Ƙirƙirar sarkar CI/CD da aikin sarrafa kansa tare da Docker

Na rubuta gidajen yanar gizona na farko a ƙarshen 90s. A lokacin yana da sauƙin sanya su cikin tsarin aiki. Akwai uwar garken Apache akan wasu haɗin gwiwar da aka raba, zaku iya shiga cikin wannan sabar ta hanyar FTP ta rubuta wani abu kamar ftp://ftp.example.com. Sannan dole ne ka shigar da sunanka da kalmar wucewa sannan ka loda fayilolin zuwa uwar garken. Akwai lokuta daban-daban, komai ya kasance mai sauƙi a lokacin fiye da yanzu.

A cikin shekaru biyun da suka gabata, komai ya canza sosai. Shafukan yanar gizon sun zama masu rikitarwa; dole ne a haɗa su kafin a sake su zuwa samarwa. Sabar guda ɗaya ta zama sabar da yawa da ke gudana a bayan ma'aunin nauyi, kuma amfani da tsarin sarrafa sigar ya zama ruwan dare gama gari.

Don aikina na sirri Ina da tsari na musamman. Kuma na san cewa ina buƙatar ikon tura rukunin yanar gizon don samarwa ta hanyar yin aiki ɗaya kawai: rubuta lambar zuwa reshe master ku GitHub. Bugu da ƙari, na san cewa don tabbatar da aiki na ƙaramar aikace-aikacen yanar gizo na, ba na so in sarrafa babban gungu na Kubernetes, ko amfani da fasahar Docker Swarm, ko kula da rundunar sabar tare da kwasfa, wakilai da kowane nau'i. hadaddun abubuwa. Don cimma burin yin aiki cikin sauƙi kamar yadda zai yiwu, ina buƙatar sanin CI/CD.

Idan kuna da ƙaramin aikin (a cikin wannan yanayin, aikin Node.js) kuma kuna son sanin yadda ake tura aikin wannan aikin ta atomatik, yayin da tabbatar da cewa abin da aka adana a cikin ma'ajin ya dace daidai da abin da ke aiki a cikin samarwa, to, Ina so ku san yadda ake tura wannan aikin ta atomatik. tunanin kuna iya sha'awar wannan labarin.

Abubuwan da ake bukata

Ana sa ran mai karanta wannan labarin ya sami ainihin fahimtar layin umarni da rubuta rubutun Bash. Bugu da kari, zai bukaci asusu Travis CI и Filin Docker.

Manufofin

Ba zan ce wannan labarin ba za a iya kiransa "koyawa" ba tare da wani sharadi ba. Wannan shi ne ƙarin daftarin aiki wanda na yi magana game da abin da na koya tare da bayyana tsarin da ya dace da ni don gwaji da tura lamba zuwa samarwa, wanda aka yi a cikin fasfo mai sarrafa kansa guda ɗaya.

Wannan shine abin da tsarin aikina ya ƙare.

Don lambar da aka buga zuwa kowane reshe na ma'aji banda master, ana yin waɗannan ayyuka:

• Aikin ginawa akan Travis CI yana farawa.
• Ana yin duk naúrar, haɗin kai da gwaje-gwajen ƙarshe zuwa ƙarshe.

Sai kawai don lambar da ta shiga master, ana yin haka:

• Duk abin da aka ambata a sama, da ...
• Gina hoton Docker dangane da lambar yanzu, saituna da muhalli.
• Ana tura hoton zuwa Docker Hub.
• Haɗi zuwa uwar garken samarwa.
• Ana loda hoto daga Docker Hub zuwa uwar garken.
• Tsayar da kwantena na yanzu da kuma fara sabon dangane da sabon hoton.

Idan ba ku san komai ba game da Docker, hotuna da kwantena, kada ku damu. Zan gaya muku komai game da shi.

Menene CI/CD?

Gajartawar CI/CD tana nufin “ci gaba da haɗa kai/ci gaba da turawa.”

