目录
Coding devops
参考:
https://help.coding.net/docs/start/new.html
持续部署 - 购买指南
腾讯旗下的Coding平台可以理解为一个开箱即用的(无需运维部署)的Gitlab、Jenkins、各种仓库私服(docker, maven, npm…)、文档管理等的合集, 其标准版完全免费且不限人数和功能,coding平台的持续集成/部署与代码托管、制品库、腾讯云TKE可以完全打通,可以帮助团队快速实现一个完整的devops平台。
CODING 服务旗下所有子产品服务
- 代码托管
- 项目管理
- 测试管理
- 持续集成
- 持续部署
- 制品库
- …
登录coding
以管理员账户登录coding,进行一些必要的初始化(邮箱、验证码、授权等)
创建项目
首先需要创建项目,之后即可在项目中使用代码仓库、制品库、持续集成、持续部署等。
进入项目首页
邀请成员
参考:
入门指南 - 邀请成员加入团队
团队管理员需要先邀请团队成员后,才可以将成员添加到项目成员中,被邀请的成员之后便可以通过独立账号进行登录操作,亦可以看到自己所属的项目。
部门管理和成员管理
邮箱邀请团队成员
链接批量邀请(可选择是否需要验证码)
如上可通过邮箱邀请成员,填入成员邮箱后,成员即可根据邮件提示完成注册,组册成功后自动加入团队,后续团队管理员即可将此团队成员加入到具体项目成员。
修改成员权限
创建代码仓库
点击项目首页的左侧菜单:代码仓库,之后点击右上角的创建按钮
创建Git代码仓库
创建成功后,即可跟其他Git代码仓库一样进行访问,
例如使用Intellj Idea -> File -> new -> Project From Version Control,若使用HTTPS第一次进行访问需要输入coding成员账户密码
若使用SSH推拉代码,具体可参见:腾讯云文档 - 代码托管 - 使用 SSH 推拉代码
新建制品库
参考:
腾讯云文档 - 制品库
进入具体项目后,可新建制品仓库(支持常用docker、maven、npm、generic等类型),
所谓的制品库即我们平时理解的镜像仓库、包管理库、应用成果物上传下载管理等。
docker仓库
参考:https://cloud.tencent.com/document/product/1116/46527
docker仓库可直接根据界面上的提示,通过docker login进行访问,账号密码即为coding账号密码
maven仓库
参考:https://cloud.tencent.com/document/product/1116/46529
关于在本地开发环境使用maven的相关配置修改如下:
1、maven安装目录下的settings.xml配置(通常为${MAVEN_HOME}/conf/settings.xml)
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!--
| This is the configuration file for Maven. It can be specified at two levels:
|
| 1. User Level. This settings.xml file provides configuration for a single user,
| and is normally provided in ${user.home}/.m2/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -s /path/to/user/settings.xml
|
| 2. Global Level. This settings.xml file provides configuration for all Maven
| users on a machine (assuming they're all using the same Maven
| installation). It's normally provided in
| ${maven.home}/conf/settings.xml.
|
| NOTE: This location can be overridden with the CLI option:
|
| -gs /path/to/global/settings.xml
|
| The sections in this sample file are intended to give you a running start at
| getting the most out of your Maven installation. Where appropriate, the default
| values (values used when the setting is not specified) are provided.
|
|-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<!-- localRepository
| The path to the local repository maven will use to store artifacts.
|
| Default: ${user.home}/.m2/repository
<localRepository>C:\Users\Administrator\.m2</localRepository>
-->
<!-- <localRepository>C:\Users\Administrator\.m2\repository</localRepository> -->
<!-- 修改1:此处修改为本地maven仓库 -->
<localRepository>D:\maven_reposity</localRepository>
<!-- interactiveMode
| This will determine whether maven prompts you when it needs input. If set to false,
| maven will use a sensible default value, perhaps based on some other setting, for
| the parameter in question.
