Ukudityaniswa okunamandla kunye nokusasazwa kwemifanekiso ye-Docker ene-werf kusetyenziswa umzekelo wesiza soxwebhu oluguqulelweyo

Sele sithethile ngesixhobo sethu seGitOps ngaphezulu kwakanye. i-werf, kwaye ngeli xesha singathanda ukwabelana ngamava ethu ekuhlanganiseni indawo kunye namaxwebhu eprojekthi ngokwayo - i-werf.io (uguqulelo lwayo lwesiRashiya yi en.werf.io). Le yindawo eqhelekileyo engatshintshiyo, kodwa indibano yayo inomdla kuba yakhiwe kusetyenziswa inani eliguqukayo lezinto zakudala.

Ngena kwii-nuances zesakhiwo sesayithi: ukuvelisa imenyu eqhelekileyo yazo zonke iinguqulelo, amaphepha anolwazi malunga nokukhutshwa, njl. - asiyi. Endaweni yoko, masigxininise kwimiba kunye neempawu zendibano eguqukayo kunye nokuncinci kwiinkqubo ezikhaphayo zeCI/CD.

Intshayelelo: indlela esisebenza ngayo isiza

Ukuqala, amaxwebhu e-werf agcinwa kunye nekhowudi yawo. Oku kunyanzelisa iimfuno ezithile zophuhliso ezingaphaya kobubanzi beli nqaku, kodwa ubuncinci bunokuthiwa:

• Imisebenzi ye-werf emitsha akufuneki ikhutshwe ngaphandle kokuhlaziya uxwebhu kwaye, ngokuchaseneyo, naluphi na utshintsho kuxwebhu luthetha ukukhutshwa koguqulelo olutsha lwe-werf;
• Iprojekthi inophuhliso olunzulu ngokufanelekileyo: iinguqulelo ezintsha zinokukhutshwa amaxesha amaninzi ngosuku;
• Nayiphi na imisebenzi yezandla yokusasaza isiza ngoguqulelo olutsha lwamaxwebhu ubuncinane iyadinisa;
• Iprojekthi isebenzisa indlela yokuthetha uguqulelo, kunye ne-5 iziteshi zozinzo. Inkqubo yokukhulula ibandakanya ukulandelelana okulandelelana kweenguqulelo ngokusebenzisa amajelo ukwenzela ukwandisa uzinzo: ukusuka kwi-alpha ukuya kwi-rock-solid;
• Isayithi inenguqulo yolwimi lwesiRashiya, "ehlala kwaye iphuhlise" (oko kukuthi, umxholo ohlaziywayo) ngokuhambelana neyona nto iphambili (oko kukuthi, ulwimi lwesiNgesi).

Ukufihla yonke le "ikhitshi yangaphakathi" kumsebenzisi, imnike into "esebenzayo nje", senze Ufakelo lwe-werf olwahlukileyo kunye nesixhobo sohlaziyo - yi le i-multiwerf. Udinga nje ukucacisa inombolo yokukhululwa kunye netshaneli yozinzo olungele ukuyisebenzisa, kwaye i-multiwerf iya kukhangela ukuba kukho inguqu entsha kwitshaneli kwaye uyikhuphe xa kuyimfuneko.

Kwimenyu yokhetho lwenguqulelo kwiwebhusayithi, iinguqulelo zamva nje ze-werf ziyafumaneka kwitshaneli nganye. Ngokungagqibekanga, ngedilesi werf.io/documentation uguqulelo lweyona jelo lizinzileyo kukhupho lwamva nje luvula - lukwafakwe kwi-indexed engines. Amaxwebhu ejelo ayafumaneka kwiidilesi ezahlukeneyo (umzekelo, werf.io/v1.0-beta/documentation ukukhutshwa kwe-beta 1.0).

Lilonke, isiza sineenguqulelo ezilandelayo ezikhoyo:

1. ingcambu (ivula ngokungagqibekanga),
2. kumjelo wohlaziyo ngamnye osebenzayo wokhupho ngalunye (umzekelo, werf.io/v1.0-beta).

Ukuvelisa inguqu ethile yesayithi, ngokubanzi, kwanele ukuyiqokelela usebenzisa Jekyllngokubaleka kulawulo /docs Umyalelo ohambelanayo wogcino lwe-werf (jekyll build), emva kokutshintshela kwithegi yeGit yoguqulelo olufunekayo.

Kuhlala kuphela ukongeza ukuba:

• into eluncedo ngokwayo (werf) isetyenziselwa ukudibanisa;
• Iinkqubo ze-CI/CD zakhiwe ngokwesiseko se-GitLab CI;
• kwaye konke oku, kunjalo, kusebenza eKubernetes.