▍Ci gaba da haɗin kai

Ci gaba da haɗin kai wani tsari ne wanda masu haɓakawa ke yin sadaukarwa ga babban ma'ajiyar lambar tushe na aikin (yawanci reshe. master). A lokaci guda, ana tabbatar da ingancin lambar ta hanyar gwaji ta atomatik.

▍Ci gaba da turawa

Ci gaba da turawa shine akai-akai, tura lamba ta atomatik zuwa samarwa. Sashi na biyu na gaɓoɓin CI/CD wani lokaci ana rubuta shi azaman “ci gaba da bayarwa.” Wannan ainihin daidai yake da "ci gaba da turawa", amma "ci gaba da bayarwa" yana nuna buƙatar tabbatar da canje-canje da hannu kafin fara aikin tura aikin.

FarawaEND_LINK

Wannan manhaja da na koya duk ana kiranta TakeNote. Wannan aikin gidan yanar gizo ne da nake aiki da shi, wanda aka tsara don ɗaukar bayanin kula. Da farko na yi ƙoƙari na yi JAMStack-project, ko kuma kawai aikace-aikacen gaba-gaba ba tare da uwar garken ba, don cin gajiyar daidaitattun damar gudanar da ayyukan da ayyukan da yake bayarwa. Sanarwa. Yayin da rikitarwar aikace-aikacen ke girma, Ina buƙatar ƙirƙirar sashin sabar sabar, wanda ke nufin cewa zan buƙaci tsara dabarun kaina don haɗawa ta atomatik da tura aikin ta atomatik.

A cikin yanayina, aikace-aikacen sabar Express ce da ke gudana a cikin mahallin Node.js, tana ba da aikace-aikacen React shafi guda ɗaya da goyan bayan API na gefen uwar garken. Wannan gine-ginen yana bin dabarun da za a iya samu a ciki aka ba Cikakken jagorar tantancewa.

Na yi shawara da aboki, wanda ƙwararren masani ne, kuma ya tambaye shi abin da nake bukata in yi don yin aiki yadda nake so. Ya ba ni ra'ayin yadda tsarin aiki mai sarrafa kansa ya kamata ya yi kama, wanda aka bayyana a cikin sashin Goals na wannan labarin. Samun waɗannan manufofin yana nufin cewa ina buƙatar gano yadda ake amfani da Docker.

Docker

Docker kayan aiki ne wanda, godiya ga fasaha na kwantena, yana ba da damar aikace-aikace don rarrabawa cikin sauƙi, turawa da gudanar da su a cikin yanayi guda, koda kuwa dandalin Docker da kansa yana gudana a wurare daban-daban. Da farko, ina buƙatar samun hannuna akan kayan aikin layin umarni na Docker (CLI). umarni Ba za a iya kiran jagorar shigarwa na Docker a sarari da fahimta ba, amma daga gare ta za ku iya koya cewa don ɗaukar matakin shigarwa na farko, kuna buƙatar saukar da Docker Desktop (na Mac ko Windows).

Docker Hub kusan abu ɗaya ne da GitHub don git repositories, ko rajista npm don fakitin JavaScript. Wannan wurin ajiyar kan layi ne don hotunan Docker. Wannan shine abin da Docker Desktop ke haɗuwa da shi.

Don haka, don farawa da Docker, kuna buƙatar yin abubuwa biyu:

• Saiti Fuskar Docker.
• Yi rijista don Filin Docker.

Bayan wannan, zaku iya bincika idan Docker CLI yana aiki ta hanyar aiwatar da umarni mai zuwa don bincika nau'in Docker:

docker -v

Na gaba, shiga Docker Hub ta shigar da sunan mai amfani da kalmar wucewa lokacin da aka tambaye ku:

docker login

Don amfani da Docker, dole ne ku fahimci ra'ayoyin hotuna da kwantena.

Hotuna

Hoto wani abu ne kamar zane wanda ya ƙunshi umarni don haɗa akwati. Wannan hoto ne mara canzawa na tsarin fayil da saitunan aikace-aikacen. Masu haɓakawa suna iya raba hotuna cikin sauƙi.

