ci: 更新 ci 配置

2023-01-05 16:29:27 +08:00
parent 8b42390175
commit 572400a3c7
2 changed files with 146 additions and 37 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,43 +1,154 @@
-stages:
-    - analysis
-    - sendmail
+# commit_sha 文件记录上一次成功流水线的commit sha，用于定时计划检测是否有新代码提交，有就执行流水线，没有就终止流水线
+cache:
+# 不同的分支采用不同的 cache，防止分支之间相互影响
+   key: "${CI_COMMIT_REF_SLUG}_commit_sha"
+   paths:
+     - commit_sha
+   policy: pull

-## 代码检查
+# 将打包&发送apk包邮件job 和代码分析job 并行执行
+stages:
+  - build&analyze
+  - oss-upload&send-email
+  - ci_sonar_mail
+
+# 阻止了 合并请求 或 push（分支和标签）的流水线。 最后的 when: always 规则运行所有其他流水线类型，包括定时计划流水线。
+workflow:
+ rules:
+   - if: '$CI_PIPELINE_SOURCE == "push"'
+     when: always
+   - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+     when: never
+   - when: always
+
+before_script:
+   # 检查是否存在 commit_sha 文件
+   - if [ -f commit_sha ]; then cat commit_sha; else echo "0000000" > commit_sha; fi
+   - export BEFORE_COMMIT_SHA=$(cat commit_sha)
+   # 比较commit sha ,若与上一次成功流水线的commit sha 相同，则退出流水线
+   - if [ "$CI_COMMIT_SHA" == "$BEFORE_COMMIT_SHA" ] && [ "$CI_PIPELINE_SOURCE" != "web" ]; then exit 137; fi
+
+# 使用 .post 阶段使作业在流水线的末尾运行。.post 始终是流水线的最后阶段。
+change_commit:
+   tags:
+     - offline-test
+   stage: .post
+   # 此job 跳过拉取git代码
+   variables:
+     GIT_STRATEGY: none
+   script:
+     # 更新 commit_sha
+     - if [ "$CI_COMMIT_SHA" != "$BEFORE_COMMIT_SHA" ]; then echo $CI_COMMIT_SHA > commit_sha; fi
+   cache:
+     # 不同的分支采用不同的 cache，防止分支之间相互影响
+     key: "${CI_COMMIT_REF_SLUG}_commit_sha"
+     paths:
+       - commit_sha
+     policy: pull-push
+   allow_failure:
+     exit_codes: 137
+
+android_build:
+  tags:
+    # - local-runner
+    - offline-test
+  stage: build&analyze
+  image: hub.shanqu.cc/library/ci-android:jdk11-sdk31-33
+  variables:
+    GIT_SUBMODULE_STRATEGY: recursive
+    KUBERNETES_CPU_LIMIT: "10"
+  script:
+    - export GRADLE_USER_HOME=/home/gitlab-runner/ci-build-cache/$CI_PROJECT_PATH/.gradle
+    - chmod +x ./gradlew
+    - ./scripts/jenkins_build.sh -c
+  #设置打包后的产物，用于job之间共享
+  artifacts:
+      paths:
+          - app/build/tmp/*.apk
+      expire_in: 48 hrs       # 指定附件上载后保存的时间24h，默认永久在Gitlab保存
+  allow_failure:
+    exit_codes: 137
+  only:
+    - dev
+    - dev-5.25.0
+
+# 代码检查
 sonarqube_analysis:
-    tags:
-        - offline-test
-    stage: analysis
-    image: sonarsource/sonar-scanner-cli:latest
-    dependencies: []    #禁止传递来的artifact
-    script:
-        ## 获取项目的一级组和二级组和项目名作为projectKey，例如projectKey=platform-backend-eci-monitor
-        - group=`echo $CI_PROJECT_PATH | sed 's#/#-#g'`
-        - sonar-scanner
-            -Dsonar.host.url=http://sonarqube-server.sonarqube:9000/
-            -Dsonar.login=be43de7264ce4c4766eb0c020373c3e74e6df257
-            -Dsonar.jacoco.reportPaths=target/jacoco.exec
-            -Dsonar.projectKey=$group
-            -Dsonar.projectName=$CI_PROJECT_PATH
-            -Dsonar.sourceEncoding=UTF-8
-            -Dsonar.exclusions=**/vendor/**,**/errcode/**
-            -Dsonar.gitlab.project_id=$CI_PROJECT_ID
-            -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
-            -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
-            -Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID
-            -Dsonar.gitlab.merge_request_discussion=true
-            -Dsonar.java.binaries=.                 # 如果不使用Maven或Gradle进行分析，则必须手动提供测试二进制文件
-    only:
-        - dev
+   tags:
+     - offline-test
+   stage: build&analyze
+   image: sonarsource/sonar-scanner-cli:latest
+   dependencies: []    #禁止传递来的artifact
+   script:
+     ## 获取项目的一级组和二级组和项目名作为projectKey，例如projectKey=platform-backend-eci-monitor
+     - group=`echo $CI_PROJECT_PATH | sed 's#/#-#g'`
+     - sonar-scanner
+       -Dsonar.host.url=http://sonarqube-server.sonarqube:9000/
+       -Dsonar.login=be43de7264ce4c4766eb0c020373c3e74e6df257
+       -Dsonar.jacoco.reportPaths=target/jacoco.exec
+       -Dsonar.projectKey=$group
+       -Dsonar.projectName=$CI_PROJECT_PATH
+       -Dsonar.sourceEncoding=UTF-8
+       -Dsonar.exclusions=**/vendor/**,**/errcode/**
+       -Dsonar.gitlab.project_id=$CI_PROJECT_ID
+       -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
+       -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
+       -Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID
+       -Dsonar.gitlab.merge_request_discussion=true
+       -Dsonar.java.binaries=.
+       -Dsonar.branch.name=$CI_COMMIT_REF_NAME
+   allow_failure:
+     exit_codes: 137
+   only:
+     - dev
+     - dev-5.25.0

