简体繁体 English

如何启用从 BitBucket 到内部服务器的持续部署

[英]How to enable Continuous Deployment to an internal server from BitBucket

原文 2023-01-31 08:23:59 9 1 bitbucket/ devops/ continuous-deployment/ cicd/ bitbucket-pipelines

I need some guidance and advice please on if / how I can implement a CI / CD pipeline for a corporate PHP Laravel application that is hosted on an internal server with limited access and no public IP. Unfortunately my DevOps knowledge is limited and despite a lot of Google searches, I have no idea if I am on the right track or if I am a million miles away.我需要一些指导和建议，请告诉我是否/如何为公司 PHP Laravel 应用程序实施 CI / CD 管道，该应用程序托管在访问受限且没有公共 IP 的内部服务器上。不幸的是，我的 DevOps 知识有限，尽管很多谷歌搜索，我不知道我是否在正确的轨道上，或者我是否在一百万英里之外。 Everything that I have read so far looks at using Web Hooks which as far as I can tell are reliant on a public IP / domain.到目前为止，我所阅读的所有内容都着眼于使用 Web Hook，据我所知，这些 Hook 依赖于公共 IP / 域。

At present I can work on the application on my laptop and push changes to BitBucket Cloud.目前我可以在笔记本电脑上处理应用程序并将更改推送到 BitBucket Cloud。 While I have managed to create a bitbucket-pipelines.yml file that will automatically build and test any branches that are pushed, I then have to access the server to pull the code manually and run the various scripts as required, which I would much prefer to automate.虽然我设法创建了一个 bitbucket-pipelines.yml 文件，它将自动构建和测试任何被推送的分支，然后我必须访问服务器以手动提取代码并根据需要运行各种脚本，我更喜欢这样做自动化。

I need to understand please what options there are for implementing continuous deployment given the circumstances and limitations?鉴于情况和限制，我需要了解实施持续部署有哪些选择？

If anyone could offer some pointers then I would be very grateful.如果有人可以提供一些指示，那么我将不胜感激。

Thanks谢谢

1 个解决方案

You can't push to a machine that is unreachable but there are some alternatives.您无法推送到无法访问的机器，但有一些替代方法。

Configure a bastion host , so an external CI/CD runner can ssh through it into your server.配置一个堡垒主机，这样一个外部 CI/CD 运行器可以通过它 ssh 进入你的服务器。 Allow inbound port 22 connections from your CI/CD provider CIDR blocks to your bastion host https://ip-ranges.atlassian.com/允许从 CI/CD 提供商 CIDR 块到堡垒主机的入站端口 22 连接https://ip-ranges.atlassian.com/
Setup a CI/CD self-hosted runner in the same.network than the server.在与服务器相同的网络中设置 CI/CD自托管运行器。 https://support.atlassian.com/bitbucket-cloud/docs/runners/ Use that runner for the deployment step to ssh into your server private IP address . https://support.atlassian.com/bitbucket-cloud/docs/runners/使用该运行程序将 ssh 部署到您的服务器私有地址 IP中。
Setup a pull-based deployment strategy .设置基于拉动的部署策略。 Your deployment step only registers the new wanted version, eg moving a release/production branch on the commit ref where the deploy was triggered.您的部署步骤仅注册新的所需版本，例如，在触发部署的提交引用上移动release/production分支。 In your server, setup some kind of subscription to the latest release/deployment, eg a cron task to frequently fetch the production git branch.在您的服务器中，设置对最新发布/部署的某种订阅，例如一个 cron 任务来频繁获取生产 git 分支。 Upon changes, restart services and run any task you need.更改后，重新启动服务并运行您需要的任何任务。 ansible-pull can be handy for this purpose. ansible-pull可以很方便地用于此目的。