# Вывод сведений обо всех образах
docker images

Wannan umarnin zai fitar da tebur tare da taken mai zuwa:

REPOSITORY     TAG     IMAGE ID     CREATED     SIZE
---

Na gaba za mu dubi wasu misalan umarni a cikin tsari guda - na farko akwai umarni tare da sharhi, sannan kuma misalin abin da zai iya fitarwa.

▍ Kwantena

Kwantena kunshin da za a iya aiwatarwa wanda ya ƙunshi duk abin da ake buƙata don gudanar da aikace-aikacen. Aikace-aikace tare da wannan tsarin koyaushe zai yi aiki iri ɗaya, ba tare da la'akari da abubuwan more rayuwa ba: a cikin keɓantaccen yanayi kuma a cikin yanayi ɗaya. Ma'anar ita ce, ana ƙaddamar da misalai na hoto ɗaya a wurare daban-daban.

# Перечисление всех контейнеров
docker ps -a
CONTAINER ID     IMAGE     COMMAND     CREATED     STATUS     PORTS     NAMES
---

▍Tags

Alamar alama ce ta takamaiman sigar hoto.

▍Mai saurin magana game da umarnin Docker

Anan ga bayyani na wasu umarnin Docker da aka saba amfani da su.

tawagar

Ka'ida

sakamako

docker gini

Hoton hoto

Gina hoto daga Dockerfile

docker tag

Hoton hoto

Tambarin hoto

Docker hotuna

Hoton hoto

Jerin hotuna

Docker gudu

Akwati

Gudun akwati bisa hoto

docker tura

Hoton hoto

Ana loda hoto zuwa wurin yin rajista

docker ja

Hoton hoto

Ana loda hoto daga wurin yin rajista

docker ps

Akwati

Akwatunan jeri

tsarin docker prune

Hoto/kwantena

Cire kwantena da hotuna marasa amfani

▍Dockerfile

Na san yadda ake gudanar da aikace-aikacen samarwa a gida. Ina da saitin fakitin gidan yanar gizon da aka tsara don gina aikace-aikacen React da aka shirya. Na gaba, Ina da umarni da ke fara sabar tushen Node.js akan tashar jiragen ruwa 5000. Ga alama kamar haka:

npm i         # установка зависимостей
npm run build # сборка React-приложения
npm run start # запуск Node-сервера

Ya kamata a lura cewa ba ni da aikace-aikacen misali na wannan abu. Amma a nan, don gwaje-gwaje, kowane aikace-aikacen Node mai sauƙi zai yi.

Don amfani da akwati, kuna buƙatar ba da umarni ga Docker. Ana yin haka ta hanyar fayil da ake kira Dockerfile, wanda ke cikin tushen littafin aikin. Wannan fayil ɗin, da farko, yana da kamar ba zai iya fahimta ba.

Amma abin da ya ƙunshi kawai yana bayyana, tare da umarni na musamman, wani abu mai kama da kafa wurin aiki. Ga wasu daga cikin waɗannan umarni:

• DAGA - Wannan umarni yana farawa fayil. Yana ƙayyade hoton tushe wanda aka gina kwandon a kai.
• COPY - Kwafi fayiloli daga tushen gida zuwa akwati.
• AIKI - Saita kundin adireshi don umarni masu zuwa.
• RUN - Gudun umarni.
• BAYYANA - Saitunan tashar jiragen ruwa.
• MAGANAR SHIGA - Alamar umarnin da za a aiwatar.

Dockerfile na iya kama wani abu kamar haka:

# Загрузить базовый образ
FROM node:12-alpine

# Скопировать файлы из текущей директории в директорию app/
COPY . app/

# Использовать app/ в роли рабочей директории
WORKDIR app/

# Установить зависимости (команда npm ci похожа npm i, но используется для автоматизированных сборок)
RUN npm ci --only-production

# Собрать клиентское React-приложение для продакшна
RUN npm run build

# Прослушивать указанный порт
EXPOSE 5000

# Запустить Node-сервер
ENTRYPOINT npm run start

Dangane da hoton tushe da kuka zaɓa, ƙila kuna buƙatar shigar da ƙarin abin dogaro. Gaskiyar ita ce wasu hotunan tushe (kamar Node Alpine Linux) an ƙirƙira su tare da manufar sanya su a matsayin m kamar yadda zai yiwu. A sakamakon haka, ƙila ba su da wasu shirye-shiryen da kuke tsammani.

