Git 和 Docker 团队工作流程
[英]Git and Docker team workflow
问题描述
I've been using Git for a few years for some projects, but I'm new to Docker.
我已经在一些项目中使用 Git 几年了,但我是 Docker 的新手。
Today, I would like to find a workflow that allows me to use Git and Docker correctly for my team projects.今天,我想找到一个工作流程,让我可以在我的团队项目中正确使用 Git 和 Docker。
Today今天
Today, without Docker, we use named branches for development.今天,没有 Docker,我们使用命名分支进行开发。 When the functionalities are finalized, we pull them towards "master".当功能最终确定时,我们将它们拉向“主”。 When we want to go into production, we create a versioned preprod branch (eg preprod-2.3.0) of the master for tests.当我们想要进入生产环境时,我们会创建一个 master 的版本化 preprod 分支(例如 preprod-2.3.0)用于测试。 If we have corrections, we push on the current preprod and merge on master.如果我们有更正,我们会推动当前的 preprod 并在 master 上合并。 When the preprod branch is ready (automatic and manual tests), we create a prod branch with the same version as preprod (ex: prod-2.3.0).当 preprod 分支准备好(自动和手动测试)时,我们创建一个与 preprod 版本相同的 prod 分支(例如:prod-2.3.0)。 If we have urgent corrections in prod, we create a new branch from the preprod (ex: preprod-2.3.1), before continuing the normal process (test + prod -> prod-2.3.1).如果我们在 prod 中有紧急更正,我们会从 preprod 创建一个新分支(例如:preprod-2.3.1),然后继续正常过程(test + prod -> prod-2.3.1)。
With Docker使用 Docker
With Docker, for development, we want to create local images named $PROJECT_NAME/$IMAGE_NAME:dev (project/api:dev, project/db:dev, project/webui:dev...).使用 Docker,为了开发,我们想创建名为 $PROJECT_NAME/$IMAGE_NAME:dev (project/api:dev, project/db:dev, project/webui:dev...) 的本地镜像。 Every time we rebuild local projects, we lose development images, but otherwise it would become unmanageable.每次我们重建本地项目时,我们都会丢失开发映像,否则它将变得无法管理。 To test, we would also use the versions of dev.为了测试,我们还将使用 dev 的版本。
But where I have questions is for the production launch.但我对生产发布有疑问。
Several blogs/articles create docker images after the code is pushed on git, perform unit tests and finally save valid images.几篇博客/文章在代码推送到git上后创建docker镜像,进行单元测试,最后保存有效镜像。 Thereafter, a valid image will be named":latest" and used for production implementation.此后,一个有效的图像将被命名为“:latest”并用于生产实施。 In our case, we could use this system to save valid images of prod-$VERSION branches using the $VERSION and latest tags to version the images.在我们的例子中,我们可以使用这个系统来保存 prod-$VERSION 分支的有效图像,使用 $VERSION 和 latest 标签来版本图像。
Problems问题
My problem with this system is that I feel like I'm losing one of Docker's benefits.我对这个系统的问题是我觉得我正在失去 Docker 的一项好处。 When I perform my tests locally, I test the code but also the dev image.当我在本地执行测试时,我会测试代码以及开发映像。 It is this image that should be used on the CI and in production.应该在 CI 和生产中使用这个图像。 While there, the image is recreated several times by the CI for master, preprod and finally prod before being frozen.在那里,图像由 CI 为 master、preprod 和最终 prod 重新创建多次,然后被冻结。 If the versions of the hub images (eg nginx:latest, node:lastest) have changed in the meantime, this can cause problems.如果集线器映像的版本(例如 nginx:latest、node:lastest)在此期间发生了变化,这可能会导致问题。 See: https://nickjanetakis.com/blog/docker-tip-18-please-pin-your-docker-image-versions请参阅: https : //nickjanetakis.com/blog/docker-tip-18-please-pin-your-docker-image-versions
Another solution would be to save the images directly in preprod with the preprod tag.另一种解决方案是使用 preprod 标签直接将图像保存在 preprod 中。 After being tested, I add the tags "prod" and "latest".经过测试后,我添加了“prod”和“latest”标签。 But if an update occurs during the creation of the preprod, I can sometimes waste time to understand why it worked in dev and not in prod.但是如果在创建 preprod 期间发生更新,我有时会浪费时间来理解为什么它在 dev 中起作用而不是在 prod 中起作用。 But at least it avoids problems between pre-production and production.但至少它避免了预生产和生产之间的问题。
I also couldn't find a system at the nodejs lock (package.json/package-lock.json) that allows to run npm build/npm ci (download the latest version of the packages and update the lock file specifying which version was precisely used/rebuilt the same architecture as the lock file).我也无法在 nodejs 锁 (package.json/package-lock.json) 上找到允许运行 npm build/npm ci 的系统(下载最新版本的包并更新锁文件,指定哪个版本是精确的使用/重建与锁定文件相同的架构)。 See : https://docs.npmjs.com/files/package-lock.json请参阅: https : //docs.npmjs.com/files/package-lock.json
Questions问题
Do you have a system/idea to ensure that the image is identical to the previous one (as a lock)?你有一个系统/想法来确保图像与前一个相同(作为锁)? Or a workflow that allows you to work in a team while dropping images directly from the dev (with versions)?或者允许您在团队中工作同时直接从开发人员(带有版本)删除图像的工作流程?
