如何在 cypress 项目的 gitlab 管道中连接到 openVpn

How to connect to openVpn in gitlab pipeline for a cypress project

我正在从事一个赛普拉斯项目。我在 GitLab 中设置了一个管道。 我的应用程序只能在通过 Open VPN 连接的专用网络上运行。

有人可以指导我如何在 .gitlab-ci.yml 文件中添加它吗???

我的 .gitlab-ci.yml 是:

image: cypress/base:10

stages:
  - test
test:
  stage: test
  script:
    - npm install
    - npm run test

我的package.json如下:

{
  "name": "cypresspackage",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "clean:reports": "rm -R -f cypress/reports && mkdir cypress/reports && mkdir cypress/reports/mochareports",
    "pretest": "npm run clean:reports",
    "scripts": "cypress run --spec cypress/integration/dummy.feature",
    "combine-reports": "mochawesome-merge ./cypress/reports/mocha/*.json > cypress/reports/mochareports/report.json",
    "generate-report": "marge cypress/reports/mochareports/report.json -f report -o cypress/reports/mochareports",
    "report:copyScreenshots": "cp -r cypress/screenshots cypress/reports/mochareports/assets",
    "posttest": "npm run report:copyScreenshots && npm run combine-reports && npm run generate-report",
    "test": "npm run scripts || npm run posttest"
  },
  "author": "",
  "license": "ISC",
  "devDependencies": {
    "cypress": "^6.3.0",
    "cypress-audit": "^0.3.0",
    "cypress-cucumber-preprocessor": "^4.0.1",
    "cypress-multi-reporters": "^1.4.0",
    "cypress-xpath": "^1.6.2",
    "mocha": "^8.2.1",
    "mochawesome": "^6.2.1",
    "mochawesome-merge": "^4.2.0",
    "mochawesome-report-generator": "^5.1.0"
  },
  "dependencies": {
    "lambdatest-cypress-cli": "^1.0.1"
  },
  "cypress-cucumber-preprocessor": {
    "nonGlobalStepDefinitions": true
  }
}

I guess gitlab provides the runner at run time

我猜你正在使用 GitLab 的 SaaS。这意味着您的 VPN 将在非私人环境中打开。例如,一些 GitLab 管理员应该可以访问您的 VPN 连接,并且根据 GitLab 在他们后院的配置方式,其他一些 GitLab 用户可能可以访问您的专用网络。我会避免这种情况。如果您坚持这样做,最好使用项目的 Secrets 功能来保存您的 OpenVPN 客户端身份验证,这样它就可以保持私密性。

Is there a option where I can choose the runner?

当然可以。您可以在自己的服务器上(甚至在家中按需)注册跑步者 运行。这取决于此运行器的使用位置和方式(Docker?Kubernetes?Debian?等)。看看 Registering a GitLab Runner。您需要从项目的配置中生成一个令牌,然后使用该令牌安装运行器。

GitLab CI

一旦您安装并配置了自己的运行器(确保它在需要时运行),您将需要在管道中配置您的 VPN start/stop。在这里,我复制了一段在 GitLab's forum:

上找到的代码
before_script:
  ##
  ## VPN
  ## Inspiration from: https://torguard.net/knowledgebase.php?action=displayarticle&id=138
  ## And http://forum.gitlab.com/t/connect-vpn-during-ci-cd/7585
  ## Content from Variables to files: 
  ## Waiting for opnevpn connect would be better than sleeping, the closest would be https://askubuntu.com/questions/28733/how-do-i-run-a-script-after-openvpn-has-connected-successfully
  ## Maybe this would work https://unix.stackexchange.com/questions/403202/create-bash-script-to-wait-and-then-run
  ##
  - which openvpn || (apt-get update -y -qq && apt-get install -y -qq openvpn) # Install openvpn if not available.
  - cat <<< $CLIENT_OVPN > /etc/openvpn/client.conf # Move vpn config from gitlab variable to config file.
  - cat <<< $VPN_U > /etc/openvpn/pass.txt # Move vpn user from gitlab variable to pass file.
  - cat <<< $VPN_P >> /etc/openvpn/pass.txt # Move vpn password from gitlab variable to pass file.
  - cat <<< "auth-user-pass /etc/openvpn/pass.txt" >> /etc/openvpn/client.conf # Tell vpn config to use password file.
  - cat <<< "log /etc/openvpn/client.log" >> /etc/openvpn/client.conf # Tell vpn config to use log file.
  - openvpn --config /etc/openvpn/client.conf --daemon # Start openvpn with config as a deamon.
  - sleep 30s # Wait for some time so the vpn can connect before doing anything else.
  - cat /etc/openvpn/client.log # Print the vpn log.
  - ping -c 1 <IP> # Ping the server I want to deploy to. If not available this stops the deployment process.

在此之后,您可以添加一个 after_script 部分来停止 OpenVPN 守护进程,或者使用一个包含 when: always 的特殊关闭作业来确保即使构建时 VPN 连接也会关闭失败。

您还可以尝试其他解决方案,具体取决于您的环境。