▍ Gina, yiwa alama da gudanar da kwantena

Taron gida da ƙaddamar da kwantena yana bayan muna da Dockerfile, Ayyukan suna da sauƙi. Kafin tura hoton zuwa Docker Hub, kuna buƙatar gwada shi a gida.

▍Majalisi

Da farko kuna buƙatar tattarawa hoto, Ƙayyadaddun suna da, ba na zaɓi, tag (idan ba a ƙayyade alamar ba, tsarin zai sanya alama ta atomatik zuwa hoton. latest).

# Сборка образа
docker build -t <image>:<tag> .

Bayan gudanar da wannan umarni, zaku iya kallon Docker yana gina hoton.

Sending build context to Docker daemon   2.88MB
Step 1/9 : FROM node:12-alpine
 ---> ...выполнение этапов сборки...
Successfully built 123456789123
Successfully tagged <image>:<tag>

Ginin na iya ɗaukar mintuna biyu - duk ya dogara da adadin abin dogaro da kuke da shi. Da zarar ginin ya cika, zaku iya gudanar da umarni docker images kuma dubi bayanin sabon hoton ku.

REPOSITORY          TAG               IMAGE ID            CREATED              SIZE
<image>             latest            123456789123        About a minute ago   x.xxGB

▍ Kaddamarwa

An halicci hoton. Wannan yana nufin cewa za ku iya tafiyar da akwati bisa ga shi. Domin ina so in sami damar shiga aikace-aikacen da ke gudana a cikin akwati a localhost:5000, ni, a gefen hagu na biyu 5000:5000 a cikin umarni na gaba da aka shigar 5000. A gefen dama akwai tashar jirgin ruwa.

# Запуск с использованием локального порта 5000 и порта контейнера 5000
docker run -p 5000:5000 <image>:<tag>

Yanzu da aka ƙirƙiri akwati kuma yana gudana, zaku iya amfani da umarnin docker ps don duba bayani game da wannan akwati (ko kuna iya amfani da umarnin docker ps -a, wanda ke nuna bayanai game da duk kwantena, ba kawai masu gudana ba).

CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                      PORTS                    NAMES
987654321234        <image>             "/bin/sh -c 'npm run…"   6 seconds ago        Up 6 seconds                0.0.0.0:5000->5000/tcp   stoic_darwin

Idan yanzu ka je adireshin localhost:5000 - zaku iya ganin shafin aikace-aikacen da ke gudana wanda yayi kama da shafin aikace-aikacen yana gudana a cikin yanayin samarwa.

▍Tagging da bugawa

Domin amfani da ɗayan hotunan da aka ƙirƙira akan sabar samarwa, muna buƙatar samun damar saukar da wannan hoton daga Docker Hub. Wannan yana nufin cewa da farko kuna buƙatar ƙirƙirar wurin ajiya don aikin akan Docker Hub. Bayan wannan, za mu sami wurin da za mu iya aika hoton. Ana buƙatar canza sunan hoton don sunan sa ya fara da sunan mai amfani na Docker Hub. Wannan ya kamata a biyo bayan sunan ma'ajiyar. Ana iya sanya kowane tag a ƙarshen sunan. A ƙasa akwai misalin sanya hotuna ta amfani da wannan makirci.

Yanzu zaku iya gina hoton tare da sabon suna kuma kuyi umarni docker push don tura shi zuwa wurin ajiyar Docker Hub.

docker build -t <username>/<repository>:<tag> .
docker tag <username>/<repository>:<tag> <username>/<repository>:latest
docker push <username>/<repository>:<tag>

# На практике это может выглядеть, например, так:
docker build -t user/app:v1.0.0 .
docker tag user/app:v1.0.0 user/app:latest
docker push user/app:v1.0.0

Idan komai yayi kyau, hoton zai kasance akan Docker Hub kuma ana iya loda shi cikin sauƙi zuwa uwar garken ko canja shi zuwa wasu masu haɓakawa.

