MonkeyCode DevOps 实践：CI/CD流水线与自动化部署全流程

MonkeyCode 作为一个开源项目，自身的CI/CD流水线也是开源的。从代码提交到生产部署，全流程自动化。本文分享我们的DevOps实践，这些配置你也可以直接用在项目中。

整体流水线

复制代码

代码提交 → 自动化流程:\n\n1. Lint + 格式化检查 (2分钟)\n2. 单元测试 (5分钟)\n3. 集成测试 (10分钟)\n4. 安全扫描 (3分钟)\n5. Docker镜像构建 (5分钟)\n6. 部署到Staging (3分钟)\n7. E2E测试 (10分钟)\n8. 人工确认 → 部署到Production\n\n总耗时: 约40分钟（不含人工确认）

GitHub Actions配置

PR检查流水线

复制代码

# .github/workflows/pr-check.yml\nname: PR Check\n\non:\n  pull_request:\n    branches: [main]\n\njobs:\n  lint:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-go@v5\n        with: { go-version: "1.22" }\n      - run: go vet ./...\n      - run: golint ./...\n\n  test:\n    needs: lint\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - run: go test -race -coverprofile=coverage.out ./...\n      - uses: codecov/codecov-action@v3\n        with:\n          file: coverage.out\n          fail_ci_if_error: true\n\n  security:\n    needs: lint\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: aquasecurity/trivy-action@master\n        with:\n          scan-type: fs\n          severity: CRITICAL,HIGH\n          exit-code: 1\n\n  frontend:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-node@v4\n        with: { node-version: "20" }\n      - run: cd frontend && npm ci\n      - run: cd frontend && npm run lint\n      - run: cd frontend && npm run test\n      - run: cd frontend && npm run build

发布流水线

复制代码

# .github/workflows/release.yml\nname: Release\n\non:\n  push:\n    tags: ["v*"]\n\njobs:\n  build:\n    strategy:\n      matrix:\n        include:\n          - os: linux, arch: amd64\n          - os: linux, arch: arm64\n          - os: darwin, arch: amd64\n          - os: darwin, arch: arm64\n          - os: windows, arch: amd64\n    steps:\n      - uses: actions/checkout@v4\n      - run: CGO_ENABLED=0 GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} go build -o monkeycode\n      - uses: actions/upload-artifact@v4\n        with:\n          name: monkeycode-${{ matrix.os }}-${{ matrix.arch }}\n          path: monkeycode\n\n  docker:\n    needs: build\n    runs-on: ubuntu-latest\n    steps:\n      - uses: docker/setup-buildx-action@v3\n      - uses: docker/login-action@v3\n        with:\n          registry: ghcr.io\n          username: ${{ github.actor }}\n          password: ${{ secrets.GITHUB_TOKEN }}\n      - uses: docker/build-push-action@v5\n        with:\n          push: true\n          tags: |\n            ghcr.io/chaitin/monkeycode:latest\n            ghcr.io/chaitin/monkeycode:${{ github.ref_name }}\n          cache-from: type=gha\n          cache-to: type=gha,mode=max\n\n  deploy-staging:\n    needs: docker\n    runs-on: ubuntu-latest\n    steps:\n      - run: kubectl set image deployment/monkeycode monkeycode=ghcr.io/chaitin/monkeycode:${{ github.ref_name }} --namespace staging\n      - run: kubectl rollout status deployment/monkeycode --namespace staging --timeout=300s\n\n  e2e-test:\n    needs: deploy-staging\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - run: cd e2e && npm ci && npm run test:staging

Docker配置

多阶段构建

复制代码

# Dockerfile\n\n# 阶段1: 构建\nFROM golang:1.22-alpine AS builder\nWORKDIR /app\nCOPY go.mod go.sum ./\nRUN go mod download\nCOPY . .\nRUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o monkeycode-server ./cmd/server\n\n# 阶段2: 运行\nFROM alpine:3.19\nRUN apk --no-cache add ca-certificates git\nCOPY --from=builder /app/monkeycode-server /usr/local/bin/\nCOPY --from=builder /app/configs /etc/monkeycode/configs\nEXPOSE 8080\nENTRYPOINT ["monkeycode-server"]

docker-compose一键部署

复制代码

# docker-compose.yml (开源版)\nversion: "3.8"\nservices:\n  monkeycode:\n    image: ghcr.io/chaitin/monkeycode:latest\n    ports: ["8080:8080"]\n    depends_on: [postgres, redis]\n    environment:\n      DATABASE_URL: postgres://monkeycode:password@postgres:5432/monkeycode\n      REDIS_URL: redis://redis:6379\n      JWT_SECRET: ${JWT_SECRET}\n\n  postgres:\n    image: postgres:16-alpine\n    volumes: [pgdata:/var/lib/postgresql/data]\n    environment:\n      POSTGRES_DB: monkeycode\n      POSTGRES_PASSWORD: password\n\n  redis:\n    image: redis:7-alpine\n    volumes: [redisdata:/data]\n\nvolumes:\n  pgdata:\n  redisdata:

Kubernetes部署

复制代码

# 部署配置\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: monkeycode\nspec:\n  replicas: 3\n  strategy:\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 0\n  template:\n    spec:\n      containers:\n      - name: monkeycode\n        image: ghcr.io/chaitin/monkeycode:latest\n        resources:\n          requests: { cpu: 500m, memory: 512Mi }\n          limits: { cpu: 2000m, memory: 2Gi }\n        readinessProbe:\n          httpGet: { path: /health, port: 8080 }\n          initialDelaySeconds: 5\n          periodSeconds: 10\n        livenessProbe:\n          httpGet: { path: /health, port: 8080 }\n          initialDelaySeconds: 15\n          periodSeconds: 20\n\n---\napiVersion: autoscaling/v2\nkind: HorizontalPodAutoscaler\nmetadata:\n  name: monkeycode\nspec:\n  minReplicas: 3\n  maxReplicas: 20\n  metrics:\n  - type: Resource\n    resource:\n      name: cpu\n      target: { type: Utilization, averageUtilization: 60 }

监控与告警

复制代码

监控栈:\n\nPrometheus --- 指标采集\n  - API响应时间\n  - AI模型调用延迟\n  - 容器资源使用\n  - 任务成功率\n\nGrafana --- 可视化看板\n  - 服务健康概览\n  - AI使用量统计\n  - 成本分析\n\nAlertManager --- 告警\n  - 服务宕机 → 立即通知\n  - 错误率 > 5% → 5分钟通知\n  - AI调用超时 > 10% → 10分钟通知\n  - 磁盘使用 > 80% → 1小时通知

总结

MonkeyCode的DevOps实践全部开源------从GitHub Actions流水线到Docker配置到Kubernetes部署。你可以直接复用这些配置来搭建自己的CI/CD。开源不仅是分享代码，也是分享工程实践。

CI/CD配置：github.com/chaitin/MonkeyCode/tree/main/.github/workflows

部署文档：github.com/chaitin/MonkeyCode/blob/main/docs/deployment.md