|
| Default: true
<interactiveMode>true</interactiveMode>
-->
<!-- offline
| Determines whether maven should attempt to connect to the network when executing a build.
| This will have an effect on artifact downloads, artifact deployment, and others.
|
| Default: false
<offline>false</offline>
-->
<!-- pluginGroups
| This is a list of additional group identifiers that will be searched when resolving plugins by their prefix, i.e.
| when invoking a command line like "mvn prefix:goal". Maven will automatically add the group identifiers
| "org.apache.maven.plugins" and "org.codehaus.mojo" if these are not already contained in the list.
|-->
<pluginGroups>
<!-- pluginGroup
| Specifies a further group identifier to use for plugin lookup.
<pluginGroup>com.your.plugins</pluginGroup>
-->
<pluginGroup>org.eclipse.jetty</pluginGroup>
<pluginGroup>org.mortbay.jetty</pluginGroup>
<pluginGroup>org.codehaus.cargo</pluginGroup>
</pluginGroups>
<!-- proxies
| This is a list of proxies which can be used on this machine to connect to the network.
| Unless otherwise specified (by system property or command-line switch), the first proxy
| specification in this list marked as active will be used.
|-->
<proxies>
<!-- proxy
| Specification for one proxy, to be used in connecting to the network.
|
<proxy>
<id>optional</id>
<active>true</active>
<protocol>http</protocol>
<username>proxyuser</username>
<password>proxypass</password>
<host>proxy.host.net</host>
<port>80</port>
<nonProxyHosts>local.net|some.host.com</nonProxyHosts>
</proxy>
-->
</proxies>
<!-- servers
| This is a list of authentication profiles, keyed by the server-id used within the system.
| Authentication profiles can be used whenever maven must make a connection to a remote server.
|-->
<servers>
<!-- server
| Specifies the authentication information to use when connecting to a particular server, identified by
| a unique name within the system (referred to by the 'id' attribute below).
|
| NOTE: You should either specify username/password OR privateKey/passphrase, since these pairings are
| used together.
|
<server>
<id>deploymentRepo</id>
<username>repouser</username>
<password>repopwd</password>
</server>
-->
<!-- 修改2:此处设置maven仓库的连接认证信息(修改为自己的coding账号、密码即可)-->
<server>
<id>mx-coding-devops-mx-sut-maven-repo</id>
<username>[EMAIL]</username>
<password>[PASSWORD]</password>
</server>
<!--
<server>
<id>nexus</id>
<username>deployment</username>
<password>deployment123</password>
</server>
-->
<!-- Another sample, using keys to authenticate.
<server>
<id>siteServer</id>
<privateKey>/path/to/private/key</privateKey>
<passphrase>optional; leave empty if not used.</passphrase>
</server>
-->
</servers>
<!-- mirrors
| This is a list of mirrors to be used in downloading artifacts from remote repositories.
|
| It works like this: a POM may declare a repository to use in resolving certain artifacts.
| However, this repository may have problems with heavy traffic at times, so people have mirrored
| it to several places.
|
| That repository definition will have a unique id, so we can create a mirror reference for that
| repository, to be used as an alternate download site. The mirror site will be the preferred
| server for that repository.
|-->
<mirrors>
<!-- mirror
| Specifies a repository mirror site to use instead of a given repository. The repository that
| this mirror serves has an ID that matches the mirrorOf element of this mirror. IDs are used
| for inheritance and direct lookup purposes, and must be unique across the set of mirrors.
|
<mirror>
<id>mirrorId</id>
<mirrorOf>repositoryId</mirrorOf>
<name>Human Readable Name for this Mirror.</name>
<url>http://my.repository.com/repo/path</url>
</mirror>
-->
</mirrors>
<!-- profiles
| This is a list of profiles which can be activated in a variety of ways, and which can modify
| the build process. Profiles provided in the settings.xml are intended to provide local machine-
| specific paths and repository locations which allow the build to work in the local environment.
