Инструменты автоматизации и оркестрации — Пример — полный CI/CD-пайплайн в GitLab CI

Код IT Загрузка примера кода…

stages:
  - build
  - test
  - scan
  - deploy

variables:
  DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
  KUBE_NAMESPACE: production

# Сборка Docker-образа
build-image:
  stage: build
  image: docker:20.10.16
  services:
    - docker:20.10.16-dind
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build -t $DOCKER_IMAGE .
    - docker push $DOCKER_IMAGE
  only:
    - main

# Запуск unit-тестов
run-tests:
  stage: test
  image: python:3.11
  before_script:
    - pip install -r requirements.txt
  script:
    - pytest tests/unit/

# Сканирование образа на уязвимости
Безопасность-scan:
  stage: scan
  image: aquasec/trivy:latest
  script:
    - trivy image --exit-code 1 --severity CRITICAL $DOCKER_IMAGE
  dependencies:
    - build-image
  only:
    - main

# Деплой в Kubernetes
deploy-to-k8s:
  stage: deploy
  image: bitnami/kubectl:latest
  script:
    - kubectl config set-cluster k8s --server="$KUBE_URL" --insecure-skip-tls-verify=true
    - kubectl config set-credentials gitlab --token="$KUBE_TOKEN"
    - kubectl config set-context default --cluster=k8s --user=gitlab --namespace=$KUBE_NAMESPACE
    - kubectl config use-context default
    - sed "s|__IMAGE__|$DOCKER_IMAGE|g" k8s/deployment.yaml | kubectl apply -f -
  dependencies:
    - Безопасность-scan
  only:
    - main
  environment:
    name: production

stages:
  - build
  - test
  - scan
  - deploy

variables:
  DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
  KUBE_NAMESPACE: production

# Сборка Docker-образа
build-image:
  stage: build
  image: docker:20.10.16
  services:
    - docker:20.10.16-dind
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build -t $DOCKER_IMAGE .
    - docker push $DOCKER_IMAGE
  only:
    - main

# Запуск unit-тестов
run-tests:
  stage: test
  image: python:3.11
  before_script:
    - pip install -r requirements.txt
  script:
    - pytest tests/unit/

# Сканирование образа на уязвимости
Безопасность-scan:
  stage: scan
  image: aquasec/trivy:latest
  script:
    - trivy image --exit-code 1 --severity CRITICAL $DOCKER_IMAGE
  dependencies:
    - build-image
  only:
    - main

# Деплой в Kubernetes
deploy-to-k8s:
  stage: deploy
  image: bitnami/kubectl:latest
  script:
    - kubectl config set-cluster k8s --server="$KUBE_URL" --insecure-skip-tls-verify=true
    - kubectl config set-credentials gitlab --token="$KUBE_TOKEN"
    - kubectl config set-context default --cluster=k8s --user=gitlab --namespace=$KUBE_NAMESPACE
    - kubectl config use-context default
    - sed "s|__IMAGE__|$DOCKER_IMAGE|g" k8s/deployment.yaml | kubectl apply -f -
  dependencies:
    - Безопасность-scan
  only:
    - main
  environment:
    name: production