@umacloud/knowledge 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/00-governance/governance-capabilities.md +557 -0
- package/00-governance/knowledge-map.md +39 -0
- package/00-governance/maintenance-policy.md +76 -0
- package/00-governance/review-checklist.md +81 -0
- package/README.md +13 -0
- package/ai/01-standards/agent-development-complete.md +691 -0
- package/ai/01-standards/llm-application-complete.md +488 -0
- package/ai/01-standards/mlops-complete.md +798 -0
- package/ai/01-standards/prompt-engineering-complete.md +646 -0
- package/ai/01-standards/rag-architecture-complete.md +649 -0
- package/ai/02-playbooks/llm-evaluation-playbook.md +847 -0
- package/ai/03-checklists/ai-project-checklist.md +215 -0
- package/ai/04-antipatterns/ai-antipatterns.md +661 -0
- package/ai/05-cases/case-rag-production.md +147 -0
- package/ai/06-glossary/ai-glossary.md +162 -0
- package/ai/agent-evaluation-benchmark.md +53 -0
- package/ai/ai-agent-memory-context-management.md +41 -0
- package/ai/ai-cost-capacity-optimization-playbook.md +42 -0
- package/ai/ai-data-security-and-compliance-playbook.md +37 -0
- package/ai/ai-domain-index-and-checklist.md +40 -0
- package/ai/ai-governance-maturity-model.md +50 -0
- package/ai/ai-model-selection-and-routing-strategy.md +47 -0
- package/ai/ai-observability-and-oncall-runbook.md +52 -0
- package/ai/ai-rag-engineering-playbook.md +42 -0
- package/ai/ai-red-team-and-safety-evaluation.md +42 -0
- package/ai/ai-release-readiness-and-rollback-gate.md +42 -0
- package/ai/llm-agent-engineering-deep-dive.md +57 -0
- package/ai/prompt-and-tool-guardrails.md +52 -0
- package/api/01-standards/enterprise-api-standards.md +198 -0
- package/api/01-standards/rest-api-design-guide.md +63 -0
- package/api/02-playbooks/api-pagination-playbook.md +93 -0
- package/api/02-playbooks/graphql-production-playbook.md +176 -0
- package/api/03-checklists/api-review-checklist.md +55 -0
- package/api/04-antipatterns/api-antipatterns.md +112 -0
- package/architecture/01-standards/api-gateway-patterns.md +496 -0
- package/architecture/01-standards/cloud-native-patterns.md +644 -0
- package/architecture/01-standards/distributed-systems-patterns.md +591 -0
- package/architecture/01-standards/event-driven-architecture.md +595 -0
- package/architecture/01-standards/microservices-patterns-complete.md +968 -0
- package/architecture/01-standards/microservices-patterns.md +495 -0
- package/architecture/01-standards/system-design-interview.md +664 -0
- package/architecture/02-playbooks/microservices-patterns-playbook.md +137 -0
- package/architecture/02-playbooks/migration-playbook.md +780 -0
- package/architecture/02-playbooks/system-design-playbook.md +779 -0
- package/architecture/03-checklists/architecture-decision-checklist.md +297 -0
- package/architecture/04-antipatterns/architecture-antipatterns.md +417 -0
- package/architecture/05-cases/case-netflix-microservices.md +413 -0
- package/architecture/06-glossary/architecture-glossary.md +164 -0
- package/architecture/adr-template-and-examples.md +38 -0
- package/architecture/api-gateway-deep-dive.md +1291 -0
- package/architecture/configuration-management.md +1162 -0
- package/architecture/distributed-transactions.md +1220 -0
- package/architecture/microservices-complete.md +735 -0
- package/architecture/resilience-and-disaster-patterns.md +37 -0
- package/architecture/service-governance.md +1198 -0
- package/architecture/system-architecture-deep-dive.md +37 -0
- package/backend/01-standards/analytics-and-growth.md +65 -0
- package/backend/01-standards/api-and-error-conventions.md +120 -0
- package/backend/01-standards/application-layering-and-packaging.md +160 -0
- package/backend/01-standards/auth-implementation.md +104 -0
- package/backend/01-standards/backend-framework-idioms.md +74 -0
- package/backend/01-standards/background-jobs-and-async.md +66 -0
- package/backend/01-standards/caching-strategies-complete.md +390 -0
- package/backend/01-standards/config-and-observability.md +77 -0
- package/backend/01-standards/data-modeling-and-persistence.md +94 -0
- package/backend/01-standards/django-complete.md +1765 -0
- package/backend/01-standards/email-and-notifications.md +64 -0
- package/backend/01-standards/fastapi-complete.md +925 -0
- package/backend/01-standards/file-upload-and-storage.md +66 -0
- package/backend/01-standards/graphql-api-complete.md +416 -0
- package/backend/01-standards/llm-application-standard.md +78 -0
- package/backend/01-standards/message-queue-patterns.md +379 -0
- package/backend/01-standards/microservices-and-distributed.md +78 -0
- package/backend/01-standards/nestjs-complete.md +2167 -0
- package/backend/01-standards/payment-integration.md +80 -0
- package/backend/01-standards/rate-limiting-complete.md +451 -0
- package/backend/01-standards/realtime-and-websocket.md +65 -0
- package/backend/01-standards/search-and-filtering.md +64 -0
- package/backend/01-standards/spring-boot-complete.md +445 -0
- package/backend/02-playbooks/api-design-playbook.md +718 -0
- package/backend/02-playbooks/email-send-playbook.md +130 -0
- package/backend/02-playbooks/file-upload-s3-playbook.md +153 -0
- package/backend/02-playbooks/typescript-enterprise-playbook.md +133 -0
- package/backend/02-playbooks/websocket-realtime-playbook.md +154 -0
- package/backend/03-checklists/api-launch-checklist.md +189 -0
- package/backend/04-antipatterns/backend-antipatterns.md +1051 -0
- package/blockchain/01-standards/blockchain-basics.md +557 -0
- package/blockchain/01-standards/smart-contract-development.md +1315 -0
- package/cicd/01-standards/deployment-and-delivery-standard.md +96 -0
- package/cicd/01-standards/github-actions-complete.md +473 -0
- package/cicd/01-standards/release-and-store-submission.md +75 -0
- package/cicd/02-playbooks/cicd-pipeline-playbook.md +144 -0
- package/cicd/02-playbooks/release-management-playbook.md +605 -0
- package/cicd/03-checklists/pipeline-security-checklist.md +168 -0
- package/cicd/04-antipatterns/cicd-antipatterns.md +589 -0
- package/cicd/05-cases/case-deployment-automation.md +221 -0
- package/cicd/05-cases/case-gitops-transformation.md +212 -0
- package/cicd/06-glossary/cicd-glossary.md +114 -0
- package/cicd/cicd-blueprint-deep-dive.md +38 -0
- package/cicd/release-readiness-gate.md +37 -0
- package/cloud-native/01-standards/container-security.md +741 -0
- package/cloud-native/01-standards/kubernetes-complete.md +812 -0
- package/cloud-native/02-playbooks/api-gateway-playbook.md +155 -0
- package/cloud-native/02-playbooks/gitops-with-argocd.md +760 -0
- package/cloud-native/02-playbooks/k8s-troubleshooting-playbook.md +1942 -0
- package/cloud-native/02-playbooks/message-queue-playbook.md +129 -0
