名称: ci-cd-pipelines 描述: 用于GitHub Actions、GitLab CI的CI/CD管道模式,测试策略和部署自动化
CI/CD 管道
GitHub Actions 工作流
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
cache: npm
- run: npm ci
- run: npm run lint
- run: npm run typecheck
test:
runs-on: ubuntu-latest
needs: lint
services:
postgres:
image: postgres:16
env:
POSTGRES_DB: test
POSTGRES_USER: test
POSTGRES_PASSWORD: test
ports: ["5432:5432"]
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
cache: npm
- run: npm ci
- run: npm test -- --coverage
env:
DATABASE_URL: postgres://test:test@localhost:5432/test
- uses: codecov/codecov-action@v4
deploy:
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/main'
environment: production
steps:
- uses: actions/checkout@v4
- run: ./scripts/deploy.sh
使用 concurrency 取消过时运行。使用 needs 定义作业依赖。
GitLab CI 管道
stages:
- validate
- test
- build
- deploy
variables:
NODE_IMAGE: node:22-alpine
lint:
stage: validate
image: $NODE_IMAGE
cache:
key: $CI_COMMIT_REF_SLUG
paths: [node_modules/]
script:
- npm ci
- npm run lint
- npm run typecheck
test:
stage: test
image: $NODE_IMAGE
services:
- postgres:16
variables:
POSTGRES_DB: test
DATABASE_URL: postgres://runner:@postgres:5432/test
script:
- npm ci
- npm test -- --coverage
coverage: '/Statements\s*:\s*(\d+\.?\d*)%/'
artifacts:
reports:
junit: coverage/junit.xml
coverage_report:
coverage_format: cobertura
path: coverage/cobertura.xml
build:
stage: build
image: docker:24
services: [docker:24-dind]
script:
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
rules:
- if: $CI_COMMIT_BRANCH == "main"
deploy:
stage: deploy
environment:
name: production
url: https://app.example.com
script:
- ./deploy.sh $CI_COMMIT_SHA
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manual
可复用的 GitHub Action
# .github/actions/setup/action.yml
name: Setup
description: Install dependencies and cache
inputs:
node-version:
default: "22"
runs:
using: composite
steps:
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
cache: npm
- run: npm ci
shell: bash
# 在工作流中的使用
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup
- run: npm test
矩阵策略
test:
strategy:
fail-fast: false
matrix:
node: [20, 22]
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
- run: npm ci && npm test
反模式
- 不在运行之间缓存依赖(npm、pip、cargo)
- 当代码检查和测试可以并行时,顺序运行所有作业
- 在工作流文件中存储秘密,而不是仓库或环境秘密
- 缺少
concurrency组,导致快速推送时冗余CI运行 - 在矩阵构建中不使用
fail-fast: false(一个失败取消其他) - 没有批准门或环境保护规则就部署
检查清单
- [ ] 在CI运行之间缓存依赖
- [ ] 并发组取消过时管道运行
- [ ] 代码检查、类型检查和测试作为可并行作业运行
- [ ] 数据库服务在测试开始前使用健康检查
- [ ] 上传和跟踪覆盖率报告
- [ ] 部署作业需要生产环境批准
- [ ] 可复用的操作或模板提取常见设置步骤
- [ ] 秘密存储在CI平台,从不存储在代码中