ci-cd
Scannednpx machina-cli add skill chaterm/terminal-skills/ci-cd --openclawFiles (1)
SKILL.md
8.0 KB
CI/CD 流水线配置
概述
Jenkins、GitLab CI、GitHub Actions 等 CI/CD 工具配置技能。
GitHub Actions
基础工作流
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test
- name: Build
run: npm run build
矩阵构建
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
node-version: [16, 18, 20]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- run: npm ci
- run: npm test
Docker 构建与推送
jobs:
docker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: user/app:${{ github.sha }}
部署到 Kubernetes
jobs:
deploy:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- name: Configure kubectl
uses: azure/k8s-set-context@v3
with:
kubeconfig: ${{ secrets.KUBE_CONFIG }}
- name: Deploy
run: |
kubectl set image deployment/app app=user/app:${{ github.sha }}
kubectl rollout status deployment/app
GitLab CI
基础配置
# .gitlab-ci.yml
stages:
- build
- test
- deploy
variables:
DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
build:
stage: build
image: docker:latest
services:
- docker:dind
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $DOCKER_IMAGE .
- docker push $DOCKER_IMAGE
test:
stage: test
image: node:18
script:
- npm ci
- npm test
coverage: '/Coverage: \d+\.\d+%/'
deploy:
stage: deploy
image: bitnami/kubectl:latest
script:
- kubectl set image deployment/app app=$DOCKER_IMAGE
only:
- main
environment:
name: production
url: https://app.example.com
多环境部署
.deploy_template: &deploy_template
stage: deploy
image: bitnami/kubectl:latest
script:
- kubectl config use-context $KUBE_CONTEXT
- kubectl set image deployment/app app=$DOCKER_IMAGE
deploy_staging:
<<: *deploy_template
variables:
KUBE_CONTEXT: staging
environment:
name: staging
only:
- develop
deploy_production:
<<: *deploy_template
variables:
KUBE_CONTEXT: production
environment:
name: production
only:
- main
when: manual
Jenkins
Jenkinsfile(声明式)
// Jenkinsfile
pipeline {
agent any
environment {
DOCKER_IMAGE = "user/app:${BUILD_NUMBER}"
DOCKER_CREDENTIALS = credentials('docker-hub')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Build') {
steps {
sh 'npm ci'
sh 'npm run build'
}
}
stage('Test') {
steps {
sh 'npm test'
}
post {
always {
junit 'test-results/*.xml'
}
}
}
stage('Docker Build') {
steps {
sh "docker build -t ${DOCKER_IMAGE} ."
}
}
stage('Docker Push') {
steps {
sh "echo ${DOCKER_CREDENTIALS_PSW} | docker login -u ${DOCKER_CREDENTIALS_USR} --password-stdin"
sh "docker push ${DOCKER_IMAGE}"
}
}
stage('Deploy') {
when {
branch 'main'
}
steps {
sh "kubectl set image deployment/app app=${DOCKER_IMAGE}"
}
}
}
post {
always {
cleanWs()
}
success {
slackSend channel: '#deployments', message: "Build ${BUILD_NUMBER} succeeded"
}
failure {
slackSend channel: '#deployments', message: "Build ${BUILD_NUMBER} failed"
}
}
}
Jenkinsfile(脚本式)
node {
stage('Checkout') {
checkout scm
}
stage('Build') {
sh 'npm ci'
sh 'npm run build'
}
stage('Test') {
try {
sh 'npm test'
} finally {
junit 'test-results/*.xml'
}
}
if (env.BRANCH_NAME == 'main') {
stage('Deploy') {
sh 'kubectl apply -f k8s/'
}
}
}
通用模式
语义化版本发布
# GitHub Actions
name: Release
on:
push:
tags:
- 'v*'
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Build
run: npm run build
- name: Create Release
uses: softprops/action-gh-release@v1
with:
files: dist/*
generate_release_notes: true
缓存依赖
# GitHub Actions
- name: Cache node modules
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
# GitLab CI
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
并行测试
# GitHub Actions
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
shard: [1, 2, 3, 4]
steps:
- uses: actions/checkout@v4
- run: npm ci
- run: npm test -- --shard=${{ matrix.shard }}/4
条件执行
# GitHub Actions
jobs:
deploy:
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- run: echo "Deploying..."
# GitLab CI
deploy:
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manual
- if: $CI_COMMIT_TAG
when: always
常见场景
场景 1:PR 检查
name: PR Check
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci
- run: npm run lint
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci
- run: npm test
场景 2:定时任务
name: Scheduled Job
on:
schedule:
- cron: '0 2 * * *' # 每天凌晨2点
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- run: echo "Running cleanup..."