Mataki na gaba

Ya zuwa yanzu mun tabbatar da cewa aikace-aikacen, a cikin nau'in akwati na Docker, yana gudana a cikin gida. Mun loda akwati zuwa Docker Hub. Duk wannan yana nufin cewa mun riga mun sami ci gaba mai kyau ga burinmu. Yanzu muna buƙatar warware ƙarin tambayoyi biyu:

• Kafa kayan aikin CI don gwaji da tura lamba.
• Saita uwar garken samarwa ta yadda za ta iya saukewa da gudanar da lambar mu.

A cikin yanayinmu, muna amfani Travis CI. A matsayin uwar garken - DitigalOcean.

Ya kamata a lura cewa a nan zaka iya amfani da wani haɗin sabis. Misali, maimakon Travis CI, zaku iya amfani da CircleCI ko Ayyukan Github. Kuma maimakon DigitalOcean - AWS ko Lindode.

Mun yanke shawarar yin aiki tare da Travis CI, kuma na riga na sami wani abu da aka saita a cikin wannan sabis ɗin. Don haka, yanzu zan ɗan yi magana game da yadda ake shirya shi don aiki.

Travis CI

Travis CI kayan aiki ne don gwaji da tura lamba. Ba zan so in shiga cikin rikice-rikice na kafa Travis CI ba, tun da kowane aikin na musamman ne, kuma wannan ba zai kawo fa'ida ba. Amma zan rufe abubuwan yau da kullun don farawa idan kun yanke shawarar amfani da Travis CI. Ko ka zaɓi Travis CI, CircleCI, Jenkins, ko wani abu dabam, za a yi amfani da hanyoyin daidaitawa iri ɗaya a ko'ina.

Don farawa tare da Travis CI, je zuwa zaka iya kuma ƙirƙirar asusun. Sannan haɗa Travis CI tare da asusun GitHub. Lokacin kafa tsarin, kuna buƙatar ƙayyade ma'ajin da kuke son sarrafa aiki da shi kuma ku ba da damar samun damar yin amfani da shi. (Ina amfani da GitHub, amma na tabbata cewa Travis CI na iya haɗawa tare da BitBucket, da GitLab, da sauran ayyuka masu kama).

Duk lokacin da aka fara Travis CI, ana ƙaddamar da uwar garken, yana aiwatar da umarnin da aka ƙayyade a cikin fayil ɗin daidaitawa, gami da ƙaddamar da rassan ma'ajin.

▍Tsarin rayuwar aiki

Travis CI sanyi fayil kira .travis.yml da kuma adana a cikin tushen tushen aikin, yana goyan bayan manufar abubuwan da suka faru tsarin rayuwa ayyuka. An jera waɗannan abubuwan da suka faru a cikin jerin abubuwan da suka faru:

• apt addons
• cache components
• before_install
• install
• before_script
• script
• before_cache
• after_success или after_failure
• before_deploy
• deploy
• after_deploy
• after_script

▍ Gwaji

A cikin fayil ɗin sanyi zan saita sabar Travis CI na gida. Na zaɓi Node 12 a matsayin harshe kuma na gaya wa tsarin don shigar da abubuwan dogaro da ake buƙata don amfani da Docker.

Duk abin da aka jera a ciki .travis.yml, za a kashe lokacin da aka yi duk buƙatun ja zuwa duk rassan ma'ajiyar, sai dai in an ƙayyade. Wannan sifa ce mai amfani saboda yana nufin cewa zamu iya gwada duk lambar da ke shigowa cikin ma'ajiyar. Wannan yana ba ku damar sanin ko lambar tana shirye don rubutawa ga reshe. master, da kuma ko zai karya tsarin gina aikin. A cikin wannan tsari na duniya, na shigar da komai a gida, ina gudanar da sabar Webpack dev a bango (wannan siffa ce ta aikina), da kuma gudanar da gwaje-gwaje.

Idan kuna son ma'ajiyar ku ta nuna baji masu nunin ɗaukar hoto, a nan Kuna iya samun gajerun umarni akan amfani da Jest, Travis CI da Coveralls don tattarawa da nuna wannan bayanin.

