← 返回首页
🔄

CI/CD流水线设计

📂 devops ⏱ 2 min 389 words
ci/cd流水线设计专家实战

CI/CD流水线设计

流水线原则

  1. 快速反馈:尽早发现问题
  2. 自动化:减少人工干预
  3. 可重复:一致的构建过程
  4. 可见性:所有步骤可追踪

流水线阶段

代码提交 → 构建 → 单元测试 → 集成测试 → 安全扫描 → 部署到Staging → 验收测试 → 部署到Production

GitHub Actions高级配置

# .github/workflows/ci-cd.yml
name: CI/CD Pipeline

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '18'
          cache: 'npm'
      
      - name: Install dependencies
        run: npm ci
      
      - name: Run linter
        run: npm run lint
      
      - name: Run tests
        run: npm test -- --coverage
      
      - name: Upload coverage
        uses: codecov/codecov-action@v3
        with:
          token: ${{ secrets.CODECOV_TOKEN }}

  security:
    needs: build
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          scan-ref: '.'
          severity: 'CRITICAL,HIGH'

  docker:
    needs: [build, security]
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      
      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}

  deploy-staging:
    needs: docker
    runs-on: ubuntu-latest
    environment: staging
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Deploy to staging
        run: |
          kubectl set image deployment/myapp \
            myapp=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \
            --namespace=staging

  deploy-production:
    needs: deploy-staging
    runs-on: ubuntu-latest
    environment: production
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Deploy to production
        run: |
          kubectl set image deployment/myapp \
            myapp=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \
            --namespace=production

流水线模板

# .github/workflows/reusable-deploy.yml
name: Reusable Deploy

on:
  workflow_call:
    inputs:
      environment:
        required: true
        type: string
      image-tag:
        required: true
        type: string

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: ${{ inputs.environment }}
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Deploy
        run: |
          kubectl set image deployment/myapp \
            myapp=myapp:${{ inputs.image-tag }} \
            --namespace=${{ inputs.environment }}
      
      - name: Wait for rollout
        run: |
          kubectl rollout status deployment/myapp \
            --namespace=${{ inputs.environment }} \
            --timeout=300s

蓝绿部署

# 蓝绿部署脚本
#!/bin/bash

NEW_VERSION=$1
NAMESPACE=$2

# 切换到新版本
kubectl patch service myapp -n $NAMESPACE -p '{"spec":{"selector":{"version":"'$NEW_VERSION'"}}}'

# 等待新版本就绪
kubectl rollout status deployment/myapp-$NEW_VERSION -n $NAMESPACE

# 验证
curl -s http://myapp.$NAMESPACE.svc/health

# 如果成功,删除旧版本
# kubectl delete deployment myapp-old -n $NAMESPACE

金丝雀部署

# Flagger金丝雀部署
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
  name: myapp
  namespace: production
spec:
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: myapp
  progressDeadlineSeconds: 600
  service:
    port: 80
    targetPort: 8080
  analysis:
    interval: 1m
    threshold: 5
    maxWeight: 50
    stepWeight: 10
    metrics:
      - name: request-success-rate
        thresholdRange:
          min: 99
        interval: 1m
      - name: request-duration
        thresholdRange:
          max: 500
        interval: 30s
    webhooks: []

最佳实践

  1. 并行执行
  2. 缓存依赖
  3. 安全扫描
  4. 自动化测试
  5. 环境隔离
  6. 回滚策略

总结

CI/CD流水线设计是DevOps的核心。通过合理设计流水线,可以实现快速、安全、可靠的应用交付。