.build-image: stage: build image: docker:latest services: - docker:dind tags: - image #variables: # DOCKER_HOST: tcp://docker:2376 # DOCKER_TLS_CERTDIR: "/certs" # DOCKER_TLS_VERIFY: 1 # DOCKER_CERT_PATH: "/certs/client" before_script: - echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY script: - | docker build --pull \ -t $IMAGE_TAG \ -f $DOCKERFILE \ --build-arg COMMIT_HASH=$CI_COMMIT_SHORT_SHA \ --target $BUILD_TARGET \ $BUILD_PATH - docker push "$IMAGE_TAG" artifacts: paths: - .env_file expire_in: 1 hour .build-data-manager-image: extends: .build-image variables: BUILD_TARGET: "prod" BUILD_PATH: "./services" DOCKERFILE: "./services/data-manager/Dockerfile" after_script: - echo "export DATA_MANAGER_IMAGE=$IMAGE_TAG" >> .env_file build-data-manager-image-dev: extends: .build-data-manager-image variables: IMAGE_TAG: "$CI_REGISTRY_IMAGE/data-manager:dev" rules: - if: $CI_COMMIT_BRANCH == "development" changes: - services/data-manager/**/* build-data-manager-image-prod: extends: .build-data-manager-image variables: IMAGE_TAG: "$CI_REGISTRY_IMAGE/data-manager:latest" rules: - if: $CI_COMMIT_BRANCH == "main" changes: - services/data-manager/**/* .build-ical-image: extends: .build-image variables: BUILD_TARGET: "prod" BUILD_PATH: "./services" DOCKERFILE: "./services/ical/Dockerfile" after_script: - echo "export ICAL_IMAGE=$IMAGE_TAG" >> .env_file build-ical-image-dev: extends: .build-ical-image variables: IMAGE_TAG: "$CI_REGISTRY_IMAGE/ical:dev" rules: - if: $CI_COMMIT_BRANCH == "development" changes: - services/ical/**/* build-ical-image-prod: extends: .build-ical-image variables: IMAGE_TAG: "$CI_REGISTRY_IMAGE/ical:latest" rules: - if: $CI_COMMIT_BRANCH == "main" changes: - services/ical/**/* .build-frontend-image: extends: .build-image variables: BUILD_TARGET: "prod" BUILD_PATH: "./frontend" DOCKERFILE: "./frontend/Dockerfile" after_script: - echo "export FRONTEND_IMAGE=$IMAGE_TAG" >> .env_file build-frontend-image-dev: extends: .build-frontend-image variables: IMAGE_TAG: "$CI_REGISTRY_IMAGE/frontend:dev" rules: - if: $CI_COMMIT_BRANCH == "development" changes: - frontend/**/* build-frontend-image-prod: extends: .build-frontend-image variables: IMAGE_TAG: "$CI_REGISTRY_IMAGE/frontend:latest" rules: - if: $CI_COMMIT_BRANCH == "main" changes: - frontend/**/* .package-helm-chart: stage: package image: name: alpine/helm:3 entrypoint: [""] variables: CHARTS_DIR: $CI_PROJECT_DIR/charts VALUES_FILE: $CI_PROJECT_DIR/charts/values.yaml CHART_FILE: $CI_PROJECT_DIR/charts/Chart.yaml before_script: - apk add --no-cache gettext - echo "export HELM_ARTIFACT_JOB_NAME=$CI_JOB_NAME" >> .env_file - echo "export PROJECT_URL=$PROJECT_URL" >> .env_file - echo "export PROJECT_NAME=$PROJECT_NAME" >> .env_file - source .env_file - echo "Updating deployment URLs..." - ': "${DATA_MANAGER_IMAGE:=$CI_REGISTRY_IMAGE/data-manager:$FALLBACK_TAG}"' - ': "${ICAL_IMAGE:=$CI_REGISTRY_IMAGE/ical:$FALLBACK_TAG}"' - ': "${FRONTEND_IMAGE:=$CI_REGISTRY_IMAGE/frontend:$FALLBACK_TAG}"' - export DATA_MANAGER_IMAGE ICAL_IMAGE FRONTEND_IMAGE - yq e -i '(.dataManager.image.name) = env(DATA_MANAGER_IMAGE)' $VALUES_FILE - yq e -i '(.ical.image.name) = env(ICAL_IMAGE)' $VALUES_FILE - yq e -i '(.frontend.image.name) = env(FRONTEND_IMAGE)' $VALUES_FILE - yq e -i '(.frontend.host) = env(PROJECT_URL)' $VALUES_FILE after_script: - yq e -i 'explode(.)' "$VALUES_FILE" - helm dependency update $CHARTS_DIR - helm package $CHARTS_DIR --destination ./ artifacts: paths: - "*.tgz" - .env_file expire_in: 1 hour package-helm-chart-dev: extends: .package-helm-chart variables: PROJECT_URL: $PROJECT_URL_DEV PROJECT_NAME: $CI_PROJECT_NAME-dev FALLBACK_TAG: