-prj2.dev.ia 2 CI/CD
2.1 部署方式一:增量部署
通过Lavavel/Envoy和git拉取新版本文件进行部署
2.1.1 目标服务器准备
- php8.2, 安装所需扩展,务必在cli下测试是否正常, 有些被disable的functions要打开
- composer self-update, 兼容php8.2
- 使用Laravel/Envoy分发部署,确保Envoy.blade.php是utf8格式文件
- 站点目录结构
- root@host001:/www/wwwroot/team1-prj2.dev.ia# tree -d -L 3 ./
- ./
- ├── current -> /www/wwwroot/team1-prj2.dev.ia/releases/default
- ├── releases
- │ └── default
- │ ├── app
- │ ├── bootstrap
- │ ├── config
- │ ├── database
- │ ├── public
- │ ├── resources
- │ ├── routes
- │ ├── storage -> /www/wwwroot/team1-prj2.dev.ia/storage
- │ ├── tests
- │ └── vendor
- └── storage
- ├── app
- │ └── public
- ├── framework
- │ ├── cache
- │ ├── sessions
- │ ├── testing
- │ └── views
- └── logs
说明:
team1-prj2.dev.ia 应用目录 team1-prj2.dev.ia/releases 版本发布目录,这里只设置了一个default目录,也可根据需要做日期变量发布 team1-prj2.dev.ia/current 链接到最新版本,被nginx访问的站点目录路径
current -> /www/wwwroot/team1-prj2.dev.ia/releases/default/
team1-prj2.dev.ia/storage 链接到最新版本的应用数据保存目录,如:日志,缓存等
storage -> /www/wwwroot/team1-prj2.dev.ia/storage
team1-prj2.dev.ia/.dev .dev文件是运维人员建立的服务器定制环境文件,不进入仓库,链接到项目同名文件
.env -> /www/wwwroot/team1-prj2.dev.ia/.env*
team1-prj2.dev.ia/releases/default/.gitlab-ci.yml gitlab 部署脚本 team1-prj2.dev.ia/releases/default/Envoy.blade.php envoy 部署脚本 nginx配置
- server
- {
- listen 80;
- server_name team1-prj2.dev.ia;
- index index.php index.html index.htm default.php default.htm default.html;
- root /www/wwwroot/team1-prj2.dev.ia/current/public;
- #CERT-APPLY-CHECK--START
- # 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
- include /www/server/panel/vhost/nginx/well-known/team1-prj2.dev.ia.conf;
- #CERT-APPLY-CHECK--END
- #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
- #error_page 404/404.html;
- #SSL-END
- #ERROR-PAGE-START 错误页配置,可以注释、删除或修改
- #error_page 404 /404.html;
- #error_page 502 /502.html;
- #ERROR-PAGE-END
- #PHP-INFO-START PHP引用配置,可以注释或修改
- include enable-php-82.conf;
- #PHP-INFO-END
- #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
- include /www/server/panel/vhost/rewrite/team1-prj2.dev.ia.conf;
- #REWRITE-END
- #禁止访问的文件或目录
- location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
- {
- return 404;
- }
- #一键申请SSL证书验证目录相关设置
- location ~ \.well-known{
- allow all;
- }
- #禁止在证书验证目录放入敏感文件
- if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
- return 403;
- }
- location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
- {
- expires 30d;
- error_log /dev/null;
- access_log /dev/null;
- }
- location ~ .*\.(js|css)?$
- {
- expires 12h;
- error_log /dev/null;
- access_log /dev/null;
- }
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- access_log /www/wwwlogs/team1-prj2.dev.ia.log;
- error_log /www/wwwlogs/team1-prj2.dev.ia.error.log;
- }
2.2.2 Gitlab及Envoy脚本
.gitlab-ci.yml
- # default:
- # image: edbizarro/gitlab-ci-pipeline-php:7.4
- #default:
- # image: bennybi/php8.2
- # image: bennybi/php7.4
- stages:
- - test
- - deploy
- .init_ssh: &init_ssh |
- which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- [[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
- cache:
- key: ${CI_COMMIT_REF_SLUG}
- paths:
- - vendor/
- unit_test:
- stage: test
- tags:
- - php
- script:
- - cp .env.test .env
- - composer install
- - composer global require "laravel/envoy"
- - php artisan key:generate
- - php artisan migrate
- - vendor/bin/phpunit
- deploy_dev:
- stage: deploy
- tags:
- - php
- environment:
- name: dev
- url: http://team1-prj2.dev.ia
- script:
- - *init_ssh
- - vendor/bin/envoy run deploy --branch="$CI_COMMIT_BRANCH" --commit="$CI_COMMIT_SHA"
- rules:
- - if: $CI_COMMIT_BRANCH == "dev"
- deploy_live:
- stage: deploy
- tags:
- - php
- script:
- - *init_ssh
- - vendor/bin/envoy run deploy --commit="$CI_COMMIT_SHA"
- environment:
- name: live
- url: http://team1-prj2.dev.ia
- when: manual
- rules:
- - if: $CI_COMMIT_BRANCH == "live"
Envoy.blade.php