场景 3:手动触发
name: Manual Deploy
on:
workflow_dispatch:
inputs:
environment:
description: 'Environment to deploy'
required: true
default: 'staging'
type: choice
options:
- staging
- production
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- run: echo "Deploying to ${{ inputs.environment }}"
故障排查
| 问题 | 排查方法 |
|---|---|
| 构建失败 | 查看日志、本地复现 |
| 权限问题 | 检查 secrets、token |
| 缓存失效 | 检查 cache key |
| 超时 | 增加 timeout、优化步骤 |
Source
git clone https://github.com/chaterm/terminal-skills/blob/main/devops/ci-cd/SKILL.mdView on GitHub Overview
你可以在 GitHub Actions、GitLab CI、Jenkins 等工具中定义从构建到部署的完整流水线,并通过矩阵构建、缓存、密钥管理等机制提升效率与安全性。本技能覆盖三大主流工具的典型场景:基础构建/测试、镜像构建与推送、以及 Kubernetes 部署,适用于单环境与多环境(开发/测试/生产)的持续交付流程。
How This Skill Works
你通过声明式配置来描述流水线任务。GitHub Actions 使用 workflow YAML、GitLab CI 使用 .gitlab-ci.yml、Jenkins 提供 Declarative 与 Scripted 两种写法。流水线在 runner/agent 上执行,支持缓存、密钥/凭证、并行作业、以及与 Docker Hub、Kubernetes 等外部系统的集成。常见能力包括:矩阵构建、镜像构建与推送、Kubernetes 部署、以及环节间的依赖与触发条件。示例能力点:GitHub Actions 的 setup-node、docker/login-action、docker/build-push-action,以及 kubectl/ Azure K8s context 的集成;GitLab CI 的 DOCKER_IMAGE 变量、docker:dind 服务、kubectl 部署;Jenkins 的 Docker 构建/推送、Credentials、以及 Slack 通知。
When to Use It
- 需要在每次提交或 PR 上自动执行构建、测试与静态分析(PR Check)
- 需要构建并推送 Docker 镜像,并在后续阶段部署到 Kubernetes
- 需要在开发、预生产和生产等多环境之间执行一致的部署流程(多环境部署)
- 需要对不同操作系统或 Node.js 版本进行并行测试与矩阵构建
- 需要定时任务或手动触发的部署场景(Scheduled/Manual Deploy)
Quick Start
- 1) 选择工具并创建配置文件(如 GitHub Actions 的 .github/workflows/ci.yml、GitLab 的 .gitlab-ci.yml、或 Jenkins 的 Jenkinsfile)。
- 2) 添加基础构建与测试步骤,例如 checkout、依赖安装、测试与打包。
- 3) 可选:添加镜像构建/推送与部署步骤(Docker 登录、docker build-push、kubectl set image 等)。
- 4) 提交变更并在 UI 中查看流水线执行与日志,逐步完善缓存、并行化和条件触发。
Best Practices
- 使用缓存来加速构建,例如 GitHub Actions 的缓存节点模块、GitLab 的 cache 关键字;确保缓存键包含依赖锁文件的哈希。
- 利用矩阵测试在不同操作系统和 Node.js 版本上验证兼容性,缩短回归时间。
- 流水线各阶段应幂等,部署步骤尽量将产物版本化并避免重复部署。
- 将密钥与凭证放置在安全的 secrets/credentials 中,避免日志输出敏感信息。
- 对生产部署设置受控触发(如仅在 main 分支、或手动触发),并记录发布版本(如基于标签的语义化版本)。
Example Use Cases
- 场景:GitHub Actions 基础 Node.js 项目,PR Check 包含 lint、test 与 build。你会看到 .github/workflows/ci.yml 的基本工作流,包含 checkout、Setup Node、npm ci、npm test、npm run build。
- 场景:Docker 镜像构建与推送,并在 Kubernetes 中部署。流程包含 docker/login-action、docker/build-push-action、kubectl 部署,以及使用环境变量和镜像标签(如 ${GITHUB_SHA})进行版本控制。
- 场景:GitLab CI 的多环境部署。通过 .gitlab-ci.yml 定义 build/test/deploy 三个阶段,使用 DOCKER_IMAGE、kubectl 进行生产环境的发布,同时提供 staging 的分支及环境分离。
- 场景:Jenkins 流水线(Declarative 与 Scripted),从 Checkout、Build、Test、Docker Build/Push,到生产环境的 Kubernetes 部署,并通过 Slack 通知发布结果。
- 场景:通过 GitHub Actions 的标签触发实现语义化版本发布,使用 v* 标签触发、版本提取、打包并发布 Release,以及 dist/ 文件上新的发布流程。
Frequently Asked Questions
Add this skill to your agents
Related Skills
terraform
chaterm/terminal-skills
Terraform 基础设施即代码
monitoring
chaterm/terminal-skills
监控与告警
git-advanced
chaterm/terminal-skills
Git 高级操作
CI/CD Pipeline Security Expert
martinholovsky/claude-skills-generator
Expert in CI/CD pipeline design with focus on secret management, code signing, artifact security, and supply chain protection for desktop application builds
workflow-setup
athola/claude-night-market
Configure GitHub Actions CI/CD workflows for automated testing, linting, and deployment. Use for CI/CD setup and quality automation. Skip if CI/CD configured or using different platform.
datadog-automation
davepoon/buildwithclaude
Automate Datadog tasks via Rube MCP (Composio): query metrics, search logs, manage monitors/dashboards, create events and downtimes. Always search tools first for current schemas.