Iinjongo

Ngoku makhe senze imisebenzi ethathela ingqalelo zonke iinkcukacha ezichaziweyo:

1. Emva kokutshintsha inguqulelo ye-werf kulo naliphi na ijelo lohlaziyo amaxwebhu kwisiza kufuneka ahlaziywe ngokuzenzekelayo.
2. Kuphuhliso kufuneka ukwazi ngamanye amaxesha Jonga iinguqulelo zemboniso yesayithi.

Indawo kufuneka ihlaziywe emva kokutshintsha inguqulelo nakweyiphi na itshaneli ukusuka kwiithegi zeGit ezihambelanayo, kodwa kwinkqubo yokwakha umfanekiso siya kufumana ezi mpawu zilandelayo:

• Ekubeni uluhlu lweenguqulelo kwiitshaneli zitshintsha, kuyimfuneko kuphela ukwakha amaxwebhu amajelo apho uguqulelo lutshintshile. Emva kwayo yonke loo nto, ukuphinda kwakhiwe yonke into kwakhona akulunganga kakhulu.
• Iseti yamajelo okukhutshwayo inokutshintsha. Ngexesha elithile, ngokomzekelo, akunakubakho inguqulelo kwiitshaneli ezizinzile kunokukhutshwa kwangaphambili kwe-1.1, kodwa ekuhambeni kwexesha ziya kubonakala - kulo mzekelo, akufanele utshintshe indibano ngesandla?

Kuvela oko indibano ixhomekeke ekutshintsheni idatha yangaphandle.

Ukuphunyezwa

Ukukhetha Indlela Yokuqhuba

Kungenjalo, ungaqhuba inguqulelo nganye efunekayo njengepod eyahlukileyo eKubernetes. Olu khetho luthetha inani elikhulu lezinto kwiqela, eliya kukhula ngokunyuka kwenani lokukhutshwa kwe-werf okuzinzileyo. Kwaye oku, kuthetha ukugcinwa okunzima ngakumbi: inguqu nganye ineseva yayo ye-HTTP, kunye nomthwalo omncinci. Kakade ke, oku kukwabandakanya iindleko ezinkulu zezibonelelo.

Sahamba ngendlela efanayo ukudibanisa zonke iinguqulelo eziyimfuneko kumfanekiso omnye. I-statics edibeneyo yazo zonke iinguqulelo zesayithi zifumaneka kwisitya kunye ne-NGINX, kwaye i-traffic kwi-Deployment ehambelanayo iza nge-NGINX Ingress. Isakhiwo esilula - isicelo esingenammiselo - sikuvumela ukuba ulinganise ngokulula ukuhanjiswa (kuxhomekeke kumthwalo) usebenzisa i-Kubernetes ngokwayo.

Ukuchaneka ngakumbi, siqokelela imifanekiso emibini: enye yesekethe yokuvelisa, okwesibini iyongezelelweyo yesekethe ye-dev. Umfanekiso owongezelelweyo usetyenziswa (uqaliswe) kuphela kwisekethe ye-dev kunye neyona nto iphambili kwaye iqulethe uguqulelo lwesayithi ukusuka kwisibophelelo sophononongo, kunye nokuhamba phakathi kwabo kwenziwa ngokusebenzisa izixhobo ze-Ingress.

werf vs git clone kunye nezinto zakudala

Njengoko sele kukhankanyiwe, ukwenzela ukuvelisa i-statics yesayithi yenguqu ethile yamaxwebhu, kufuneka uyakhe ngokutshintshela kwithegi efanelekileyo yokugcina. Unokwenza oku ngokubumba indawo yokugcina ixesha ngalinye usakha, ukhetha iithegi ezifanelekileyo kuluhlu. Nangona kunjalo, lo ngumsebenzi onzima kakhulu wemithombo kwaye, ngaphezu koko, kufuna ukubhala imiyalelo engeyiyo encinci ... Enye into embi kakhulu kukuba ngale ndlela akukho ndlela yokufihla into ethile ngexesha lokudibanisa.

Apha usetyenziso lwe-werf ngokwalo lusiza kuthi, luphumeze smart caching kwaye ikuvumela ukuba usebenzise oovimba bangaphandle. Ukusebenzisa i-werf ukongeza ikhowudi kwindawo yokugcina kuya kukhawulezisa kakhulu ukwakha, kuba i-werf idibanisa indawo yokugcina kube kanye emva koko iphumeze kuphela fetch ukuba kuyafuneka. Ukongeza, xa ukongeza idatha kwindawo yokugcina, singakhetha kuphela abalawuli abayimfuneko (kwimeko yethu olu luluhlu docs), eya kunciphisa kakhulu inani ledatha eyongezelelweyo.

