PROD.2025/DataRush
1
0
Fork 0
mirror of https://gitlab.com/megazordpobeda/DataRush.git synced 2026-05-23 21:27:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ci: security improvements

Browse Source
This commit is contained in:
ITQ
2025-05-04 12:05:17 +03:00
parent dd4eafead8
commit 817e0cb021
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitlab-ci.yml
+4 -3
View File
@@ -79,6 +79,7 @@ deploy:
- if: $CI_COMMIT_REF_NAME == "master" - if: $CI_COMMIT_REF_NAME == "master"
variables: variables:
SSH_ADDRESS: $SSH_USER@$SSH_HOST SSH_ADDRESS: $SSH_USER@$SSH_HOST
SSH_PRIVATE_KEY_BASE64: $SSH_PRIVATE_KEY_BASE64
environment: environment:
name: production name: production
url: https://datarush.itqdev.xyz url: https://datarush.itqdev.xyz
@@ -86,7 +87,7 @@ deploy:
- mkdir -p ~/.ssh - mkdir -p ~/.ssh
- chmod 700 ~/.ssh - chmod 700 ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\tIdentitiesOnly yes\n\n" > ~/.ssh/config - echo -e "Host *\n\tStrictHostKeyChecking no\n\tIdentitiesOnly yes\n\n" > ~/.ssh/config
- printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa - echo "$SSH_PRIVATE_KEY_BASE64" | base64 -d > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa
- ssh-keyscan -H $SSH_HOST -p $SSH_PORT > /dev/null 2>&1 - ssh-keyscan -H $SSH_HOST -p $SSH_PORT > /dev/null 2>&1
@@ -101,10 +102,10 @@ deploy:
ssh -p $SSH_PORT $SSH_ADDRESS > /dev/null 2>&1 <<'EOF' ssh -p $SSH_PORT $SSH_ADDRESS > /dev/null 2>&1 <<'EOF'
cd ~/deploy cd ~/deploy
docker system prune --force > deploy.log 2>&1
docker compose pull --policy always -q > deploy.log 2>&1 docker compose pull --policy always -q > deploy.log 2>&1
docker compose up -d --remove-orphans --force-recreate >> deploy.log 2>&1 docker compose up -d --remove-orphans --force-recreate >> deploy.log 2>&1
docker compose ps >> deploy.log 2>&1 docker compose ps >> deploy.log 2>&1
nohup docker system prune --force >> deploy.log 2>&1 &
EOF EOF
retry: 2 retry: 2