deployment-pipeline-design
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseDeployment Pipeline Design
部署流水线设计
Architecture patterns for multi-stage CI/CD pipelines with approval gates and deployment strategies.
带有审批门和部署策略的多阶段CI/CD流水线架构模式。
Purpose
目标
Design robust, secure deployment pipelines that balance speed with safety through proper stage organization and approval workflows.
通过合理的阶段组织和审批工作流,设计兼具速度与安全性的健壮、安全的部署流水线。
When to Use
适用场景
- Design CI/CD architecture
- Implement deployment gates
- Configure multi-environment pipelines
- Establish deployment best practices
- Implement progressive delivery
- CI/CD架构设计
- 部署门配置
- 多环境流水线搭建
- 部署最佳实践落地
- 渐进式交付实施
Pipeline Stages
流水线阶段
Standard Pipeline Flow
标准流水线流程
┌─────────┐ ┌──────┐ ┌─────────┐ ┌────────┐ ┌──────────┐
│ Build │ → │ Test │ → │ Staging │ → │ Approve│ → │Production│
└─────────┘ └──────┘ └─────────┘ └────────┘ └──────────┘┌─────────┐ ┌──────┐ ┌─────────┐ ┌────────┐ ┌──────────┐
│ Build │ → │ Test │ → │ Staging │ → │ Approve│ → │Production│
└─────────┘ └──────┘ └─────────┘ └────────┘ └──────────┘Detailed Stage Breakdown
详细阶段分解
- Source - Code checkout
- Build - Compile, package, containerize
- Test - Unit, integration, security scans
- Staging Deploy - Deploy to staging environment
- Integration Tests - E2E, smoke tests
- Approval Gate - Manual approval required
- Production Deploy - Canary, blue-green, rolling
- Verification - Health checks, monitoring
- Rollback - Automated rollback on failure
- Source - 代码检出
- Build - 编译、打包、容器化
- Test - 单元测试、集成测试、安全扫描
- Staging Deploy - 部署到预发布环境
- Integration Tests - 端到端测试、冒烟测试
- Approval Gate - 需要人工审批
- Production Deploy - 金丝雀、蓝绿、滚动部署
- Verification - 健康检查、监控
- Rollback - 失败时自动回滚
Approval Gate Patterns
审批门模式
Pattern 1: Manual Approval
模式1:人工审批
yaml
undefinedyaml
undefinedGitHub Actions
GitHub Actions
production-deploy:
needs: staging-deploy
environment:
name: production
url: https://app.example.com
runs-on: ubuntu-latest
steps:
- name: Deploy to production
run: |
# Deployment commands
undefinedproduction-deploy:
needs: staging-deploy
environment:
name: production
url: https://app.example.com
runs-on: ubuntu-latest
steps:
- name: Deploy to production
run: |
# Deployment commands
undefinedPattern 2: Time-Based Approval
模式2:基于时间的审批
yaml
undefinedyaml
undefinedGitLab CI
GitLab CI
deploy:production:
stage: deploy
script:
- deploy.sh production
environment:
name: production
when: delayed
start_in: 30 minutes
only:
- main
undefineddeploy:production:
stage: deploy
script:
- deploy.sh production
environment:
name: production
when: delayed
start_in: 30 minutes
only:
- main
undefinedPattern 3: Multi-Approver
模式3:多审批人
yaml
undefinedyaml
undefinedAzure Pipelines
Azure Pipelines
stages:
- stage: Production
dependsOn: Staging
jobs:
- deployment: Deploy environment: name: production resourceType: Kubernetes strategy: runOnce: preDeploy: steps: - task: ManualValidation@0 inputs: notifyUsers: "team-leads@example.com" instructions: "Review staging metrics before approving"
**Reference:** See `assets/approval-gate-template.yml`stages:
- stage: Production
dependsOn: Staging
jobs:
- deployment: Deploy environment: name: production resourceType: Kubernetes strategy: runOnce: preDeploy: steps: - task: ManualValidation@0 inputs: notifyUsers: "team-leads@example.com" instructions: "Review staging metrics before approving"
**参考:** 查看 `assets/approval-gate-template.yml`Deployment Strategies
部署策略
1. Rolling Deployment
1. 滚动部署
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 10
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 1Characteristics:
- Gradual rollout
- Zero downtime
- Easy rollback
- Best for most applications
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 10
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 1特点:
- 渐进式发布
- 零停机
- 回滚简单
- 适用于大多数应用
2. Blue-Green Deployment
2. 蓝绿部署
yaml
undefinedyaml
undefinedBlue (current)
Blue (当前版本)
kubectl apply -f blue-deployment.yaml
kubectl label service my-app version=blue
kubectl apply -f blue-deployment.yaml
kubectl label service my-app version=blue
Green (new)
Green (新版本)
kubectl apply -f green-deployment.yaml
kubectl apply -f green-deployment.yaml
Test green environment
测试绿色环境
kubectl label service my-app version=green
