关于
DevOps 与应用部署——Docker、GitHub Actions CI/CD、AWS Lambda、SAM、Terraform、基础设施即代码和监控
name: devops-deploy description: "DevOps 与应用部署 — Docker、GitHub Actions CI/CD、AWS Lambda、SAM、Terraform、基础设施即代码和监控。" risk: critical source: community date_added: '2026-03-06' author: renat tags:
- devops
- docker
- ci-cd
- aws
- terraform
- github-actions tools:
- claude-code
- antigravity
- cursor
- gemini-cli
- codex-cli
DEVOPS-DEPLOY — 从想法到生产
概述
DevOps 与应用部署 — Docker、GitHub Actions CI/CD、AWS Lambda、SAM、Terraform、基础设施即代码和监控。适用场景:容器化应用、配置 CI/CD 流水线、部署到 AWS、Lambda、ECS、配置 GitHub Actions、Terraform、回滚、蓝绿部署、健康检查、告警。
何时使用此技能
- 当你需要此领域的专业协助时
不适用场景
- 任务与 DevOps 部署无关
- 更简单、更具针对性的工具可以处理该请求
- 用户需要的是通用帮助而非领域专业知识
工作原理
"快速行动,但不要搞坏东西。" — 精英工程不是慢的。 它既快速又可靠。
优化的 Dockerfile (Python)
FROM python:3.11-slim AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir --user -r requirements.txt
FROM python:3.11-slim
WORKDIR /app
COPY --from=builder /root/.local /root/.local
COPY . .
ENV PATH=/root/.local/bin:$PATH
ENV PYTHONUNBUFFERED=1
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:8000/health || exit 1
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
Docker Compose (本地开发)
version: "3.9"
services:
app:
build: .
ports: ["8000:8000"]
environment:
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
volumes:
- .:/app
depends_on: [db, redis]
db:
image: postgres:15
environment:
POSTGRES_DB: auri
POSTGRES_USER: auri
POSTGRES_PASSWORD: ${DB_PASSWORD}
volumes:
- pgdata:/var/lib/postgresql/data
redis:
image: redis:7-alpine
volumes:
pgdata:
SAM 模板 (Serverless)
## Template.Yaml
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Globals:
Function:
Timeout: 30
Runtime: python3.11
Environment:
Variables:
ANTHROPIC_API_KEY: !Ref AnthropicApiKey
DYNAMODB_TABLE: !Ref AuriTable
Resources:
AuriFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/
Handler: lambda_function.handler
MemorySize: 512
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref AuriTable
AuriTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: auri-users
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: userId
AttributeType: S
KeySchema:
- AttributeName: userId
KeyType: HASH
TimeToLiveSpecification:
AttributeName: ttl
Enabled: true
部署命令
## 构建与部署
sam build
sam deploy --guided # 首次部署
sam deploy # 后续部署
## 快速部署(无需确认)
sam deploy --no-confirm-changeset --no-fail-on-empty-changeset
## 实时查看日志
sam logs -n AuriFunction --tail
## 删除 Stack
sam delete
.Github/Workflows/Deploy.Yml
name: Deploy Auri
on: push: branches: [main] pull_request: branches: [main]
jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: { python-version: "3.11" } - run: pip install -r requirements.txt - run: pytest tests/ -v --cov=src --cov-report=xml - uses: codecov/codecov-action@v4
security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: pip install bandit safety - run: bandit -r src/ -ll - run: safety check -r requirements.txt
deploy:
needs: [test, security]
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: aws-actions/setup-sam@v2
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- run: sam build
- run: sam deploy --no-confirm-changeset
- name: Notify Telegram on Success
run: |
curl -s -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage"
-d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}"
-d "text=Auri deployed successfully! Commit: ${{ github.sha }}"
---
## 健康检查端点
```python
from fastapi import FastAPI
import time, os
app = FastAPI()
START_TIME = time.time()
@app.get("/health")
a`
