一、编写cicd部署到k8s集群上脚本
name: Maven Package# 名称
env: # 环境变量
hostPath: /opt/project/test
on: # 触发时间为创建发布(打tag)
release:
types: [created]
jobs: # 任务
build:
runs-on: ubuntu-latest # 基于哪个系统镜像打包
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2 # 很关键,对应GitHub上各种开源的动作执行器,具体看每个action用法
- name: Set up JDK 11
uses: actions/setup-java@v2 # 使用java11环境
with:
java-version: '11'
distribution: 'temurin'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Get version # 用来输出当前tag的版本信息
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
- name: Configure Maven # 配置maven环境,如果不是私有包,一般不用,因为github的服务器在国外,访问中央仓库其实很快的
uses: s4u/maven-settings-action@v2.2.0
with:
servers: |
[{
"id": "github",
"username": "${{ secrets.MAVEN_USERNAME }}",
"password": "${{ secrets.MAVEN_PASSWORD }}"
}]
- name: Build with Maven # maven构建
run: mvn -B -Dmaven.test.skip=true package --file pom.xml
- name: Build Docker Image # 镜像打包
id: buildAndPushImage
uses: risfeng/docker-image-build-push-action@v1.0
with:
registry_url: 'ccr.ccs.tencentyun.com' # 镜像仓库服务器地址
namespaces: 'zflzqy' # 命名空间
repository_name: 'test' # 镜像的名称
user_name: ${{ secrets.TENCENT_DOKER_USERNAME }}
password: ${{ secrets.TENCENT_DOKER_PASSWROD }}
image_version: ${{ steps.get_version.outputs.VERSION }} # 镜像的版本号,这里就以上边的tag为准了
docker_file: '.' # 打包镜像的dokerfile文件地址,通常是项目根路径
- name: Update image tag # 更新k8s.yaml文件的镜像,一般k8s apply命令只有当yaml文件发生变动才会触发重新部署
uses: loveholidays/gitops-action-yaml-updater@v1.0
with:
mode: IMAGE_TAG
container-name: test # 容器的名称
new-image-tag: ${{ steps.get_version.outputs.VERSION }} # 替换的镜像版本
filepath: k8s/k8s.yaml # yaml文件的地址,也是相对于项目根路径
- name: Trigger deploy # 部署到K8S集群
uses: phamquyhai/kubernetes-action@master
env: # 使用kubeconfig与K8s集群进行通信,保证外网的6443端口放行
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_DATA }}
with: # 部署命令
args: apply -f k8s/k8s.yaml
注:secrets. 这种形式,代表将密钥写到github的密钥信息里,这样部署的时候才会去拿,防止别人拿到隐私信息,密钥通常位于项目的setting/secrets/action下配置