- package/cloud-native/02-playbooks/multicloud-governance.md +726 -0
- package/cloud-native/02-playbooks/serverless-patterns.md +788 -0
- package/cloud-native/02-playbooks/service-mesh-playbook.md +612 -0
- package/cloud-native/02-playbooks/terraform-iac-playbook.md +143 -0
- package/cloud-native/03-checklists/container-security-checklist.md +431 -0
- package/cloud-native/03-checklists/k8s-production-readiness-checklist.md +460 -0
- package/cloud-native/04-antipatterns/container-antipatterns.md +660 -0
- package/cloud-native/04-antipatterns/k8s-antipatterns.md +743 -0
- package/cloud-native/05-cases/case-k8s-migration.md +478 -0
- package/cloud-native/05-cases/case-k8s-scaling.md +642 -0
- package/cloud-native/05-cases/case-k8s-security-incident.md +397 -0
- package/cloud-native/06-glossary/cloud-native-glossary.md +337 -0
- package/cross-platform/01-standards/cross-platform-frameworks.md +83 -0
- package/cross-platform/01-standards/platform-selection-and-architecture.md +77 -0
- package/data/01-standards/elasticsearch-complete.md +2098 -0
- package/data/01-standards/postgresql-complete.md +1613 -0
- package/data/01-standards/redis-complete.md +1527 -0
- package/data/02-playbooks/database-optimization-playbook.md +403 -0
- package/data/02-playbooks/elasticsearch-production-playbook.md +132 -0
- package/data/03-checklists/database-launch-checklist.md +187 -0
- package/data/04-antipatterns/database-antipatterns.md +873 -0
- package/data/05-cases/case-database-migration.md +310 -0
- package/data/06-glossary/database-glossary.md +440 -0
- package/data/data-governance-and-modeling-deep-dive.md +39 -0
- package/data-engineering/01-standards/airflow-complete.md +523 -0
- package/data-engineering/01-standards/kafka-complete.md +1521 -0
- package/data-engineering/02-playbooks/spark-etl-playbook.md +496 -0
- package/data-engineering/03-checklists/pipeline-launch-checklist.md +194 -0
- package/data-engineering/04-antipatterns/data-pipeline-antipatterns.md +684 -0
- package/data-engineering/05-cases/case-real-time-pipeline.md +355 -0
- package/data-engineering/06-glossary/data-engineering-glossary.md +429 -0
- package/database/01-standards/database-schema-standards.md +147 -0
- package/database/02-playbooks/postgresql-optimization-quick.md +52 -0
- package/database/02-playbooks/postgresql-performance-optimization.md +58 -0
- package/database/02-playbooks/postgresql-production-playbook.md +146 -0
- package/database/02-playbooks/redis-caching-playbook.md +117 -0
- package/database/03-checklists/database-review-checklist.md +50 -0
- package/database/04-antipatterns/database-antipatterns.md +112 -0
- package/design/01-standards/ui-design-system-complete.md +423 -0
- package/design/02-playbooks/design-handoff-playbook.md +254 -0
- package/design/02-playbooks/design-review-playbook.md +388 -0
- package/design/03-checklists/design-review-checklist.md +246 -0
- package/design/04-antipatterns/design-antipatterns.md +378 -0
- package/design/05-cases/case-design-system-adoption.md +328 -0
- package/design/06-glossary/design-glossary.md +329 -0
- package/design/ui-full-lifecycle-cross-platform-playbook.md +571 -0
- package/design/ux-system-deep-dive.md +38 -0
- package/design-systems/00-craft-rules.md +71 -0
- package/design-systems/aesthetic-families.md +43 -0
- package/design-systems/anti-ai-slop.md +162 -0
- package/design-systems/bold-geometric.md +120 -0
- package/design-systems/brutalist-bold.md +103 -0
- package/design-systems/editorial-clean.md +109 -0
- package/design-systems/glass-aurora.md +108 -0
- package/design-systems/modern-minimal.md +145 -0
- package/design-systems/premium-luxury.md +106 -0
- package/design-systems/product-type-design-map.md +48 -0
- package/design-systems/soft-warm.md +123 -0
- package/design-systems/tech-utility.md +113 -0
- package/desktop/01-standards/desktop-app-standard.md +72 -0
- package/desktop/01-standards/desktop-design.md +71 -0
- package/development/00-governance/document-template.md +41 -0
- package/development/01-standards/api-versioning-strategies.md +432 -0
- package/development/01-standards/authentication-patterns-complete.md +479 -0
- package/development/01-standards/css-architecture-complete.md +550 -0
- package/development/01-standards/database-migration-strategies.md +484 -0
- package/development/01-standards/elasticsearch-complete.md +347 -0
- package/development/01-standards/git-complete.md +371 -0
- package/development/01-standards/golang-complete.md +1565 -0
- package/development/01-standards/graphql-complete.md +298 -0
- package/development/01-standards/javascript-bundlers-complete.md +469 -0
- package/development/01-standards/javascript-typescript-complete.md +528 -0
- package/development/01-standards/jest-complete.md +275 -0
- package/development/01-standards/linux-complete.md +234 -0
- package/development/01-standards/logging-observability-complete.md +526 -0
- package/development/01-standards/microservices-communication.md +502 -0
- package/development/01-standards/mongodb-complete.md +406 -0
- package/development/01-standards/oauth2-complete.md +285 -0
- package/development/01-standards/performance-optimization-complete.md +289 -0
- package/development/01-standards/playwright-complete.md +247 -0
- package/development/01-standards/postgresql-complete.md +456 -0
- package/development/01-standards/pytest-complete.md +340 -0
- package/development/01-standards/python-async-programming.md +902 -0
- package/development/01-standards/python-complete.md +956 -0
- package/development/01-standards/python-decorators-complete.md +799 -0
- package/development/01-standards/python-design-patterns.md +2854 -0
- package/development/01-standards/python-packaging-distribution.md +420 -0
- package/development/01-standards/python-testing-strategies.md +607 -0
- package/development/01-standards/python-web-frameworks-comparison.md +471 -0
- package/development/01-standards/redis-complete.md +317 -0
- package/development/01-standards/rest-api-complete.md +316 -0
- package/development/01-standards/rust-complete.md +578 -0
- package/development/01-standards/typescript-advanced-types.md +1513 -0
- package/development/01-standards/web-security-complete.md +292 -0
- package/development/02-playbooks/api-design-playbook.md +810 -0
- package/development/02-playbooks/database-migration-playbook.md +580 -0
- package/development/02-playbooks/debugging-playbook.md +692 -0
- package/development/02-playbooks/feature-delivery-playbook.md +430 -0
- package/development/02-playbooks/incident-hotfix-playbook.md +387 -0
- package/development/02-playbooks/performance-optimization-playbook.md +531 -0
