GitHub Actions
→ 返回运维工具
GitHub 内置的 CI/CD 平台,通过 .github/workflows/*.yml 定义自动化流程,由 Push/PR/定时等事件触发。
核心概念
| 概念 | 说明 |
|---|---|
| Workflow | 自动化流程,一个 yml 文件 |
| Event | 触发条件,如 push、pull_request、schedule |
| Job | 工作单元,运行在独立虚拟机上 |
| Step | Job 中的单个操作 |
| Action | 可复用的步骤,来自 Marketplace |
| Runner | 执行 Job 的机器(托管或自托管) |
基本结构
# .github/workflows/build.yml
name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: maven
- run: mvn -B package
- run: mvn -B test常用触发事件
on:
push:
branches: [main]
paths: ['src/**'] # 仅指定路径变更触发
schedule:
- cron: '0 2 * * *' # 每天凌晨 2 点
workflow_dispatch: # 支持手动触发构建并推送 Docker 镜像
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: docker/build-push-action@v5
with:
push: true
tags: myrepo/myapp:${{ github.sha }}部署到 Kubernetes
- uses: azure/setup-kubectl@v3
- run: |
echo "${{ secrets.KUBECONFIG }}" | base64 -d > kubeconfig
kubectl --kubeconfig=kubeconfig set image deployment/myapp \
myapp=myrepo/myapp:${{ github.sha }}Secrets 与环境变量
env:
APP_ENV: production
steps:
- run: curl -H "Authorization: ${{ secrets.API_KEY }}" ...Secrets 在仓库 Settings → Secrets and variables → Actions 中配置,日志中自动脱敏。
缓存依赖
- uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-矩阵构建
strategy:
matrix:
java: [17, 21]
os: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}相关文档
- Docker — 构建推送镜像
- Kubernetes — 部署到 K8s
- Jenkins — 自托管 CI/CD 方案