CI/CD 流水线最佳实践
流水线阶段
代码推送
|
v
[1] 构建与代码检查(< 2 分钟)
- 编译 TypeScript
- 运行 ESLint
- 检查格式
|
v
[2] 单元测试(< 5 分钟)
- 运行 jest 单元测试
- 检查覆盖率阈值
|
v
[3] 集成测试(< 10 分钟)
- 启动测试数据库/Redis
- 运行集成测试
|
v
[4] 构建 Docker 镜像(< 5 分钟)
- 多阶段构建
- 推送到镜像仓库
|
v
[5] 部署到预发布环境(< 3 分钟)
|
v
[6] 端到端测试(< 15 分钟)
- 针对预发布环境运行 Playwright 测试
|
v
[7] 部署到生产环境(手动审批)
GitHub Actions 流水线
# .github/workflows/ci.yml
name: CI/CD Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: myorg/api
jobs:
quality:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run lint
- run: npm run type-check
- run: npm run test:unit -- --coverage
- uses: actions/upload-artifact@v4
with:
name: coverage
path: coverage/
integration-test:
needs: quality
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16
env:
POSTGRES_PASSWORD: test
options: >-
--health-cmd pg_isready
--health-interval 5s
--health-timeout 5s
--health-retries 5
redis:
image: redis:7
options: >-
--health-cmd "redis-cli ping"
--health-interval 5s
steps:
- uses: actions/checkout@v4
- run: npm ci
- run: npm run test:integration
env:
DATABASE_URL: postgresql://postgres:test@localhost:5432/test
REDIS_URL: redis://localhost:6379
build:
needs: integration-test
runs-on: ubuntu-latest
outputs:
image: ${{ steps.meta.outputs.tags }}
steps:
- uses: actions/checkout@v4
- uses: docker/metadata-action@v5
id: meta
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=sha,prefix=sha-
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
- uses: docker/build-push-action@v5
with:
push: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy-staging:
needs: build
runs-on: ubuntu-latest
environment: staging
steps:
- name: Deploy to staging
run: |
kubectl set image deployment/api api=${{ needs.build.outputs.image }}
kubectl rollout status deployment/api --timeout=120s
e2e:
needs: deploy-staging
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci
- run: npx playwright install --with-deps
- run: npx playwright test
env:
BASE_URL: https://staging.myapp.com
deploy-production:
needs: e2e
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
environment:
name: production
url: https://myapp.com
steps:
- name: Deploy to production
run: |
kubectl set image deployment/api api=${{ needs.build.outputs.image }} -n production
kubectl rollout status deployment/api -n production --timeout=300s
部署策略
# 滚动更新(Kubernetes 默认方式)
kubectl set image deployment/api api=myimage:v2
kubectl rollout status deployment/api
# 出现问题时回滚
kubectl rollout undo deployment/api
# 金丝雀部署
kubectl apply -f canary-deployment.yaml # 10% 的 Pod 运行新版本
# 监控指标...
kubectl scale deployment api-canary --replicas=0 # 回滚
# 或者
kubectl scale deployment api-canary --replicas=10 # 完全发布
# 蓝绿部署
kubectl patch service api -p '{"spec":{"selector":{"version":"green"}}}'
衡量流水线有效性
DORA 指标:
部署频率:多久部署一次到生产环境
精英级:每天多次
变更前置时间:代码提交到生产环境
精英级:< 1 小时
变更失败率:导致事故的部署百分比
精英级:0-15%
平均恢复时间(MTTR):从故障中恢复的时间
精英级:< 1 小时
快速、可靠的 CI/CD 流水线是高绩效工程团队的基础。