dev script: - yq e -i '(.production) = false' $VALUES_FILE rules: - if: '$CI_COMMIT_BRANCH == "development"' changes: - services/data-manager/**/* - services/ical/**/* - frontend/**/* - charts/**/* package-helm-chart-prod: extends: .package-helm-chart variables: PROJECT_URL: $PROJECT_URL_PROD PROJECT_NAME: $CI_PROJECT_NAME FALLBACK_TAG: latest script: - yq e -i '(.frontend.googleSiteVerification) = env(GOOGLE_VERIFICATION)' $VALUES_FILE - | cat < configmap-google.yaml {{- if .Values.production }} apiVersion: v1 kind: ConfigMap metadata: name: configmap-google namespace: $PROJECT_NAME data: $GOOGLE_VERIFICATION.html: | google-site-verification: $GOOGLE_VERIFICATION.html {{- end }} EOF - envsubst < configmap-google.yaml > $CHARTS_DIR/templates/configmap-google.yaml rules: - if: '$CI_COMMIT_BRANCH == "main"' changes: - services/data-manager/**/* - services/ical/**/* - frontend/**/* - charts/**/* trigger_deploy: stage: deploy image: alpine:latest before_script: - apk add --no-cache curl - source .env_file script: - echo "Triggering deploy pipeline ..." - | curl -X POST \ -F "token=$CI_DEPLOY_REPO_TRIGGER_TOKEN" \ -F "ref=$CI_DEPLOY_REPO_REF" \ -F "variables[UPSTREAM_PROJECT_NAME]=$PROJECT_NAME" \ -F "variables[UPSTREAM_PROJECT_ID]=$CI_PROJECT_ID" \ -F "variables[UPSTREAM_COMMIT_REF_NAME]=$CI_COMMIT_REF_NAME" \ -F "variables[UPSTREAM_HELM_ARTIFACT_JOB_NAME]=$HELM_ARTIFACT_JOB_NAME" \ -F "variables[UPSTREAM_REGISTRY_PATH]=$CI_REGISTRY_IMAGE" \ "$CI_API_V4_URL/projects/$CI_DEPLOY_REPO_ID/trigger/pipeline" - "echo 'The $PROJECT_NAME can be viewed on: $PROJECT_URL'" rules: - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"' deploy-dev: stage: deploy image: alpine:latest before_script: - apk add --no-cache openssh-client sed - eval $(ssh-agent -s) - ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r') script: - sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE|" docker-compose.dev.yml - sed -i -e "s|DEV_TAG|dev|" docker-compose.dev.yml - 'scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.dev.yml ./reverseproxy.dev.conf $CI_SSH_USER@$CI_SSH_DEV_HOST:/home/$CI_SSH_USER/docker/htwkalender/ ' - 'ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_DEV_HOST "cd /home/$CI_SSH_USER/docker/htwkalender/ && docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY && docker compose -f ./docker-compose.dev.yml down && docker compose -f ./docker-compose.dev.yml up -d --remove-orphans && docker logout" ' rules: - if: $CI_COMMIT_BRANCH == "development" deploy-main: stage: deploy image: alpine:latest before_script: - apk add --no-cache openssh-client sed # install dependencies - eval $(ssh-agent -s) # set some ssh variables - ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r') script: # replace some placeholders - sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE|" docker-compose.prod.yml - sed -i -e "s|PROD_TAG|latest|" docker-compose.prod.yml # upload necessary files to the server - > scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.prod.yml ./reverseproxy.conf $CI_SSH_USER@$CI_SSH_HOST:/home/$CI_SSH_USER/docker/htwkalender/ # ssh to the server and start the service - > ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_HOST "cd /home/$CI_SSH_USER/docker/htwkalender/ && docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY && docker compose -f ./docker-compose.prod.yml down && docker compose -f ./docker-compose.prod.yml up -d --remove-orphans && docker logout && docker exec --user root htwkalender-htwkalender-frontend-1 /bin/sh -c \"echo 'google-site-verification: $GOOGLE_VERIFICATION.html' > ./$GOOGLE_VERIFICATION.html\" " rules: - if: $CI_COMMIT_BRANCH == "main"