To ga abun cikin fayil din .travis.yml:

# Установить язык
language: node_js

# Установить версию Node.js
node_js:
  - '12'

services:
  # Использовать командную строку Docker
  - docker

install:
  # Установить зависимости для тестов
  - npm ci

before_script:
  # Запустить сервер и клиент для тестов
  - npm run dev &

script:
  # Запустить тесты
  - npm run test

Anan ne ayyukan da aka yi don duk rassan ma'ajiya da buƙatun ja suka ƙare.

▍Tsarin aiki

Dangane da zato cewa duk gwaje-gwajen da aka yi ta atomatik sun kammala cikin nasara, za mu iya, wanda shine na zaɓi, tura lambar zuwa uwar garken samarwa. Tunda muna son yin wannan kawai don code daga reshe master, Muna ba da tsarin umarnin da ya dace a cikin saitunan ƙaddamarwa. Kafin kayi ƙoƙarin amfani da lambar da za mu duba gaba a cikin aikinku, Ina so in yi muku gargaɗi cewa dole ne ku sami ainihin rubutun da ake kira don turawa.

deploy:
  # Собрать Docker-контейнер и отправить его на Docker Hub
  provider: script
  script: bash deploy.sh
  on:
    branch: master

Rubutun turawa yana magance matsaloli guda biyu:

• Gina, yiwa alama da aika hoton zuwa Docker Hub ta amfani da kayan aikin CI (a cikin yanayinmu, Travis CI).
• Loading hoton a kan uwar garke, dakatar da tsohuwar akwati da fara sabon abu (a cikin yanayinmu, uwar garken yana gudana akan dandamali na DigitalOcean).

Da farko, kuna buƙatar saita tsari na atomatik don gini, yiwa alama, da tura hoton zuwa Docker Hub. Wannan duk yayi kama da abin da muka riga muka yi da hannu, sai dai cewa muna buƙatar dabara don sanya tambari na musamman ga hotuna da sarrafa ta atomatik. Na sami matsala da wasu cikakkun bayanai na rubutun turawa, kamar dabarar yiwa alama, shiga, shigar da maɓallin SSH, kafa haɗin SSH. Amma sa'a saurayina yana da kyau sosai da bash, kamar sauran abubuwa da yawa. Ya taimake ni rubuta wannan rubutun.

Don haka, ɓangaren farko na rubutun yana loda hoton zuwa Docker Hub. Wannan abu ne mai sauƙin yi. Tsarin alamar da na yi amfani da shi ya ƙunshi hada git hash da git tag, idan akwai. Wannan yana tabbatar da cewa tag ɗin ya zama na musamman kuma yana sauƙaƙa gano taron da aka dogara da shi. DOCKER_USERNAME и DOCKER_PASSWORD su ne masu canjin yanayi masu amfani waɗanda za'a iya saita su ta amfani da ƙirar Travis CI. Travis CI zai sarrafa bayanai masu mahimmanci ta atomatik don kada ya fada cikin hannun da ba daidai ba.

Ga kashin farko na rubutun deploy.sh.

#!/bin/sh
set -e # Остановить скрипт при наличии ошибок

IMAGE="<username>/<repository>"                             # Образ Docker
GIT_VERSION=$(git describe --always --abbrev --tags --long) # Git-хэш и теги

# Сборка и тегирование образа
docker build -t ${IMAGE}:${GIT_VERSION} .
docker tag ${IMAGE}:${GIT_VERSION} ${IMAGE}:latest

# Вход в Docker Hub и выгрузка образа
echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin
docker push ${IMAGE}:${GIT_VERSION}

Abin da sashe na biyu na rubutun zai kasance ya dogara ne kacokan ga mai masaukin da kuke amfani da shi da kuma yadda aka tsara haɗin kai da shi. A cikin yanayina, tunda ina amfani da Digital Ocean, Ina amfani da umarni don haɗawa da uwar garken doctl. Lokacin aiki tare da AWS, za a yi amfani da mai amfani aws, da sauransu.