Kuba iJekyll sisixhobo esenzelwe ukuqulunqa idatha engatshintshiyo kwaye ayifuneki kumfanekiso wokugqibela, kuya kuba sengqiqweni ukuqokelela i-werf artifact, nakumfanekiso wokugqibela ngenisa kuphela iziphumo zoqulunqo.

Sibhala i-werf.yaml

Ke, sigqibe kwelokuba siza kuqulunqa inguqulelo nganye kwi-werf artifact eyahlukileyo. Nangona kunjalo thina asazi ukuba zingaphi kwezi zixhobo ziya kubakho ngexesha lokuhlanganisa, ngoko ke asikwazi ukubhala uqwalaselo lokwakha olusisigxina (ngokungqongqo, sisenako, kodwa akuyi kusebenza ngokupheleleyo).

i-werf ikuvumela ukuba usebenzise Yiya kwiitemplates kwifayile yakho yoqwalaselo (werf.yaml), kwaye oku kwenza ukuba kwenzeke yenza uqwalaselo kubhabho kuxhomekeke kwidatha yangaphandle (into oyifunayo!). Idatha yangaphandle kwimeko yethu lulwazi malunga neenguqulelo kunye nokukhutshwa, ngesiseko apho siqokelela inani elifunekayo lezinto zakudala kwaye ngenxa yoko sifumana imifanekiso emibini: werf-doc и werf-dev ukubaleka kwiisekethe ezahlukeneyo.

Idatha yangaphandle igqithiswa ngokuguquguquka kokusingqongileyo. Nantsi indlela eyakhiwe ngayo:

• RELEASES - Umgca onoluhlu lokukhutshwa kunye noguqulelo lwangoku lwe-werf, ngendlela yoluhlu olwahlulwe ngendawo lwamaxabiso kwifomathi <НОМЕР_РЕЛИЗА>%<НОМЕР_ВЕРСИИ>. Umzekelo: 1.0%v1.0.4-beta.20
• CHANNELS - Umgca onoluhlu lwamajelo kunye noguqulelo lwangoku lwe-werf, ngendlela yoluhlu olwahlulwe ngendawo lwamaxabiso kwifomathi <КАНАЛ>%<НОМЕР_ВЕРСИИ>. Umzekelo: 1.0-beta%v1.0.4-beta.20 1.0-alpha%v1.0.5-alpha.22
• ROOT_VERSION — ushicilelo lwe-werf oluza kuboniswa ngokungagqibekanga kwisiza (akusoloko kuyimfuneko ukubonisa amaxwebhu ngelona nani liphezulu lokukhululwa). Umzekelo: v1.0.4-beta.20
• REVIEW_SHA -I-hash yesibophelelo sophononongo apho kufuneka wakhe inguqulelo yelophu yovavanyo.

Ezi ziguquguqukayo ziya kuzaliswa kumbhobho we-GitLab CI, kunye nendlela kanye kanye ebhalwe ngayo ngezantsi.

Okokuqala, ukuze kube lula, sichaza kwi werf.yaml Yiya kwithempleyithi eguquguqukayo, ubanike amaxabiso asuka kwizinto eziguquguqukayo zemekobume:

{{ $_ := set . "WerfVersions" (cat (env "CHANNELS") (env "RELEASES") | splitList " ") }}
{{ $Root := . }}
{{ $_ := set . "WerfRootVersion" (env "ROOT_VERSION") }}
{{ $_ := set . "WerfReviewCommit" (env "REVIEW_SHA") }}

Inkcazo ye-artifact yokuqulunqa uguqulelo olumileyo lwesayithi lufana ngokubanzi kuzo zonke iimeko esizidingayo (kuquka ukuvelisa inguqu yengcambu, kunye noguqulelo lwesekethe ye-dev). Ngoko ke, siya kuyihambisa kwibhloko eyahlukileyo usebenzisa umsebenzi define - ukusetyenziswa kwakhona okulandelayo include. Siza kudlulisa ezi mpikiswano zilandelayo kwitemplate:

• Version - inguqulelo eyenziweyo (igama lethegi);
• Channel — igama letshaneli yohlaziyo eyenzelwe yona i-artifact;
• Commit - yenza i-hash, ukuba i-artifact yenzelwe ukuzibophelela kwakhona;
• umxholo.

