在Gitlab中的两步Dockerfile中传递--build-arg或使用环境变量

时间:2019-04-18 22:11:25

标签: docker continuous-integration environment-variables gitlab next.js

我的最低测试项目布局如下。

├── deployment
│   ├── build.sh
│   └── nginx
│       └── nginx.conf
├── Dockerfile
├── next.config.js
├── package.json
├── package-lock.json
└── pages
    ├── _app.js
    └── index.js

Dockerfile的内容:

FROM node as build-stage

ARG K8S_SECRET_PUB
ENV K8S_SECRET_PUB ${K8S_SECRET_PUB}

ARG SRV
ENV SRV ${SRV}

WORKDIR /app
COPY package*json /app/
RUN npm install --production
COPY ./ /app/
RUN npm run export


FROM nginx:1.15-alpine

RUN rm /etc/nginx/nginx.conf
COPY --from=build-stage /app/out /www
COPY deployment/nginx/nginx.conf /etc/nginx/
EXPOSE 5000

目标是将环境变量K8S_SECRET_PUB和SRV传递给构建过程。 npm run export执行next build && next export以获取nginx服务器应提供的静态文件。

next.config.js的内容:

require('dotenv').config();

module.exports = {
  serverRuntimeConfig: {
    srv: process.env.SRV
  },
  publicRuntimeConfig: {
    pub: process.env.K8S_SECRET_PUB
  }
};

pages / _app.js的内容:

import App from 'next/app';
import getConfig from 'next/config';

const { serverRuntimeConfig, publicRuntimeConfig } = getConfig();

class MyApp extends App {
  render() {
    return (
      <div>
        <h1>
          {serverRuntimeConfig.srv || 'SRV not accessible from client :p'}
        </h1>
        <h1>{publicRuntimeConfig.pub || 'PUB not set'}</h1>
      </div>
    );
  }
}

export default MyApp;

通过docker build --build-arg K8S_SECRET_PUB=puppy --build-arg SRV=serverval -t my_image .在本地构建docker映像时,我可以通过docker run -p 5000:5000 my_image启动一个容器。

访问正在运行的容器具有预期的结果。检查文件系统进一步表明,通过了传递的构建参数并相应地写入了文件。

testing the docker image locally

但是,当我将此代码推送到Gitlab时,已部署的nginx如下所示:

running it on Gitlab

我要完成的工作是在Dockerfile中定义的构建阶段中拾取并使用我通过Gitlab UI的Settings-> CI / CD定义的Environment变量。由于我们对Auto Dev感到满意,因此我们尚未创建并签入.gitlab-ci.yml文件。

更新#1

稍作修改后,我现在可以访问环境变量,但是我失去了Auto DevOps的便利性。

我添加了一个deployment/build.sh并包含以下内容:

#!/bin/sh
docker build --build-arg K8S_SECRET_PUB="${K8S_SECRET_PUB}" --build-arg SRV="${SRV}" -t my_image .

我还从.gitlab-ci.yml开始,其中包含以下内容:

stages:
    - build
    - review
    - deploy
    - clean

image: docker:latest

services:
    - docker:dind

build:
    stage: build
    script:
        - sh ./deployment/build.sh
        - mkdir image
        - docker save my_image > image/my_image.tar
    artifacts:
        paths:
            - image

将存储库推送到Gitlab之后,管道成功完成,我可以下载工件,将其解压缩,通过docker load -i image/my_image.tar加载并运行它。确实,页面从Gitlab CI / CD UI加载了定义的变量。 但是,现在我已经失去了部署过程的所有其他步骤(这是我不想首先编写.gitlab-ci.yml的主要原因)。

更新#2

使用https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml上的Auto DevOps模板,我做了以下更改:

  • 注释行- template: Jobs/Build.gitlab-ci.yml
  • 用docker映像替换高山
  • 在变量部分添加了CODE_QUALITY_DISABLED: "true",因为代码质量检查花费的时间太长了
  • 添加服务并根据我之前在上文中的尝试构建部分

现在,我处于审查阶段。

Application should be accessible at: http://*my_image_url*
Waiting for deployment "review-branchname-abcxyz" rollout to finish: 0 of 1 updated replicas are available...

1 个答案:

答案 0 :(得分:1)

在更新#2之后,这些是我为使其正常运行所做的更改。

重写.gitlab-ci.yml:

image: docker:latest

variables:
  CI_APPLICATION_TAG: $CI_COMMIT_SHA
  CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG
  CODE_QUALITY_DISABLED: "true"

  KUBERNETES_VERSION: 1.11.9
  HELM_VERSION: 2.13.1

  DOCKER_DRIVER: overlay2

  ROLLOUT_RESOURCE_TYPE: deployment

stages:
  - build
  - test
  - deploy # dummy stage to follow the template guidelines
  - review
  - dast
  - staging
  - canary
  - production
  - incremental rollout 10%
  - incremental rollout 25%
  - incremental rollout 50%
  - incremental rollout 100%
  - performance
  - cleanup

include:
#  - template: Jobs/Build.gitlab-ci.yml
  - template: Jobs/Test.gitlab-ci.yml
  - template: Jobs/Code-Quality.gitlab-ci.yml
  - template: Jobs/Deploy.gitlab-ci.yml
  - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml
  - template: Security/DAST.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/License-Management.gitlab-ci.yml
  - template: Security/SAST.gitlab-ci.yml

# Override DAST job to exclude master branch
dast:
  except:
    refs:
      - master

services:
    - docker:dind

build:
    stage: build
    script:
        - sh ./deployment/build.sh

使用了我发现的模板中的更多内容,并重写了deployment / build.sh:

if ! docker info &>/dev/null; then
  if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
    export DOCKER_HOST='tcp://localhost:2375'
  fi
fi

if [[ -n "$CI_REGISTRY_USER" ]]; then
  echo "Logging to GitLab Container Registry with CI credentials..."
  docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
fi

if [[ -f Dockerfile ]]; then
  echo "Building Dockerfile-based application..."
else
  echo "Building Heroku-based application using gliderlabs/herokuish docker image..."
  cp /build/Dockerfile Dockerfile
fi

docker build --build-arg K8S_SECRET_PUB="${K8S_SECRET_PUB}" --build-arg SRV="${SRV}" --tag "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG" .

docker push "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG"
相关问题
最新问题