1 个解决方案
解决方案1
1 已采纳 2019-01-16 00:48:14
I finally made my own lock system with a bash alias or alternatively one or two scripts :我终于用 bash 别名或一两个脚本制作了自己的锁系统:
bash alias (Add docker ci command and improve docker build) : bash 别名(添加 docker ci 命令并改进 docker build):
dockeralias() {
args=$@
args_cat=$1
shift
args_without_cat_files_and_final=""
dockerfile="Dockerfile"
while test $# -gt 1; do
case "$1" in
-f|--file)
shift
dockerfile=$1
shift
;;
-f=*)
dockerfile=${1#"-f="}
shift
;;
--file=*)
dockerfile=${1#"--file="}
shift
;;
*)
args_without_cat_files_and_final="$args_without_cat_files_and_final $1 "
shift
;;
esac
done
lockfile="$dockerfile-lock"
args_final=$@
if [ $args_cat == "ci" ]; then
echo "Build from $lockfile"
command docker build $args_without_cat_files_and_final --file $lockfile $args_final
return
fi
if ! command docker $args; then
return
fi
if [ $args_cat == "build" ]; then
echo "Make $lockfile from $dockerfile"
cp $dockerfile $lockfile
grep ^FROM $lockfile | while read -r line ; do
image=`echo $line | cut -d" " -f2`
digest=`command docker inspect --format='{{index .RepoDigests 0}}' $image`
echo "$image > $digest"
sed -i -e "s/$image/$digest/g" $lockfile
done
fi
}
alias docker=dockeralias
Alternatively docker-build.sh to replace docker build in dev或者docker-build.sh替换 dev 中的docker build
#!/bin/bash
docker build "$@"
dockerfile="Dockerfile"
while test $# -gt 0; do
case "$1" in
-f|--file)
shift
dockerfile=$1
shift
;;
-f=*)
dockerfile=${1#"-f="}
shift
;;
--file=*)
dockerfile=${1#"--file="}
shift
;;
*)
shift
;;
esac
done
lockfile="$dockerfile-lock"
echo "Make $lockfile from $dockerfile"
cp $dockerfile $lockfile
grep ^FROM $lockfile | while read -r line ; do
image=`echo $line | cut -d" " -f2`
digest=`docker inspect --format='{{index .RepoDigests 0}}' $image`
echo "$image > $digest"
sed -i -e "s/$image/$digest/g" $lockfile
done
And docker-ci.sh to replace docker build in CI (preprod, prod...) or just use " docker build --file Dockerfile-lock . "并且docker-ci.sh替换 CI 中的 docker build(preprod、prod ...)或仅使用“ docker build --file Dockerfile-lock ”。
#!/bin/bash
args=""
dockerfile="Dockerfile"
while test $# -gt 1; do
case "$1" in
-f|--file)
shift
dockerfile=$1
shift
;;
-f=*)
dockerfile=${1#"-f="}
shift
;;
--file=*)
dockerfile=${1#"--file="}
shift
;;
*)
args="$newargs $1 "
shift
;;
esac
done
lockfile="$dockerfile-lock"
echo "Build from $lockfile"
docker build $args --file $lockfile "$@"
Here an example of what do the script :这是脚本执行的示例:
From Dockerfile来自Dockerfile
FROM node:latest
EXPOSE 8080
WORKDIR /usr/src/app
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
CMD npm start
Create Dockerfile-lock创建Dockerfile-lock
FROM node@sha256:d2180576a96698b0c7f0b00474c48f67a494333d9ecb57c675700395aeeb2c35
EXPOSE 8080
WORKDIR /usr/src/app
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
CMD npm start
And I also writed a feature request on the docker forum : https://forums.docker.com/t/dockerfile-lock/67031我还在 docker 论坛上写了一个功能请求: https : //forums.docker.com/t/dockerfile-lock/67031
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.