-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
154 lines (147 loc) · 4.54 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
stages:
- build
- test
- release
- deploy
variables:
DOCKER_TLS_CERTDIR: '/certs'
TAG: $CI_COMMIT_REF_SLUG
SSH_PRIVATE_KEY:
description: 'Private SSH key for a given deployment environment.'
TARGET_USER:
description: 'User name for a given deployment environment.'
TARGET_HOST:
description: 'Host for a given deployment environment.'
TARGET_DIRECTORY:
description: 'Absolute path to target folder for a given deployment environment.'
STAGING_URL:
description: 'URL where the staging deployment can be seen.'
PRODUCTION_URL:
description: 'URL where the production deployment can be seen.'
services:
- docker:dind
build:
stage: build
image: docker
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker compose build
- docker compose push
only:
refs:
- staging
- main
test:
stage: test
image: docker
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker compose pull backend
- docker compose up -d db
- |
echo '
pip install -r requirements-test.txt &&
flake8 && \
mypy && \
COVERAGE_FILE=/tmp/coverage \
pytest -o cache_dir=/tmp/cache
' | docker compose run --rm backend sh
release:
stage: release
image: docker
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker compose pull
- docker tag $CI_REGISTRY_IMAGE/backend:$TAG $CI_REGISTRY_IMAGE/backend:latest
- docker tag $CI_REGISTRY_IMAGE/frontend:$TAG $CI_REGISTRY_IMAGE/frontend:latest
- TAG=latest docker compose push
only:
refs:
- main
deploy:staging:
stage: deploy
image: alpine
script:
- apk update && apk add openssh rsync
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add -
- mkdir ~/.ssh
- chmod 700 ~/.ssh
- |
scp -o StrictHostKeyChecking=accept-new \
docker-compose.yml \
nginx.conf.template \
"${TARGET_USER}@${TARGET_HOST}:${TARGET_DIRECTORY}/"
- |
ssh "${TARGET_USER}@${TARGET_HOST}" \
-oStrictHostKeyChecking=accept-new \
"
cd \"${TARGET_DIRECTORY}\" &&
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY &&
export TAG=$TAG CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE &&
docker compose pull &&
rm -rf ~/.docker &&
docker compose \\
up \\
--renew-anon-volumes \\
--no-deps \\
--detach \\
&&
echo 'flask db upgrade' \\
| docker compose run --rm backend sh &&
echo '
pip install -r requirements-test.txt &&
COVERAGE_FILE=/tmp/coverage \\
pytest -o cache_dir=/tmp/cache
' | docker compose run --rm backend sh &&
docker image prune -f
"
environment:
name: staging
url: $STAGING_URL
only:
refs:
- staging
- main
deploy:production:
stage: deploy
image: alpine
variables:
TAG: 'latest'
script:
- apk update && apk add openssh rsync
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add -
- mkdir ~/.ssh
- chmod 700 ~/.ssh
- |
scp -o StrictHostKeyChecking=accept-new \
docker-compose.yml \
nginx.conf.template \
"${TARGET_USER}@${TARGET_HOST}:${TARGET_DIRECTORY}/"
- |
ssh "${TARGET_USER}@${TARGET_HOST}" \
-oStrictHostKeyChecking=accept-new \
"
cd \"${TARGET_DIRECTORY}\" &&
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY &&
export TAG=$TAG CI_REGISTRY_IMAGE=$CI_REGISTRY_IMAGE &&
docker compose pull &&
rm -rf ~/.docker &&
docker compose \\
up \\
--renew-anon-volumes \\
--no-deps \\
--detach \\
&&
echo 'flask db upgrade' \\
| docker compose run --rm backend sh &&
docker image prune -f
"
environment:
name: production
url: $PRODUCTION_URL
when: manual
only:
refs:
- main