堆棧內存溢出
  簡體   English   中英

我如何優化我的 gitlab-ci.yml 任何想法?

[英]How Can I Optimize My gitlab-ci.yml Any Ideas?

 原文  2020-09-17 13:41:02       git/ docker/ ssh/ gitlab/ gitlab-ci

問題描述

我最近在 Gitlab 的項目中創建了一個標簽后,我為自己創建了一個自動拉取的管道

但它有嚴重的安全問題,因為我在 Docker 鏡像中使用 Echo 函數來導入我的私鑰

和我的圖像公鑰

我的問題是

如何在變量中安全地從我的 Gitlab 配置文件中讀取公鑰和私鑰?

## Author : RaminSubZero (0VERL0RD Corporation)

## PLEASE READ COMMENTS

## This CI Pulls Your Repository On Your Server With Some Statements

## This CI Triggers Only When You Make A Tag For Your Repo

## Start
image: trion/ng-cli-karma

## Setting Server Configuration For CI/CD Integration
## Config This Variables As You Need
## We Set This Stage Deploy 
deploy_stage:
  variables:
    SSH_PRIVATE_KEY_PATH : "/root/.ssh/id_rsa"
    SSH_PRIVATE_KEY : "-----BEGIN RSA PRIVATE KEY-----
    example
    -----END RSA PRIVATE KEY-----"
    SSH_PUBLIC_KEY : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQAexample3v3P RaminSub-Zero@PC"
    SERVER: "example.com"
    USER: "root"
    PORT: "22"
    PROJECT_DIR: "public_html/"
    BRANCH: "master"
  ## This Git Pre Commands Save Your Local Changes To Server For Allowing Save Your Custom Files In Server
  ## You Can Set This Variables Empty If You Want
  ## For Setting This Variables Empty Replace This Lines With This Code
  ## GIT_PRESAVE_COMMAND: ""
  ## GIT_POSTSAVE_COMMAND: ""
  ## Start Saving Variables
    GIT_PRESAVE_COMMAND: "&& git stash"
    GIT_POSTSAVE_COMMAND: "&& git stash apply"
  ## End Saving Variables
    CUSTOM_COMMAND: "" 
    CUSTOM_COMMAND2: ""
  ## You Can Run Any Command In Your Server You Want | For Example (CUSTOM_COMMAND: "&& systemctl restart nginx")
  ## Note : You Have To Use && First Of Your Command
  
  # Here We Set Rule For Trigger This CI Per Tag Release
  rules:
   - if: '$CI_COMMIT_TAG != null'
  stage: deploy
  script:
  - apt-get update
  - apt-get update -y && apt-get install openssh-client -y
  - mkdir /root/.ssh
  - chmod 777 /root/.ssh 
  - touch /root/.ssh/id_rsa /root/.ssh/id_rsa.pub
  - echo "$SSH_PRIVATE_KEY" > /root/.ssh/id_rsa ; echo "$SSH_PUBLIC_KEY" > /root/.ssh/id_rsa.pub
  - chmod 600 /root/.ssh/id_rsa.pub
  - chmod 600 /root/.ssh/id_rsa
  - ssh -o "StrictHostKeyChecking no" -i $SSH_PRIVATE_KEY_PATH $USER@$SERVER -p $PORT "cd $PROJECT_DIR $GIT_PRESAVE_COMMAND && git pull origin $BRANCH $GIT_POSTSAVE_COMMAND $CUSTOM_COMMAND $CUSTOM_COMMAND2 && exit"
## In The End We Exit From Server To Finish Our Updating Session

## End

1 個解決方案

解決方案1
 1 已采納  2020-09-17 14:05:23

您應該從.gitlab-ci.yml刪除帶有私鑰的變量並通過 UI 添加它: https : .gitlab-ci.yml . 這樣它就不會被提交到存儲庫中。

至於 CI 日志,您應該將script:下的所有內容移動到單獨的 *.sh 文件中 - 這樣每一行就不會在日志中單獨顯示。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 我可以在執行過程中更改 gitlab-ci.yml 文件嗎? 如何根據推送的分支在 .gitlab-ci.yml 中使用不同的腳本 Gitlab-ci.yml 配置 為什么在 gitlab-ci.yml 中無法識別我的 delpoy 階段? 如何用 gitlab-ci.yml 做一個簡單的拉動? .gitlab-ci.yml中的多個Docker鏡像 Gitlab-ci.yml 創建合並請求 Gitlab CI / CD中的預定義變量在.gitlab-ci.yml中可用嗎? 有沒有辦法在 .gitlab-ci.yml 文件中自動更改分支名稱? .gitlab-ci.yml Gitlab 部署 SFTP 不工作
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM