[英]Gitlab CI - Split deployment script from build script
I have a .gitlab-ci.yaml like this:我有一个.gitlab-ci.yaml像这样:
stages:
- build
- deploy
before_script:
- docker login ...
build:
stage: build
tags:
- dind
script:
- docker pull $CONTAINER_IMAGE:$CI_COMMIT_REF_NAME || true
- docker build ...
- docker push $CONTAINER_IMAGE:$CI_COMMIT_REF_NAME
- docker push $CONTAINER_IMAGE:git-$CI_COMMIT_SHA
manual-deploy-dev:
image: 'google/cloud-sdk:latest'
stage: deploy
tags:
- dind
when: manual
script:
- echo "$SERVICE_ACCOUNT_DEV_KEY" > key.json
- gcloud auth activate-service-account --key-file=key.json
- docker login -u _json_key --password-stdin https://gcr.io < key.json
- docker pull xxx:git-$CI_COMMIT_SHA
- docker tag xxx:git-$CI_COMMIT_SHA xxx:git-$CI_COMMIT_SHA
- docker push xxx
My problem is that since.gitlab-ci.yaml lives in the same branch as the software it implies that if I need to update the deployment script I have to recompile the software for that.我的问题是 since.gitlab-ci.yaml 与软件位于同一分支中,这意味着如果我需要更新部署脚本,我必须为此重新编译软件。 And also the hash of the build changes needlessly.并且构建的 hash 也进行了不必要的更改。
I'd like to have my code in the master branch and changes should retrigger a build.我想将我的代码放在主分支中,并且更改应该重新触发构建。 I would like to have the deployment scripts versioned in the deployment-scripts branch on the same repository.我希望在同一存储库的部署脚本分支中对部署脚本进行版本控制。
And if the deployment-script fails I want to be able to fix it without having to touch the other code.如果部署脚本失败,我希望能够修复它而无需触及其他代码。
before_script:
- docker login ...
- git checkout deployment-scripts
The problem with this solution is that in the.gitlab-ci.yaml there can be only one before_script for all stages and for the build stage I want the 'master' branch and for the 'manual-deploy-dev' I want the deployment-scripts.此解决方案的问题在于,在.gitlab-ci.yaml 中,所有阶段只能有一个 before_script,对于构建阶段,我想要“master”分支,而对于“manual-deploy-dev”,我想要部署-脚本。
This can't work.这是行不通的。
Michael Delgado proposed to use https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html Michael Delgado 提议使用https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html
But there is a limitation in GL discussed in https://forum.gitlab.com/t/downstream-pipeline-trigger-definition-is-invalid/52356/5 which implies that you need to use two different projects for it to work.但是在https://forum.gitlab.com/t/downstream-pipeline-trigger-definition-is-invalid/52356/5中讨论的 GL 存在限制,这意味着您需要使用两个不同的项目才能使其工作. In my setup I want to have two different branches.在我的设置中,我想要两个不同的分支。
This can't work with just one GL project.这不能仅用于一个 GL 项目。
Going with this proposal could easily mean that I would have to have around 6 or 8 more projects for all our different deployment targets in different projects.接受这个提议很容易意味着我必须为不同项目中的所有不同部署目标再增加大约 6 或 8 个项目。
This probably works but I'd rather try to avoid that.这可能有效,但我宁愿尽量避免这种情况。
First I created a read only 'developer' token and for testing hardcoded it into the request.首先,我创建了一个只读的“开发者”令牌,并用于测试将其硬编码到请求中。 Later I put that token into the environment variables.后来我将该令牌放入环境变量中。
curl --header "PRIVATE-TOKEN: xxx" "https://gitlab.example.com/api/v4/projects/567/repository/files/upload_google.sh/raw?ref=deployment-scripts" -o upload_google.sh
Turns out, this is actually the easiest way to do it ATM.事实证明,这实际上是 ATM 最简单的方法。
https://docs.gitlab.com/ee/api/repository_files.html#get-raw-file-from-repository https://docs.gitlab.com/ee/api/repository_files.html#get-raw-file-from-repository
I use a PRIVATE-TOKEN with the get-raw-file-from-repository method.我将 PRIVATE-TOKEN 与 get-raw-file-from-repository 方法一起使用。
I use a PRIVATE-TOKEN with the get-raw-file-from-repository method as outlined in the Solution section of the question.如问题的解决方案部分所述,我使用 PRIVATE-TOKEN 和 get-raw-file-from-repository 方法。
- 'curl --header "PRIVATE-TOKEN: $READ_ONLY_CI_GOOGLE_UPLOAD_SCRIPT" "https://gitlab.xxx.com/api/v4/projects/$CI_PROJECT_ID/repository/files/upload_google.sh/raw?ref=deployment-scripts" -o upload_google.sh'
Also notice the $CI_PROJECT_ID usage.还要注意 $CI_PROJECT_ID 的用法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.