持续集成-droneCI-docker项目案例go

实例2 - go 项目

注解:
拉取代码后，进行编译
开发环境只是更新了远程主机的二进制文件，和生成了一个 docker 镜像
生产环境模拟做区分，推送一个包到 gitea 仓库
考虑不要用这个 docker 插件来打镜像，自己本地打似乎更好一些;
特别注意的是文件里面一些变量的引用方式很奇怪
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231


kind: pipeline
name: nginx-log-go
type: docker

# 私有镜像站认证信息
image_pull_secrets:
  - dockerconfigjson

# 因为有个性化的 clone 需求，所以这里关闭默认的 clone 动作
clone:
  disable: true

steps:
- name: 克隆仓库
  image: registry.wait/cwx/drone/git
  pull: if-not-exists
  settings:

    # clone 时截断以前的提交记录, 即克隆深度
    depth: 1
    skip_verify: true

    # 读取 git 的 tag 作为环境变量 ${DRONE_TAG}
    tags: true

  # 工作目录为 /drone/src
  commands:
    - git config --global http.sslVerify false
    - git clone https://git.services.wait/chenwx/nginx-log-go.git .
    - git log --oneline -n 5
    - pwd
    - ls -a

# - name: build
- name: 编译
  image: registry.wait/cwx/golang:1.20.3
  pull: if-not-exists
  depends_on: [克隆仓库]

  volumes:
    - name: gopath-1.20.3
      path: /go

  commands:
    - go env -w GOPROXY=https://goproxy.cn,direct
    - export CGO_ENABLED=0
    - go build -o bin/nginxLog -ldflags '-s -w' src/main.go
    - ls bin


# 有 tag 时，制作一个 压缩包
- name: 生产环境-打包
  image: registry.wait/cwx/os/alpine:3.17.3
  depends_on: [编译]
  commands:
    - ls -a
    - cd bin
    - tar zcvf nginxLog-${DRONE_TAG##v}.tar.gz ./nginxLog
  # 匹配全部tag
  when:
    ref:
      - refs/tags/**

# 提交一个 release 版本到 gitea
# gitea-release 插件只适用于有 tag 的情况
- name: 生产环境-push-release
  image: registry.wait/cwx/drone/plugins/gitea-release
  pull: if-not-exists
  depends_on: [生产环境-打包]
  settings:
    api_key: 2a5ab57061a66a6f37233a3fac07029cb5ad6b76
    base_url: https://git.services.wait/
    files:
      # 上传文件时，把那个 v 前缀去掉
      - bin/nginxLog-${DRONE_TAG##v}.tar.gz

    # 如果存在则覆盖
    file_exists: overwrite
    title: 新版本发布-${DRONE_TAG}

    # 忽略 https 证书
    insecure: true
  volumes:
    - name: cwxCA
      path: /etc/ssl/certs/ca-certificates.crt

  when:
    ref:
      - refs/tags/**


# 使用 scp 传输到其它主机
- name: 开发环境-推送
  image: registry.wait/cwx/drone/appleboy/drone-scp
  pull: if-not-exists
  depends_on: [编译]
  settings:
    host: 10.2.1.5
    username: wait
    key:
      from_secret: wcn7_wait_key
    port: 22
    target: /home/wait/data/pkg/${DRONE_REPO_NAME}
    source: bin/nginxLog
  when:
    ref:
      exclude:
        - refs/tags/**

# 到远程主机执行命令
- name: 开发环境-部署
  image: registry.wait/cwx/drone/appleboy/drone-ssh
  pull: if-not-exists
  depends_on: [开发环境-推送]
  settings:
    host:
      - 10.2.1.5
    username: wait
    key:
      from_secret: wcn7_wait_key
    port: 22
    command_timeout: 1m
    script:
      - cd /home/wait/data/pkg/${DRONE_REPO_NAME}
      - rm -f /home/wait/bin/nginxLog
      - mv bin/nginxLog /home/wait/bin/
  when:
    ref:
      exclude:
        - refs/tags/**

# 制作镜像
# 存在的问题，虽然插件最后有清理容器的动作，但没有实际执行成功
- name: 生成镜像
  image: registry.wait/cwx/plugins/docker:20.14.2
  pull: if-not-exists
  depends_on: [编译]

  settings:
    registry: registry.wait
    repo: registry.wait/cwx/nginx-log-go           # 私有仓库
    tags:
      - dev
    no_cache: true

    # 自动分割 git tag 的标签
    # auto_tag: true
    dockerfile: dockerfile

    # 允许不安全的通信, 实际测试没生效，还是得挂证书
    # insecure: true

    username:
      from_secret: docker_registry_username
    password:
      from_secret: docker_registry_password
  volumes:
    - name: cwxCA
      path: /etc/ssl/certs/ca-certificates.crt
    - name: docker
      path: /var/run/docker.sock


# 制作镜像
# 此处采用 docker in docker 的方式目的是不想二次生成镜像
- name: 生产环境-生成镜像
  image: registry.wait/cwx/docker:23.0.4
  pull: if-not-exists
  depends_on: [生成镜像]

  volumes:
    - name: docker
      path: /var/run/docker.sock
    - name: docker_configjson
      path: /root/.docker/config.json

  environment:
    IMG_NAME: registry.wait/cwx/nginx-log-go
    # USERNAME:
    #   from_secret: docker_registry_username
    # PASSWORD:
    #   from_secret: docker_registry_password

  commands:
    - echo $TAG_NAME
    - echo ${TAG_NAME}
    - "docker tag $IMG_NAME:dev $IMG_NAME:${DRONE_TAG##v}"
    - "docker push $IMG_NAME:${DRONE_TAG##v}"

  #   - docker login -u $USERNAME -p $PASSWORD registry.wait
  #   - docker tag $IMG_NAME:dev $IMG_NAME:${DRONE_TAG##v}
  #   - docker push $IMG_NAME:${DRONE_TAG##v}

  when:
    ref:
      - refs/tags/**

# 生产环境-部署命令
- name: 生产环境-部署
  image: registry.wait/cwx/drone/appleboy/drone-ssh
  pull: if-not-exists
  depends_on: [生产环境-生成镜像]
  settings:
    host:
      - 10.2.1.5
    port: 22
    username: wait
    key:
      from_secret: wcn7_wait_key
    command_timeout: 1m
    script:
      - cd /home/wait/env_docker/nodes/wcn7/service
      - sed -i "/registry.wait\\/cwx\\/nginx-log-go/s/nginx-log-go:.*$/nginx-log-go:${DRONE_TAG##v}/" docker-compose.yml
      - docker compose up nginx-log-go -d
  when:
    ref:
      - refs/tags/**

volumes:
  - name: gopath-1.20.3
    host:
      path: /data/cache/gopath-1.20.3
  - name: cwxCA
    host:
      path: /home/wait/data/ca/cwxCA.pem
  - name: docker
    host:
      path: /var/run/docker.sock
  - name: docker_configjson
    host:
      path: /home/wait/.docker/config.json
发布生产环境
微信搜索IT运维小秋