Skip to content

GitLab CI/CD中使用SSH私钥 #30

New issue
New issue
Open
Open
GitLab CI/CD中使用SSH私钥#30
Labels
CI/CDDevOpsdocker
@lqshow

Description

@lqshow
lqshow
opened on Apr 24, 2018

通过配置.gitlab-ci.yml将SSH密钥注入到构建环境中,这是一种可与任何类型的执行程序(Docker,shell等)一起使用的解决方案。

.gitlab-ci.yml配置

install_deps:
  stage: install_deps
  only:
    - master
  script:
    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s) 
    - ssh-add <(echo "$SSH_PRIVATE_KEY")
    - mkdir -p ~/.ssh
    - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
    - ssh -T git@xxx
    - node --version
    - npm install

$SSH_PRIVATE_KEY说明

  1. 这里$SSH_PRIVATE_KEY为gitlab项目中私密变量。创建方式参考:Secret variables
  2. 它的具体内容是SSH私钥,即~/.ssh/id_rsa

例子

Dockerfile结合gitlab-ci的完整实例

Dockerfile

针对于resource/id_rsa说明下,id_rsa不需要提交到git仓库,本地如果需要跑镜像的话,只需将本机的id_rsa复制到resource目录下即可

FROM node:latest

# Change timezone
RUN echo "Asia/Shanghai" > /etc/timezone && \
    dpkg-reconfigure -f noninteractive tzdata && \
    npm config set registry https://registry.npm.taobao.org

# Add credentials on build
RUN mkdir -p /root/.ssh
Add resource/id_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa && \
      echo "StrictHostKeyChecking no\nUserKnownHostsFile /dev/null" >> /root/.ssh/config

WORKDIR /data/project
COPY ./ ./

# Run project dependencies
WORKDIR /data/project/service
RUN npm install

# Remove SSH keys
RUN rm -rf /root/.ssh/

CMD ["npm","start"]

.gitlab-ci.yml

由于Dockerfile依赖于resource目录下的id_rsa,需要在build之前事先将私钥写入

image: node:latest

variables:
  IMAGE_NAME: test_image
  CONTAINER_NAME: test_container
  STAGING_VERSION: $STAGING_VERSION
  PRODUCTION_VERSION: $PRODUCTION_VERSION

cache:
  paths:
    - node_modules/

stages:
 - install_deps
 - staging

install_deps:
  stage: install_deps
  only:
    - master
  script:
    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s) 
    - ssh-add <(echo "$SSH_PRIVATE_KEY")
    - mkdir -p ~/.ssh
    - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
    - npm install

deploy_to_staging:
  image: docker:latest
  stage: staging
  only:
    - master
  script:
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ./resource/id_rsa
    - docker build -t ${IMAGE_NAME}:${STAGING_VERSION} .
    - docker stop ${CONTAINER_NAME} && docker rm ${CONTAINER_NAME}
    - docker run -d --name ${CONTAINER_NAME} --restart always -p 3200:3200 --env NODE_ENV=test ${IMAGE_NAME}:${STAGING_VERSION}

Metadata

Metadata

Assignees

No one assigned

    Labels

    CI/CDDevOpsdocker

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions