CI/CD 流水线配置
架构说明
Gitea 部署
Docker Compose 配置
yaml
version: '3.8'
services:
gitea:
image: gitea/gitea:1.21
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=<password>
volumes:
- gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:22"
depends_on:
- db
restart: unless-stopped
db:
image: postgres:15
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=<password>
- POSTGRES_DB=gitea
volumes:
- db_data:/var/lib/postgresql/data
restart: unless-stopped
volumes:
gitea_data:
db_data:Harbor 镜像仓库
Docker Compose 配置
yaml
version: '3.8'
services:
harbor:
image: goharbor/harbor-core:v2.9
container_name: harbor-core
# ... 完整配置见官方文档
volumes:
- ./config:/etc/harbor
- ./data:/data
ports:
- "8443:8443"
- "8888:8888"配置 Gitea Actions 使用 Harbor
yaml
# .gitea/workflows/deploy.yaml
name: Build and Push Image
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Login to Harbor
uses: docker/login-action@v3
with:
registry: harbor.your-domain.com
username: ${{ secrets.HARBOR_USER }}
password: ${{ secrets.HARBOR_PASS }}
- name: Build and Push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
harbor.your-domain.com/myproject/myapp:latest
harbor.your-domain.com/myproject/myapp:${{ github.sha }}Gitea Actions Runner
安装 Runner
bash
# 在 Gitea 管理界面获取 token
# 下载 Act Runner
curl -fsSL https://dl.gitea.com/act_runner/latest/act_runner_linux_amd64 -o act_runner
chmod +x act_runner
# 注册 Runner
./act_runner register --no-interactive \
--instance-url http://gitea.your-domain.com \
--token <your-token> \
--name my-runner \
--labels ubuntu-latest:host配置为系统服务
bash
sudo cat > /etc/systemd/system/act_runner.service << 'EOF'
[Unit]
Description=Gitea Actions Runner
After=network.target
[Service]
ExecStart=/usr/local/bin/act_runner daemon
Restart=always
User=your-user
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable act_runner
sudo systemctl start act_runnerRunner 标签配置
yaml
# 使用标签分配任务
runs-on: self-hosted/linux/easytier
# 或使用 Docker
runs-on: docker:latest完整 CI/CD 流程
流水线示例
yaml
# .gitea/workflows/app.yaml
name: CI/CD Pipeline
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
# 构建阶段
build:
runs-on: self-hosted/linux/easytier
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Build
run: go build -o myapp .
- name: Test
run: go test ./...
- name: Build Docker Image
run: |
docker build -t myapp:${{ github.sha }} .
- name: Push to Harbor
run: |
docker tag myapp:${{ github.sha }} harbor.your-domain.com/myproject/myapp:${{ github.sha }}
docker push harbor.your-domain.com/myproject/myapp:${{ github.sha }}
# 部署阶段
deploy:
needs: build
runs-on: self-hosted/linux/easytier
if: github.ref == 'refs/heads/main'
steps:
- name: Deploy to K8s
run: |
kubectl set image deployment/myapp myapp=harbor.your-domain.com/myproject/myapp:${{ github.sha }}
kubectl rollout status deployment/myappKubernetes 部署配置
yaml
# k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
labels:
app: myapp
spec:
replicas: 2
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: harbor.your-domain.com/myproject/myapp:latest
ports:
- containerPort: 8080
resources:
limits:
cpu: "500m"
memory: "256Mi"
requests:
cpu: "100m"
memory: "64Mi"镜像缓存策略
基础镜像层
| 类别 | 镜像 | 说明 |
|---|---|---|
| 系统 | ubuntu:24.04, alpine:3.18 | 基础系统 |
| 运行时 | node:20, golang:1.21, python:3.12 | 语言运行时 |
| 数据库 | mysql:8, postgres:15, redis:7 | 数据库服务 |
| 中间件 | nginx:alpine, traefik:v3 | 反向代理 |
| 监控 | prom/prometheus, grafana/grafana | 监控组件 |
缓存优化
dockerfile
# 使用多阶段构建
FROM golang:1.21 AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN go build -o myapp .
FROM alpine:3.18
COPY --from=builder /app/myapp /usr/local/bin/
ENTRYPOINT ["myapp"]安全管理
Secrets 管理
yaml
# 在 Gitea 仓库设置中添加
- HARBOR_USER
- HARBOR_PASS
- SSH_KEY镜像签名
bash
# 安装 Cosign
curl -fsSL https://cosign.ci.sigs.k8s.io/binary-release/get | bash
# 签名镜像
cosign sign harbor.your-domain.com/myproject/myapp:latest
# 验证签名
cosign verify harbor.your-domain.com/myproject/myapp:latest