Saita sabar ba ta da wahala musamman. Don haka, na saita ɗigon ruwa bisa tushen hoton. Ya kamata a lura cewa tsarin da na zaɓa yana buƙatar shigarwa na Docker na hannu na lokaci ɗaya da ƙaddamar da Docker na hannu na lokaci ɗaya. Na yi amfani da Ubuntu 18.04 don shigar da Docker, don haka idan kuna amfani da Ubuntu don yin haka, kuna iya bi kawai. wannan sauki jagora.

Ba na magana a nan game da takamaiman umarni don sabis ɗin ba, tunda wannan yanayin na iya bambanta sosai a lokuta daban-daban. Zan ba da cikakken tsarin aikin da za a yi bayan haɗa ta hanyar SSH zuwa uwar garken da za a tura aikin:

• Muna buƙatar nemo kwandon da ke gudana a halin yanzu kuma mu dakatar da shi.
• Sannan kuna buƙatar ƙaddamar da sabon akwati a bango.
• Kuna buƙatar saita tashar jiragen ruwa na uwar garken zuwa 80 - wannan zai baka damar shigar da shafin a adireshin kamar example.com, ba tare da tantance tashar jiragen ruwa ba, maimakon amfani da adireshin kamar example.com:5000.
• A ƙarshe, kuna buƙatar share duk tsoffin kwantena da hotuna.

Ga cigaban rubutun.

# Найти ID работающего контейнера
CONTAINER_ID=$(docker ps | grep takenote | cut -d" " -f1)

# Остановить старый контейнер, запустить новый, очистить систему
docker stop ${CONTAINER_ID}
docker run --restart unless-stopped -d -p 80:5000 ${IMAGE}:${GIT_VERSION}
docker system prune -a -f

Wasu abubuwan da ya kamata a kula da su

Yana yiwuwa lokacin da kuka haɗa zuwa uwar garken ta hanyar SSH daga Travis CI, za ku ga gargaɗin da zai hana ku ci gaba da shigarwa kamar yadda tsarin zai jira amsar mai amfani.

The authenticity of host '<hostname> (<IP address>)' can't be established.
RSA key fingerprint is <key fingerprint>.
Are you sure you want to continue connecting (yes/no)?

Na koyi cewa za a iya sanya maɓalli na kirtani a cikin base64 don adana shi a cikin nau'i wanda za'a iya aiki da shi cikin dacewa da aminci. A matakin shigarwa, zaku iya yanke maɓalli na jama'a kuma ku rubuta shi zuwa fayil known_hosts domin a kawar da kuskuren da ke sama.

echo <public key> | base64 # выводит <публичный ключ, закодированный в base64>

A aikace, wannan umarni na iya zama kamar haka:

echo "123.45.67.89 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
NrRFi9wrf+M7Q== [email protected]" | base64

Kuma ga abin da yake samarwa - kirtani mai rufaffiyar tushe64:

MTIzLjQ1LjY3Ljg5IHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQUJJd0FBQVFFQWtsT1Vwa0RIcmZIWTE3U2JybVRJcE5MVEdLOVRqb20vQldEU1UKR1BsK25hZnpsSERUWVc3aGRJNHlaNWV3MThKSDRKVzlqYmhVRnJ2aVF6TTd4bEVMRVZmNGg5bEZYNVFWa2JQcHBTd2cwY2RhMwpQYnY3a09kSi9NVHlCbFdYRkNSK0hBbzNGWFJpdEJxeGlYMW5LaFhwSEFac01jaUxxOFY2UmpzTkFRd2RzZE1GdlNsVksvN1hBCnQzRmFvSm9Bc25jTTFROXg1KzNWMFd3NjgvZUlGbWIxenVVRmxqUUpLcHJyWDg4WHlwTkR2allOYnk2dncvUGIwcndlcnQvRW4KbVorQVc0T1pQblRQSTg5WlBtVk1MdWF5ckQyY0U4NlovaWw4YitndzNyMysxbkthdG1Ja2puMnNvMWQwMVFyYVRsTXFWU3NieApOclJGaTl3cmYrTTdRPT0geW91QGV4YW1wbGUuY29tCg==

