执行的时候可能会卡在拉取镜像环节。手动docker pull registry.gitlab.com/gitlab-org/security-products/codequality:latest,发现各种超时。我开个阿里云香港ECS的抢占式实例(便宜)然后docker pull | save | load将镜像文件迁移到公司测试服,还是报Unable to find image 'registry.gitlab.com/gitlab-org/security-products/codequality:latest' locally,不知如何将host中的镜像映射到docker:stable中。看来还是得kexue上网。
理论上,需要专人在合适的时候对提交的代码进行质量把关,一般这工作可以放在Merge Request下进行。Merge Request的工作流程可以参看在团队中使用GitLab中的Merge Request工作模式
FAQ
dial tcp: lookup docker on 192.168.1.1:53: no such host错误。
This error occurs with docker-based gitlab runners such as the one we’re that are configured using a docker executor. The error message means that the inner docker container doesn’t have a connection to the host docker daemon.
解决:将/etc/gitlab-runner/config.toml中对应的[runners.docker]节点设置privileged = true,增加卷映射volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]或在.gitlab-ci.yml的job定义中增加services: - docker:dind。
错误
解决:增加卷映射volumes = ["/certs/client", "/cache"],然后在.gitlab-ci.yml中增加变量DOCKER_TLS_CERTDIR: "/certs"。
拉取代码时提示warning: failed to remove xxxx: Permission denied
简单粗暴地编辑/etc/passwd,将gitlab-runner账号对应的uid:gid改为0:0(和root一样)。
Code Quality提示docker: Error response from daemon: Head https://registry.gitlab.com/v2/gitlab-org/security-products/codequality/manifests/13-7-stable: Get https://gitlab.com/jwt/auth?scope=repository%3Agitlab-org%2Fsecurity-products%2Fcodequality%3Apull&service=container_registry: dial tcp [2606:4700:90:0:f22e:fbec:5bed:a9b9]:443: connect: cannot assign requested address.
在scripts->docker run增加参数--net=host
在pipline流程执行过程中,我们希望有任何风吹草动都能及时收到消息,邮件就是一个比较好的提醒方式。
vi /etc/gitlab/gitlab.rb
### GitLab email server settings ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html ###! **Use smtp instead of sendmail/postfix.** gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.exmail.qq.com" gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = "xxxx@yyyy.com" gitlab_rails['smtp_password'] = "xxxxxxxx" gitlab_rails['smtp_domain'] = "exmail.qq.com" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true ### Email Settings gitlab_rails['gitlab_email_enabled'] = true ##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com' ##! can change the 'From' with this setting. ##! 要与上面的 smtp_user_name 保持一致 gitlab_rails['gitlab_email_from'] = 'xxxx@yyyy.com' # gitlab_rails['gitlab_email_display_name'] = 'Example' # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' # gitlab_rails['gitlab_email_subject_suffix'] = '' # gitlab_rails['gitlab_email_smime_enabled'] = false # gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key' # gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt' # gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'gitlab-ctl reconfigure使配置生效
测试
登录whatever@qq.com查看受否收到信件。
jenkins + gitlab
如果使用jenkins作为CI/CD工具,代码由gitlab托管,那么它们之间的交互需要两个token:
api token,用于jenkins调用gitlab api使用
ssh密钥对,jenkins拉取代码使用(当然我们也可以使用用户名/密码方式拉取)
mvn package、install、deploy都干了什么
mvn clean package依次执行了clean、resources、compile、testResources、testCompile、test、jar(打包)等7个阶段。
mvn clean install依次执行了clean、resources、compile、testResources、testCompile、test、jar(打包)、install等8个阶段。
mvn clean deploy依次执行了clean、resources、compile、testResources、testCompile、test、jar(打包)、install、deploy等9个阶段。
由上可知:
package命令完成了项目编译、单元测试、打包功能,但没有把打好的可执行jar包(war包或其它形式的包)布署到本地maven仓库和远程maven私服仓库
install命令完成了项目编译、单元测试、打包功能,同时把打好的可执行jar包(war包或其它形式的包)布署到本地maven仓库,但没有布署到远程maven私服仓库
deploy命令完成了项目编译、单元测试、打包功能,同时把打好的可执行jar包(war包或其它形式的包)布署到本地maven仓库和远程maven私服仓库
alpine
Alpine Linux 是一个社区开发的面向安全应用的轻量级Linux发行版。很多镜像都会专门基于Alpine构建,大小会小很多。比如:
gitlab/gitlab-runner:latest based on Ubuntu.
gitlab/gitlab-runner:alpine based on Alpine with much a smaller footprint (~160/350 MB Ubuntu vs ~45/130 MB Alpine compressed/decompressed).
修改GitLab-ce域名