- @servers(['local' => 'deployer@host001.dev.ia','staging' => 'deployer@host002.dev.ia'])
- @setup
- $repository = 'git@host001.dev.ia:dev1/team1-prj2.git';
- $releases_dir = '/www/wwwroot/team1-prj2.dev.ia/releases';
- $app_dir = '/www/wwwroot/team1-prj2.dev.ia';
- $release = 'default';
- $new_release_dir = $releases_dir .'/'. $release;
- $user = get_current_user();
- @endsetup
- @story('deploy', ['on' => ['local','staging']])
- sync_repository
- run_composer
- update_symlinks
- @endstory
- @task('sync_repository')
- echo "Current User: {{$user}}, branch:{{$branch}}, commit:{{$commit}}"
- if [ -d "{{$new_release_dir}}" ]; then
- echo 'Pulling repository'
- cd {{ $new_release_dir }}
- git checkout {{ $branch }}
- git fetch
- git reset --hard HEAD
- git merge origin/{{ $branch }}
- else
- echo 'Cloning repository'
- [ -d {{ $releases_dir }} ] || mkdir {{ $releases_dir }}
- git clone --branch {{ $branch }} --single-branch --depth 1 {{ $repository }} {{ $new_release_dir }}
- cd {{ $new_release_dir }}
- git reset --hard {{ $commit }}
- git config --global --add safe.directory '*'
- fi
- @endtask
- @task('run_composer')
- echo "Starting deployment ({{ $release }})"
- cd {{ $new_release_dir }}
- composer install --prefer-dist --no-scripts -q -o
- @endtask
- @task('update_symlinks')
- if [ ! -d "{{ $app_dir }}/current" ]; then
- echo "Linking storage directory"
- {{-- rm -rf {{ $new_release_dir }}/storage --}}
- mv {{ $new_release_dir }}/storage {{ $app_dir }}
- ln -nfs {{ $app_dir }}/storage {{ $new_release_dir }}/storage
- echo 'Linking .env file'
- ln -nfs {{ $app_dir }}/.env {{ $new_release_dir }}/.env
- echo 'Linking current release'
- ln -nfs {{ $new_release_dir }} {{ $app_dir }}/current
- chmod 775 -Rf {{ $releases_dir }}
- fi
- chmod 775 -Rf {{ $new_release_dir }}/storage
- {{-- chown deployer:www -Rf {{ $new_release_dir }}/.git --}}
- @endtask
2.2 部署方式二:镜像构建与部署
说明:
- 应用文件在build_image阶段,打包在镜像文件中,并推送到私有化的项目镜像仓库
- lavavel应用所需.env,不进入代码仓库,而是通过 -v 映射到具体路径部署,如示例代码中的 "-v /data0/Projects/team1-prj1/.env:/app/.env",防止敏感参数外泄
- 实例化后作为微服务容器,暴露8181端口提供外部访问
2.2.1 推送到私有化容器仓库
准备工作
- 新建项目team1-prj1,初始化git 仓库为:http://host001.dev.ia:18181/dev1/team1-prj1.git
- 建好容器仓库(见前文相关部分)
- 需要在Admin Area->CI/CD->Variables添加docker访问用户变量
- $LOCAL_REGISTRY_LOGIN = your docker username
- $LOCAL_REGISTRY_PASSWORD
脚本
项目中添加Dockerfile 文件,这里用到的原型镜像是我之前定制的php8.2
- FROM bennybi/php8.2:latest
- WORKDIR /app
- RUN apt-get update -y && apt-get install -y openssl zip unzip git
- RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
- # RUN docker-php-ext-install pdo mbstring
- # COPY .env.example .env
- COPY . /app
- RUN composer install --no-interaction --prefer-dist --optimize-autoloader
- # Run any additional commands specific to Laravel
- RUN php artisan config:cache
- RUN php artisan route:cache
- RUN php artisan view:cache
- CMD php artisan serve --host=0.0.0.0 --port=8181
- EXPOSE 8181
.gitlab-ci.yml
- default:
- image: docker:19.03.8
- services:
- - mysql:5.7
- before_script:
- - docker info
- variables:
- # DOCKER_IMAGE_TAG: 'bennybi/team1-prj1'
- APP_NAME: 'team1-prj1'
- REGISTRY_URL: 'http://host001.dev.ia:5050'
- DOCKER_IMAGE_TAG: 'host001.dev.ia:5050/dev1/team1-prj1:1.0.0'
- # DOCKER_IMAGE_TAG: 'host001.dev.ia:5050/dev1/team1-prj1'
- CONTAINER_IMAGE_NAME: ${DOCKER_IMAGE_TAG}
- # MYSQL_DATABASE: test
- # MYSQL_ROOT_PASSWORD: fa843c707ce26702
- # DB_HOST: host001.dev.ia
- # DB_USERNAME: developer
- stages:
- - test
- - build
- - deploy
- unit_test:
- stage: test
- tags:
- - php
- script:
- - cp .env.test .env
- - composer install
- - php artisan key:generate
- - php artisan migrate
- - vendor/bin/phpunit
- build_image:
- stage: build
- tags:
- - php
- script:
- - docker login ${REGISTRY_URL} -u $LOCAL_REGISTRY_LOGIN -p $LOCAL_REGISTRY_PASSWORD
- - docker build --output type=registry,oci-mediatypes=false --cache-from "${DOCKER_IMAGE_TAG}" -t "${DOCKER_IMAGE_TAG}" --push --provenance=false .