|
| For example, if you have an integration testing plugin - like cactus - that needs to know where
| your Tomcat instance is installed, you can provide a variable here such that the variable is
| dereferenced during the build process to configure the cactus plugin.
|
| As noted above, profiles can be activated in a variety of ways. One way - the activeProfiles
| section of this document (settings.xml) - will be discussed later. Another way essentially
| relies on the detection of a system property, either matching a particular value for the property,
| or merely testing its existence. Profiles can also be activated by JDK version prefix, where a
| value of '1.4' might activate a profile when the build is executed on a JDK version of '1.4.2_07'.
| Finally, the list of active profiles can be specified directly from the command line.
|
| NOTE: For profiles defined in the settings.xml, you are restricted to specifying only artifact
| repositories, plugin repositories, and free-form properties to be used as configuration
| variables for plugins in the POM.
|
|-->
<profiles>
<!-- profile
| Specifies a set of introductions to the build process, to be activated using one or more of the
| mechanisms described above. For inheritance purposes, and to activate profiles via <activatedProfiles/>
| or the command line, profiles have to have an ID that is unique.
|
| An encouraged best practice for profile identification is to use a consistent naming convention
| for profiles, such as 'env-dev', 'env-test', 'env-production', 'user-jdcasey', 'user-brett', etc.
| This will make it more intuitive to understand what the set of introduced profiles is attempting
| to accomplish, particularly when you only have a list of profile id's for debug.
|
| This profile example uses the JDK version to trigger activation, and provides a JDK-specific repo.
<profile>
<id>jdk-1.4</id>
<activation>
<jdk>1.4</jdk>
</activation>
<repositories>
<repository>
<id>jdk14</id>
<name>Repository for JDK 1.4 builds</name>
<url>http://www.myhost.com/maven/jdk14</url>
<layout>default</layout>
<snapshotPolicy>always</snapshotPolicy>
</repository>
</repositories>
</profile>
-->
<!-- 修改3:设置默认profile,即使用coding maven-repo且默认支持JDK8 -->
<profile>
<id>Repository Proxy</id>
<activation>
<activeByDefault>true</activeByDefault>
<jdk>1.8</jdk>
</activation>
<!-- maven默认通用属性定义 -->
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties>
<!-- maven默认拉取仓库定义-->
<repositories>
<repository>
<!-- 必须与 settings.xml 的 server id 一致-->
<id>mx-coding-devops-mx-sut-maven-repo</id>
<name>maven-repo</name>
<url>https://mx-coding-devops-maven.pkg.coding.net/repository/mx-sut/maven-repo/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</profile>
<!--
| Here is another profile, activated by the system property 'target-env' with a value of 'dev',
| which provides a specific path to the Tomcat instance. To use this, your plugin configuration
| might hypothetically look like:
|
| ...
| <plugin>
| <groupId>org.myco.myplugins</groupId>
| <artifactId>myplugin</artifactId>
|
| <configuration>
| <tomcatLocation>${tomcatPath}</tomcatLocation>
| </configuration>
| </plugin>
| ...
|
| NOTE: If you just wanted to inject this configuration whenever someone set 'target-env' to
| anything, you could just leave off the <value/> inside the activation-property.
|
<profile>
<id>env-dev</id>
<activation>
<property>
<name>target-env</name>
<value>dev</value>
</property>
</activation>
<properties>
<tomcatPath>/path/to/tomcat/instance</tomcatPath>
</properties>
</profile>
-->
</profiles>
<!-- activeProfiles
| List of profiles that are active for all builds.
