Gitlab을 사용한 CI/CD

* 해당 영상을 참고했습니다. 모든 이미지의 출처는 아래 영상입니다.

https://www.youtube.com/watch?v=qP8kir2GUgo 

 

 

동영상을 보면서 가볍게 정리한 내용이라서 매끄럽지 않습니다. 추후 수정 예정입니다.

 

 

Gitlab CI/CD Platform

Gitlab은 devops 프로세스를 위한 추가 기능이 제공된다.

 

gitlab의 장점은 you already have your code on gitlab

동일 플랫폼에서 ci/cd 생성 가능하다는 것이다.

- git에 이미 코드 저장되어 있음. 다른 툴 사용할 필요 없음  

 

 

 

젠킨스 서버는 파이프라인을 생성하고 그것을 깃 프로젝트와 연결해야 한다. 

반면에 깃랩은 어떠한 구성도 필요없이 시작할 수 있다.

- 애플리케이션 코드 및 파이프라인 구성을 호스트한다.

 

 

 

 

 

 

GitLab의 관리형 인프라를 사용한다.

 

Executing tests is a core part of a CI/CD pipeline

- Verifies that the new code changes, didn't break anything.
- 새 코드가 변경되고 아무 것도 손상되지 않았는지 확인합니다.

- So if tests fail, the pipeline fails and the new changes won't be deployed.

 

When you build the pipeline for an app, you only need to know how to execute the tests

앱용 파이프라인을 빌드할 때 테스트를 실행하는 방법만 알면 된다.

 

---

Demo

1. Run Tests (run_tests)

 

Pipeline is scripted

- pipeline is written in code > Hosted inside application's git repository

-> Whole CI/CD configuration is written in YAML format (.gitlab-ci.yaml)

 

 

Gitlab RUNNER default : GitLab's managed Runners use a Ruby image to start the container

We can specify the Docker image that the job should run in  

 

 

run_tests:
  stage: test
  image: python:3.9-slim-buster  # Runner image
  before_script:  # Commands that should run before script command
    - apt-get update && apt-get install make
  # after_script : Define commands that run after each job including failed jobs
  script:
    - make test

 

Twingate..

 

 

2. Build docker image & Push to Docker Repository (run_tests -> build_image)

 

GitLab > Settings > CI/CD > Variables

 

Project Variables

- Stored outside the git repository

(not in the .gitlab-ci.yml)

- Ideal for tokens and passwords, which should not be included in the repository for security reasons! 

 

dockerhub에 접속하는 id/pw를 yaml 파일에 넣을 수 없으니 project variables를 사용한다.

REGISTRY_PASS / REGISTRY_USER 생성 완료. 아래 yaml에서 사용하겠음

 

variables:
  IMAGE_NAME: nanajanashia/demo-app
  IMAGE_TAG: python-app-1.0

stages:
  - test
  - build
  
run_tests:
  stage: test
  image: python:3.9-slim-buster  # Runner image
  before_script:  # Commands that should run before script command
    - apt-get update && apt-get install make
  # after_script : Define commands that run after each job including failed jobs
  script:
    - make test


build_image:
  stage: build
  image: docker:20.10.16 # (docker client) 아래 docker 명령어 실행을 위한 docker image
  services:
    - docker:20.10.16-dind # (docker daemon) Docker client -> Docker daemon
  variables:
    DOCKER_TLS_CERTDIR: "/certs" # client(server)-daemon 통신을 위한 cert
  before_script:
    - docker login -u $REGISTRY_USER -p $REGISTRY_PASS
  script:
    - docker build -t $IMAGE_NAME:$IMAGE_TAG .# -t : Name and optionally a tag "name:tag" format
    - docker push $IMAGE_NAME:$IMAGE_TAG

 

* stages (task들을 순서대로 진행할 수 있게 함)

- You can group multiple jobs into stages that run in a defined order (Logically group jobs that belong together)

- Multiple jobs in the same stage are executed in parallel
(Only when all jobs (e.g. all tests) are successful, next will be executed

 

 

 

 

3. Deploy to Server (run_tests -> build_image -> deploy)

 

Project variable에 SSH_KEY 등록

 

variables:
  IMAGE_NAME: nanajanashia/demo-app
  IMAGE_TAG: python-app-1.0

stages:
  - test
  - build
  - deploy

run_tests:
  stage: test
  image: python:3.9-slim-buster  # Runner image
  before_script:  # Commands that should run before script command
    - apt-get update && apt-get install make
  # after_script : Define commands that run after each job including failed jobs
  script:
    - make test


build_image:
  stage: build
  image: docker:20.10.16 # (docker client) 아래 docker 명령어 실행을 위한 docker image
  services:
    - docker:20.10.16-dind # (docker daemon) Docker client -> Docker daemon
  variables:
    DOCKER_TLS_CERTDIR: "/certs" # client(server)-daemon 통신을 위한 cert
  before_script:
    - docker login -u $REGISTRY_USER -p $REGISTRY_PASS
  script:
    - docker build -t $IMAGE_NAME:$IMAGE_TAG .# -t : Name and optionally a tag "name:tag" format
    - docker push $IMAGE_NAME:$IMAGE_TAG


deploy:
  stage: deploy
  before_script:
  # By default, GitLab gives everyone read write permissions
  # We need to restrict access permissions to the ssh key file
    - chmod 400 $SSH_KEY
  script:
    - ssh -o StrictHostKeyChecking=no -i $SSH_KEY root@161.35.223.117 "
        docker login -u $REGISTRY_USER -p $REGISTRY_PASS &&
        docker ps -aq | xargs docker stop | xargs docker rm &&
        docker run -d -p 5000:5000 $IMAGE_NAME:$IMAGE_TAG"
        
        # docker run : Pull and run image as a Docker conatiner / -d = background
        # docker ps = List Containers / -a = Show all running containers
        # -q = Only display Container IDs

 

* gitlab sample url : https://gitlab.com/nanuchi/gitlab-cicd-crash-course

 

위에서 사용한 것 외에도 GitLab에는 다양한 기능이 있다.

 

 

 

References

https://www.youtube.com/watch?v=qP8kir2GUgo