- package/development/02-playbooks/performance-tuning-playbook.md +652 -0
- package/development/02-playbooks/refactor-playbook.md +403 -0
- package/development/02-playbooks/release-playbook.md +469 -0
- package/development/03-checklists/architecture-review-checklist.md +168 -0
- package/development/03-checklists/data-migration-checklist.md +157 -0
- package/development/03-checklists/oncall-handover-checklist.md +173 -0
- package/development/03-checklists/pr-checklist.md +158 -0
- package/development/03-checklists/production-readiness-checklist.md +190 -0
- package/development/03-checklists/release-readiness-checklist.md +154 -0
- package/development/03-checklists/security-review-checklist.md +182 -0
- package/development/04-antipatterns/api-antipatterns.md +657 -0
- package/development/04-antipatterns/architecture-antipatterns.md +686 -0
- package/development/04-antipatterns/backend-antipatterns.md +648 -0
- package/development/04-antipatterns/cicd-antipatterns.md +540 -0
- package/development/04-antipatterns/code-smell-antipatterns.md +571 -0
- package/development/04-antipatterns/data-antipatterns.md +658 -0
- package/development/04-antipatterns/database-antipatterns.md +578 -0
- package/development/04-antipatterns/frontend-antipatterns.md +635 -0
- package/development/04-antipatterns/reliability-antipatterns.md +700 -0
- package/development/04-antipatterns/security-antipatterns.md +747 -0
- package/development/05-cases/case-api-version-migration.md +428 -0
- package/development/05-cases/case-authorization-hardening.md +383 -0
- package/development/05-cases/case-bluegreen-rollback.md +466 -0
- package/development/05-cases/case-cache-snowball-protection.md +485 -0
- package/development/05-cases/case-ci-cd-pipeline.md +544 -0
- package/development/05-cases/case-database-scaling.md +500 -0
- package/development/05-cases/case-db-hotspot-optimization.md +487 -0
- package/development/05-cases/case-incident-mttr-reduction.md +563 -0
- package/development/05-cases/case-microservice-migration.md +375 -0
- package/development/05-cases/case-performance-optimization.md +406 -0
- package/development/05-cases/case-security-incident-response.md +345 -0
- package/development/06-glossary/full-stack-glossary.md +166 -0
- package/development/09-maturity/quarterly-audit-template.md +35 -0
- package/development/11-ui-excellence/ui-aesthetic-system.md +41 -0
- package/development/11-ui-excellence/ui-engineering-excellence.md +435 -0
- package/development/12-scenarios/development-scenarios-guide.md +565 -0
- package/development/13-implementation-assets/implementation-toolkit.md +282 -0
- package/development/13-implementation-assets/knowledge-gates-execution.md +43 -0
- package/development/14-full-lifecycle/software-lifecycle-gates.md +511 -0
- package/development/15-lifecycle-templates/project-templates-collection.md +791 -0
- package/development/api-contract-and-versioning-guide.md +36 -0
- package/development/api-governance-complete.md +43 -0
- package/development/backend-engineering-complete.md +43 -0
- package/development/code-review-quality-complete.md +43 -0
- package/development/concurrency-reliability-complete.md +43 -0
- package/development/database-engineering-complete.md +43 -0
- package/development/engineering-effectiveness-complete.md +43 -0
- package/development/engineering-standards-deep-dive.md +38 -0
- package/development/frontend-engineering-complete.md +43 -0
- package/development/performance-capacity-complete.md +43 -0
- package/development/refactor-migration-complete.md +42 -0
- package/development/refactoring-and-techdebt-playbook.md +37 -0
- package/development/security-in-development-complete.md +43 -0
- package/devops/01-standards/cicd-pipeline-complete.md +262 -0
- package/devops/01-standards/docker-complete.md +1490 -0
- package/devops/01-standards/github-actions-complete.md +337 -0
- package/devops/01-standards/kubernetes-complete.md +638 -0
- package/devops/01-standards/terraform-complete.md +2117 -0
- package/devops/02-playbooks/docker-compose-playbook.md +233 -0
- package/devops/02-playbooks/docker-k8s-production-playbook.md +186 -0
- package/devops/02-playbooks/docker-production-playbook.md +952 -0
- package/edge-iot/01-standards/edge-iot-complete.md +473 -0
- package/experts/architect/api-design.md +178 -0
- package/experts/architect/methodology.md +124 -0
- package/experts/architect/security.md +75 -0
- package/experts/backend-lead/methodology.md +216 -0
- package/experts/devops/methodology.md +160 -0
- package/experts/frontend-lead/methodology.md +178 -0
- package/experts/product-manager/industry/ecommerce.md +43 -0
- package/experts/product-manager/industry/saas.md +40 -0
- package/experts/product-manager/methodology.md +97 -0
- package/experts/qa-lead/methodology.md +123 -0
- package/experts/qa-lead/test-strategy.md +128 -0
- package/experts/uiux-designer/methodology.md +125 -0
- package/frontend/01-standards/accessibility-complete.md +532 -0
- package/frontend/01-standards/accessibility-standard.md +74 -0
- package/frontend/01-standards/admin-dashboard-and-crud.md +72 -0
- package/frontend/01-standards/design-tokens-complete.md +444 -0
- package/frontend/01-standards/forms-and-validation.md +77 -0
- package/frontend/01-standards/frontend-architecture-and-layering.md +119 -0
- package/frontend/01-standards/i18n-and-localization.md +65 -0
- package/frontend/01-standards/nextjs-complete.md +451 -0
- package/frontend/01-standards/react-complete.md +713 -0
- package/frontend/01-standards/react-hooks-complete-guide.md +1100 -0
- package/frontend/01-standards/react-hooks-complete.md +1171 -0
- package/frontend/01-standards/seo-and-web-vitals.md +77 -0
- package/frontend/01-standards/state-management-complete.md +444 -0
- package/frontend/01-standards/vue-complete.md +499 -0
- package/frontend/01-standards/vue3-complete.md +2002 -0
- package/frontend/01-standards/web-framework-best-practices.md +64 -0
- package/frontend/01-standards/web-performance-complete.md +495 -0
- package/frontend/02-playbooks/accessibility-a11y-playbook.md +161 -0
- package/frontend/02-playbooks/frontend-performance-playbook.md +707 -0
- package/frontend/02-playbooks/i18n-internationalization-playbook.md +120 -0
- package/frontend/02-playbooks/performance-optimization-playbook.md +163 -0
- package/frontend/02-playbooks/react-nextjs-production-playbook.md +167 -0
- package/frontend/02-playbooks/react-state-management-playbook.md +173 -0
- package/frontend/03-checklists/component-quality-checklist.md +166 -0
- package/frontend/03-checklists/frontend-launch-checklist.md +299 -0
- package/frontend/04-antipatterns/frontend-antipatterns.md +886 -0
- package/frontend/05-cases/case-performance-optimization.md +274 -0
- package/harmony/01-standards/harmonyos-arkts-standard.md +75 -0
- package/harmony/01-standards/harmonyos-design.md +65 -0
- package/high-quality-engineering-playbook.md +54 -0
- package/incident/01-standards/incident-response-complete.md +303 -0
- package/incident/02-playbooks/chaos-engineering-playbook.md +883 -0
- package/incident/02-playbooks/postmortem-playbook.md +398 -0
- package/incident/03-checklists/incident-readiness-checklist.md +181 -0
- package/incident/04-antipatterns/incident-antipatterns.md +490 -0
- package/incident/05-cases/case-cascade-failure.md +176 -0
- package/incident/06-glossary/incident-glossary.md +114 -0
- package/incident/postmortem-and-response-deep-dive.md +39 -0
- package/industries/ecommerce/ecommerce-complete.md +631 -0
- package/industries/education/education-complete.md +555 -0
- package/industries/fintech/fintech-complete.md +501 -0
- package/industries/gaming/gaming-complete.md +587 -0
- package/industries/healthcare/healthcare-complete.md +452 -0
- package/low-code/01-standards/low-code-complete.md +944 -0
- package/miniprogram/01-standards/ai-common-mistakes.md +61 -0
- package/miniprogram/01-standards/miniprogram-custom-navbar-capsule.md +77 -0
- package/miniprogram/01-standards/miniprogram-design.md +61 -0
- package/miniprogram/01-standards/miniprogram-standard.md +81 -0
- package/mobile/01-standards/android-material-design.md +70 -0
- package/mobile/01-standards/flutter-complete.md +384 -0
- package/mobile/01-standards/ios-design-hig.md +78 -0
- package/mobile/01-standards/mobile-app-standard.md +85 -0
- package/mobile/01-standards/react-native-complete.md +352 -0
- package/mobile/02-playbooks/mobile-cross-platform-playbook.md +175 -0
- package/mobile/02-playbooks/mobile-performance.md +473 -0
- package/mobile/03-checklists/mobile-release-checklist.md +234 -0
- package/mobile/04-antipatterns/mobile-antipatterns.md +798 -0
- package/mobile/05-cases/case-app-performance.md +500 -0
- package/mobile/05-cases/case-app-startup-optimization.md +218 -0
- package/mobile/06-glossary/mobile-glossary.md +484 -0
- package/observability/01-standards/observability-standards.md +103 -0
- package/observability/02-playbooks/prometheus-grafana-playbook.md +135 -0
- package/observability/02-playbooks/structured-logging-playbook.md +73 -0
- package/observability/03-checklists/observability-checklist.md +54 -0
- package/observability/04-antipatterns/observability-antipatterns.md +106 -0
- package/operations/01-standards/prometheus-monitoring-complete.md +1578 -0
- package/operations/02-playbooks/capacity-planning-playbook.md +620 -0
- package/operations/03-checklists/production-launch-checklist.md +365 -0
- package/operations/04-antipatterns/operations-antipatterns.md +664 -0
- package/operations/05-cases/case-sre-practices.md +581 -0
- package/operations/06-glossary/operations-glossary.md +120 -0
- package/operations/aiops-anomaly-detection.md +758 -0
- package/operations/capacity-planning.md +1061 -0
- package/operations/chaos-engineering.md +659 -0
- package/operations/incident-command-system.md +38 -0
- package/operations/observability-complete.md +442 -0
- package/operations/slo-sli-playbook.md +517 -0
- package/operations/sre-operations-deep-dive.md +39 -0
- package/package.json +8 -0
- package/performance/01-standards/performance-and-scalability.md +80 -0
- package/performance/01-standards/performance-standards.md +156 -0
- package/performance/02-playbooks/query-optimization-playbook.md +103 -0
- package/performance/03-checklists/performance-checklist.md +56 -0
- package/performance/04-antipatterns/performance-antipatterns.md +146 -0
- package/product/01-standards/product-management-complete.md +285 -0
- package/product/02-playbooks/feature-launch-playbook.md +207 -0
- package/product/02-playbooks/user-research-playbook.md +532 -0
- package/product/03-checklists/feature-launch-checklist.md +275 -0
- package/product/04-antipatterns/product-antipatterns.md +355 -0
- package/product/05-cases/case-mvp-to-scale.md +384 -0
- package/product/06-glossary/product-glossary.md +462 -0
- package/product/feature-prioritization-framework.md +40 -0
- package/product/kpi-and-metric-tree.md +37 -0
- package/product/product-discovery-and-prd-deep-dive.md +41 -0
- package/quantum/01-standards/quantum-complete.md +1186 -0
- package/security/01-standards/api-security-complete.md +511 -0
- package/security/01-standards/container-runtime-security.md +574 -0
- package/security/01-standards/data-protection-gdpr.md +543 -0
- package/security/01-standards/owasp-top10-complete.md +1890 -0
- package/security/01-standards/secure-coding-baseline.md +90 -0
- package/security/01-standards/supply-chain-security.md +441 -0
- package/security/01-standards/web-security-checklist.md +108 -0
- package/security/01-standards/zero-trust-architecture.md +521 -0
- package/security/02-playbooks/auth-sso-playbook.md +166 -0
- package/security/02-playbooks/incident-response-security-playbook.md +588 -0
- package/security/02-playbooks/owasp-api-security-playbook.md +129 -0
- package/security/02-playbooks/payment-integration-playbook.md +119 -0
- package/security/02-playbooks/penetration-testing-playbook.md +517 -0
- package/security/03-checklists/security-audit-checklist.md +356 -0
- package/security/04-antipatterns/security-coding-antipatterns.md +580 -0
- package/security/05-cases/case-log4shell-incident.md +537 -0
- package/security/05-cases/case-major-breaches.md +468 -0
- package/security/06-glossary/security-glossary.md +212 -0
- package/security/compliance-automation.md +993 -0
- package/security/container-security.md +680 -0
- package/security/devsecops-complete.md +426 -0
- package/security/sast-dast-sca.md +775 -0
- package/security/secrets-management.md +594 -0
- package/security/security-architecture-deep-dive.md +37 -0
- package/security/threat-modeling-stride-playbook.md +40 -0
- package/seed-templates/auth-system.md +59 -0
- package/seed-templates/blog-content.md +94 -0
- package/seed-templates/dashboard.md +89 -0
- package/seed-templates/docs-site.md +73 -0
- package/seed-templates/e-commerce.md +50 -0
- package/seed-templates/saas-landing.md +92 -0
- package/seed-templates/settings-page.md +51 -0
- package/testing/01-standards/test-strategy-and-layering.md +83 -0
- package/testing/01-standards/testing-strategy-complete.md +422 -0
- package/testing/01-standards/unit-testing-best-practices.md +118 -0
- package/testing/02-playbooks/e2e-testing-playbook.md +988 -0
- package/testing/02-playbooks/testing-strategy-playbook.md +126 -0
- package/testing/03-checklists/test-strategy-checklist.md +208 -0
- package/testing/04-antipatterns/testing-antipatterns.md +718 -0
