Gitlab CI/CD Pipeline

2025-05-29 18:51:59 +00:00
parent cb4eb80105
commit 5a73be331b
30 changed files with 432 additions and 144 deletions
--- a/.gitlab-ci-template.yml
+++ b/.gitlab-ci-template.yml
@@ -0,0 +1,125 @@
+.docker-login-template:
+  before_script:
+    - |
+      echo "Logging into Docker..."
+      echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin
+
+.image-tag-template:
+  script: |
+    TAG="${CI_COMMIT_REF_NAME//\//_}"
+    DOCKER_IMAGE="$CI_REGISTRY/$CI_PROJECT_PATH/$IMAGE_NAME"
+    echo "Generated tag: $TAG"
+    echo "Docker image: $DOCKER_IMAGE:$TAG"
+
+.docker-build-template:
+  extends: .docker-login-template
+  stage: dockerize
+  image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c
+  script:
+    - !reference [ .image-tag-template, script ]
+    - |
+      echo "Building Docker image for $IMAGE_NAME in $WORKDIR_PATH"
+      cd $WORKDIR_PATH
+      
+      BUILD_ARGS="--build-arg IMAGE_TAG=$TAG"
+      if [ -n "$COMMON_IMAGE" ]; then BUILD_ARGS="$BUILD_ARGS --build-arg COMMON_IMAGE=$COMMON_IMAGE:$TAG"; fi
+      if [ -n "$BUILD_FOLDER" ]; then BUILD_ARGS="$BUILD_ARGS --build-arg BUILD_FOLDER=$BUILD_FOLDER"; fi
+      if [ -n "$IMAGE_NAME" ]; then BUILD_ARGS="$BUILD_ARGS --build-arg IMAGE_NAME=$IMAGE_NAME"; fi
+      if [ -n "$MAIN_CLASS" ]; then BUILD_ARGS="$BUILD_ARGS --build-arg MAIN_CLASS=$MAIN_CLASS"; fi
+      docker build $BUILD_ARGS -t $DOCKER_IMAGE:$TAG -f $DOCKERFILE_PATH .
+      
+      if [[ "$TAG" == "dev" || "$TAG" == "production" || "$TAG" == "pipeline" ]]; then
+        echo "Pushing Docker image $DOCKER_IMAGE:$TAG"
+        docker push $DOCKER_IMAGE:$TAG
+      
+        # After pushing the image
+        DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $DOCKER_IMAGE:$TAG | cut -d '@' -f2)
+        echo "$DIGEST" > "$CI_PROJECT_DIR/digest-${IMAGE_NAME}.txt"
+        echo "Digest for $IMAGE_NAME: $DIGEST"
+      else
+        echo "Skipping push for non-dev/non-production branch: $TAG"
+      fi
+  artifacts:
+    paths:
+      - digest-*.txt
+    expire_in: 1 hour
+
+# BUILD COMMON IMAGE
+.docker-common-template:
+  extends: .docker-login-template
+  stage: docker-base
+  image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c
+  script:
+    - !reference [ .image-tag-template, script ]
+    - |
+      echo "Building BASE Docker image for $IMAGE_NAME..."
+      cd $WORKDIR_PATH
+      docker build -f $DOCKERFILE_PATH -t $DOCKER_IMAGE:$TAG .
+      if [[ "$TAG" == "dev" || "$TAG" == "production" || "$TAG" == "pipeline" ]]; then
+        echo "Pushing Docker image $DOCKER_IMAGE:$TAG"
+        docker push $DOCKER_IMAGE:$TAG
+      else
+        echo "Skipping push for non-dev/non-production branch: $TAG"
+      fi
+
+# Deployment
+.install-deploy-key: &install-deploy-key
+  - |
+    echo "Installing SSH deploy key..."
+    which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
+    mkdir -p ~/.ssh
+    echo "$DEPLOY_KEY_BASE64" | base64 -d > ~/.ssh/deploy_key
+    chmod 600 ~/.ssh/deploy_key
+    eval "$(ssh-agent -s)"
+    ssh-add ~/.ssh/deploy_key
+    if [[ "$TAG" == "dev" || "$TAG" == "pipeline" ]]; then
+      HOST="$DEPLOY_DEV_HOST"
+      PORT="${DEPLOY_DEV_PORT:-22}"
+    else
+      HOST="$DEPLOY_PROD_HOST"
+      PORT="${DEPLOY_PROD_PORT:-22}"
+    fi
+    echo "Scanning SSH host $HOST on port $PORT"
+    ssh-keyscan -p "$PORT" "$HOST" >> ~/.ssh/known_hosts || true
+
+.deploy-template:
+  stage: deploy
+  image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c
+  before_script:
+    - !reference [ .install-deploy-key ]
+  script: |
+    if [[ "$TAG" == "dev" || "$TAG" == "pipeline" ]]; then
+      HOST="$DEPLOY_DEV_HOST"
+      PORT="${DEPLOY_DEV_PORT:-22}"
+    else
+      HOST="$DEPLOY_PROD_HOST"
+      PORT="${DEPLOY_PROD_PORT:-22}"
+    fi
+
+    echo "Image digests:"
+    echo "  gateway  : $(cat digest-gateway.txt)"
+    echo "  server   : $(cat digest-server.txt)"
+    echo "  frontend : $(cat digest-frontend.txt)"
+
+    echo "Injecting image digests"
+    cp docker-compose.yml docker-compose.generated.yml
+
+    sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/gateway|registry.boomlab.party/rheinsw/rheinsw-mono-repo/gateway@$(cat digest-gateway.txt)|g" docker-compose.generated.yml
+    sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/server|registry.boomlab.party/rheinsw/rheinsw-mono-repo/server@$(cat digest-server.txt)|g" docker-compose.generated.yml
+    sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/frontend|registry.boomlab.party/rheinsw/rheinsw-mono-repo/frontend@$(cat digest-frontend.txt)|g" docker-compose.generated.yml
+
+    echo "Copying docker-compose.generated.yml to $HOST:$REMOTE_ENV_PATH/docker-compose.yml"
+    # Ensure remote path exists before scp
+    ssh -p "$PORT" "$DEPLOY_USER@$HOST" "mkdir -p $REMOTE_ENV_PATH"
+    
+    # Copy
+    scp -P "$PORT" docker-compose.generated.yml "$DEPLOY_USER@$HOST:$REMOTE_ENV_PATH/docker-compose.yml"
+
+    echo "Deploying on $HOST"
+    ssh -p "$PORT" "$DEPLOY_USER@$HOST" "
+      cd $REMOTE_ENV_PATH
+      echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin  
+      docker compose down || true
+      docker compose pull || true
+      docker compose up -d
+    "