gitlab的continue integration 和 continue delivery，因为高可用尚未实现暂时不做continue deployment

1.部署gitlab-runner

官网：https://docs.gitlab.com/runner/install/docker.html

centos7下docker部署方式。

   docker run -d --name gitlab-runner --restart always \
     -v /srv/gitlab-runner/config:/etc/gitlab-runner \
     -v /var/run/docker.sock:/var/run/docker.sock \
     gitlab/gitlab-runner:latest

2.注册gitlab-runner

官网：https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding

因为项目需要构建成docker镜像所以采用docker in docker的方式，当然这里有很多缺点大家可以自行研究（hub.docker.com的docker镜像上有详细说明）

use socket binding

enter gitlab-runner container

docker exec -it gitlab-runner bash

register

sudo gitlab-runner register -n \
  --url https://gitlab.com/ \
  --registration-token REGISTRATION_TOKEN \
  --executor docker \
  --description "My Docker Runner" \
  --docker-image "docker:19.03.12" \
  --docker-volumes /var/run/docker.sock:/var/run/docker.sock

3.搭建Harbor

官网：https://goharbor.io/docs/2.3.0/install-config/

构建的镜像需要放到镜像站上，这里采用Harbor搭建

这里安装的是2.3.1版本，安装要求如下

online安装方式：

github上下载安装程序：https://github.com/goharbor/harbor/releases

解压：

bash $ tar xzvf harbor-online-installer-version.tgz

配置https：

yourdomain.com换成自己的域名

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
 -key ca.key \
 -out ca.crt
 openssl genrsa -out yourdomain.com.key 4096
 openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
    -key yourdomain.com.key \
    -out yourdomain.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=yourdomain.com
DNS.2=yourdomain
DNS.3=hostname
EOF

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in yourdomain.com.csr \
    -out yourdomain.com.crt

cp yourdomain.com.crt /data/cert/
cp yourdomain.com.key /data/cert/
openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert
cp yourdomain.com.cert /etc/docker/certs.d/yourdomain.com/
cp yourdomain.com.key /etc/docker/certs.d/yourdomain.com/
cp ca.crt /etc/docker/certs.d/yourdomain.com/
systemctl restart docker

从harbor刚刚解压的安装包里复制harbor.yml.tmpl成harbor.yml修改如下：

# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
# 这个改成自己滴
hostname: yourdomain.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  # 这个一定要确认有没有被占用，即使你是用https也得看这个接口，他会重定向回https端口
  port: 8088

# https related config
https:
  # https port for harbor, default is 443
  # 注意占用
  port: 4443
  # The path of cert and key files for nginx
  certificate: /data/cert/tcap.thunisoft.com.crt
  private_key: /data/cert/tcap.thunisoft.com.key

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
# 默认账户admin，这里设置密码
harbor_admin_password: Harbor12345

跑起来，恭喜完成，访问地址看看

sudo ./install.sh

4.编写.gitlab-ci.yml

注册了两个runner一个maven环境打包，一个dind环境制作镜像

variables:
  harborurl: yourdomain:4443
  username: admin
  password: Harbor123456
  SOURCE_PATH: source/xxx

stages:
  - build
  - publish
  - deploy

before_script:
  - pwd
  - ls
  - cd ${SOURCE_PATH}

mvnPackage:
  stage: build
  only:
    refs:
      - release
  image: maven:3.6.3-openjdk-11
  tags:
    - docker
  script:
    - tag=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
    - image=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)
    - echo ${image}:${tag}
    - mvn package -U -Dmaven.test.skip=true
    # jobs之间传递参数只能通过文件
    - echo "export tag=${tag} \n export image=${image}">env.txt
  artifacts:
    paths:
      - ${SOURCE_PATH}/target/xxx-*.jar
      - ${SOURCE_PATH}/env.txt

dockerPublish:
  stage: publish
  image: docker:20.10.8
  only:
    - release
  tags:
    - dind
  script:
    - source env.txt
    - echo ${image}:${tag}
    - mkdir artices
    - cp Dockerfile artices
    - cp target/${image}-${tag}.jar artices
    - cd artices
    - ls
    - docker build --build-arg article=${image}-${tag}.jar -t ${image}:${tag} .
    - docker login --username=${username} --password=${password} ${harborurl}
    - docker tag ${image}:${tag} ${harborurl}/yourproject/${image}:${tag}
    - docker images
    - docker push ${harborurl}/yourproject/${image}:${tag}

5.编写Dockerfile

FROM maven:3.6.3-openjdk-11

ARG article

ENV env_article=$article

MAINTAINER myname

ADD $article /opt

COPY xxx /opt
COPY yyy /opt

EXPOSE 80/tcp

WORKDIR /opt

ENTRYPOINT java ${before} -jar ${env_article} ${after}

6.启动

docker run -e befor="" -e after="spring.profiles.active=prod" -d -name test article.jar

总结

        凡事按照官网来，官网说的不清楚的或者理解不到位的再去度娘找答案。不然，吃亏！（上面很多小细节一开始没看官网，大街上随便拉个博客来踩坑啊，浪费的都是青春啊~）