- package/testing/05-cases/case-testing-transformation.md +300 -0
- package/testing/06-glossary/testing-glossary.md +110 -0
- package/testing/risk-based-test-matrix.md +36 -0
- package/testing/testing-strategy-deep-dive.md +37 -0
|
@@ -0,0 +1,544 @@
|
|
|
1
|
+
---
|
|
2
|
+
id: case-ci-cd-pipeline
|
|
3
|
+
title: 案例研究:CI/CD 流水线从 0 到 1 搭建实战
|
|
4
|
+
domain: development
|
|
5
|
+
category: 05-cases
|
|
6
|
+
difficulty: intermediate
|
|
7
|
+
tags: [agent, case, checklist, development, pipeline, 元数据]
|
|
8
|
+
quality_score: 70
|
|
9
|
+
last_updated: 2026-06-15
|
|
10
|
+
---
|
|
11
|
+
# 案例研究:CI/CD 流水线从 0 到 1 搭建实战
|
|
12
|
+
|
|
13
|
+
## 元数据
|
|
14
|
+
|
|
15
|
+
| 字段 | 值 |
|
|
16
|
+
|------|------|
|
|
17
|
+
| 行业 | 金融科技(支付网关) |
|
|
18
|
+
| 系统规模 | 12 个微服务,日交易 500 万笔 |
|
|
19
|
+
| 技术栈 | Go + React + PostgreSQL + Kubernetes |
|
|
20
|
+
| 团队规模 | 后端 16 人,前端 6 人,QA 4 人,SRE 3 人 |
|
|
21
|
+
| 搭建周期 | 12 周(2024-01 至 2024-03) |
|
|
22
|
+
| 核心目标 | 从手工部署到全自动化交付,满足金融合规要求 |
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## 一、背景
|
|
27
|
+
|
|
28
|
+
### 1.1 现状分析
|
|
29
|
+
|
|
30
|
+
搭建前的开发与部署流程:
|
|
31
|
+
|
|
32
|
+
```
|
|
33
|
+
开发流程:
|
|
34
|
+
1. 开发者在本地开发 → 手动运行 go test
|
|
35
|
+
2. 提交 PR → 人工 Code Review(无自动检查)
|
|
36
|
+
3. 合并到 main → 通知 SRE "可以发了"
|
|
37
|
+
4. SRE 手动 ssh 到服务器执行部署脚本
|
|
38
|
+
5. 部署后人工验证功能是否正常
|
|
39
|
+
|
|
40
|
+
问题统计(过去 3 个月):
|
|
41
|
+
- 平均部署频率:每周 1.5 次
|
|
42
|
+
- 单次部署耗时:2-4 小时(含人工操作 + 验证)
|
|
43
|
+
- 部署失败率:23%(主要原因:配置遗漏、依赖不一致)
|
|
44
|
+
- 线上回滚次数:月均 3 次
|
|
45
|
+
- 开发者等待构建:日均 40 分钟(本地构建 + 手动测试)
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
### 1.2 痛点清单
|
|
49
|
+
|
|
50
|
+
| 类别 | 痛点 | 业务影响 |
|
|
51
|
+
|------|------|----------|
|
|
52
|
+
| 效率 | 手工部署耗时长 | SRE 50% 时间花在部署上 |
|
|
53
|
+
| 质量 | 无自动化测试门禁 | 线上 Bug 率高,每周 2-3 个 Hotfix |
|
|
54
|
+
| 安全 | 无安全扫描 | 金融监管合规风险 |
|
|
55
|
+
| 一致性 | 环境配置手工管理 | "在我机器上能跑"问题频发 |
|
|
56
|
+
| 可追溯 | 无部署审计日志 | 监管审查时无法提供变更记录 |
|
|
57
|
+
| 速度 | 部署窗口限制 | 紧急修复也要等部署窗口 |
|
|
58
|
+
|
|
59
|
+
### 1.3 目标定义
|
|
60
|
+
|
|
61
|
+
| 指标 | 当前值 | 目标值 |
|
|
62
|
+
|------|--------|--------|
|
|
63
|
+
| 部署频率 | 1.5 次/周 | 5+ 次/天 |
|
|
64
|
+
| 部署耗时 | 2-4 小时 | < 15 分钟 |
|
|
65
|
+
| 部署失败率 | 23% | < 2% |
|
|
66
|
+
| 代码到生产 | 3-5 天 | < 2 小时 |
|
|
67
|
+
| 测试覆盖率 | 35% | > 80% |
|
|
68
|
+
| 安全扫描 | 无 | 每次构建 |
|
|
69
|
+
| 审计可追溯 | 无 | 100% 变更可追溯 |
|
|
70
|
+
|
|
71
|
+
---
|
|
72
|
+
|
|
73
|
+
## 二、挑战
|
|
74
|
+
|
|
75
|
+
### 2.1 金融合规要求
|
|
76
|
+
|
|
77
|
+
作为支付网关,CI/CD 流水线必须满足:
|
|
78
|
+
|
|
79
|
+
1. **PCI DSS 要求**:所有代码变更必须经过审查和审批
|
|
80
|
+
2. **变更管理**:每次部署需要关联变更工单和审批记录
|
|
81
|
+
3. **环境隔离**:开发/测试/预发/生产环境严格隔离
|
|
82
|
+
4. **密钥管理**:密钥和证书不能出现在代码仓库或构建日志中
|
|
83
|
+
5. **审计追踪**:保留 1 年的构建和部署日志
|
|
84
|
+
|
|
85
|
+
### 2.2 技术约束
|
|
86
|
+
|
|
87
|
+
1. 12 个微服务使用不同的构建方式(8 个 Go,3 个 React,1 个 Python)
|
|
88
|
+
2. 服务间存在版本依赖关系(支付核心 → 风控 → 路由)
|
|
89
|
+
3. 数据库迁移需要与代码部署协调
|
|
90
|
+
4. 前后端需要版本对齐部署
|
|
91
|
+
|
|
92
|
+
### 2.3 组织约束
|
|
93
|
+
|
|
94
|
+
1. 团队无 CI/CD 经验,SRE 3 人需要同时承担日常运维
|
|
95
|
+
2. 不能影响现有业务,必须平滑过渡
|
|
96
|
+
3. 预算有限,优先使用开源方案
|
|
97
|
+
|
|
98
|
+
---
|
|
99
|
+
|
|
100
|
+
## 三、方案设计
|
|
101
|
+
|
|
102
|
+
### 3.1 工具链选型
|
|
103
|
+
|
|
104
|
+
| 环节 | 工具 | 理由 |
|
|
105
|
+
|------|------|------|
|
|
106
|
+
| 代码托管 | GitLab Self-hosted | 金融合规要求私有化部署 |
|
|
107
|
+
| CI 引擎 | GitLab CI | 与代码托管一体化,减少集成成本 |
|
|
108
|
+
| CD 引擎 | ArgoCD | GitOps 模式,声明式部署,审计友好 |
|
|
109
|
+
| 镜像仓库 | Harbor | 私有化,漏洞扫描内置 |
|
|
110
|
+
| 密钥管理 | HashiCorp Vault | 金融级密钥管理 |
|
|
111
|
+
| 制品管理 | Nexus | 统一管理 Go/npm/Python 依赖 |
|
|
112
|
+
| 代码质量 | SonarQube | 代码质量 + 安全扫描 |
|
|
113
|
+
| 容器扫描 | Trivy | 镜像漏洞扫描,开源免费 |
|
|
114
|
+
| 测试框架 | Go test + Jest + Playwright | 分别覆盖后端/前端/E2E |
|
|
115
|
+
| 监控 | Prometheus + Grafana | 构建和部署指标可视化 |
|
|
116
|
+
|
|
117
|
+
### 3.2 流水线架构
|
|
118
|
+
|
|
119
|
+
```
|
|
120
|
+
┌──────────────────────────────────────────────────────────┐
|
|
121
|
+
│ CI Pipeline │
|
|
122
|
+
│ │
|
|
123
|
+
│ PR Created │
|
|
124
|
+
│ ├── Stage 1: Lint & Format Check (~30s) │
|
|
125
|
+
│ │ ├── golangci-lint (Go) │
|
|
126
|
+
│ │ ├── eslint + prettier (React) │
|
|
127
|
+
│ │ └── ruff + black (Python) │
|
|
128
|
+
│ │ │
|
|
129
|
+
│ ├── Stage 2: Unit Test (~2min) │
|
|
130
|
+
│ │ ├── go test -race -coverprofile │
|
|
131
|
+
│ │ ├── jest --coverage │
|
|
132
|
+
│ │ └── pytest --cov │
|
|
133
|
+
│ │ │
|
|
134
|
+
│ ├── Stage 3: Security Scan (~3min) │
|
|
135
|
+
│ │ ├── SonarQube SAST │
|
|
136
|
+
│ │ ├── go vuln check │
|
|
137
|
+
│ │ ├── npm audit │
|
|
138
|
+
│ │ └── semgrep (custom rules) │
|
|
139
|
+
│ │ │
|
|
140
|
+
│ ├── Stage 4: Build & Push Image (~2min) │
|
|
141
|
+
│ │ ├── Docker multi-stage build │
|
|
142
|
+
│ │ ├── Trivy image scan │
|
|
143
|
+
│ │ └── Push to Harbor │
|
|
144
|
+
│ │ │
|
|
145
|
+
│ └── Stage 5: Integration Test (~5min) │
|
|
146
|
+
│ ├── docker-compose up (dependencies) │
|
|
147
|
+
│ ├── API contract test (Pact) │
|
|
148
|
+
│ └── E2E smoke test (Playwright) │
|
|
149
|
+
│ │
|
|
150
|
+
│ Total CI Time: ~12 minutes │
|
|
151
|
+
└──────────────────────────────────────────────────────────┘
|
|
152
|
+
|
|
153
|
+
┌──────────────────────────────────────────────────────────┐
|
|
154
|
+
│ CD Pipeline │
|
|
155
|
+
│ │
|
|
156
|
+
│ Merge to main │
|
|
157
|
+
│ ├── CI Pipeline (同上) │
|
|
158
|
+
│ │ │
|
|
159
|
+
│ ├── Deploy to Staging │
|
|
160
|
+
│ │ ├── ArgoCD sync (auto) │
|
|
161
|
+
│ │ ├── DB migration (if needed) │
|
|
162
|
+
│ │ ├── Smoke test suite │
|
|
163
|
+
│ │ └── Performance test (k6) │
|
|
164
|
+
│ │ │
|
|
165
|
+
│ ├── Deploy to Pre-production │
|
|
166
|
+
│ │ ├── Manual approval gate (Tech Lead) │
|
|
167
|
+
│ │ ├── ArgoCD sync │
|
|
168
|
+
│ │ ├── Full regression test │
|
|
169
|
+
│ │ └── Security penetration test │
|
|
170
|
+
│ │ │
|
|
171
|
+
│ └── Deploy to Production │
|
|
172
|
+
│ ├── Manual approval gate (SRE Lead + PM) │
|
|
173
|
+
│ ├── ArgoCD sync (canary 10% → 50% → 100%) │
|
|
174
|
+
│ ├── Health check + metric validation │
|
|
175
|
+
│ ├── Auto-rollback on error rate > 0.1% │
|
|
176
|
+
│ └── Post-deploy verification │
|
|
177
|
+
│ │
|
|
178
|
+
│ Total CD Time: Staging ~8min, Pre-prod ~20min, │
|
|
179
|
+
│ Prod ~15min (excluding approval wait) │
|
|
180
|
+
└──────────────────────────────────────────────────────────┘
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
### 3.3 GitOps 目录结构
|
|
184
|
+
|
|
185
|
+
```
|
|
186
|
+
infra-repo/
|
|
187
|
+
├── base/ # 基础 K8s manifests
|
|
188
|
+
│ ├── payment-core/
|
|
189
|
+
│ │ ├── deployment.yaml
|
|
190
|
+
│ │ ├── service.yaml
|
|
191
|
+
│ │ ├── hpa.yaml
|
|
192
|
+
│ │ └── kustomization.yaml
|
|
193
|
+
│ ├── risk-engine/
|
|
194
|
+
│ └── ...