|
<activeProfiles>
<activeProfile>alwaysActiveProfile</activeProfile>
<activeProfile>anotherAlwaysActiveProfile</activeProfile>
</activeProfiles>
-->
</settings>
2、具体代码工程中的pom.xml配置
若想要将打包后的代码上传到maven仓库,需要在具体项目代码工程根目录pom.xml添加如下配置,即指定maven推送仓库
<project>
<!-- 必要属性 -->
<groupId>[GROUP_ID]</groupId>
<artifactId>[ARTIFACT_ID]</artifactId>
<version>[VERSION]</version>
<!-- omitted xml -->
<distributionManagement>
<repository>
<!--必须与 settings.xml 的 id 一致-->
<id>mx-coding-devops-mx-sut-maven-repo</id>
<name>maven-repo</name>
<url>https://mx-coding-devops-maven.pkg.coding.net/repository/mx-sut/maven-repo/</url>
</repository>
</distributionManagement>
</project>
npm制品库
新建npm制品库
关于npm仓库与本地开发环境的集成,可参见:https://help.coding.net/docs/artifacts/quick-start/npm.html
持续集成
参考:
https://cloud.tencent.com/document/product/1115/36604
图形化编辑器
图形化配置界面 - 详细步骤说明
团队构建计划模板
持续集成中的环境变量
构建docker类型制品(使用docker凭证)
建议自动部署 - 自动部署到K8s集群
内建环境变量
持续集成过程中所有内建的环境变量汇总如下,按照不同的触发规则(代码更新时触发、定时触发、合并请求时触发)进行分类介绍:
| 序号 | 变量名 | 变量含义 | 代码更新时触发 | 定时触发 | 合并请求时触发 |
|---|---|---|---|---|---|
| 1 | CREDENTIALS_ID | 部署私钥凭据 CredentialsId 用于拉取仓库 | ✅ | ✅ | ✅ |
| 2 | DOCKER_REGISTRY_CREDENTIALS_ID | docker 私钥凭据 CredentialsId(等同于 CODING_ARTIFACTS_CREDENTIALS_ID) | ✅ | ✅ | ✅ |
| 3 | CODING_ARTIFACTS_CREDENTIALS_ID | 制品库私钥凭据 CredentialsId 用于拉取项目内的制品库 | ✅ | ✅ | ✅ |
| 4 | GIT_HTTP_URL | HTTPS 协议代码仓库地址 | ✅ | ✅ | ✅ |
| 5 | GIT_BUILD_REF | 构建对应的 Git 修订版本号 | ✅ | ✅ | ✅ |
| 6 | GIT_DEPLOY_KEY | 代码仓库的部署公钥 | ✅ | ✅ | ✅ |
| 7 | GIT_COMMIT | 当前版本的修订版本号 | ✅ | ✅ | ✅ |
| 7 | GIT_COMMIT_SHORT | 修订版本号的前 7 位 | ✅ | ✅ | ✅ |
| 8 | GIT_PREVIOUS_COMMIT | 前一个构建运行编号的修订版本号 | ✅ | ✅ | ✅ |
| 9 | GIT_AUTHOR_EMAIL | 本版本最新提交作者邮箱 | ✅ | ✅ | ✅ |
| 10 | GIT_SSH_URL | 协议代码仓库地址 | ✅ | ✅ | ✅ |
| 11 | GIT_COMMITTER_NAME | 本版本最新提交者名称 | ✅ | ✅ | ✅ |
