PROD.2025/DataRush
1
0
Fork 0
mirror of https://gitlab.com/megazordpobeda/DataRush.git synced 2026-05-22 22:07:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
a94156e78abf970036c0786d9c4c7a7403a2cc9c
DataRush/.gitlab-ci.yml
T
ITQ 817e0cb021 ci: security improvements
2025-05-04 13:06:55 +03:00

112 lines
3.3 KiB
YAML
Raw Blame History

stages:
- build
- deploy
variables:
DOCKER_TLS_CERTDIR: /certs
DEPLOYMENT_VERSION: $CI_COMMIT_SHA
.build-template: &build-template
stage: build
rules:
- if: $CI_COMMIT_REF_NAME == "master"
image:
name: gcr.io/kaniko-project/executor:v1.23.2-debug
entrypoint: [""]
variables:
DOCKER_CONFIG: /kaniko/.docker
REGISTRY_USER: $CI_REGISTRY_USER
REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
REGISTRY_URL: $CI_REGISTRY
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor
--context "${CONTEXT}"
--dockerfile "${DOCKERFILE_PATH}"
--destination "${IMAGE_NAME}:${CI_COMMIT_SHA}"
--destination "${IMAGE_NAME}:latest"
--cache=true
--registry-mirror=dockerhub.timeweb.cloud
retry: 2
build_frontend:
<<: *build-template
variables:
CONTEXT: ${CI_PROJECT_DIR}/services/frontend
DOCKERFILE_PATH: Dockerfile
IMAGE_NAME: $CI_REGISTRY_IMAGE/frontend
build_backend:
<<: *build-template
variables:
CONTEXT: ${CI_PROJECT_DIR}/services/backend
DOCKERFILE_PATH: Dockerfile
IMAGE_NAME: $CI_REGISTRY_IMAGE/backend
build_backend-staticfiles:
<<: *build-template
variables:
CONTEXT: ${CI_PROJECT_DIR}/services/backend
DOCKERFILE_PATH: Dockerfile.staticfiles
IMAGE_NAME: $CI_REGISTRY_IMAGE/backend-staticfiles
build_checker:
<<: *build-template
variables:
CONTEXT: ${CI_PROJECT_DIR}/services/checker
DOCKERFILE_PATH: Dockerfile
IMAGE_NAME: $CI_REGISTRY_IMAGE/checker
build_custom-python:
<<: *build-template
variables:
CONTEXT: ${CI_PROJECT_DIR}/services/checker
DOCKERFILE_PATH: Dockerfile.checker
IMAGE_NAME: $CI_REGISTRY_IMAGE/custom-python
build_docs:
<<: *build-template
variables:
CONTEXT: ${CI_PROJECT_DIR}/services/docs
DOCKERFILE_PATH: Dockerfile
IMAGE_NAME: $CI_REGISTRY_IMAGE/docs
deploy:
image: kroniak/ssh-client:3.19
stage: deploy
rules:
- if: $CI_COMMIT_REF_NAME == "master"
variables:
SSH_ADDRESS: $SSH_USER@$SSH_HOST
SSH_PRIVATE_KEY_BASE64: $SSH_PRIVATE_KEY_BASE64
environment:
name: production
url: https://datarush.itqdev.xyz
script:
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\tIdentitiesOnly yes\n\n" > ~/.ssh/config
- echo "$SSH_PRIVATE_KEY_BASE64" | base64 -d > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- ssh-keyscan -H $SSH_HOST -p $SSH_PORT > /dev/null 2>&1
- AUTH_COMMAND="echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin";
- ssh -p $SSH_PORT $SSH_ADDRESS "$AUTH_COMMAND" > /dev/null 2>&1
- SET_VERSION="echo "VERSION=$DEPLOYMENT_VERSION" > ~/deploy/.env"
- ssh -p $SSH_PORT $SSH_ADDRESS "$SET_VERSION" > /dev/null 2>&1
- scp -P $SSH_PORT -C -r infrastructure/ compose.yaml $SSH_ADDRESS:~/deploy/ > /dev/null 2>&1
- |
ssh -p $SSH_PORT $SSH_ADDRESS > /dev/null 2>&1 <<'EOF'
cd ~/deploy
docker compose pull --policy always -q > deploy.log 2>&1
docker compose up -d --remove-orphans --force-recreate >> deploy.log 2>&1
docker compose ps >> deploy.log 2>&1
nohup docker system prune --force >> deploy.log 2>&1 &
EOF
retry: 2
Reference in New Issue View Git Blame Copy Permalink