 ## 发送简易检测结果报告
 send_sonar_report:
+   tags:
+     - offline-test
+   stage: ci_sonar_mail
+   image: hub.shanqu.cc/library/docker:latest
+   # 此job 跳过拉取git代码
+   variables:
+     GIT_STRATEGY: none
+   script:
+     - group=`echo $CI_PROJECT_PATH | sed 's#/#-#g'`
+     - docker run -e PROJECTKEY=$group -e EMAIL=$GITLAB_USER_EMAIL -e BRANCH=$CI_COMMIT_REF_NAME --name send-email --rm hub.shanqu.cc/platform/send-sonar-report:latest
+   allow_failure:
+     exit_codes: 137
+   only:
+     - dev
+     - dev-5.25.0
+
+oss-upload&send-email:
    tags:
-        - offline-test
-    stage: sendmail
-    image: hub.shanqu.cc/library/docker:latest
-    dependencies: []    #禁止传递来的artifact
+        - rancher-k8s
+    stage: oss-upload&send-email
+    image: hub.shanqu.cc/devops/android-apk-oss-upload:latest
+    variables:
+        GIT_STRATEGY: none
+        VAULT_ADDR: https://vault.shanqu.cc                         # 固定值
+        VAULT_SECRET_PATH: prod/devops/android-apk-oss-upload       # 固定值
+        VAULT_ROLE: android-apk-oss-upload                          # 固定值
+        ENDPOINT: "oss-cn-shenzhen-internal.aliyuncs.com"           # 固定值
+        BUCKET: "shanqu"                                            # 固定值
+        FILE_PATH: "app/build/tmp/"                         # APK 存放路径
+        Email_To_List: $EMAIL_TO_LIST                               # 邮件接受人列表
+        Email_Title: "光环助手 $CI_COMMIT_BRANCH"                    # 邮件标题
+        PIPELINE_ID: $CI_PIPELINE_ID                                # 流水线id
+        COMMIT_BRANCH: $CI_COMMIT_BRANCH                            # 提交分支
+        MAIL_MESSAGE: "[$CI_COMMIT_AUTHOR] $CI_COMMIT_MESSAGE"
+    needs:
+        - job: android_build
+          artifacts: true
    script:
-        - group=`echo $CI_PROJECT_PATH | sed 's#/#-#g'`
-        - docker run -e PROJECTKEY=$group -e EMAIL=$GITLAB_USER_EMAIL --name send-email --rm hub.shanqu.cc/platform/send-sonar-report:latest
+        ### 绑定上传参数 ###
+        - export OSS_PATH="release/dev/${CI_PROJECT_NAME}/$(date "+%Y/%m/%d")"
+        ### 开启上传 ###
+        - /usr/local/bin/python /upload.py
+        ### 发送邮件
+        - /usr/local/bin/python /ci-android-mail.py
    only:
        - dev
+        - dev-5.25.0
--- a/gradle.properties
+++ b/gradle.properties
@ -13,7 +13,7 @@
 # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
 # org.gradle.parallel=true
 #Wed Jul 19 10:16:09 CST 2017
-org.gradle.jvmargs=-Xmx4096m -XX\:MaxPermSize\=512m -XX\:+HeapDumpOnOutOfMemoryError -Dfile.encoding\=UTF-8
+org.gradle.jvmargs=-Xmx4096m -XX\:MaxPermSize\=2048m -XX\:+HeapDumpOnOutOfMemoryError -Dfile.encoding\=UTF-8 
 #开启gradle并行编译
 org.gradle.parallel=true
 #开启守护进程
@ -75,5 +75,3 @@ android.injected.testOnly = false

 # 动态配置插件
 isRelease = true
-
-