CI/CD 流水线搭建完全指南：Claude Code 实战

用 Claude Code 高效搭建 CI/CD 流水线

CI/CD 的配置文件语法细节繁杂，靠人肉反复试错非常费时间。借助 Claude Code，你可以一次性生成贴合项目需求的流水线。

GitHub Actions 基础工作流

> 帮我写一个 GitHub Actions 工作流：
> - PR 创建时跑 lint、类型检查和测试
> - 合并到 main 后构建并部署
> - 使用 Node.js 20 + pnpm
> - 配置缓存提高速度

# .github/workflows/ci.yml
name: CI

on:
  pull_request:
    branches: [main]
  push:
    branches: [main]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  lint-and-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: pnpm/action-setup@v4
        with:
          version: 9

      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: pnpm

      - run: pnpm install --frozen-lockfile

      - name: Lint
        run: pnpm lint

      - name: Type Check
        run: pnpm tsc --noEmit

      - name: Test
        run: pnpm test -- --coverage

      - name: Upload Coverage
        if: github.event_name == 'pull_request'
        uses: actions/upload-artifact@v4
        with:
          name: coverage
          path: coverage/

  deploy:
    needs: lint-and-test
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: pnpm/action-setup@v4
        with:
          version: 9

      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: pnpm

      - run: pnpm install --frozen-lockfile
      - run: pnpm build

      - name: Deploy to Vercel
        uses: amondnet/vercel-action@v25
        with:
          vercel-token: ${{ secrets.VERCEL_TOKEN }}
          vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
          vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
          vercel-args: --prod

Docker 镜像构建与推送

> 帮我写一个工作流，构建 Docker 镜像并推送到 GitHub Container Registry。
> 标签用 git tag 和 commit SHA。

# .github/workflows/docker.yml
name: Docker Build

on:
  push:
    tags: ["v*"]

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - uses: actions/checkout@v4

      - uses: docker/setup-buildx-action@v3

      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/metadata-action@v5
        id: meta
        with:
          images: ghcr.io/${{ github.repository }}
          tags: |
            type=semver,pattern={{version}}
            type=sha,prefix=

      - uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

Docker 环境的构建可以参考 Docker 环境集成指南。

集成 E2E 测试

> 把 Playwright 的 E2E 测试集成到 CI/CD 里。
> 测试失败时保存截图。

  e2e-test:
    needs: lint-and-test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: pnpm/action-setup@v4
        with:
          version: 9

      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: pnpm

      - run: pnpm install --frozen-lockfile
      - run: npx playwright install --with-deps chromium

      - name: Run E2E Tests
        run: pnpm test:e2e

      - uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: playwright-report
          path: playwright-report/
          retention-days: 7

测试策略全景可以看 测试策略完全指南，和 Git 工作流的联动请参考 Git 工作流全自动化。

加入安全扫描

> 在 CI 里加上依赖包漏洞扫描。

  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx audit-ci --moderate

安全检查的详细做法请参考 安全审计自动化。

总结

借助 Claude Code，针对项目情况的最佳 CI/CD 流水线几分钟就能搭好。只要把 lint、测试、构建、部署等每个阶段明确写清楚，就能得到一个可用于生产运维的工作流。

GitHub Actions 的详细内容请参阅 GitHub Actions 官方文档，Claude Code 相关信息请参阅 Anthropic 官方文档。