CI/CD流水线搭建:GitHub Actions实战教程
CI/CD(持续集成/持续部署)是现代软件开发的核心实践,它通过自动化的构建、测试和部署流程,确保每次代码变更都经过充分验证后安全地发布到生产环境。GitHub Actions是目前最受欢迎的CI/CD工具之一,它直接集成在GitHub中,配置简单且免费额度充足。本文将通过实际案例手把手教你搭建完整的CI/CD流水线。
一、GitHub Actions基础概念
GitHub Actions的核心概念包括:
- Workflow(工作流):自动化流程,定义在YAML文件中
- Event(事件):触发工作流的条件(push、PR、定时等)
- Job(任务):工作流中的一组步骤,可以并行或串行执行
- Step(步骤):Job中的单个操作,可以是shell命令或Action
- Action(动作):可复用的操作单元
二、PHP项目CI流水线
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [master, develop]
pull_request:
branches: [master]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
php-version: ["7.4", "8.0", "8.1", "8.2"]
services:
mysql:
image: mysql:8.0
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: test_db
ports:
- 3306:3306
options: >-
--health-cmd="mysqladmin ping"
--health-interval=10s
--health-timeout=5s
--health-retries=3
redis:
image: redis:7-alpine
ports:
- 6379:6379
steps:
- uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-version }}
extensions: pdo_mysql, redis, gd, zip
coverage: xdebug
- name: Install Dependencies
run: composer install --prefer-dist --no-progress
- name: Copy Environment File
run: cp .env.sample .env
- name: Run Tests
run: vendor/bin/phpunit --coverage-text
- name: PHP CodeSniffer
run: vendor/bin/phpcs --standard=PSR12 app/
- name: PHPStan Analysis
run: vendor/bin/phpstan analyse app/ --level=5三、自动部署流水线
# .github/workflows/deploy.yml
name: Deploy to Production
on:
push:
branches: [master]
jobs:
deploy:
runs-on: ubuntu-latest
needs: [test] # 测试通过后才部署
if: github.ref == "refs/heads/master"
environment: production
steps:
- uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: "8.2"
- name: Install Dependencies (Production)
run: composer install --no-dev --optimize-autoloader --no-progress
- name: Deploy via SSH
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
cd /var/www/myapp
git pull origin master
composer install --no-dev --optimize-autoloader
php think migrate:run
php think cache:clear
sudo systemctl reload php-fpm
sudo systemctl reload nginx
- name: Send Deploy Notification
if: always()
run: |
curl -X POST "https://api.example.com/notify"
-H "Content-Type: application/json"
-d "{"status": "${{ job.status }}", "commit": "${{ github.sha }}"}"四、定时任务与矩阵构建
# 定时检查依赖安全性
name: Security Check
on:
schedule:
- cron: "0 6 * * 1" # 每周一早上6点
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check PHP Dependencies
run: composer audit
- name: Check Node Dependencies
run: npm audit --production五、缓存与Artifact
steps:
# 缓存Composer依赖
- name: Cache Composer packages
uses: actions/cache@v3
with:
path: vendor
key: php-${{ hashFiles("composer.lock") }}
restore-keys: php-
# 上传构建产物
- name: Upload Build Artifact
uses: actions/upload-artifact@v3
with:
name: app-build
path: |
app/
public/
vendor/
retention-days: 5CI/CD流水线是现代化开发的标配。通过GitHub Actions,你可以在不离开GitHub生态的情况下,实现从代码提交到生产部署的全自动化。建议从简单的CI(自动运行测试)开始,逐步添加代码质量检查、安全扫描、自动部署等环节,构建一个完善的DevOps流程。