Artifact Template Inkcazelo

{{- define "doc_artifact" -}}
{{- $Root := index . "Root" -}}
artifact: doc-{{ .Channel }}
from: jekyll/builder:3
mount:
- from: build_dir
  to: /usr/local/bundle
ansible:
  install:
  - shell: |
      export PATH=/usr/jekyll/bin/:$PATH
  - name: "Install Dependencies"
    shell: bundle install
    args:
      executable: /bin/bash
      chdir: /app/docs
  beforeSetup:
{{- if .Commit }}
  - shell: echo "Review SHA - {{ .Commit }}."
{{- end }}
{{- if eq .Channel "root" }}
  - name: "releases.yml HASH: {{ $Root.Files.Get "releases.yml" | sha256sum }}"
    copy:
      content: |
{{ $Root.Files.Get "releases.yml" | indent 8 }}
      dest:  /app/docs/_data/releases.yml
{{- else }}
  - file:
      path: /app/docs/_data/releases.yml
      state: touch
{{- end }}
  - file:
      path: "{{`{{ item }}`}}"
      state: directory
      mode: 0777
    with_items:
    - /app/main_site/
    - /app/ru_site/
  - file:
      dest: /app/docs/pages_ru/cli
      state: link
      src: /app/docs/pages/cli
  - shell: |
      echo -e "werfVersion: {{ .Version }}nwerfChannel: {{ .Channel }}" > /tmp/_config_additional.yml
      export PATH=/usr/jekyll/bin/:$PATH
{{- if and (ne .Version "review") (ne .Channel "root") }}
{{- $_ := set . "BaseURL" ( printf "v%s" .Channel ) }}
{{- else if ne .Channel "root" }}
{{- $_ := set . "BaseURL" .Channel }}
{{- end }}
      jekyll build -s /app/docs  -d /app/_main_site/{{ if .BaseURL }} --baseurl /{{ .BaseURL }}{{ end }} --config /app/docs/_config.yml,/tmp/_config_additional.yml
      jekyll build -s /app/docs  -d /app/_ru_site/{{ if .BaseURL }} --baseurl /{{ .BaseURL }}{{ end }} --config /app/docs/_config.yml,/app/docs/_config_ru.yml,/tmp/_config_additional.yml
    args:
      executable: /bin/bash
      chdir: /app/docs
git:
- url: https://github.com/flant/werf.git
  to: /app/
  owner: jekyll
  group: jekyll
{{- if .Commit }}
  commit: {{ .Commit }}
{{- else }}
  tag: {{ .Version }}
{{- end }}
  stageDependencies:
    install: ['docs/Gemfile','docs/Gemfile.lock']
    beforeSetup: '**/*'
  includePaths: 'docs'
  excludePaths: '**/*.sh'
{{- end }}

Igama le-artifact kufuneka libe lodwa. Sinokufezekisa oku, umzekelo, ngokongeza igama letshaneli (ixabiso lokuguquguquka .Channel) njengesimamva kwigama le-artifact: artifact: doc-{{ .Channel }}. Kodwa kufuneka uqonde ukuba xa ungenisa kwi-artifacts, kuya kufuneka ubhekisele kumagama afanayo.

Xa kuchazwa i-artifact, olu phawu lulandelayo lwe-werf luyasetyenziswa: ukunyuka. Ukunyuswa kubonisa uluhlu lwenkonzo build_dir ikuvumela ukuba ugcine i Jekyll cache phakathi kobaleko lombhobho, oluthi ikhawulezisa ngokuphawulekayo ukudibanisa kwakhona.

Usenokuba uqaphele ukusetyenziswa kwefayile releases.yml yifayile yeYAML enedatha yokukhulula ecelwe kuyo github.com (i-artifact efunyenwe xa kusenziwa umbhobho). Kuyafuneka xa uqulunqa isayithi, kodwa kumxholo wenqaku unomdla kuthi kuba kuxhomekeke kwimeko yayo ukudityaniswa kwakhona kwe-artifact enye kuphela - i-artifact ye-root version yesayithi (ayifunwa kwezinye izinto zakudala).

Oku kuphunyezwa kusetyenziswa inkcazo enemiqathango if Yiya kwiitemplates kunye noyilo {{ $Root.Files.Get "releases.yml" | sha256sum }} eqongeni izigaba. Isebenza ngolu hlobo lulandelayo: xa kusakha i-artifact yoguqulelo lweengcambu (i-variable .Channel ilingana ne root) ifayile yehash releases.yml ichaphazela utyikityo lwenqanaba lonke, kuba liyinxalenye yegama lomsebenzi onokuthiwa (iparamitha name). Ngoko ke, xa utshintsha umxholo ifayile releases.yml i-artifact ehambelana nayo iya kuhlanganiswa kwakhona.

Nceda uqaphele ukusebenza kunye novimba wangaphandle. Kumfanekiso we-artifact evela indawo yokugcina ye-werf, luluhlu kuphela olongeziweyo /docs, kwaye kuxhomekeke kwiiparamitha ezigqithisiweyo, idatha yethegi efunekayo okanye ukuzibophelela kwakhona yongezwa ngokukhawuleza.

