gitlab配置公钥

代码仓库:代码仓库:https://github.com/wq-h/demo-2048.git

创建密钥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# ssh-keygen -t rsa -b 2048 -C "weiqun_h@163.com" -N "" -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:lo1dX2Kj+5Z8n7LiICLc9yYJdkhlY9W2YpNsTn/pmrI weiqun_h@163.com
The key's randomart image is:
+---[RSA 2048]----+
| ... |
| = o |
| + o o o + .|
| . & o + + |
| . . S * . o |
| . .+ o . . + |
| o.ooo.. +. . |
| . oooo...++ o|
| oE++oo+oo|
+----[SHA256]-----+

gitlab配置公钥

jenkins 创建凭据

选择ssh username with private key类型 添加私钥

jenkins配置流水线

  • 创建项目

  • 配置流水线

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
pipeline {
agent any // 可以在任何可用的代理上执行pipeline或stage
environment { // 指令指定一系列键值对,这些键值对将被定义为所有step或特定stage的step的环境变量
GIT_REPO="https://gitlub.com/wq-h/demo-2048.git" // 构建项目的git仓库地址
GIT_BRANCH="master" // 构建项目的git分支
SSH_ID="51561e93-8c3c-4904-8fce-2c0014c5dc9f" // Jenkins里配置ssh key的唯一标识
MVN_CMD="mvn clean package" // maven编译命令
TARGET_DIR="target" // 编译项目输出jar或war包的路径
BASE_IMAGE="harbor.od.com/system_containers/tomcat:v8.0" // Dockerfile底层镜像
Repository="harbor.od.com/infra" // docker仓库组
IMAGE_NAME="demo-2048" // 构建镜像的镜像名称
IMAGE_TAG="${BUILD_TIMESTAMP}" // 构建时的时间,为构建镜像的tag
NAMESPACE="demo" // 更新服务时的namespace
DEPLOY="demo-2048" // 更新服务时deploy的名称
}
stages { // 在pipeline内只容许出现只有一次
stage('检出代码') { // 阶段,pipeline 工作所在的位置
steps { // 步骤,在stage指令中执行的一个或多个步骤
deleteDir() // 递归删除WORKSPACE下的文件和文件夹
checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: "${SSH_ID}", url: "${GIT_REPO}"]]])
}
}
stage('构建代码') {
tools { // 定义自动安装和放置工具的部分PATH
maven "apache-maven-3.6.3" // 工具名称必须在Jenkins 管理Jenkins → 全局工具配置中预置
}
steps {
sh "${MVN_CMD}"
}
post { // post定义将在pipeline运行或stage结束时运行的操作
success { // 成功之后提取制品
archiveArtifacts "${TARGET_DIR}/*.war"
}
}
}
stage('构建镜像') {
steps { // 创建Dockerfile并构建
writeFile file: "${TARGET_DIR}/Dockerfile", text: """FROM ${BASE_IMAGE}
COPY ./*.war /usr/local/tomcat/webapps"""
sh "cd ./target && docker build -t ${Repository}/${IMAGE_NAME}:${IMAGE_TAG} ."
}
}
stage('推送镜像') {
steps {
sh "docker push ${Repository}/${IMAGE_NAME}:${IMAGE_TAG}"
}
}
stage('更新服务') {
steps {
//sh "kubectl get po -A"
sh "kubectl set image deploy/${DEPLOY} ${DEPLOY}=${Repository}/${IMAGE_NAME}:${IMAGE_TAG} -n${NAMESPACE} "
}
}
}
}