A little over a year ago, I was faced with the fact that an entire web development department grew up on an internal project of a completely non-IT company, which I had a chance to lead. The workflow seemed to settle down and was fine with everyone, but problems remained:
- Each branch was checked locally. I had to roll back the base from the changes from the previous check, build the front. When several developers were about to finish the work and it was left to check each of the little things - it turned into hell;
- The environments on production and between the developers differed, which led to errors: βeverything works for meβ.
The inner perfectionist longed to organize everything right. I am sharing the results of my search for an answer to the question: βhow, in fact, isβ correct ββ?
We have achieved
- Easy and fast deployment in production (for the sake of experiment, they were displayed every day for two weeks in a row);
- A guarantee of protection against errors due to differences in the application environment;
- We can organize effective interaction with the customer:
- demonstrate each feature branch;
- give guest access to create tasks and monitor the progress of work.
, :
- IT- ;
- (workflow);
- , ;
- DevOps, CI/CD, , , .
- ;
- ;
- : -;
- , .
:
- ;
- ;
- -.
,
, , . -, , , (- DevOps).
, , : β, , ?β.
ββ , . , . , . .
, , , . , , βbest practicesβ. -.
, , , , -.
, .
:
- - . , ;
- , , ;
- , git, Linux, Docker, GitLab, Traefik.
1. git
A successful Git branching model by Vincent Driessen
β : master, dev feature.
Feature
feature- / , dev-. , dev.
Dev
dev , master.
Master
production-. , , hotfix-, .
Master dev , .
2. . .
. feature , . β, xxxβ , , . Merge Request- . wiki , .
, - β .
GitLab, , .
3.
β , . , //.
, IT- , DevOps. . . , . - (LXC), Docker, ...
, . , , . , . , - , . , , , .
, , , , , β . , .
, , . ( ) , , , , , . . , , β β. .
/
, - , . , , . . , .
UI/UX
, . ( Microsoft, ).
. . .
, , , , . .
. - .
: , , .., .
(QA / QC)
Quality Control (QC) . , . Quality Assurance (QA) , ( Toyota β ). , docker-, , .
(DevOps)
, . , .
workflow
- - (feature) , . .
- . . . , .
- , ( ), , , . β .
- feature- dev , , . , feature-, . , .
: , , , . , , , merge-request.
- merge-request dev-, , feature-.
- , . β -, , .
- feature- dev.
- , dev- merge-request master 5, 6 .
- 7, .
- , ( changelog-), . .
- , production.
- . .
:
- production-ready
- ( )
- 3 [Production], [Staging] [Services]. , , . /. , [Production] . [Services] GitLab (, docker registry: Portainer, ELK, Harbor, etc), Services. . Docker-. GitLab , .
- Traefik DNS-
*.dev.company.ru, [Staging] TCP . SSL [Production]. Wildcard (WC)*dev.company.ruletsencrypt-dns, DNS- Traefik. Traefik , SSL http . [Production] App. - GitLab [Services] GitLab-runner-, , Merge Request- () dev master, - [Staging] [Production] .gitlab-ci.yml .
- , [Staging].
- GitLab Docker Registry, .
- GitLab, Traefik Gitlab-runner- docker-, .
github-, . , :
https://github.com/Akkarine/demo_cicd
- , . . , Enterprise Traefik GitLab .
- , . , , , ..
- , Traefik GitLab . , Traefik DNS Yandex ( ) . GitLab . , rules.
- β β.
-
https://github.com/Akkarine/demo_cicd_project
-, , :
- . downtime ( API , ), load-balancer- , β β kubernetes. β β
- ( )
- production- ( , )
- root ( )
β .gitlab-ci.yml. pipeline- :
- base-img-rebuild
- rebuild-base-backend
. β , , . ( build), .
- rebuild-base-backend
- rebuild-dev-db
- rebuild-dev-db
, .
- rebuild-dev-db
- build
- rebuild-proxy-img
- nginx , latest - build-backend
, ( GitLab)
- rebuild-proxy-img
- test
- testing
- testing
- deploy-review
- deploy_review
, production, , .
- deploy_review
- skip_review
, , . - review
- approve-dev
. Merge-request dev (.. β feature), . . - approve-staging
. Merge-request master (.. β hotfix dev ), build latest . , latest , β . - reject
. . Merge Request- , - . - stop_review
, . .
- approve-dev
- rebuild-approved-db-img
- rebuild-approved-db-img
review , latest .
- rebuild-approved-db-img
- deploy-prod
- deploy-production
latest. , . - deploy-production-wo-containers
, , .
- deploy-production
- clear
staging production
- clean-staging
- clean-prod
- restore-db
- restore-db
β .
- restore-db
, . β , . , .
Traefik
reverse proxy + SSL nginx
- https://habr.com/ru/post/328048/
- https://habr.com/ru/post/445448/
- https://github.com/jwilder/nginx-proxy
- https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
GitLab
GitLab SSL config
- https://docs.gitlab.com/omnibus/settings/ssl.html
- reverse-proxy https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
GitLab Registry
- https://docs.gitlab.com/ce/administration/container_registry.html#configure-container-registry-under-its-own-domain
- : https://docs.gitlab.com/omnibus/maintenance/#container-registry-garbage-collection
Gitlab-runner
- https://docs.gitlab.com/runner/install/docker.html
- Docker Executor https://docs.gitlab.com/runner/executors/docker.html
- SSH Executor https://docs.gitlab.com/runner/executors/ssh.html
- https://docs.gitlab.com/runner/register/index.html#docker
- Docker GitLab CI/CD https://docs.gitlab.com/ce/ci/docker/using_docker_build.html
- Docker Docker priveleged mode registry
( ) https://docs.gitlab.com/ce/ci/docker/using_kaniko.html - https://docs.gitlab.com/runner/configuration/advanced-configuration.html
- CLI https://docs.gitlab.com/runner/commands/README.html
Docker
- https://docs.docker.com/install/linux/linux-postinstall/
- docker-compose https://docs.docker.com/compose/reference/overview/
- https://docs.docker.com/compose/reference/config/
- Docker (TCP + TLS): https://docs.docker.com/engine/security/https/
-: https://github.com/wagoodman/dive
# docker ( ) sudo docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive:latest gitlab/gitlab-runner:latest
SSL: https://ssl-config.mozilla.org/#server=traefik&server-version=2.1&config=intermediate
GitLab Shell Runner. docker-compose https://habr.com/ru/post/449910
:
""