Ukusebenzisa itemplate ye-artifact ukuvelisa inkcazo ye-artifact yeenguqulelo ezigqithiselweyo zamatshaneli kunye nokukhutshwa, siququzelela i-loop kuguquko. .WerfVersions в werf.yaml:

{{ range .WerfVersions -}}
{{ $VersionsDict := splitn "%" 2 . -}}
{{ dict "Version" $VersionsDict._1 "Channel" $VersionsDict._0 "Root" $Root | include "doc_artifact" }}
---
{{ end -}}

Ngokuba iluphu iyakuvelisa izinto zakudala ezininzi (sithemba njalo), kuyafuneka ukuba uthathele ingqalelo umahluli phakathi kwabo - ulandelelwano --- (Ukufumana ulwazi oluthe kratya malunga nesintaksi yefayile yoqwalaselo, bona amaxwebhu). Njengoko kuchaziwe ngaphambili, xa ubiza itemplate kwi-loop, sidlula iiparameters zenguqulo, i-URL kunye neengcambu zeengcambu.

Ngokufanayo, kodwa ngaphandle kwe-loop, sibiza i-template ye-artifact "yeemeko ezikhethekileyo": kwinguqulelo yengcambu, kunye nenguqulelo evela kwisibophelelo sophononongo:

{{ dict "Version" .WerfRootVersion "Channel" "root" "Root" $Root  | include "doc_artifact" }}
---
{{- if .WerfReviewCommit }}
{{ dict "Version" "review" "Channel" "review" "Commit" .WerfReviewCommit "Root" $Root  | include "doc_artifact" }}
{{- end }}

Nceda uqaphele ukuba i-artifact yesibophelelo sophononongo iya kwakhiwa kuphela ukuba ukuguquguquka kusetiwe .WerfReviewCommit.

I-artifacts sele ilungile - lixesha lokuba uqale ukungenisa!

Umfanekiso wokugqibela, owenzelwe ukusebenza kwi-Kubernetes, yi-NGINX eqhelekileyo kunye nefayile yoqwalaselo yeseva eyongeziweyo. nginx.conf kunye ne-static evela kwi-artifacts. Ukongeza kwi-artifact yenguqu yengcambu yesayithi, kufuneka siphinde i-loop kwi-variable .WerfVersions ukungenisa izinto zakudala zesitishi kunye nokukhulula iinguqulelo + landela umthetho wamagama we-artifact esiwamkele ngaphambili. Ekubeni i-artifact nganye igcina iinguqulelo zesayithi kwiilwimi ezimbini, sizingenisa kwiindawo ezibonelelwe lubumbeko.

Inkcazo yomfanekiso wokugqibela werf-doc

image: werf-doc
from: nginx:stable-alpine
ansible:
  setup:
  - name: "Setup /etc/nginx/nginx.conf"
    copy:
      content: |
{{ .Files.Get ".werf/nginx.conf" | indent 8 }}
      dest: /etc/nginx/nginx.conf
  - file:
      path: "{{`{{ item }}`}}"
      state: directory
      mode: 0777
    with_items:
    - /app/main_site/assets
    - /app/ru_site/assets
import:
- artifact: doc-root
  add: /app/_main_site
  to: /app/main_site
  before: setup
- artifact: doc-root
  add: /app/_ru_site
  to: /app/ru_site
  before: setup
{{ range .WerfVersions -}}
{{ $VersionsDict := splitn "%" 2 . -}}
{{ $Channel := $VersionsDict._0 -}}
{{ $Version := $VersionsDict._1 -}}
- artifact: doc-{{ $Channel }}
  add: /app/_main_site
  to: /app/main_site/v{{ $Channel }}
  before: setup
{{ end -}}
{{ range .WerfVersions -}}
{{ $VersionsDict := splitn "%" 2 . -}}
{{ $Channel := $VersionsDict._0 -}}
{{ $Version := $VersionsDict._1 -}}
- artifact: doc-{{ $Channel }}
  add: /app/_ru_site
  to: /app/ru_site/v{{ $Channel }}
  before: setup
{{ end -}}

Umfanekiso owongezelelweyo, othi, kunye nowona uphambili, uqaliswe kwisekethe ye-dev, uqulethe iinguqulelo ezimbini kuphela zesayithi: inguqulelo evela kwisibophelelo sophononongo kunye nenguqulelo yengcambu yesiza (kukho ii-asethi ngokubanzi kwaye, ukuba uyakhumbula. , khupha idatha). Ke, umfanekiso owongezelelweyo uya kwahluka kulowo uphambili kuphela kwicandelo lokungenisa (kwaye, ngokuqinisekileyo, egameni):

image: werf-dev
...
import:
- artifact: doc-root
  add: /app/_main_site
  to: /app/main_site
  before: setup
- artifact: doc-root
  add: /app/_ru_site
  to: /app/ru_site
  before: setup
{{- if .WerfReviewCommit  }}
- artifact: doc-review
  add: /app/_main_site
  to: /app/main_site/review
  before: setup
- artifact: doc-review
  add: /app/_ru_site
  to: /app/ru_site/review
  before: setup
{{- end }}

Njengoko kuphawuliwe ngasentla, i-artifact yesibophelelo sophononongo iya kuveliswa kuphela xa ukuguquguquka kwemeko-bume okusetiweyo kuqhutywa REVIEW_SHA. Kuyakwenzeka ukuba ungavelisi umfanekiso we-werf-dev kwaphela ukuba akukho kuguquguquka kwemekobume REVIEW_SHA, kodwa ukuze ukucocwa ngemigaqo-nkqubo Imifanekiso ye-Docker kwi-werf isetyelwe kumfanekiso we-werf-dev, siya kuyishiya ukuba yakhiwe kuphela nge-artifact yoguqulelo lweengcambu (sele yakhiwe kunjalo), ukwenza lula ubume bombhobho.

Indibano ilungile! Masiqhubele phambili kwi-CI / CD kunye neenuances ezibalulekileyo.

Umbhobho kwi-GitLab CI kunye neempawu zolwakhiwo oluguqukayo

Xa uqhuba ulwakhiwo kufuneka sisete izinto eziguquguqukayo zokusingqongileyo ezisetyenziswa kuyo werf.yaml. Oku akusebenzi kuguquguquko lwe-REVIEW_SHA, esiya kuthi silusete xa sifowunela umbhobho we-GitHub hook.

Siza kuvelisa idatha yangaphandle efunekayo kwiskripthi seBash generate_artifacts, eya kuvelisa izinto ezimbini ezenziwe ngombhobho weGitLab:

• ifayile releases.yml ngedatha yokukhulula,
• ifayile common_envs.sh, equlathe izinto eziguquguqukayo zokusingqongileyo eziza kuthunyelwa ngaphandle.

Imixholo yefayile generate_artifacts uya kufumana kwinqaku lethu iindawo zokugcina ezinemizekelo. Ukufumana idatha ngokwayo akusiyo umxholo wenqaku, kodwa ifayile common_envs.sh ibalulekile kuthi, kuba umsebenzi werf uxhomekeke kuyo. Umzekelo womxholo wayo:

export RELEASES='1.0%v1.0.6-4'
export CHANNELS='1.0-alpha%v1.0.7-1 1.0-beta%v1.0.7-1 1.0-ea%v1.0.6-4 1.0-stable%v1.0.6-4 1.0-rock-solid%v1.0.6-4'
export ROOT_VERSION='v1.0.6-4'

Ungasebenzisa imveliso yeskripthi esinjalo, umzekelo, usebenzisa umsebenzi weBash source.

Ngoku kuza inxalenye yolonwabo. Ukuze zombini ukwakhiwa kunye nokuthunyelwa kwesicelo kusebenze ngokuchanekileyo, kuyimfuneko ukuqinisekisa ukuba werf.yaml bekunjalo enjalo Ubuncinci kumbhobho omnye. Ukuba lo mqathango awuhlangabezwanga, ke iisignesha zezigaba ezibalwa nge-werf ngexesha lendibano kwaye, umzekelo, ukuthunyelwa, kuya kwahluka. Oku kuya kukhokelela kwimpazamo yokusasazwa, kuba... umfanekiso ofunekayo ekusetyenzisweni uza kulahleka.

Ngamanye amazwi, ukuba ngexesha lokudityaniswa komfanekiso wesiza ulwazi malunga nokukhutshwa kunye neenguqulelo ziyafana, kwaye ngexesha lokuthunyelwa kwenguqulelo entsha kukhutshwa kwaye ukuguquguquka kokusingqongileyo kunexabiso elahlukileyo, ke ukuthunyelwa kuya kusilela ngempazamo: emva koko, i-artifact yenguqulo entsha ayikakhiwa.

Ukuba isizukulwana werf.yaml kuxhomekeke kwidatha yangaphandle (umzekelo, uluhlu lweenguqulelo zangoku, njengakwimeko yethu), ngoko ukubunjwa kunye nexabiso ledatha enjalo kufuneka irekhodwe ngaphakathi kumbhobho. Oku kubaluleke ngakumbi ukuba iiparamitha zangaphandle zitshintsha rhoqo.