| 12 | GIT_AUTHOR_NAME | 本版本最新提交作者名称 | ✅ | ✅ | ✅ |
| 13 | REF | 要构建的版本 | ✅ | ✅ | ✅ |
| 14 | GIT_PREVIOUS_SUCCESSFUL_COMMIT | 前一个构建运行成功的修订版本号 | ✅ | ✅ | ✅ |
| 15 | GIT_COMMITTER_EMAIL | 本版本最新提交者名称 | ✅ | ✅ | ✅ |
| 16 | GIT_BRANCH | 触发构建的分支 | ✅ | ✅ | ✅ |
| 17 | GIT_URL | 仓库 SSH 协议地址 | ✅ | ✅ | ✅ |
| 18 | GIT_LOCAL_BRANCH/BRANCH_NAME | 本地分支名称 | ✅ | ✅ | ✅ |
| 19 | FETCH_REF_SPECS | git 要检出的 refs | ✅ | ✅ | ✅ |
| 20 | GIT_REPO_URL | 仓库 SSH 地址 | ✅ | ✅ | ✅ |
| 21 | JOB_ID | 构建计划 id | ✅ | ✅ | ✅ |
| 22 | JOB_NAME | 构建计划名称 | ✅ | ✅ | ✅ |
| 23 | CI_BUILD_NUMBER | 构建编号 | ✅ | ✅ | ✅ |
| 24 | PROJECT_ID | 项目 ID | ✅ | ✅ | ✅ |
| 25 | PROJECT_NAME | 项目名称 | ✅ | ✅ | ✅ |
| 26 | PROJECT_WEB_URL | 项目网页地址 | ✅ | ✅ | ✅ |
| 27 | PROJECT_API_URL | 项目后端 api 地址 | ✅ | ✅ | ✅ |
| 28 | PROJECT_TOKEN | 项目令牌密码用于读取项目 | ✅ | ✅ | ✅ |
| 29 | PROJECT_TOKEN_GK | 项目令牌用户名 | ✅ | ✅ | ✅ |
| 30 | GIT_TAG | 触发构建的 Git 标签 (仅在使用标签构建的时候才会有) | ✅ | ||
| 31 | DEPOT_NAME | 当前使用的代码仓库名称 | ✅ | ||
| 32 | CCI_CURRENT_PROJECT_COMMON_CREDENTIALS_ID (即将上线) | 内置项目令牌的 CredentialsId | ✅ | ||
| 33 | CCI_CURRENT_TEAM (即将上线) | 当前构建环境的企业名,如: myteam.coding.net 中的 myteam | ✅ | ||
| 34 | CCI_CURRENT_DOMAIN (即将上线) | 当前构建环境的域名,如: myteam.coding.net 中的 coding.net | ✅ | ||
| 35 | MR_RESOURCE_ID | 合并请求 ID | ✅ | ||
| 36 | MR_TARGET_BRANCH | 合并请求目标分支名 | ✅ | ||
| 37 | MR_TARGET_SHA | 合并请求目标分支版本号 | ✅ | ||
| 38 | MR_MERGED_SHA | 模拟合并完的版本号 | ✅ | ||
| 39 | MR_SOURCE_BRANCH | 合并请求源分支名 | ✅ | ||
| 40 | MR_STATUS | 合并请求状态 | ✅ | ||
| 41 | MR_SOURCE_SHA | 合并请求源分支版本号 | ✅ |
Java基础镜像制作
Java8基础Dockefile
# openjdk基础镜像
FROM openjdk:8
# 作者信息
MAINTAINER luohq <xxx@xxx.com>
# 更新时区
RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
构建脚本
docker build -t mx-coding-devops-docker.pkg.coding.net/mx-sut/docker-repo/openjdk:8 .