|
|
195
|
+
├── overlays/
|
|
196
|
+
│ ├── staging/ # Staging 环境差异配置
|
|
197
|
+
│ │ ├── kustomization.yaml
|
|
198
|
+
│ │ └── patches/
|
|
199
|
+
│ ├── pre-prod/
|
|
200
|
+
│ └── production/
|
|
201
|
+
│ ├── kustomization.yaml
|
|
202
|
+
│ ├── patches/
|
|
203
|
+
│ │ ├── replicas.yaml # 生产副本数
|
|
204
|
+
│ │ ├── resources.yaml # 生产资源配额
|
|
205
|
+
│ │ └── hpa.yaml # 生产 HPA 配置
|
|
206
|
+
│ └── sealed-secrets/ # 加密的 Secrets
|
|
207
|
+
└── argocd/
|
|
208
|
+
├── applications/ # ArgoCD Application 定义
|
|
209
|
+
└── projects/ # ArgoCD Project 定义
|
|
210
|
+
```
|
|
211
|
+
|
|
212
|
+
---
|
|
213
|
+
|
|
214
|
+
## 四、实施步骤
|
|
215
|
+
|
|
216
|
+
### 4.1 Phase 1:基础设施(Week 1-3)
|
|
217
|
+
|
|
218
|
+
```
|
|
219
|
+
Week 1: 工具部署
|
|
220
|
+
- GitLab Self-hosted 部署(HA 模式)
|
|
221
|
+
- Harbor 部署 + HTTPS + LDAP 集成
|
|
222
|
+
- SonarQube 部署 + Go/JS/Python 插件
|
|
223
|
+
- Vault 部署 + 初始化
|
|
224
|
+
|
|
225
|
+
Week 2: K8s 集群与 ArgoCD
|
|
226
|
+
- K8s 集群搭建(3 Master + 9 Worker)
|
|
227
|
+
- 命名空间规划:staging / pre-prod / production
|
|
228
|
+
- ArgoCD 部署 + RBAC 配置
|
|
229
|
+
- Sealed Secrets 配置(生产密钥加密)
|
|
230
|
+
|
|
231
|
+
Week 3: 基础流水线模板
|
|
232
|
+
- 编写 .gitlab-ci.yml 基础模板
|
|
233
|
+
- GitLab Runner 部署(K8s executor,动态 Pod 运行 Job)
|
|
234
|
+
- 镜像构建模板(Kaniko,无 Docker daemon)
|
|
235
|
+
- Nexus 代理仓库配置(加速依赖下载)
|
|
236
|
+
```
|
|
237
|
+
|
|
238
|
+
### 4.2 Phase 2:CI 流水线(Week 4-6)
|
|
239
|
+
|
|
240
|
+
```
|
|
241
|
+
Week 4: Lint + 单元测试
|
|
242
|
+
- Go 服务:golangci-lint + go test + go vet
|
|
243
|
+
- React 应用:eslint + jest
|
|
244
|
+
- Python 服务:ruff + pytest
|
|
245
|
+
- 覆盖率门禁:新代码 > 80%,整体 > 60%
|
|
246
|
+
|
|
247
|
+
Week 5: 安全扫描 + 镜像构建
|
|
248
|
+
- SonarQube 质量门禁接入
|
|
249
|
+
- Trivy 镜像扫描(CRITICAL 级别阻断)
|
|
250
|
+
- semgrep 自定义规则(SQL 注入、硬编码密钥检测)
|
|
251
|
+
- 多阶段 Dockerfile 模板(构建镜像 vs 运行镜像分离)
|
|
252
|
+
|
|
253
|
+
Week 6: 集成测试
|
|
254
|
+
- docker-compose 本地集成测试环境
|
|
255
|
+
- Pact 契约测试(服务间 API 兼容性验证)
|
|
256
|
+
- Playwright E2E 冒烟测试(核心支付流程)
|
|
257
|
+
```
|
|
258
|
+
|
|
259
|
+
**GitLab CI 核心配置**(Go 服务示例):
|
|
260
|
+
|
|
261
|
+
```yaml
|
|
262
|
+
# .gitlab-ci.yml
|
|
263
|
+
stages:
|
|
264
|
+
- lint
|
|
265
|
+
- test
|
|
266
|
+
- security
|
|
267
|
+
- build
|
|
268
|
+
- integration
|
|
269
|
+
- deploy
|
|
270
|
+
|
|
271
|
+
variables:
|
|
272
|
+
GOPROXY: "https://nexus.internal/repository/go-proxy/"
|
|
273
|
+
CGO_ENABLED: "0"
|
|
274
|
+
|
|
275
|
+
lint:
|
|
276
|
+
stage: lint
|
|
277
|
+
image: golangci/golangci-lint:v1.55
|
|
278
|
+
script:
|
|
279
|
+
- golangci-lint run --timeout 5m ./...
|
|
280
|
+
rules:
|
|
281
|
+
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
|
282
|
+
|
|
283
|
+
unit-test:
|
|
284
|
+
stage: test
|
|
285
|
+
image: golang:1.22
|
|
286
|
+
script:
|
|
287
|
+
- go test -race -coverprofile=coverage.out ./...
|
|
288
|
+
- go tool cover -func=coverage.out
|
|
289
|
+
coverage: '/total:\s+\(statements\)\s+(\d+\.\d+)%/'
|
|
290
|
+
artifacts:
|
|
291
|
+
reports:
|
|
292
|
+
coverage_report:
|
|
293
|
+
coverage_format: cobertura
|
|
294
|
+
path: coverage.xml
|
|
295
|
+
|
|
296
|
+
sonar-scan:
|
|
297
|
+
stage: security
|
|
298
|
+
image: sonarsource/sonar-scanner-cli
|
|
299
|
+
script:
|
|
300
|
+
- sonar-scanner
|
|
301
|
+
-Dsonar.projectKey=${CI_PROJECT_NAME}
|
|
302
|
+
-Dsonar.sources=.
