容器DevOps的第二步-镜像制品的安全构建Gitlab篇

/ devops工作流 / 没有评论 / 158浏览

第一步肯定是企业级Docker镜像仓库啦.

环境

Gitlab 以及 Auto DevOps 开启

Node 环境

Docker引擎及客户端

Docker镜像仓库

Dockerfile可能需要的软件包仓库

Gitlab-runner 及其使用docker的权限

# wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
# chmod +x /usr/local/bin/gitlab-runner
# useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash
# usermod -aG root gitlab-runner
# gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
# gitlab-runner start

gitlab-runner register

root@paa2:~# gitlab-runner register
Runtime platform                                    arch=amd64 os=linux pid=13311 revision=1f513601 version=11.10.1
Running in system-mode.

Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
http://192.168.0.165/
Please enter the gitlab-ci token for this runner:
aZdo2B7yhe-pZijnwmKs
Please enter the gitlab-ci description for this runner:
[paa2]: docker-demo
Please enter the gitlab-ci tags for this runner (comma separated):
docker
Registering runner... succeeded                     runner=aZdo2B7y
Please enter the executor: parallels, shell, virtualbox, docker+machine, kubernetes, docker, docker-ssh, ssh, docker-ssh+machine:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Dockerfile

.gitlab-ci.yml 示范

cat .gitlab-ci.yml

stages:
  - build_image
  - push_image
  - rmi_image
 
before_script:
  - docker info 
  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY 


build_image:
  stage: build_image
  tags:
    - docker
  script:
    - ls -l
    - pwd 
    - cat Dockerfile
    - docker images
    - docker build  -t  "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
 
push_image:
  stage: push_image
  tags:
    - docker
  script:
    - docker tag "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
    
rmi_image:
  stage: rmi_image
  tags:
    - docker
  script:    
    - docker images
    - docker rmi "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"

gitlab variables setting

这里写上关于images build需要的参数,可以设置密码,防止代码出现地址和用户密码

Demo

下一篇,Jenkins的docker image build