Debian系统GitLab自动化部署实现指南
GitLab自动化部署是通过CI/CD(持续集成/持续部署)工具链实现的,核心是利用GitLab Runner执行预定义的流水线任务(如构建、测试、部署)。以下是具体实现步骤:
安装GitLab
在Debian服务器上完成GitLab Community Edition(CE)的安装与基础配置,确保GitLab服务正常运行。
sudo apt update && sudo apt upgrade -ysudo apt install -y curl openssh-server ca-certificates tzdata perlcurl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bashsudo EXTERNAL_URL="http://your_server_ip_or_domain" apt install gitlab-cesudo gitlab-ctl reconfigure && sudo gitlab-ctl restartsudo ufw allow 80/tcp && sudo ufw allow 443/tcp && sudo ufw reload配置GitLab Runner
GitLab Runner是执行CI/CD任务的代理工具,需在Debian服务器上安装并注册。
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash && sudo apt install gitlab-runnersudo gitlab-runner register,依次输入GitLab实例URL、注册令牌(从GitLab项目→Settings→CI/CD→Runners获取)、Runner描述及标签(如deploy)。在GitLab项目根目录创建.gitlab-ci.yml文件,定义CI/CD流水线的阶段(stages)和任务(jobs)。以下是一个基础示例:
stages:
- test # 测试阶段:运行单元测试、集成测试
- deploy # 部署阶段:将代码部署到目标环境
# 测试任务:使用Maven运行Java项目测试(根据项目语言调整命令)
test_job:
stage: test
script:
- echo "Running unit tests..."
- mvn test # 替换为项目对应的测试命令(如npm test、pytest)
only:
- main # 仅在main分支提交时触发
# 生产环境部署任务:通过SSH拉取最新代码并重启服务
deploy_production:
stage: deploy
script:
- echo "Deploying to production..."
- chmod 400 $SSH_PRIVATE_KEY # 授权SSH私钥
- ssh -o StrictHostKeyChecking=no -i $SSH_PRIVATE_KEY $SERVER_USER@$SERVER_IP << 'EOF'
cd $PROJECT_PATH
git pull origin main
npm install # 安装依赖(根据项目调整,如pip install -r requirements.txt)
pm2 restart my-app # 重启应用(如使用PM2管理Node.js应用)
EOF
only:
- main # 仅在main分支提交时触发
when: manual # 生产环境部署建议手动触发,避免误操作
environment:
name: production
url: https://your-production-domain.com
关键说明:
stages:定义流水线的执行顺序(如先测试后部署)。only:指定触发分支(如main或develop),避免不必要的触发。when: manual:生产环境部署需人工确认,提升安全性。$SSH_PRIVATE_KEY、$SERVER_USER等变量需在GitLab项目设置中配置(见下文)。为避免敏感信息(如SSH私钥、服务器IP)硬编码在.gitlab-ci.yml中,需通过GitLab的CI/CD变量管理:
SSH_PRIVATE_KEY:服务器SSH私钥(从部署用户~/.ssh/id_rsa复制)。SERVER_USER:服务器登录用户名(如deployer)。SERVER_IP:服务器IP地址或域名。PROJECT_PATH:项目在服务器上的部署路径(如/var/www/my-app)。若项目使用Docker,可通过.gitlab-ci.yml实现容器化部署:
deploy_docker:
stage: deploy
script:
- echo "Deploying with Docker..."
- chmod 400 $SSH_PRIVATE_KEY
- ssh -i $SSH_PRIVATE_KEY $SERVER_USER@$SERVER_IP << 'EOF'
cd $PROJECT_PATH
git pull origin main
docker build -t my-app:latest .
docker stop my-app || true
docker rm my-app || true
docker run -d --name my-app -p 3000:3000 --restart unless-stopped my-app:latest
EOF
only:
- main
蓝绿部署通过维护两套环境(蓝、绿)实现零停机部署:
deploy_blue_green:
stage: deploy
script:
- |
# 获取当前环境颜色(蓝或绿)
CURRENT_COLOR=$(ssh $SERVER_USER@$SERVER_IP "cat $PROJECT_PATH/current_color 2>/dev/null || echo 'blue'")
TARGET_COLOR="green"
if [ "$CURRENT_COLOR" = "blue" ]; then
TARGET_COLOR="green"
else
TARGET_COLOR="blue"
fi
# 部署到目标环境
ssh $SERVER_USER@$SERVER_IP << EOF
cd $PROJECT_PATH/$TARGET_COLOR
git pull origin main
npm install && npm run build
pm2 restart my-app
# 切换流量(以Nginx为例)
sudo cp $PROJECT_PATH/nginx-config-$TARGET_COLOR.conf /etc/nginx/sites-available/my-site
sudo nginx -s reload
# 更新当前环境记录
echo "$TARGET_COLOR" > $PROJECT_PATH/current_color
EOF
only:
- main
部署后通过健康检查验证应用状态,失败时自动回滚:
health_check:
stage: deploy
script:
- |
MAX_ATTEMPTS=5
ATTEMPT=0
while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
if curl -f http://$SERVER_IP:3000/health; then
echo "Health check passed!"
exit 0
fi
echo "Health check attempt $((ATTEMPT+1)) failed. Retrying in 30s..."
sleep 30
ATTEMPT=$((ATTEMPT+1))
done
echo "Health check failed. Rolling back..."
exit 1
needs: ["deploy_production"]
when: always # 无论部署成功与否都执行
cache加速依赖安装(如cache: paths: - node_modules/)。--user参数指定非root用户)。通过以上步骤,可实现Debian系统上GitLab的全自动化部署,覆盖从代码提交到生产环境发布的全流程,提升开发效率与部署可靠性。
