AI AgentTechnical Deep Dive
CI/CD 流程优化 —— GitHub Actions 与前端自动化
发布时间2026/03/29
分类AI Agent
预计阅读1 分钟
作者吴长龙
*
CI/CD 是什么?
01.内容
CI/CD 是什么?
- •CI(持续集成):代码提交后自动构建、测试
- •CD(持续交付/部署):自动部署到测试/生产环境
GitHub Actions 基础
yaml snippetyaml
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run linter
run: npm run lint
- name: Run tests
run: npm run test
- name: Build
run: npm run build前端 CI/CD 流程设计
#### 1. 多阶段构建
yaml snippetyaml
name: CI/CD
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run lint
test:
needs: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run test:ci
- uses: codecov/codecov-action@v3
with:
files: ./coverage/coverage-final.json
build:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run build
- uses: actions/upload-artifact@v3
with:
name: dist
path: dist/#### 2. Matrix 策略(多版本测试)
yaml snippetyaml
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18, 20, 22]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- run: npm ci
- run: npm test#### 3. 环境变量与Secrets
yaml snippetyaml
deploy:
needs: build
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v3
with:
name: dist
- name: Deploy to Vercel
uses: amondnet/vercel-action@v25
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
vercel-args: '--prod'缓存优化
#### npm 缓存
yaml snippetyaml
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm' # 自动缓存 node_modules#### 构建缓存
yaml snippetyaml
- name: Cache build
uses: actions/cache@v3
with:
path: |
.next/cache
node_modules/.cache
key: ${{ runner.os }}-build-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-build-#### Turborepo 远程缓存
yaml snippetyaml
- name: Setup Turborepo
uses: nrwl/nx-set-shas@v3
- run: npx turbo run build --parallel
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ secrets.TURBO_TEAM }}自动化场景
#### 1. 自动版本发布
yaml snippetyaml
name: Release
on:
push:
tags:
- 'v*'
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
- run: npm ci
- run: npm run build
- name: Publish
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}#### 2. 自动部署预览
yaml snippetyaml
name: Preview Deploy
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
preview:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Deploy Preview
uses: amondnet/vercel-action@v25
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
vercel-args: '--prebuilt'
- name: Comment Preview URL
uses: actions/github-script@v6
with:
script: |
const previewUrl = '${{ steps.vercel.outputs.preview-url }}';
const prNumber = context.issue.number;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
body: `🚀 Preview deployed: ${previewUrl}`
});#### 3. 自动依赖更新
yaml snippetyaml
name: Dependabot
on:
pull_request:
branches: [main]
jobs:
auto-merge:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Enable auto-merge
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}安全检查
#### 1. 代码安全扫描
yaml snippetyaml
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Run Snyk
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}#### 2. 敏感信息检查
yaml snippetyaml
secrets-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: GitLeaks Scan
uses: gitleaks/gitleaks-action@v2
env:
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}最佳实践
#### 1. Job 依赖关系
yaml snippetyaml
jobs:
lint:
# ...
test:
needs: lint # 等 lint 完成后才运行
# ...
build:
needs: test # 等 test 完成后才运行
# ...
deploy:
needs: build # 等 build 完成后才运行
if: github.ref == 'refs/heads/main' # 只在 main 分支部署#### 2. 并行任务
yaml snippetyaml
jobs:
lint:
runs-on: ubuntu-latest
steps:
- run: npm run lint
typecheck:
runs-on: ubuntu-latest
steps:
- run: npm run typecheck
# lint 和 typecheck 可以并行执行
build:
needs: [lint, typecheck] # 等待两者都完成
# ...#### 3. 失败通知
yaml snippetyaml
- name: Notify on failure
if: failure()
uses: slackapi/slack-github-action@v1.24
with:
payload: |
{
"text": "Build failed!",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "❌ *Build Failed*\n<${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}|View Logs>"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}完整示例
yaml snippetyaml
name: CI/CD Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
NODE_VERSION: '20'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- run: npm ci
- run: npm run lint
typecheck:
name: Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- run: npm ci
- run: npm run typecheck
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- run: npm ci
- run: npm run test:ci
- uses: codecov/codecov-action@v3
with:
files: ./coverage/coverage-final.json
build:
name: Build
needs: [lint, typecheck, test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- run: npm ci
- run: npm run build
deploy:
name: Deploy
needs: build
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
name: dist
path: dist
- name: Deploy to Production
run: echo "Deploy commands here"总结
前端 CI/CD 核心要点:
- •分层执行:Lint → Test → Build → Deploy
- •缓存优化:减少重复工作
- •并行处理:充分利用 GitHub Actions 并发
- •失败通知:及时发现问题
- •安全扫描:保护代码资产
自动化让开发更高效,让发布更可靠。