刘琛运的技术文档

Appearance

1.1构建sso

创建单个项目liuchenyun-online-sso-new

登录系统

1_DistributeWars

General Settings 

Artifact paths: build\libs\cas.war // 输出成cas.war

Version Control Settings 

https://gitee.com/liuchenyunol/online-sso.git
refs/heads/cas-2.0

用户名/密码 变量 

Checkout Rules // 没有设置任何目录,所以下面的Build Steps的Working directory也不用设置

Build Steps 

Gradle

Gradle tasks: clean build 

Gradle build file: build.gradle

Gradle Wrapper: 不勾选

Triggers 

Trigger a build on each check-in  勾选及以下

Use default value (60 seconds) // 选择默认60秒

Agent Requirements 

选择自己机器

2_DistributePkg_WebUI_NVDAnalyst

General Settings 

Artifact paths:

dependency-check-*.html
dependency-check-*.xml
dependency-check-*.csv

VCS Roots 

Checkout directory: sso-depends

Build Steps 

/opt/dependency-check/bin/dependency-check.sh --project "supermapol-sso" \
  --scan "sso-depends" \
  --junitFailOnCVSS %NVD_FAILONCVSS% \
  --disableNuspec --disableNugetconf --disableAssembly \
  --disableGolangDep --disableGolangMod \
  --format ALL \
  --nvdValidForHours 24 \
  --nvdApiKey b21db591-b686-4833-8943-d521f110b6fd \
  --nvdDatafeed http://nvdmirror.ispeco.com/nvdcve-{0}.json.gz \
  --retireJsUrl http://maven.ispeco.com/repository/tizi/Retirejs/jsrepository.json

Triggers 

Finish Build Trigger  ,选第一步

Failure Conditions

Additional Failure Conditions

Fail build on specific text in build log:

Process exited with code 1

出现漏洞评分高于%NVD_FAILONCVSS%分的依赖,检测失败

Build Features 

XML report processing:

*-junit.xml

Dependencies 

cas.war!/WEB-INF/lib/*=>sso-depends
NVD_FAILONCVSS=7

3_DistributePackages_Docker_sso

Version Control Settings 

distribution_liuchenyunol
https://gitee.com/liuchenyunol/distribution_liuchenyunol.git

Checkout Rules
+:docker-compose/Dockerfile_sso_new => .

Build Step 

1:
build images
chmod +x build.sh && ./build.sh %build.number%%
2:
update image
192.168.31.157
sudo kubectl get pod |grep online-sso-new| awk '{print $1}' | xargs kubectl delete pod

Authentication method :Password // 注意第二步选Password进行ssh

Triggers 

VCS Trigger   // 默认60秒

Finish Build Trigger
Wait for a successful build in: liuchenyun-online-front / liuchenyun-online-developer-center-webui / 0_1_D2M_Online_Developer_Center_WebUI
Branch filter:
+:<default>  // 选择第一步的路径

Build Features 

Docker Support

Dependencies 

Artifact Dependencies
选第一步打包路径,设置cas.war => %system.teamcity.build.checkoutDir%

Agent Requirements 

设置agent

4_DistributePackages_Docker_sso_trunk

Version Control Settings 

选的时候直接选第二步的,会复制下来

// 外面设置目录
Checkout Rules
+:docker-compose/Dockerfile_sso_new => .

Build Step 

chmod +x ./build_trunk.sh && ./build_trunk.sh

Build Features 

Docker Support

agent问题

agent的环境变量需要env.GRADLE_HOME参数。

agent机器安装gradle

sudo vi /etc/profile
添加:
export GRADLE_HOME=/home/gradle-7.6.3
export PATH=$GRADLE_HOME/bin:$PATH

source /etc/profile //加载

gradle --version

157的centos安装的openjdk11,与gradle7.6.3不能兼容,所有用win的jdk17打包。

然后重启agent客户端服务