Siya kwenza ukufumana nokurekhoda idatha yangaphandle kwinqanaba lokuqala lombhobho eGitLab (Yakha kwangaphambili) kwaye uzigqithisele kwifom GitLab CI yobugcisa. Oku kuyakuvumela ukuba usebenzise kwaye uqalise kwakhona imisebenzi yombhobho (ukwakha, ukusebenzisa, ukucoca) ngoqwalaselo olufanayo kwi. werf.yaml.

Imixholo yeqonga Yakha kwangaphambili ifayile .gitlab-ci.yml:

Prebuild:
  stage: prebuild
  script:
    - bash ./generate_artifacts 1> common_envs.sh
    - cat ./common_envs.sh
  artifacts:
    paths:
      - releases.yml
      - common_envs.sh
    expire_in: 2 week

Emva kokuba ubambe idatha yangaphandle kwi-artifact, unokwakha kwaye usebenzise amanqanaba emibhobho ye-GitLab CI eqhelekileyo: Yakha kwaye usasaze. Siphehlelela umbhobho ngokwawo sisebenzisa iigwegwe ezivela kwindawo yokugcina ye-werf ye-GitHub (oko kukuthi, xa kukho utshintsho kwindawo yokugcina i-GitHub). Idatha kubo inokufumaneka kwiipropathi zeprojekthi ye-GitLab kwicandelo Izicwangciso ze-CI/CD -> Izichukumisi zombhobho, kwaye emva koko wenze iWebhook ehambelanayo kwiGitHub (Useto -> IiWebhooks).

Inqanaba lokwakha liya kujongeka ngolu hlobo:

Build:
  stage: build
  script:
    - type multiwerf && . $(multiwerf use 1.0 alpha --as-file)
    - type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
    - source common_envs.sh
    - werf build-and-publish --stages-storage :local
  except:
    refs:
      - schedules
  dependencies:
    - Prebuild

I-GitLab iyakongeza izinto ezimbini zakudala ukusuka kwinqanaba ukuya kwinqanaba lokwakha Yakha kwangaphambili, ngoko ke sithumela izinto eziguquguqukayo kunye nedatha yegalelo elilungisiweyo usebenzisa ulwakhiwo source common_envs.sh. Siqala isigaba sokwakha kuzo zonke iimeko, ngaphandle kokuqalisa umbhobho ngokweshedyuli. Ngokweshedyuli, siya kuqhuba umbhobho wokucoca - kule meko akukho mfuneko yokwenza indibano.

Kwinqanaba lokusasaza, siya kuchaza imisebenzi emibini- ngokwahlukeneyo yokusasazwa kwimveliso kunye neesekethe ze-dev, sisebenzisa ithemplate ye-YAML:

.base_deploy: &base_deploy
  stage: deploy
  script:
    - type multiwerf && . $(multiwerf use 1.0 alpha --as-file)
    - type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
    - source common_envs.sh
    - werf deploy --stages-storage :local
  dependencies:
    - Prebuild
  except:
    refs:
      - schedules

Deploy to Production:
  <<: *base_deploy
  variables:
    WERF_KUBE_CONTEXT: prod
  environment:
    name: production
    url: werf.io
  only:
    refs:
      - master
  except:
    variables:
      - $REVIEW_SHA
    refs:
      - schedules

Deploy to Test:
  <<: *base_deploy
  variables:
    WERF_KUBE_CONTEXT: dev
  environment:
    name: test
    url: werf.test.flant.com
  except:
    refs:
      - schedules
  only:
    variables:
      - $REVIEW_SHA

Imisebenzi yahluka kuphela ekuboniseni umxholo weqela apho i-werf kufuneka yenze ukusasazwa kwayo (WERF_KUBE_CONTEXT), kunye nokucwangcisa i-loop yemo eguquguqukayo (environment.name и environment.url), ezithi ke zisetyenziswe kwiitemplates zetshathi yeHelm. Asiyi kubonelela ngemixholo yeetemplates, kuba... akukho nto inomdla kwisihloko esibuzwayo, kodwa ungazifumana kuyo iindawo zokugcina zenqaku.

ukubamba kokugqibela

Kuba iinguqulelo ze-werf zikhutshwa rhoqo, imifanekiso emitsha iya kwakhiwa rhoqo, kwaye iRegistry yeDocker iya kuhlala ikhula. Ngoko ke, kuyafuneka ukuqwalasela ukucocwa komfanekiso ngokuzenzekelayo ngokusekelwe kwimigaqo-nkqubo. Kulula kakhulu ukwenza.

Ukuphumeza uya kufuna:

• Yongeza inyathelo lokucoca kwi .gitlab-ci.yml;
• Yongeza ukwenziwa komsebenzi wokucoca ngamaxesha athile;
• Cwangcisa ukuguquguquka kokusingqongileyo kunye nethokheni yofikelelo lokubhala.