docker push mx-coding-devops-docker.pkg.coding.net/mx-sut/docker-repo/openjdk:8
创建持续集成 - 团队模板
在coding最外层工作台,点击左侧菜单:功能设置 -> 持续集成 -> 构建计划模板
模板执行以下几个阶段
具体模板内容如下
pipeline {
agent any
stages {
stage('检出源代码') {
steps {
checkout([$class: 'GitSCM', branches: [[name: env.GIT_BUILD_REF]],
userRemoteConfigs: [[url: env.GIT_REPO_URL, credentialsId: env.CREDENTIALS_ID]]])
}
}
stage('Maven编译') {
steps {
echo '下载maven settings.xml文件'
sh 'curl -fL -u "${CODING_ARTIFACTS_AUTH}" "https://mx-coding-devops-generic.pkg.coding.net/mx-sut/generic-reop/maven_repo_settings.xml?version=latest" -o maven_repo_settings.xml'
sh 'mvn package --settings ./maven_repo_settings.xml -Dmaven.test.skip=true -B'
}
}
stage('打包Docker镜像') {
steps {
echo '下载SpringBoot Dockerfile文件'
sh 'curl -fL -u "${CODING_ARTIFACTS_AUTH}" "https://mx-coding-devops-generic.pkg.coding.net/mx-sut/generic-reop/SpringBoot_Dockerfile?version=latest" -o Dockerfile'
script {
docker.withRegistry("${CCI_CURRENT_WEB_PROTOCOL}://${ARTIFACT_BASE}", "${env.CODING_ARTIFACTS_CREDENTIALS_ID}") {
docker.build("${ARTIFACT_IMAGE}:${env.GIT_BUILD_REF}").push()
docker.build("${ARTIFACT_IMAGE}:latest").push()
}
}
}
}
stage('部署到K8s') {
steps {
echo '部署K8s中...'
script {
withKubeConfig([credentialsId: "${K8S_CREDENTIALS_ID}"]) {
// 使用 kubectl 修改 K8s deployment
sh "kubectl patch deployment ${K8S_DEPLOYMENT_NAME} -n ${K8S_NAMESPACE} --patch '{\"spec\": {\"template\": {\"spec\": {\"containers\": [{\"name\": \"${K8S_DEPOLYMENT_CONTAINER}\", \"image\": \"${ARTIFACT_IMAGE}:${env.GIT_BUILD_REF}\"}]}}}}'"
}
}
}
}
}
environment {
CODING_ARTIFACTS_AUTH = "${CODING_ARTIFACTS_USERNAME}:${CODING_ARTIFACTS_PASSWORD}"
ARTIFACT_BASE = "${CCI_CURRENT_TEAM}-docker.pkg.${CCI_CURRENT_DOMAIN}"
ARTIFACT_IMAGE = "${ARTIFACT_BASE}/${PROJECT_NAME}/docker-repo/${DEPOT_NAME}"
}
}
以上模板即对应Jenkins pipeline脚本,并且将构建过程中通用的maven settings.xml,Dockerfile都放在了制品库Generic中,由于制品库权限为项目内,故在下载特定制品是需要设置制品库用户名、密码,此处需要通过设置环境变量后才可在pipeline脚本中使用。
设置环境变量
对应制品库用户名、密码以及K8s部署需要的deployment相关信息
Generic制品库上传构建过程中通用的配置文件
注:
其中SpringBoot_Dockerfile
# 基础镜像
FROM mx-coding-devops-docker.pkg.coding.net/mx-sut/docker-repo/openjdk:8
# 作者信息
MAINTAINER luohq <xxx@xxx.com>
# 工作目录, 直接进到home下面
WORKDIR /home
# 将当前的jar拷贝到容器home下面
ADD ./target/*.jar /home/springboot.jar
# 启动命令且默认激活profiles为prod
ENTRYPOINT ["java","-jar","/home/springboot.jar","--spring.profiles.active=prod"]
其中maven_repo_setttings.xml即对应maven-repo制品库的settings.xml配置,但是需要注意将server对应的用户名、密码替换为环境变量形式,即对应团队模板中对应的制品库账户环境变量。
创建K8s凭证
参考:持续集成 - 简易自动部署 - 自动部署到 K8s 集群
获取K8s kubeconfig,且TKE需要开启外网访问权限
项目设置 -> 开发者选项 -> 凭证管理 -> 录入凭据
创建持续集成 - 构建计划
选中已创建的团队模板来创建构建计划,且仅输入需要覆盖的环境变量值,如下图中的k8s deployment的名字
构建计划执行结果
持续部署
TODO
持续集成使用maven制品库、上传到制品库
持续(集成)部署到K8s中
持续集成npm模板
扫一扫
7692
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