- # - docker push ${DOCKER_IMAGE_TAG}:latest
- - docker push ${DOCKER_IMAGE_TAG}
- rules:
- - if: $CI_COMMIT_BRANCH == "dev"
- deploy_dev:
- stage: deploy
- tags:
- - php
- script:
- - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- - eval $(ssh-agent -s)
- - ssh-add <(echo "$SSH_PRIVATE_KEY")
- - mkdir -p ~/.ssh
- - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
- - ssh deployer@host002.dev.ia "docker login ${REGISTRY_URL} -u $LOCAL_REGISTRY_LOGIN -p $LOCAL_REGISTRY_PASSWORD && docker pull $CONTAINER_IMAGE_NAME && docker stop ${APP_NAME} || true && docker rm ${APP_NAME} || true && docker run -d -p 8181:8181 -v /data0/Projects/${APP_NAME}/.env:/app/.env ${CONTAINER_IMAGE_NAME}"
- environment:
- name: dev
- url: http://team1-prj1.dev.ia
- # when: manual
- rules:
- - if: $CI_COMMIT_BRANCH == "dev"
要点
- 注意build时所需的参数,缺少会诱发错误: “Invalid tag: missing manifest digest”
We used the buildx flag “–output type=registry,oci-mediatypes=false” to generate a Docker v2.2 manifest list. We could set the value to “true” and generate an OCI manifest index, but the GitLab UI will incorrectly display “Invalid tag: missing manifest digest”.
推送结果图示:
2.2.2 推送到hub.docker.com
准备工作
- 新建项目team1-prj1,初始化git 仓库为:http://host001.dev.ia:18181/dev1/team1-prj1.git
- 构建的镜像将push到hub.docker.com,因此需要在Admin Area->CI/CD->Variables添加docker访问用户变量
- $DOCKER_LOGIN = your docker username
- $DOCKER_PASSWORD
脚本
Dockerfile
同上 ...
.gitlab-ci.yml
- default:
- image: docker:19.03.8
- services:
- - mysql:5.7
- before_script:
- - docker info
- variables:
- MYSQL_DATABASE: test
- MYSQL_ROOT_PASSWORD: fa843c707ce26702
- DB_HOST: host001.dev.ia
- DB_USERNAME: developer
- stages:
- - test
- - build
- # - deploy
- unit_test:
- stage: test
- tags:
- - php
- script:
- - cp .env.test .env
- - composer install
- - php artisan key:generate
- - php artisan migrate
- - vendor/bin/phpunit
- build_image:
- stage: build
- variables:
- DOCKER_IMAGE_TAG: 'bennybi/team1-prj1'
- tags:
- - php
- script:
- - docker build --cache-from "${DOCKER_IMAGE_TAG}" -t "${DOCKER_IMAGE_TAG}" .
- - docker login --username $DOCKER_LOGIN --password $DOCKER_PASSWORD
- # - docker run my-docker-image /script/to/run/tests
- - docker push ${DOCKER_IMAGE_TAG}:latest
- rules:
- - if: $CI_COMMIT_BRANCH == "dev"
- # deploy_dev:
- # stage: deploy
- # tags:
- # - php
- # script:
- # - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- # - eval $(ssh-agent -s)
- # - ssh-add <(echo "$SSH_PRIVATE_KEY")
- # - mkdir -p ~/.ssh
- # - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
- # # - ~/.composer/vendor/bin/envoy run deploy --commit="$CI_COMMIT_SHA"
- # environment:
- # name: dev
- # url: http://team1-prj1.dev.ia
- # when: manual
- # rules:
- # - if: $CI_COMMIT_BRANCH == "dev"
3 参考:
- https://docs.gitlab.com/ee/ci/docker/using_docker_build.html
- https://github.com/papertank/envoy-deploy/blob/master/readme.md
- https://warrickbayman.medium.com/zero-downtime-laravel-deployments-with-envoy-version-2-227c8259e31c
- Test and deploy Laravel applications with GitLab CI/CD and Envoy | GitLab
- GitLab CI/CD examples | GitLab
-
相关阅读:
update会锁表吗?
Tune-A-Video论文阅读
为什么会突然牙疼?
关于Spring遇到的各种问题
企业征信牌照9月末盘点:149家机构荣获上榜,西藏等地机构待批
如何搭建团队知识库?试试新的工具和方法吧!
PHP实现DFA算法,查找关键词
基于持续同调的在线社交网络传播研究
微信小程序自定义图片上传组件
[pytorchb笔记]03 --模型
- 原文地址:https://blog.csdn.net/bennybi/article/details/136363745
