當我完成我的第一個專案,準備進入到第二個專案時,由於過去的經驗我特別著重在想要學好 CI/CD,不僅能脫繁瑣的手動部署與測試等重複性工作,還能專注於解決技術挑戰和開發創新功能。尤其在生成式 AI 領域,CI/CD 能讓團隊迅速適應模型、框架和技術的快速迭代,使替換新工具或新流程變得更加簡單。
這是第一次架設 CI/CD pipeline 所參考的架構圖,當時是使用 Azure 結合 GCP 的方式執行,而這張圖是純粹 Azure 架構,呈現了完整的流程:
以上圖為例,以下是只部署至測試環境,通常會讓不同的分支綁定不同環境,如 main 分支綁定 Production、develop 分支綁定 Staging,並設定在該分支執行特定事件時觸發 CI/CD。
# 工作流程名稱
name: GenAI Azure CI/CD Pipeline to Staging
# 定義觸發工作流程的事件
on:
push:
branches: [develop]
pull_request:
branches: [develop]
# 定義環境變量
env:
AZURE_WEBAPP_NAME: your-staging-webapp-name
AZURE_RESOURCE_GROUP: your-resource-group
# 分別會執行 pr_checks, build_and_test, deploy_to_staging, setup_monitoring 四個 jobs
jobs:
pr_checks:
runs-on: ubuntu-latest # job 執行環境
steps: # job 執行步驟
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Code analysis
run: |
pip install pylint
pylint **/*.py
- name: Lint check
run: |
pip install flake8
flake8 .
- name: Security scan
run: |
pip install bandit
bandit -r . -f custom
- name: Run unit tests
run: |
pip install pytest
pytest tests/unit
# CI (Continuous Integration) 階段:建構映像並測試
build_and_test:
needs: pr_checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Azure Key Vault - Get Secrets
uses: Azure/get-keyvault-secrets@v1
with:
keyvault: "your-keyvault-name"
secrets: 'secret1, secret2' # 列出需要的 keys
id: myGetSecretAction
- name: Build and push image to ACR # 將建立好的映像推送至儲存庫
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: |
docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/genaiapp:${{ github.sha }}
docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/genaiapp:${{ github.sha }}
- name: Run integration tests # 執行集成測試
run: |
# 執行集成測試的程式碼
echo "Running integration tests..."
- name: Upload artifact to Azure Pipelines
uses: actions/upload-artifact@v2
with:
name: drop
path: ${{ github.workspace }}
# CD (Continuous Deployment) 階段:下載映像檔並部署至測試環境
deploy_to_staging:
needs: build_and_test
runs-on: ubuntu-latest
steps:
- name: Download artifact from Azure Pipelines
uses: actions/download-artifact@v2
with:
name: drop
path: ${{ github.workspace }}
- name: Deploy to Azure Web App for Staging
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
images: '${{ secrets.REGISTRY_LOGIN_SERVER }}/genaiapp:${{ github.sha }}'
- name: Run acceptance tests
run: |
# 執行驗收測試的程式碼
echo "Running acceptance tests on Staging environment..."
# 設置監控與分析
setup_monitoring:
needs: deploy_to_staging
runs-on: ubuntu-latest
steps:
- name: Setup Azure Monitor
uses: Azure/cli@v1.0.0
with:
inlineScript: |
az monitor app-insights component create --app GenAIMonitor-Staging --location eastus --kind web --resource-group ${{ env.AZURE_RESOURCE_GROUP }}
- name: Setup Application Insights
run: |
# 設置 Application Insights 的程式碼
echo "Setting up Application Insights for Staging..."
- name: Configure Log Analytics
run: |
# 設置 Log Analytics Workspace 的程式碼
echo "Configuring Log Analytics Workspace for Staging..."
iThome鐵人賽
看影片追技術