还是按照之前的目录结构完成的,jobs目录用于存放作业模板。templates目录用于存放流水线模板。这次使用
default-pipeline.yml
作为所有作业的基础模板。来源:http://www.idevops.site
作业模板
作业分为Build、test、codeanalysis、artifactory、deploy部分,在每个作业中配置了rules功能开关,由变量控制最终作业的运行。
jobs/build.yml 构建作业模板
包含两个作业模板,分别是普通的构建模板(maven/npm/gradle)和docker 镜像构建模板。
## build相关作业
.build:
stage: build
script:
- |
${BUILD_SHELL}
variables:
GIT_CHECKOUT: "true"
rules:
- if: " $RUN_PIPELINE_BUILD == 'no' "
when: never
- when: always
## 构建镜像
.build-docker:
stage: buildimage
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWD $CI_REGISTRY
- docker build -t ${IMAGE_NAME} -f ${DOCKER_FILE_PATH} .
- docker push ${IMAGE_NAME}
- docker rmi ${IMAGE_NAME}
rules:
- if: " $RUN_BUILD_IMAGE == 'no' "
when: never
- when: always
jobs/test.yml 测试作业模板
主要用于运行项目单元测试,例如maven、gradle、npm单元测试。
#单元测试
.test:
stage: test
script:
- $TEST_SHELL
artifacts:
reports:
junit: ${JUNIT_REPORT_PATH}
rules:
- if: " $RUN_PIPELINE_TEST == 'no' "
when: never
- when: always
jobs/codeanalysis.yml 代码扫描模板
包含两个作业模板,分别为扫描作业和获取扫描结果。这里面将扫描参数进行了分类,通用的项目参数、特殊的合并请求参数、自定义的项目参数。
##代码扫描
##
##
##
.code_analysis:
variables:
GLOBAL_PROJECT_ARGS: "-Dsonar.projectKey=${CI_PROJECT_NAME}
-Dsonar.projectName=${CI_PROJECT_NAME}
-Dsonar.projectVersion=${CI_COMMIT_REF_NAME}
-Dsonar.projectDescription=${CI_PROJECT_TITLE}"
GLOBAL_SERVER_ARGS: "-Dsonar.ws.timeout=30
-Dsonar.links.homepage=${CI_PROJECT_URL}
-Dsonar.host.url=${SONAR_SERVER_URL}
-Dsonar.login=${SONAR_SERVER_LOGIN}
-Dsonar.sourceEncoding=UTF-8 "
GLOBAL_MR_ARGS: " -Dsonar.pullrequest.key=${CI_MERGE_REQUEST_IID}
-Dsonar.pullrequest.branch=${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}
-Dsonar.pullrequest.base=${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.project_id=${CI_PROJECT_PATH}
-Dsonar.pullrequest.gitlab.repositorySlug=${CI_PROJECT_ID} "
MULTI_BRANCH_ARGS: "-Dsonar.branch.name=${CI_COMMIT_REF_NAME}"
stage: code_analysis
script:
- echo ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS} ${GLOBAL_MR_ARGS}
#sonar-scanner $GLOBAL_PROJECT_ARGS $GLOBAL_SERVER_ARGS $SCAN_JAVA_ARGS
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]
then
echo "sonar-scanner ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS} "
sonar-scanner ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS}
else
echo "sonar-scanner ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS} ${MULTI_BRANCH_ARGS}"
sonar-scanner ${GLOBAL_PROJECT_ARGS} ${GLOBAL_SERVER_ARGS} ${SONAR_SCAN_ARGS} ${MULTI_BRANCH_ARGS}
fi
rules:
- if: " $RUN_CODE_ANALYSIS == 'no' "
when: never
- when: always
#### 获取代码扫描结果
.get_analysis_result:
stage: get_analysis_result
script:
- |
SONAR_REPORT_URL=$(grep "ceTaskUrl" .scannerwork/report-task.txt | awk -F = '{OFS="=";print $2,$3}')
echo ${SONAR_REPORT_URL}
for i in {1..10}
do
curl -k -u "${SONAR_SERVER_LOGIN}":"" ${SONAR_REPORT_URL} -o sonar_result.txt -s
grep '"status":"SUCCESS"' sonar_result.txt && SONAR_SCAN_RESULT='SUCCESS'
if [ ${SONAR_SCAN_RESULT} == 'SUCCESS' ]
then
echo "${SONAR_SCAN_RESULT}"
SONAR_SCAN_RESULT=SUCCESS