kubectl label service my-app version=green
Rollback if needed
如需回滚
kubectl label service my-app version=blue
**Characteristics:**
- Instant switchover
- Easy rollback
- Doubles infrastructure cost temporarily
- Good for high-risk deploymentskubectl label service my-app version=blue
**特点:**
- 即时切换
- 回滚简单
- 临时双倍基础设施成本
- 适合高风险部署3. Canary Deployment
3. 金丝雀部署
yaml
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: my-app
spec:
replicas: 10
strategy:
canary:
steps:
- setWeight: 10
- pause: { duration: 5m }
- setWeight: 25
- pause: { duration: 5m }
- setWeight: 50
- pause: { duration: 5m }
- setWeight: 100Characteristics:
- Gradual traffic shift
- Risk mitigation
- Real user testing
- Requires service mesh or similar
yaml
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: my-app
spec:
replicas: 10
strategy:
canary:
steps:
- setWeight: 10
- pause: { duration: 5m }
- setWeight: 25
- pause: { duration: 5m }
- setWeight: 50
- pause: { duration: 5m }
- setWeight: 100特点:
- 渐进式流量切换
- 风险缓解
- 真实用户测试
- 需要服务网格或类似工具支持
4. Feature Flags
4. 功能开关
python
from flagsmith import Flagsmith
flagsmith = Flagsmith(environment_key="API_KEY")
if flagsmith.has_feature("new_checkout_flow"):
# New code path
process_checkout_v2()
else:
# Existing code path
process_checkout_v1()Characteristics:
- Deploy without releasing
- A/B testing
- Instant rollback
- Granular control
python
from flagsmith import Flagsmith
flagsmith = Flagsmith(environment_key="API_KEY")
if flagsmith.has_feature("new_checkout_flow"):
# 新代码路径
process_checkout_v2()
else:
# 现有代码路径
process_checkout_v1()特点:
- 部署但不发布
- A/B测试
- 即时回滚
- 精细化控制
Pipeline Orchestration
流水线编排
Multi-Stage Pipeline Example
多阶段流水线示例
yaml
name: Production Pipeline
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build application
run: make build
- name: Build Docker image
run: docker build -t myapp:${{ github.sha }} .
- name: Push to registry
run: docker push myapp:${{ github.sha }}
test:
needs: build
runs-on: ubuntu-latest
steps:
- name: Unit tests
run: make test
- name: Security scan
run: trivy image myapp:${{ github.sha }}
deploy-staging:
needs: test
runs-on: ubuntu-latest
environment:
name: staging
steps:
- name: Deploy to staging
run: kubectl apply -f k8s/staging/
integration-test:
needs: deploy-staging
runs-on: ubuntu-latest
steps:
- name: Run E2E tests
run: npm run test:e2e
deploy-production:
needs: integration-test
runs-on: ubuntu-latest
environment:
name: production
steps:
- name: Canary deployment
run: |
kubectl apply -f k8s/production/
kubectl argo rollouts promote my-app
verify:
needs: deploy-production
runs-on: ubuntu-latest
steps:
- name: Health check
run: curl -f https://app.example.com/health
- name: Notify team
run: |
curl -X POST ${{ secrets.SLACK_WEBHOOK }} \
-d '{"text":"Production deployment successful!"}'yaml
name: Production Pipeline
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build application
run: make build
- name: Build Docker image
run: docker build -t myapp:${{ github.sha }} .
- name: Push to registry
run: docker push myapp:${{ github.sha }}
test:
needs: build
runs-on: ubuntu-latest
steps:
- name: Unit tests
run: make test
- name: Security scan
run: trivy image myapp:${{ github.sha }}
deploy-staging:
needs: test
runs-on: ubuntu-latest
environment:
name: staging
steps:
- name: Deploy to staging
run: kubectl apply -f k8s/staging/
integration-test:
needs: deploy-staging
runs-on: ubuntu-latest
steps:
- name: Run E2E tests
run: npm run test:e2e
deploy-production:
needs: integration-test
runs-on: ubuntu-latest
environment:
name: production
steps:
- name: Canary deployment
run: |
kubectl apply -f k8s/production/
kubectl argo rollouts promote my-app
verify:
needs: deploy-production
runs-on: ubuntu-latest
steps:
- name: Health check
run: curl -f https://app.example.com/health
- name: Notify team
run: |
curl -X POST ${{ secrets.SLACK_WEBHOOK }} \
-d '{"text":"Production deployment successful!"}'Pipeline Best Practices
流水线最佳实践
- Fail fast - Run quick tests first
- Parallel execution - Run independent jobs concurrently
- Caching - Cache dependencies between runs
- Artifact management - Store build artifacts
- Environment parity - Keep environments consistent
- Secrets management - Use secret stores (Vault, etc.)
