GITLIbCICD流水线搭建

1，搭建gitLIb服务器，创建gitlibRunner  并且注册，

2. 写dockerfile  包块java程序运行的环境，jdk，参数等 ，

2.1ai生成版本，

	# 基础镜像（JDK 17）FROM eclipse-temurin:17-jdk-alpine# 设置工作目录WORKDIR /app# 复制Maven配置（可选）COPY .m2/settings.xml /root/.m2/# 复制项目文件COPY pom.xml .COPY src/ src/# 构建应用（跳过测试）RUN mvn -B -DskipTests clean package# 使用JRE运行时镜像FROM eclipse-temurin:17-jre-alpine# 复制构建好的应用COPY target/*.jar app.jar# 配置端口EXPOSE 8080# 定义启动命令ENTRYPOINT ["java","-jar","app.jar"]

2.2实战版本  这里还不完全，实战中应该dockerfile中还应该写日志挂载等目录同步到服务器上，

# 使用更小的基础镜像
FROM openjdk:17-jdkWORKDIR /app# 创建自定义java.security（保持原有安全配置）
RUN echo "jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \\" > /app/java.security && \echo "    EC keySize < 224, 3DES_EDE_CBC, anon, NULL" >> /app/java.security# 直接复制CI生成的JAR文件（需确保文件路径正确）
COPY *.jar app.jar# 环境变量配置（保持原有）
ENV JDK_TLS_CLIENT_PROTOCOLS="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"
ENV HTTPS_PROTOCOLS="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"
EXPOSE 48080# 合并JAVA_OPTS定义（更清晰）
ENV JAVA_OPTS="-Xms512m -Xmx1024m \-Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 \-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 \-Djava.security.properties=/app/java.security"# 使用exec格式启动（保持原有最佳实践）
ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /app/app.jar"]

3.编写.gitlib-ci.yml文件  放置在根目录下 ，

3.1ai生成版本，

	# GitLab CI/CD配置image: eclipse-temurin:17-jdk-alpinestages:- build- test- deployvariables:DOCKER_IMAGE: "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}"DOCKER_COMPOSE_FILE: docker-compose.ymlbefore_script:- echo "$DOCKER_PASSWORD" | docker login "${CI_REGISTRY}" -u "$DOCKER_USER" --password-stdin- mvn -vbuild-job:stage: buildscript:- mvn clean package -DskipTests- docker build -t "${DOCKER_IMAGE}" .artifacts:paths:- target/*.jartest-job:stage: testscript:- mvn testdependencies:- build-jobdocker-push:stage: deployscript:- docker push "${DOCKER_IMAGE}"dependencies:- test-jobdeploy-dev:stage: deployscript:- docker-compose -f "${DOCKER_COMPOSE_FILE}" down- docker-compose -f "${DOCKER_COMPOSE_FILE}" pull- docker-compose -f "${DOCKER_COMPOSE_FILE}" up -donly:- main# 生产环境部署（示例）deploy-prod:stage: deployscript:- ssh -i ~/.ssh/deploy_key "root@production-server" "docker stop spring-app || true"- ssh -i ~/.ssh/deploy_key "root@production-server" "docker rm spring-app || true"- ssh -i ~/.ssh/deploy_key "root@production-server" "docker pull ${DOCKER_IMAGE}"- ssh -i ~/.ssh/deploy_key "root@production-server" "docker run -d --name spring-app -p 8080:8080 ${DOCKER_IMAGE}"only:- mainwhen: manualenvironment:name: productionurl: http://your-production-url.com

3.2实战使用版本，  

stages:- package- build- deployvariables:APP_NAME: "process-app"TARGET_USER: "root"package:stage: packageimage: maven:3.8.5-openjdk-17variables:MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository"cache:key: ${CI_JOB_NAME}-mavenpaths:- ./.m2/repository- target/policy: pull-pushbefore_script:- mkdir -p ~/.m2- cp settings.xml ~/.m2/settings.xml  # 强制覆盖script:- mvn -s settings.xml help:effective-settings  # 验证配置生效- mvn -s ~/.m2/settings.xml clean package -DskipTests -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" -Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2"- mkdir -p target- cp sdn-server/target/*.jar target/- cp sdn-server/Dockerfile .artifacts:paths:- target/*.jar- Dockerfile
#  rules:
#    - if: $CI_COMMIT_BRANCH == "main"docker-build:stage: buildimage: alpine:latestdependencies:- packagebefore_script:# SSH密码认证方式- apk add --no-cache openssh-client sshpass- mkdir -p ~/.ssh- chmod 700 ~/.ssh- ssh-keyscan $TARGET_SERVER >> ~/.ssh/known_hostsscript:# 验证文件存在- ls -lth target/*.jar- cat Dockerfile# 预拉取基础镜像步骤- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker pull openjdk:17-jdk || true"- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker pull alpine:latest || true"# 停止并删除旧容器- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker stop $APP_NAME || true"- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker rm $APP_NAME || true"# 删除旧镜像- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker rmi $APP_NAME || true"- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "rm -f /opt/app/$APP_NAME || true"# 删除目录- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "rm -rf /opt/app/$APP_NAME/*"# 准备目标服务器目录- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "mkdir -p /opt/app/$APP_NAME"# - ssh $TARGET_USER@$TARGET_SERVER "mkdir -p /opt/app/$APP_NAME"  # 密钥认证时使用# 传输构建文件- sshpass -p "$SSH_PASSWORD" scp -v target/*.jar Dockerfile $TARGET_USER@$TARGET_SERVER:/opt/app/$APP_NAME/# - scp -v target/*.jar Dockerfile $TARGET_USER@$TARGET_SERVER:/opt/app/$APP_NAME/  # 密钥认证时使用# 执行Docker构建（确保在目标服务器安装有Docker）- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "DOCKER_BUILDKIT=1 docker build --build-arg BUILDKIT_INLINE_CACHE=1 -t $APP_NAME ."# - ssh $TARGET_USER@$TARGET_SERVER "cd /opt/app/$APP_NAME && docker build --no-cache --memory=3g -t $APP_NAME ."  # 密钥认证时使用
#  rules:
#    - if: $CI_COMMIT_BRANCH == "main"deploy:stage: deployimage: alpine:latestbefore_script:- apk add --no-cache openssh-client sshpass- mkdir -p ~/.ssh- chmod 700 ~/.ssh- ssh-keyscan $TARGET_SERVER >> ~/.ssh/known_hostsscript:# 启动新容器（添加健康检查参数）- sshpass -p "$SSH_PASSWORD" ssh $TARGET_USER@$TARGET_SERVER "docker run -d --name $APP_NAME -p 48080:48080 --memory=3g --restart=unless-stopped $APP_NAME"retry:max: 2when:- runner_system_failure- stuck_or_timeout_failure
#  rules:
#    - if: $CI_COMMIT_BRANCH == "main"

3.4 对应的一些私钥应该配置在 gitlib的变量当中，

如 sshkey私钥等。