作者:越野之族_205 | 来源:互联网 | 2023-01-07 11:03
我正在尝试使用Gitlab建立CI/CD管道以下是我想要做的事情:
注意:这是一个打字稿项目
单元测试和集成测试
促进分支开发到分支集成
从分支集成构建docker镜像
部署到集成环境
这是.gitlab-ci.yml
我正在使用的(i:
stages:
- test
- promote
- build
- deploy
cache:
paths:
- node_modules/
test:
image: node
stage: test
before_script:
- yarn
script:
- yarn test
promote:
image: node
stage: promote
only:
- dev
script:
- git push origin HEAD:integration
build
image: node
stage: build
only:
- integration
script:
- echo "build docker image from integration"
deploy:
image: node
stage: deploy
only:
- integration
script:
- echo "deploy integration"
我的问题是这行git push origin HEAD:integration
不能从gitlab运行器完成,这里是输出控制台:
Running with gitlab-runner 10.1.0 (c1ecf97f)
on RUNNER (ce8757c9)
Using Docker executor with image node ...
Using docker image sha256:fb8322a7cefdf2b3ba1c15218187bb65f9d4d4ab4e27dc3a91bb4eba38964429 for predefined container...
Pulling docker image node ...
Using docker image node ID=sha256:c1d02ac1d9b4de08d3a39fdacde10427d1c4d8505172d31dd2b4ef78048559f8 for build container...
Running on runner-ce8757c9-project-907-concurrent-0 via VERD842...
Fetching changes...
Removing node_modules/
HEAD is now at 63cccc5 update ci - dev
From https://gitlab.mycompany.com/project1/ci-demo
63cccc5..98d347e dev -> origin/dev
Checking out 98d347e5 as dev...
Skipping Git submodules setup
Checking cache for default...
Successfully extracted cache
$ git push origin HEAD:integration
remote: You are not allowed to upload code for this project.
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.mycompany.com/project1/ci-democi-demo.git/': The requested URL returned error: 403
ERROR: Job failed: exit code 1
我已经阅读了文档和一些示例,但我无法弄清楚如何使这项工作?我应该创建一个用户 gitlab-ci-token
吗?我应该在bash
脚本中进行分支推广吗?
随意给我任何关于我试图做的管道的反馈......
问候
1> Stefan van G..:
要从Gitlab CI运行器中推送到repo,您需要使用具有对要推送的分支的推送访问权限的用户.我们使用以下设置来完成此任务(我们让Gitlab CI标签发布并推送它们).
创建一个名为的新Gitlab用户gitlab-ci
创建一个SSH密钥对,并将公钥添加到Gitlab中的gitlab-ci用户的SSH密钥
给gitlab-ci用户推送访问你的repo(开发者角色)
将私钥的内容添加为名为**的CI/CD秘密变量SSH_PRIVATE_KEY**
这样私钥可以在CI作业中使用,接下来我的CI作业的第一部分如下所示:
script:
# Install ssh-agent through openssh-client if not present
- 'which ssh-agent || ( apt-get update -qy && apt-get install openssh-client -qqy )'
# Add the private key to this user
- eval $(ssh-agent -s) && ssh-add <(echo "$SSH_PRIVATE_KEY") && mkdir -p ~/.ssh
# Docker specific settings
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# Config git to avoid first usage questions. Set the identity
- git config --global user.email "noreply@example.com" && git config --global user.name "Gitlab CI"
#
# Do Git stuff, for example:
#
- git checkout $CI_COMMIT_REF_NAME
- git tag my-release-1.0
- git push -u origin my-release-1.0
Big fat免责声明:只有在处理过的Gitlab CI跑步者设置中使用此功能时,您才会分发私人SSH密钥,并且可以访问您的仓库,因此您必须谨慎使用.
创建一个单独的用户是一个黑客攻击,Gitlab有一个部署密钥系统,您可以通过该系统启用推送访问,而无需虚拟用户.