- Deployment windows - Schedule deployments appropriately
- Monitoring integration - Track deployment metrics
- Rollback automation - Auto-rollback on failures
- Documentation - Document pipeline stages
- 快速失败 - 优先运行快速测试
- 并行执行 - 并发运行独立任务
- 缓存机制 - 在多次运行间缓存依赖
- 制品管理 - 存储构建制品
- 环境一致性 - 保持各环境一致
- 密钥管理 - 使用密钥存储工具(如Vault等)
- 部署窗口 - 合理安排部署时间
- 监控集成 - 跟踪部署指标
- 自动回滚 - 失败时自动回滚
- 文档化 - 记录流水线阶段
Rollback Strategies
回滚策略
Automated Rollback
自动回滚
yaml
deploy-and-verify:
steps:
- name: Deploy new version
run: kubectl apply -f k8s/
- name: Wait for rollout
run: kubectl rollout status deployment/my-app
- name: Health check
id: health
run: |
for i in {1..10}; do
if curl -sf https://app.example.com/health; then
exit 0
fi
sleep 10
done
exit 1
- name: Rollback on failure
if: failure()
run: kubectl rollout undo deployment/my-appyaml
deploy-and-verify:
steps:
- name: Deploy new version
run: kubectl apply -f k8s/
- name: Wait for rollout
run: kubectl rollout status deployment/my-app
- name: Health check
id: health
run: |
for i in {1..10}; do
if curl -sf https://app.example.com/health; then
exit 0
fi
sleep 10
done
exit 1
- name: Rollback on failure
if: failure()
run: kubectl rollout undo deployment/my-appManual Rollback
手动回滚
bash
undefinedbash
undefinedList revision history
查看版本历史
kubectl rollout history deployment/my-app
kubectl rollout history deployment/my-app
Rollback to previous version
回滚到上一个版本
kubectl rollout undo deployment/my-app
kubectl rollout undo deployment/my-app
Rollback to specific revision
回滚到指定版本
kubectl rollout undo deployment/my-app --to-revision=3
undefinedkubectl rollout undo deployment/my-app --to-revision=3
undefinedMonitoring and Metrics
监控与指标
Key Pipeline Metrics
关键流水线指标
- Deployment Frequency - How often deployments occur
- Lead Time - Time from commit to production
- Change Failure Rate - Percentage of failed deployments
- Mean Time to Recovery (MTTR) - Time to recover from failure
- Pipeline Success Rate - Percentage of successful runs
- Average Pipeline Duration - Time to complete pipeline
- 部署频率 - 部署发生的频次
- 前置时间 - 从代码提交到生产环境的时间
- 变更失败率 - 失败部署的百分比
- 平均恢复时间(MTTR) - 从故障中恢复的时间
- 流水线成功率 - 成功运行的百分比
- 平均流水线时长 - 完成流水线的时间
Integration with Monitoring
与监控系统集成
yaml
- name: Post-deployment verification
run: |
# Wait for metrics stabilization
sleep 60
# Check error rate
ERROR_RATE=$(curl -s "$PROMETHEUS_URL/api/v1/query?query=rate(http_errors_total[5m])" | jq '.data.result[0].value[1]')
if (( $(echo "$ERROR_RATE > 0.01" | bc -l) )); then
echo "Error rate too high: $ERROR_RATE"
exit 1
fiyaml
- name: Post-deployment verification
run: |
# 等待指标稳定
sleep 60
# 检查错误率
ERROR_RATE=$(curl -s "$PROMETHEUS_URL/api/v1/query?query=rate(http_errors_total[5m])" | jq '.data.result[0].value[1]')
if (( $(echo "$ERROR_RATE > 0.01" | bc -l) )); then
echo "Error rate too high: $ERROR_RATE"
exit 1
fiReference Files
参考文件
- - Complex pipeline patterns
references/pipeline-orchestration.md - - Approval workflow templates
assets/approval-gate-template.yml
- - 复杂流水线模式
references/pipeline-orchestration.md - - 审批工作流模板
assets/approval-gate-template.yml
Related Skills
相关技能
- - For GitHub Actions implementation
github-actions-templates - - For GitLab CI implementation
gitlab-ci-patterns - - For secrets handling
secrets-management
- - 用于GitHub Actions落地
github-actions-templates - - 用于GitLab CI落地
gitlab-ci-patterns - - 用于密钥处理
secrets-management