|
|
303
|
+
-Dsonar.go.coverage.reportPaths=coverage.out
|
|
304
|
+
-Dsonar.qualitygate.wait=true
|
|
305
|
+
|
|
306
|
+
trivy-scan:
|
|
307
|
+
stage: security
|
|
308
|
+
image: aquasec/trivy
|
|
309
|
+
script:
|
|
310
|
+
- trivy fs --exit-code 1 --severity CRITICAL .
|
|
311
|
+
- trivy image --exit-code 1 --severity CRITICAL ${IMAGE_NAME}:${CI_COMMIT_SHA}
|
|
312
|
+
|
|
313
|
+
build:
|
|
314
|
+
stage: build
|
|
315
|
+
image:
|
|
316
|
+
name: gcr.io/kaniko-project/executor:debug
|
|
317
|
+
entrypoint: [""]
|
|
318
|
+
script:
|
|
319
|
+
- /kaniko/executor
|
|
320
|
+
--context ${CI_PROJECT_DIR}
|
|
321
|
+
--dockerfile Dockerfile
|
|
322
|
+
--destination ${HARBOR_REGISTRY}/${CI_PROJECT_NAME}:${CI_COMMIT_SHA}
|
|
323
|
+
--cache=true
|
|
324
|
+
--cache-repo=${HARBOR_REGISTRY}/${CI_PROJECT_NAME}/cache
|
|
325
|
+
|
|
326
|
+
integration-test:
|
|
327
|
+
stage: integration
|
|
328
|
+
services:
|
|
329
|
+
- postgres:15
|
|
330
|
+
- redis:7
|
|
331
|
+
variables:
|
|
332
|
+
POSTGRES_DB: test
|
|
333
|
+
POSTGRES_USER: test
|
|
334
|
+
POSTGRES_PASSWORD: test
|
|
335
|
+
script:
|
|
336
|
+
- go test -tags=integration ./tests/integration/...
|
|
337
|
+
```
|
|
338
|
+
|
|
339
|
+
### 4.3 Phase 3:CD 流水线(Week 7-9)
|
|
340
|
+
|
|
341
|
+
```
|
|
342
|
+
Week 7: Staging 自动部署
|
|
343
|
+
- ArgoCD Application 配置(auto-sync for staging)
|
|
344
|
+
- 数据库迁移集成(golang-migrate,CI Job 执行)
|
|
345
|
+
- Staging 冒烟测试自动触发
|
|
346
|
+
|
|
347
|
+
Week 8: Pre-production + Production
|
|
348
|
+
- Pre-production 半自动部署(需 Tech Lead 审批)
|
|
349
|
+
- Production 金丝雀部署(Argo Rollouts)
|
|
350
|
+
- 部署后自动化验证(Health check + Metric validation)
|
|
351
|
+
- 自动回滚配置(错误率 > 0.1% 触发)
|
|
352
|
+
|
|
353
|
+
Week 9: 数据库迁移编排
|
|
354
|
+
- Migration 与代码部署的依赖管理
|
|
355
|
+
- 向前兼容要求(migration 必须支持 N-1 版本代码)
|
|
356
|
+
- 回滚策略(每个 migration 必须有对应 down 脚本)
|
|
357
|
+
```
|
|
358
|
+
|
|
359
|
+
**ArgoCD Rollout 配置**(金丝雀部署):
|
|
360
|
+
|
|
361
|
+
```yaml
|
|
362
|
+
apiVersion: argoproj.io/v1alpha1
|
|
363
|
+
kind: Rollout
|
|
364
|
+
metadata:
|
|
365
|
+
name: payment-core
|
|
366
|
+
namespace: production
|
|
367
|
+
spec:
|
|
368
|
+
replicas: 10
|
|
369
|
+
strategy:
|
|
370
|
+
canary:
|
|
371
|
+
steps:
|
|
372
|
+
- setWeight: 10
|
|
373
|
+
- pause: { duration: 5m }
|
|
374
|
+
- analysis:
|
|
375
|
+
templates:
|
|
376
|
+
- templateName: success-rate
|
|
377
|
+
args:
|
|
378
|
+
- name: service-name
|
|
379
|
+
value: payment-core
|
|
380
|
+
- setWeight: 50
|
|
381
|
+
- pause: { duration: 10m }
|
|
382
|
+
- analysis:
|
|
383
|
+
templates:
|
|
384
|
+
- templateName: success-rate
|
|
385
|
+
- setWeight: 100
|
|
386
|
+
canaryService: payment-core-canary
|
|
387
|
+
stableService: payment-core-stable
|
|
388
|
+
trafficRouting:
|
|
389
|
+
istio:
|
|
390
|
+
virtualService:
|
|
391
|
+
name: payment-core
|
|
392
|
+
---
|
|
393
|
+
apiVersion: argoproj.io/v1alpha1
|
|
394
|
+
kind: AnalysisTemplate
|
|
395
|
+
metadata:
|
|
396
|
+
name: success-rate
|
|
397
|
+
spec:
|
|
398
|
+
metrics:
|
|
399
|
+
- name: success-rate
|
|
400
|
+
interval: 60s
|
|
401
|
+
successCondition: result[0] > 0.999
|
|
402
|
+
provider:
|
|
403
|
+
prometheus:
|
|
404
|
+
address: http://prometheus:9090
|
|
405
|
+
query: |
|
|
406
|
+
sum(rate(http_requests_total{service="{{args.service-name}}",
|
|
407
|
+
code=~"2.."}[2m]))
|
|
408
|
+
/
|
|
409
|
+
sum(rate(http_requests_total{service="{{args.service-name}}"}[2m]))
|
|
410
|
+
```
|
|
411
|
+
|
|
412
|
+
### 4.4 Phase 4:安全与合规(Week 10-11)
|
|
413
|
+
|
|
414
|
+
```
|
|
415
|
+
Week 10: 密钥管理
|
|
416
|
+
- Vault 动态数据库凭据(每次部署自动轮转)
|
|
417
|
+
- K8s Secret 改为 Sealed Secret
|
|
418
|
+
- CI 变量加密存储,构建日志脱敏
|
|
419
|
+
|
|
420
|
+
Week 11: 审计与合规
|
|
421
|
+
- 部署审计日志 → ELK Stack(保留 1 年)
|
|
422
|
+
- 变更工单集成(Jira + GitLab MR 关联)
|
|
423
|
+
- 合规报告自动生成(每月 PCI DSS 合规摘要)
|
|
424
|
+
- RBAC 精细化(开发者只能部署到 Staging)
|
|
425
|
+
```
|
|
426
|
+
|
|
427
|
+
### 4.5 Phase 5:优化与培训(Week 12)
|
|
428
|
+
|
|
429
|
+
```
|
|
430
|
+
Week 12:
|
|
431
|
+
- 构建缓存优化(Go module cache、Docker layer cache)
|
|
432
|
+
- 并行 Job 优化(独立 Stage 并行执行)
|
