GitLab CI/CD 脚本改进

Question

下面是我的第一个静态网站的 gitlab-ci.yml 脚本。它正是我需要的。它不需要每个 Angular 或 React 的构建过程。有没有人看到改进的空间？有什么明显的新手错误吗？ exit 命令是必要的还是脚本终止时会自动注销？另外，是否需要在每个部署部分的末尾删除部署密钥？

  - build
  - deploy_staging
  - deploy_production

build:
  image: alpine
  stage: build
  before_script:
    - apk add zip
  script:  
    - zip -r website.zip * -x "composer.json" -x "composer.lock" -x "gruntfile.js" -x "package-lock.json" -x "package.json" -x "Read Me" -x "_/" -x "deploy_production.sh" -x "deploy_staging.sh" -x "README.md" -x "Read Me Custom.txt" -x "gitlab-ci.yml"
  artifacts:
    paths:
     - website.zip

deploy_to_staging:
  image: alpine
  stage: deploy_staging
  before_script:
  - apk add unzip openssh-client
  - eval $(ssh-agent -s)
  - echo "$DEPLOYMENT_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  - ssh-keyscan -H "$DEPLOYMENT_SERVER" >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  script:
    - scp website.zip "$DEPLOYMENT_LOGIN":"$DEPLOYMENT_PATH"
    - ssh -p 2222 "$DEPLOYMENT_LOGIN" "
      cd temp;
      rm website.zip;
      cd ../staging;
      bash -O extglob -c 'rm -rf !(website.zip)';
      unzip website.zip;
      "cp website.zip ../../temp/";
      rm website.zip;
      exit; "
      rm -f ~/.ssh/id_rsa
  only:
    - main

deploy_to_production:
  image: alpine
  stage: deploy_production
  before_script:
    - apk add unzip openssh-client
    - eval $(ssh-agent -s)
    - echo "$DEPLOYMENT_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan -H "$DEPLOYMENT_SERVER" >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
  script:
    - ssh -p 2222 "$DEPLOYMENT_LOGIN" "
      cp temp/website.zip portal/;
      cd portal;
      bash -O extglob -c 'rm -rf !(website.zip)';
      unzip website.zip;
      rm website.zip;
      exit; "
      rm -f ~/.ssh/id_rsa
  when: manual
  only:
    - main

Answer 1

脚本看起来很简单，它做了它应该做的事情。但有些事情你应该考虑。

1. 您依赖于在执行生命部署之前没有运行任何部署管道的事实。但理论上有可能，temp 文件夹中服务器上的 zip 不是来自同一管道。当例如。另一个管道已经执行了暂存调用。这样，您将部署较新的包，尽管您执行旧管道。因此，为了安全起见，我建议再次上传。

2. 当您需要调整那些重复的代码时，您的脚本包含一些重复项，这会导致错误。我为您添加了一个继承示例。

3. 使用环境。 GitLab 有一个非常好的功能，称为环境，您可以在其中概述现有环境以及部署到哪个环境、哪个管道的内容。 https://docs.gitlab.com/ee/ci/yaml/#environment

4. 使用资源组来防止在同一环境中并行执行作业。 https://docs.gitlab.com/ee/ci/yaml/#resource_group

5. 在后期需要考虑的另外一些事情是为您的项目添加真正的发布和标记 - 但总体而言这是一个自己的主题:)

免责声明：我也不是专业人士，但这些是我会考虑的变化和考虑因素 :)

stages:
  - build
  - deploy_staging
  - deploy_production

build:
  image: alpine
  stage: build
  before_script:
    - apk add zip
  script:  
    - zip -r website.zip * -x "composer.json" -x "composer.lock" -x "gruntfile.js" -x "package-lock.json" -x "package.json" -x "Read Me" -x "_/" -x "deploy_production.sh" -x "deploy_staging.sh" -x "README.md" -x "Read Me Custom.txt" -x "gitlab-ci.yml"
  artifacts:
    paths:
     - website.zip

.deploy:
  image: alpine
  before_script:
  - apk add unzip openssh-client
  - eval $(ssh-agent -s)
  - echo "$DEPLOYMENT_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  - ssh-keyscan -H "$DEPLOYMENT_SERVER" >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  script:
    - scp website.zip "$DEPLOYMENT_LOGIN":"$DEPLOYMENT_PATH"
    - ssh -p 2222 "$DEPLOYMENT_LOGIN" "
      cd $DEPLOYMENT_PATH;
      bash -O extglob -c 'rm -rf !(website.zip)';
      unzip website.zip;
      rm website.zip;
      exit; "
  after_script:
  - rm -f ~/.ssh/id_rsa
  only:
    - main

deploy_to_staging:
  stage: deploy_staging
  variables:
    DEPLOYMENT_PATH: "../staging"
  extends: .deploy # inheritance to reduce duplicated code
  environment: 
    name: staging
  resource_group: staging

deploy_to_production:
  stage: deploy_production
  variables:
    DEPLOYMENT_PATH: "portal"
  extends: .deploy # inheritance to reduce duplicated code
  environment: 
    name: production
  resource_group: production
  when: manual