我正在做一个柏树项目。我已经在 GitLab 中建立了一个管道。 我的应用程序只能在通过 Open VPN 连接的专用网络上运行。
有人可以指导我如何将其添加到 .gitlab-ci.yml 文件中吗???
我的 .gitlab-ci.yml 是:
image: cypress/base:10
stages:
- test
test:
stage: test
script:
- npm install
- npm run test
我的 package.json 如下:
{
"name": "cypresspackage",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"clean:reports": "rm -R -f cypress/reports && mkdir cypress/reports && mkdir cypress/reports/mochareports",
"pretest": "npm run clean:reports",
"scripts": "cypress run --spec cypress/integration/dummy.feature",
"combine-reports": "mochawesome-merge ./cypress/reports/mocha/*.json > cypress/reports/mochareports/report.json",
"generate-report": "marge cypress/reports/mochareports/report.json -f report -o cypress/reports/mochareports",
"report:copyScreenshots": "cp -r cypress/screenshots cypress/reports/mochareports/assets",
"posttest": "npm run report:copyScreenshots && npm run combine-reports && npm run generate-report",
"test": "npm run scripts || npm run posttest"
},
"author": "",
"license": "ISC",
"devDependencies": {
"cypress": "^6.3.0",
"cypress-audit": "^0.3.0",
"cypress-cucumber-preprocessor": "^4.0.1",
"cypress-multi-reporters": "^1.4.0",
"cypress-xpath": "^1.6.2",
"mocha": "^8.2.1",
"mochawesome": "^6.2.1",
"mochawesome-merge": "^4.2.0",
"mochawesome-report-generator": "^5.1.0"
},
"dependencies": {
"lambdatest-cypress-cli": "^1.0.1"
},
"cypress-cucumber-preprocessor": {
"nonGlobalStepDefinitions": true
}
}
答案 0 :(得分:2)
我猜 gitlab 在运行时提供了运行器
我猜您正在使用 GitLab 的 SaaS。这意味着您的 VPN 将在非私人环境中打开。例如,一些 GitLab 管理员应该有权访问您的 VPN 连接,并且根据 GitLab 在其后院的配置方式,其他一些 GitLab 用户可能有权访问您的专用网络。我会避免这种情况。如果您坚持这样做,您最好使用您项目的秘密功能来保存您的 OpenVPN 客户端身份验证,从而使其保持私密性。
<块引用>是否可以选择跑步者?
当然。您可以注册在您自己的服务器上运行的跑步者(甚至可以按需在家中)。这取决于在何处以及如何使用此运行程序(Docker?Kubernetes?Debian?等)。看看Registering a GitLab Runner。您需要从项目的配置中生成一个令牌,然后使用该令牌安装运行器。
一旦您安装并配置了自己的运行器(确保它在需要时运行),您就需要在管道中配置您的 VPN 启动/停止。在这里,我复制了在 GitLab's forum 上找到的一段代码:
before_script:
##
## VPN
## Inspiration from: https://torguard.net/knowledgebase.php?action=displayarticle&id=138
## And http://forum.gitlab.com/t/connect-vpn-during-ci-cd/7585
## Content from Variables to files: https://stackoverflow.com/a/49418265/4396362
## Waiting for opnevpn connect would be better than sleeping, the closest would be https://askubuntu.com/questions/28733/how-do-i-run-a-script-after-openvpn-has-connected-successfully
## Maybe this would work https://unix.stackexchange.com/questions/403202/create-bash-script-to-wait-and-then-run
##
- which openvpn || (apt-get update -y -qq && apt-get install -y -qq openvpn) # Install openvpn if not available.
- cat <<< $CLIENT_OVPN > /etc/openvpn/client.conf # Move vpn config from gitlab variable to config file.
- cat <<< $VPN_U > /etc/openvpn/pass.txt # Move vpn user from gitlab variable to pass file.
- cat <<< $VPN_P >> /etc/openvpn/pass.txt # Move vpn password from gitlab variable to pass file.
- cat <<< "auth-user-pass /etc/openvpn/pass.txt" >> /etc/openvpn/client.conf # Tell vpn config to use password file.
- cat <<< "log /etc/openvpn/client.log" >> /etc/openvpn/client.conf # Tell vpn config to use log file.
- openvpn --config /etc/openvpn/client.conf --daemon # Start openvpn with config as a deamon.
- sleep 30s # Wait for some time so the vpn can connect before doing anything else.
- cat /etc/openvpn/client.log # Print the vpn log.
- ping -c 1 <IP> # Ping the server I want to deploy to. If not available this stops the deployment process.
在此之后,您可以添加一个 after_script 部分来停止 OpenVPN 守护程序,或使用包含 when: always 的特殊关闭作业,以确保即使构建失败也关闭 VPN 连接。
您也可以尝试其他解决方案,具体取决于您的环境。