CI/CD 集成
典型流程
代码提交 → 构建镜像 → 扫描漏洞 → 推送仓库 → 部署
CI 构建
name: Build and Push
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build
run: docker build -t my-app:${{ github.sha }} .
- name: Push
run: |
docker tag my-app:${{ github.sha }} registry/my-app:latest
docker push registry/my-app:latest
CD 部署
ssh user@server "docker pull registry/my-app:latest && docker compose up -d"
小结
| 阶段 | 工具 |
|---|
| 构建 | Docker build |
| 扫描 | Trivy / Scout |
| 推送 | docker push |
| 部署 | docker compose up |