Ga umarnin da aka ambata a sama

install:
  - echo < публичный ключ, закодированный в base64> | base64 -d >> $HOME/.ssh/known_hosts

Hakanan za'a iya amfani da wannan hanyar tare da maɓalli na sirri lokacin kafa haɗi, tunda kuna iya buƙatar maɓalli na sirri don isa ga uwar garken. Lokacin aiki tare da maɓallin, kawai kuna buƙatar tabbatar da cewa an adana shi amintacce a cikin yanayin yanayin Travis CI kuma ba a nuna shi a ko'ina ba.

Wani abu da za a lura shi ne cewa kuna iya buƙatar gudanar da duk rubutun turawa azaman layi ɗaya, misali - tare da doctl. Wannan na iya buƙatar ƙarin ƙoƙari.

doctl compute ssh <droplet> --ssh-command "все команды будут здесь && здесь"

TLS/SSL da Load Daidaitawa

Bayan na yi duk abin da aka ambata a sama, matsala ta ƙarshe da na ci karo da ita ita ce uwar garken ba ta da SSL. Tunda ina amfani da uwar garken Node.js, don tilastawa yin aiki Reverse proxy Nginx da Bari Mu Encrypt, kuna buƙatar yin tinker da yawa.

Ba na son yin duk wannan tsarin SSL da hannu, don haka kawai na ƙirƙiri ma'aunin nauyi kuma na rubuta bayanan sa a cikin DNS. A cikin yanayin DigitalOcean, alal misali, ƙirƙirar takardar shedar sa hannu ta atomatik mai sabuntawa akan ma'aunin nauyi hanya ce mai sauƙi, kyauta da sauri. Wannan tsarin yana da ƙarin fa'ida wanda ya sa ya zama sauƙi don saita SSL akan sabar da yawa da ke gudana a bayan ma'aunin nauyi idan an buƙata. Wannan yana ba da damar sabobin da kansu kada su "tunani" game da SSL kwata-kwata, amma a lokaci guda suna amfani da tashar jiragen ruwa kamar yadda suka saba 80. Don haka kafa SSL akan ma'aunin nauyi ya fi sauƙi kuma ya fi dacewa fiye da madadin hanyoyin kafa SSL.

Yanzu zaku iya rufe duk tashoshin jiragen ruwa akan uwar garken da ke karɓar haɗin haɗin gwiwa - ban da tashar jiragen ruwa 80, ana amfani dashi don sadarwa tare da ma'aunin nauyi, da tashar jiragen ruwa 22 don SSH. Sakamakon haka, ƙoƙarin shiga uwar garken kai tsaye akan kowace tashar jiragen ruwa banda waɗannan biyun ba zai yi nasara ba.

Sakamakon

Bayan na yi duk abin da na yi magana game da shi a cikin wannan kayan, dandamalin Docker ko ra'ayoyin sarƙoƙi na CI / CD masu sarrafa kansa ba su ƙara tsorata ni ba. Na sami damar kafa sarkar haɗin kai mai ci gaba, a lokacin da aka gwada lambar kafin ta shiga samarwa kuma ana tura lambar ta atomatik akan uwar garke. Har yanzu wannan duk sababbi ne a gare ni, kuma na tabbata akwai hanyoyin inganta aikina ta atomatik da kuma sa ya fi dacewa. Don haka idan kuna da wani ra'ayi game da wannan batu, don Allah a sanar da ni. a gare ni sani. Ina fatan wannan labarin ya taimake ku a cikin ayyukanku. Ina so in yi imani cewa bayan karanta shi, kun koyi yadda na koya yayin da kuke gano duk abin da na yi magana a ciki.

PS A cikin namu kasuwa akwai hoto Docker, wanda za a iya shigar a cikin dannawa ɗaya. Kuna iya duba aikin kwantena a VPS. Ana ba duk sabbin abokan ciniki kwanaki 3 na gwaji kyauta.

Ya ku masu karatu! Kuna amfani da fasahar CI/CD a cikin ayyukanku?

source: www.habr.com