Ukongeza inqanaba lokucoca kwi .gitlab-ci.yml:

Cleanup:
  stage: cleanup
  script:
    - type multiwerf && . $(multiwerf use 1.0 alpha --as-file)
    - type werf && source <(werf ci-env gitlab --tagging-strategy tag-or-branch --verbose)
    - source common_envs.sh
    - docker login -u nobody -p ${WERF_IMAGES_CLEANUP_PASSWORD} ${WERF_IMAGES_REPO}
    - werf cleanup --stages-storage :local
  only:
    refs:
      - schedules

Sele siyibonile phantse yonke le nto iphezulu kancinci - ukuyicoca kuphela kufuneka ungene kuqala kwiRegistry yeDocker enophawu olunelungelo lokucima imifanekiso kwiRegistry yeDocker (ithokheni yomsebenzi ekhutshwe ngokuzenzekelayo yeGitLab CI ayifuni. banamalungelo anjalo). Ithokheni kufuneka yenziwe kwi-GitLab kwangaphambili kwaye ixabiso layo kufuneka lichazwe kuguquguquko lokusingqongileyo WERF_IMAGES_CLEANUP_PASSWORD iprojekthi (Useto lweCI/CD -> Iinguquko).

Ukongeza umsebenzi wokucoca kunye neshedyuli efunekayo yenziwa ngaphakathi CI/CD ->
Iishedyuli.

Yiyo loo nto: iprojekthi kwiRejistri yeDocker ayisayi kuphinda ikhule kwimifanekiso engasetyenziswanga.

Ekupheleni kwecandelo elisebenzayo, mandikukhumbuze ukuba uluhlu olupheleleyo lwenqaku luyafumaneka Git:

• .gitlab-ci.yml;
• i-werf.yaml.

Isiphumo

1. Sifumene ulwakhiwo olunengqiqo: i-artifact enye ngoguqulelo ngalunye.
2. Indibano yendalo yonke kwaye ayifuni tshintsho lwezandla xa iinguqulelo ezintsha ze-werf zikhutshwa: amaxwebhu akwiwebhusayithi ahlaziywa ngokuzenzekelayo.
3. Imifanekiso emibini idityaniswe kwiikhonto ezahlukeneyo.
4. Isebenza ngokukhawuleza, kuba I-Caching isetyenziswa kangangoko kunokwenzeka- xa inguqulelo entsha ye-werf ikhutshiwe okanye i-GitHub hook ibizelwa uphononongo lokuzibophelela, kuphela i-artifact ehambelanayo nenguqulelo etshintshileyo eyakhiwayo kwakhona.
5. Akukho sidingo sokucinga malunga nokucima imifanekiso engasetyenziswanga: ukucoca ngokwemigaqo-nkqubo ye-werf kuya kugcina iRegistry yeDocker ngokufanelekileyo.

ezifunyanisiweyo

• Ukusebenzisa i-werf kuvumela indibano ukuba isebenze ngokukhawuleza ngenxa ye-caching yazo zombini indibano ngokwayo kunye ne-caching xa usebenza kunye nogcino lwangaphandle.
• Ukusebenza kunye neendawo zokugcina zeGit zangaphandle kuphelisa isidingo sokubumba yonke indawo yokugcina ixesha ngalinye okanye ukubuyisela ivili ngengqiqo yokuphucula. i-werf isebenzisa i-cache kwaye yenza i-cloning kanye kuphela, kwaye isebenzise fetch kwaye kuphela xa kuyimfuneko.
• Ukukwazi ukusebenzisa iGo templates kwifayile yoqwalaselo lokwakha werf.yaml ikuvumela ukuba uchaze indibano enesiphumo esixhomekeke kwidatha yangaphandle.
• Ukusebenzisa i-mount in werf kukhawuleza ngokukhawuleza ukuqokelela kwezinto zakudala - ngenxa ye-cache, eqhelekileyo kuyo yonke imibhobho.
• i-werf yenza kube lula ukumisela ucoceko, olubaluleke ngakumbi xa kusakhiwa ngamandla.

PS

Funda nakwibhlog yethu:

• «Ukuqhuba imiyalelo ngelixa uhambisa ukukhutshwa kwesicelo esitsha kwi-Kubernetes";
• «Yakha kwaye usebenzise ii-microservices zohlobo olufanayo nge-werf kunye ne-GitLab CI";
• «Ukusebenzisa i-werf ukukhupha iitshathi zeHelm ezintsonkothileyo";
• «Ukwazisa i-werf 1.0 ezinzileyo: iGitOps inento yokwenza nayo, imeko kunye nezicwangciso».

umthombo: www.habr.com