🔴 Critical Issues Fixed:
1. build-image: 添加depends_on: e2e-tests
- 确保E2E测试通过后才构建镜像
2. deploy-production: 添加depends_on: build-image
- 确保镜像构建成功后才部署
3. archive-to-main: 添加depends_on: deploy-production
- 确保部署成功后才归档
4. security-scan: 移除failure: ignore
- 安全漏洞不再被忽略
5. unit-tests: 移除对security-scan的依赖
- 安全扫描可独立失败阻断流程
流程变更:
- 测试失败 → 不构建镜像
- 构建失败 → 不部署
- 部署失败 → 不归档
- 安全漏洞 → 阻断流程
This commit is contained in:
张翔
+14
-10
@@ -24,14 +24,14 @@
|
||||
# - 只读分支
|
||||
# - 仅接收来自release的自动归档
|
||||
#
|
||||
# 流水线阶段:
|
||||
# 1. 代码质量检查 (lint, type-check, security)
|
||||
# 2. 单元测试和集成测试
|
||||
# 3. E2E测试 (分层测试)
|
||||
# 4. 构建Docker镜像 (仅release分支)
|
||||
# 5. 部署到生产环境 (仅release分支)
|
||||
# 6. 归档到main分支 (仅release分支)
|
||||
# 7. 通知和监控
|
||||
# 流水线阶段(严格顺序执行):
|
||||
# 阶段0: 依赖安装(统一缓存)
|
||||
# 阶段1: 并行代码质量检查 (lint, type-check, security-scan)
|
||||
# 阶段2: 单元测试 -> E2E测试
|
||||
# 阶段3: 构建Docker镜像 (仅release分支,依赖E2E测试通过)
|
||||
# 阶段4: 部署到生产环境 (仅release分支,依赖镜像构建成功)
|
||||
# 阶段5: 归档到main分支 (仅release分支,依赖部署成功)
|
||||
# 阶段6: 企业微信通知
|
||||
# ============================================
|
||||
|
||||
# 全局环境变量
|
||||
@@ -128,7 +128,6 @@ steps:
|
||||
- dev
|
||||
- release
|
||||
- release/**
|
||||
failure: ignore
|
||||
|
||||
unit-tests:
|
||||
image: *node_image
|
||||
@@ -138,7 +137,6 @@ steps:
|
||||
depends_on:
|
||||
- lint
|
||||
- type-check
|
||||
- security-scan
|
||||
commands:
|
||||
- npm run test:coverage:check
|
||||
volumes:
|
||||
@@ -189,6 +187,8 @@ steps:
|
||||
environment:
|
||||
REGISTRY_PASSWORD:
|
||||
from_secret: registry_password
|
||||
depends_on:
|
||||
- e2e-tests
|
||||
commands:
|
||||
- echo "Building Docker image..."
|
||||
- docker build -t registry.f.novalon.cn/novalon-website:${CI_COMMIT_SHA} .
|
||||
@@ -218,6 +218,8 @@ steps:
|
||||
from_secret: ssh_private_key
|
||||
REGISTRY_PASSWORD:
|
||||
from_secret: registry_password
|
||||
depends_on:
|
||||
- build-image
|
||||
commands:
|
||||
- echo "Deploying to production environment..."
|
||||
- mkdir -p ~/.ssh
|
||||
@@ -312,6 +314,8 @@ steps:
|
||||
environment:
|
||||
SSH_PRIVATE_KEY:
|
||||
from_secret: ssh_private_key
|
||||
depends_on:
|
||||
- deploy-production
|
||||
commands:
|
||||
- echo "Archiving to main branch..."
|
||||
- mkdir -p ~/.ssh
|
||||
|
||||
Reference in New Issue
Block a user