安装gitlab
https://www.gitlab.com.cn/
yum install curl policycoreutils openssh-server openssh-clients
yum install postfix
systemctl enable postfix
systemctl start postfix
curl -sS http://packages.gitlab.com.cn/install/gitlab-ce/script.rpm.sh | sudo bash
yum install gitlab-ce
https://gems.ruby-china.org 镜像加快 gems 安装
gitlab-ctl reconfigure
迁移gitlab数据(版本要一致)
gitlab-rake gitlab:backup:create
/var/opt/gitlab/backups
gitlab-ctl stop unicorn
gitlab-ctl stop sidekiq
gitlab-rake gitlab:backup:restore BACKUP=[ID]
gitlab-ctl start
汉化
yum -y install patch
git clone https://gitlab.com/xhang/gitlab.git
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
cd gitlab/
git diff v9.5.4 v9.5.4-zh>../9.5.4-zh.diff
cd ../
gitlab-ctl stop
patch -d /opt/gitlab/embedded/service/gitlab-rails -p1 < 9.5.4-zh.diff
gitlab-ctl start
gitlab-ctl reconfigure
增加https支持
vi /etc/gitlab/gitlab.rb
external_url 'https://git.blizzmi.cn'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/1.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/1.key"
gitlab-ctl reconfigure
https+mail配置
grep -v "^#" /etc/gitlab/gitlab.rb|grep -v "^$"
external_url 'https://git.blizzmi.cn';
gitlab_rails['time_zone'] = 'PRC'
gitlab_rails['gitlab_email_from'] = 'system@xxx.com'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.partner.outlook.cn"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "system@xxx.com"
gitlab_rails['smtp_password'] = "xxxxxxx"
gitlab_rails['smtp_domain'] = "smtp.partner.outlook.cn"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/1.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/1.key"
gitlab-ci Runner 安装
vi /etc/yum.repos.d/gitlab-ci-multi-runner.repo
[gitlab-ci-multi-runner]
name=gitlab-ci-multi-runner
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ci-multi-runner/yum/el7
repo_gpgcheck=0
gpgcheck=0
enabled=1
gpgkey=https://packages.gitlab.com/gpg.key
sudo yum makecache
sudo yum install gitlab-ci-multi-runner
# HTTPS的git需要在runner服务器增加证书
echo -n | openssl s_client -showcerts -connect git.xxxx.cn:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> /etc/ssl/certs/ca-certificates.crt
# 注册runner
gitlab-runner register
/etc/gitlab-runner/config.toml配置实例
该配置为注册runner后生成的配置,可根据需要修改参数。
concurrent = 100
check_interval = 0
[[runners]]
name = "centos"
url = "https://git.xxx.com";;
token = "0f3902486ddb57314eee58cb36f42d"
executor = "shell"
environment = ["GIT_SSL_NO_VERIFY=true"]
[runners.cache]
[[runners]]
name = "docker"
url = "https://git.xxx.cn";;
token = "447ed7cb74eb680ebdce7db6064e1a"
executor = "docker"
environment = ["GIT_SSL_NO_VERIFY=true"]
[runners.docker]
tls_verify = false
image = "cerl"
privileged = false
disable_cache = false
volumes = ["/cache","/var/log/test:/builds:rw"]
pull_policy = "if-not-present"
shm_size = 0
[runners.cache]
.gitlab-ci.yml文件编写说明
大概念
- gitlab8.0开始:整合了gitlab CI,项目中增加.gitlab-ci.yml即可。
- GitLab CI:管理各个项目的构建状态。
- Runner:可安装在任意机器,连接gitlab,执行构建任务,进行持续集成。(不影响gitlab性能)
- 在项目根目录添加.gitlab-ci.yml之后,每次提交或者合并都会自动运行构建任务。
小概念
- Pipeline 流水线 构建任务
- Stages 流程 构建阶段
- Jobs 作业 构建工作
明细
- 一个pipeline就是一次构建,一个构建包括多个构建阶段stages(编译,测试,部署),每个构建阶段由具体作业jobs组成。
- 构建阶段stages是顺序执行,一个失败则后面的阶段不执行,整个构建任务失败。
- 每个构建阶段stages可以有一个或多个jobs,jobs是并行执行,全部成功,stages才会成功;任意jobs失败,整个构建任务失败。
注意
- 部署公钥:gitlab服务端增加,各项目允许。私钥通过变量传到runner
- 传输私钥放到runner(通过变量传到runner)
- 可以在提交代码时备注上
ci skip,即可忽略本次提交的CI流程
.gitlab-ci.yml参考
image: centos-erlang
before_script:
- eval(ssh-agent -s)
- ssh-add <(echo "$SSH_PRIVATE_KEY")
- export SSH_URL=`echo $CI_REPOSITORY_URL | perl -pe 's#.*@(.+?(\:\d+)?)/#git@\1:#'`
- git config --global user.name "$GITLAB_USER_ID"
- git config --global user.email "$GITLAB_USER_EMAIL"
# - '[[ -f /.dockerenv ]] && echo "$SSH_PRIVATE_KEY" >~/.ssh/id_rsa'
stages:
- build
- test
- deploy
build:
stage: build
# variables:
# CI_DEBUG_TRACE: "true"
only:
- master
# - /^bug-.*$/
# - branches
# - tags
except:
- tags
# - branches
script:
- rebar3 compile
# - export
cache:
key: buildcache
paths:
- _build/
# artifacts:
# paths:
# - $CI_PROJECT_DIR/_build/
tags:
- docker
test:
stage: test
only:
- master
except:
- tags
script:
- rebar3 eunit
- git tag -a eunit$CI_JOB_ID -m "my version eunit$CI_JOB_ID"
- git push $SSH_URL eunit$CI_JOB_ID
cache:
key: aa
paths:
- _build/
# artifacts:
# paths:
# - $CI_PROJECT_DIR/_build/prod/rel/myapp/
# cache:
# untracked: true
# paths:
# - _build/
tags:
- docker
sit-deploy:
stage: deploy
only:
- sit
except:
- tags
script:
- rebar3 as prod tar
- APP=`basename /builds/root/myapp/_build/prod/rel/myapp/myapp-*.tar.gz`
- scp -r /builds/root/myapp/_build/prod/rel/myapp/$APP test-php-1@192.168.200.27:~/
- ssh xxxx@192.168.xxx.xxx "myapp/bin/myapp stop;rm -rf myapp;mkdir -p myapp;tar -zxf $APP -C myapp;myapp/bin/myapp start"
- git tag -a SIT$CI_JOB_ID-$APP -m "my version SIT$CI_JOB_ID-$APP"
- git push $SSH_URL SIT$CI_JOB_ID-$APP
tags:
- docker
uat-deploy:
stage: deploy
only:
- uat
except:
- tags
script:
- rebar3 as prod tar
- APP=`basename /builds/root/myapp/_build/prod/rel/myapp/myapp-*.tar.gz`
- scp -r /builds/root/myapp/_build/prod/rel/myapp/$APP test-php-1@192.168.200.27:~/
- ssh xxxx@192.168.xxx.xxx "myapp/bin/myapp stop;rm -rf myapp;mkdir -p myapp;tar -zxf $APP -C myapp;myapp/bin/myapp start"
- git tag -a UAT$CI_JOB_ID-$APP -m "my version UAT$CI_JOB_ID-$APP"
- git push $SSH_URL UAT$CI_JOB_ID-$APP
# dependencies: []
# dependencies:
# - build
tags:
- docker