|
433
|
+
- 团队培训:CI/CD 使用指南 + 故障排查 + 最佳实践
|
|
434
|
+
- 编写 Runbook:常见 CI 失败处理、回滚操作、紧急发布流程
|
|
435
|
+
```
|
|
436
|
+
|
|
437
|
+
---
|
|
438
|
+
|
|
439
|
+
## 五、结果数据
|
|
440
|
+
|
|
441
|
+
### 5.1 核心指标对比
|
|
442
|
+
|
|
443
|
+
| 指标 | 搭建前 | 搭建后 | 改善幅度 |
|
|
444
|
+
|------|--------|--------|----------|
|
|
445
|
+
| 部署频率 | 1.5 次/周 | 8 次/天 | 37x |
|
|
446
|
+
| 部署耗时 | 2-4 小时 | 12 分钟 | 15x |
|
|
447
|
+
| 部署失败率 | 23% | 1.5% | -93% |
|
|
448
|
+
| 代码到生产 | 3-5 天 | 1.5 小时 | 48x |
|
|
449
|
+
| 线上 Bug 率 | 2-3/周 | 0.3/周 | -87% |
|
|
450
|
+
| 回滚次数 | 3 次/月 | 0.5 次/月 | -83% |
|
|
451
|
+
| 回滚耗时 | 30 分钟 | 2 分钟(自动) | 15x |
|
|
452
|
+
| 测试覆盖率 | 35% | 82% | +134% |
|
|
453
|
+
| 安全漏洞发现 | 渗透测试时 | 每次 PR | 实时 |
|
|
454
|
+
|
|
455
|
+
### 5.2 CI 性能指标
|
|
456
|
+
|
|
457
|
+
| 阶段 | 耗时 | 说明 |
|
|
458
|
+
|------|------|------|
|
|
459
|
+
| Lint | 28s | golangci-lint 全量扫描 |
|
|
460
|
+
| Unit Test | 1m 45s | 并行执行,含覆盖率采集 |
|
|
461
|
+
| Security Scan | 2m 30s | SonarQube + Trivy 并行 |
|
|
462
|
+
| Build & Push | 1m 50s | Kaniko + Docker layer cache |
|
|
463
|
+
| Integration Test | 4m 20s | 含依赖服务启动时间 |
|
|
464
|
+
| **Total CI** | **~11 min** | 目标 12 分钟内达成 |
|
|
465
|
+
|
|
466
|
+
### 5.3 合规审计
|
|
467
|
+
|
|
468
|
+
| 合规项 | 状态 |
|
|
469
|
+
|--------|------|
|
|
470
|
+
| 所有变更可追溯 | 通过(GitLab MR + ArgoCD 审计日志) |
|
|
471
|
+
| 密钥不在代码中 | 通过(Vault + Sealed Secrets) |
|
|
472
|
+
| 生产部署需审批 | 通过(ArgoCD Manual Sync + Jira 工单) |
|
|
473
|
+
| 环境隔离 | 通过(K8s Namespace + NetworkPolicy) |
|
|
474
|
+
| 安全扫描 | 通过(每次 PR + 每次构建) |
|
|
475
|
+
| 日志保留 1 年 | 通过(ELK Stack + S3 归档) |
|
|
476
|
+
|
|
477
|
+
### 5.4 团队效能
|
|
478
|
+
|
|
479
|
+
| 指标 | 搭建前 | 搭建后 |
|
|
480
|
+
|------|--------|--------|
|
|
481
|
+
| SRE 部署工作占比 | 50% | 5% |
|
|
482
|
+
| 开发者等待构建 | 40 min/天 | 0(后台运行) |
|
|
483
|
+
| 新服务接入时间 | 2 天(手动配置) | 30 分钟(模板化) |
|
|
484
|
+
| 夜间紧急发布 | 月均 2 次(人工) | 月均 0.5 次(自助) |
|
|
485
|
+
|
|
486
|
+
---
|
|
487
|
+
|
|
488
|
+
## 六、经验教训
|
|
489
|
+
|
|
490
|
+
### 6.1 做对的事
|
|
491
|
+
|
|
492
|
+
1. **模板化优先**:为 Go/React/Python 各建立标准 CI 模板,新服务接入只需引用模板 + 填写变量
|
|
493
|
+
2. **分阶段交付价值**:Week 4 团队就有了 Lint + 测试门禁,不用等到 Week 12 才能用
|
|
494
|
+
3. **GitOps 模式**:所有环境配置都在 Git 中,审计和回滚变得极其简单
|
|
495
|
+
4. **金丝雀 + 自动回滚**:生产部署的风险降到最低,团队敢于频繁发布
|
|
496
|
+
5. **安全左移**:安全扫描前移到 PR 阶段,漏洞在代码合并前就被发现
|
|
497
|
+
|
|
498
|
+
### 6.2 做错的事
|
|
499
|
+
|
|
500
|
+
1. **初期未考虑构建缓存**:前 4 周 CI 时间 20+ 分钟,团队抱怨多,后来加了缓存才降到 11 分钟
|
|
501
|
+
2. **集成测试环境不稳定**:docker-compose 方式在 CI Runner 上偶尔启动失败,后改为固定测试环境
|
|
502
|
+
3. **数据库迁移工具选型犹豫**:先用 goose 后改 golang-migrate,浪费了 1 周
|
|
503
|
+
4. **文档滞后**:工具搭好了但文档没跟上,团队采用率前 4 周只有 40%
|
|
504
|
+
|
|
505
|
+
### 6.3 关键认知
|
|
506
|
+
|
|
507
|
+
- CI/CD 不只是技术项目,是团队文化转变。30% 的时间应花在培训和文档上
|
|
508
|
+
- 快速反馈是核心价值:CI 超过 15 分钟,开发者会绕过它
|
|
509
|
+
- 安全不是附加项,必须内建到流水线中(Security as Code)
|
|
510
|
+
- GitOps 是金融合规的天然盟友:声明式 + 版本化 + 可审计
|
|
511
|
+
- 从一个服务试点开始,验证后再推广到全部服务
|
|
512
|
+
|
|
513
|
+
---
|
|
514
|
+
|
|
515
|
+
## Agent Checklist
|
|
516
|
+
|
|
517
|
+
在 AI Agent 辅助搭建 CI/CD 流水线时,应逐项确认:
|
|
518
|
+
|
|
519
|
+
### CI 阶段
|
|
520
|
+
- [ ] **代码检查**:是否配置了 Lint + Format + 静态分析
|
|
521
|
+
- [ ] **单元测试**:是否运行单元测试并采集覆盖率
|
|
522
|
+
- [ ] **覆盖率门禁**:是否设置了最低覆盖率要求
|
|
523
|
+
- [ ] **安全扫描**:是否集成了 SAST + 依赖漏洞扫描
|
|
524
|
+
- [ ] **镜像构建**:是否使用多阶段构建减小镜像体积
|
|
525
|
+
- [ ] **镜像扫描**:构建后的镜像是否通过漏洞扫描
|
|
526
|
+
- [ ] **集成测试**:是否有服务间的契约测试和 E2E 测试
|
|
527
|
+
- [ ] **构建缓存**:是否配置了依赖缓存和 Docker 层缓存
|
|
528
|
+
- [ ] **构建时间**:CI 总时长是否在 15 分钟以内
|
|
529
|
+
|
|
530
|
+
### CD 阶段
|
|
531
|
+
- [ ] **环境隔离**:Staging / Pre-prod / Production 是否严格隔离
|
|
532
|
+
- [ ] **审批门禁**:生产部署是否需要人工审批
|
|
533
|
+
- [ ] **金丝雀发布**:是否支持灰度发布和自动分析
|
|
534
|
+
- [ ] **自动回滚**:是否配置了基于指标的自动回滚
|
|
535
|
+
- [ ] **数据库迁移**:Migration 是否集成到部署流程,且支持回滚
|
|
536
|
+
- [ ] **密钥管理**:密钥是否通过 Vault/Sealed Secrets 管理
|
|
537
|
+
- [ ] **部署审计**:每次部署是否有审计日志和变更记录
|
|
538
|
+
|
|
539
|
+
### 运维阶段
|
|
540
|
+
- [ ] **监控看板**:是否有 CI/CD 指标的 Grafana Dashboard
|
|
541
|
+
- [ ] **告警配置**:构建失败/部署失败是否有及时告警
|
|
542
|
+
- [ ] **Runbook**:常见 CI 失败和回滚操作是否有文档
|
|
543
|
+
- [ ] **模板化**:新服务接入是否有标准化模板
|
|
544
|
+
- [ ] **权限管理**:谁能部署到哪个环境是否有 RBAC 控制
|