.docker-login-template: before_script: - | echo "Logging into Docker..." echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin .image-tag-template: script: | TAG="${CI_COMMIT_REF_NAME//\//_}" DOCKER_IMAGE="$CI_REGISTRY/$CI_PROJECT_PATH/$IMAGE_NAME" echo "Generated tag: $TAG" echo "Docker image: $DOCKER_IMAGE:$TAG" .docker-build-template: extends: .docker-login-template stage: dockerize image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c script: - !reference [ .image-tag-template, script ] - | echo "Building Docker image for service: $IMAGE_NAME" echo "Switching to workdir: $WORKDIR_PATH" cd "$WORKDIR_PATH" echo "Image Tag: $TAG" echo "Docker Image: $DOCKER_IMAGE:$TAG" echo "Dockerfile: $DOCKERFILE_PATH" BUILD_ARGS="--build-arg IMAGE_TAG=$TAG" if [ -n "$COMMON_IMAGE" ]; then COMMON_IMAGE="${COMMON_IMAGE%:}" # Strip trailing colon if any echo "Using COMMON_IMAGE: $COMMON_IMAGE:$TAG" BUILD_ARGS="$BUILD_ARGS --build-arg COMMON_IMAGE=$COMMON_IMAGE:$TAG" fi if [ -n "$BUILD_FOLDER" ]; then echo "BUILD_FOLDER: $BUILD_FOLDER" BUILD_ARGS="$BUILD_ARGS --build-arg BUILD_FOLDER=$BUILD_FOLDER" fi if [ -n "$IMAGE_NAME" ]; then echo "IMAGE_NAME: $IMAGE_NAME" BUILD_ARGS="$BUILD_ARGS --build-arg IMAGE_NAME=$IMAGE_NAME" fi if [ -n "$MAIN_CLASS" ]; then echo "MAIN_CLASS: $MAIN_CLASS" BUILD_ARGS="$BUILD_ARGS --build-arg MAIN_CLASS=$MAIN_CLASS" fi echo "Final docker build command:" echo "docker build $BUILD_ARGS -t $DOCKER_IMAGE:$TAG -f $DOCKERFILE_PATH ." docker build $BUILD_ARGS -t $DOCKER_IMAGE:$TAG -f "$DOCKERFILE_PATH" . if [[ "$TAG" == "dev" || "$TAG" == "production" || "$TAG" == "pipeline" ]]; then echo "Pushing Docker image: $DOCKER_IMAGE:$TAG" docker push $DOCKER_IMAGE:$TAG echo "Inspecting image digest..." DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "$DOCKER_IMAGE:$TAG" | cut -d '@' -f2) echo "$DIGEST" > "$CI_PROJECT_DIR/digest-${IMAGE_NAME}.txt" echo "Digest for $IMAGE_NAME: $DIGEST" else echo "Skipping push (branch/tag '$TAG' is not dev/production/pipeline)" fi artifacts: paths: - digest-*.txt expire_in: 1 hour # BUILD COMMON IMAGE .docker-common-template: extends: .docker-login-template stage: docker-base image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c script: - !reference [ .image-tag-template, script ] - | echo "Building BASE Docker image for $IMAGE_NAME..." cd $WORKDIR_PATH docker build -f $DOCKERFILE_PATH -t $DOCKER_IMAGE:$TAG . if [[ "$TAG" == "dev" || "$TAG" == "production" || "$TAG" == "pipeline" ]]; then echo "Pushing Docker image $DOCKER_IMAGE:$TAG" docker push $DOCKER_IMAGE:$TAG else echo "Skipping push for non-dev/non-production branch: $TAG" fi # Deployment .install-deploy-key: &install-deploy-key - | echo "Installing SSH deploy key..." which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y ) mkdir -p ~/.ssh echo "$DEPLOY_KEY_BASE64" | base64 -d > ~/.ssh/deploy_key chmod 600 ~/.ssh/deploy_key eval "$(ssh-agent -s)" ssh-add ~/.ssh/deploy_key if [[ "$TAG" == "dev" || "$TAG" == "pipeline" ]]; then HOST="$DEPLOY_DEV_HOST" PORT="${DEPLOY_DEV_PORT:-22}" else HOST="$DEPLOY_PROD_HOST" PORT="${DEPLOY_PROD_PORT:-22}" fi echo "Scanning SSH host $HOST on port $PORT" ssh-keyscan -p "$PORT" "$HOST" >> ~/.ssh/known_hosts || true .deploy-template: stage: deploy image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c before_script: - !reference [ .install-deploy-key ] script: | if [[ "$TAG" == "dev" || "$TAG" == "pipeline" ]]; then HOST="$DEPLOY_DEV_HOST" PORT="${DEPLOY_DEV_PORT:-22}" else HOST="$DEPLOY_PROD_HOST" PORT="${DEPLOY_PROD_PORT:-22}" fi echo "Image digests:" echo " gateway : $(cat digest-gateway.txt)" echo " server : $(cat digest-server.txt)" echo " frontend : $(cat digest-frontend.txt)" echo " frontend : $(cat digest-internal_frontend.txt)" echo "Injecting image digests" cp docker-compose.yml docker-compose.generated.yml sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/gateway|registry.boomlab.party/rheinsw/rheinsw-mono-repo/gateway@$(cat digest-gateway.txt)|g" docker-compose.generated.yml sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/server|registry.boomlab.party/rheinsw/rheinsw-mono-repo/server@$(cat digest-server.txt)|g" docker-compose.generated.yml sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/frontend|registry.boomlab.party/rheinsw/rheinsw-mono-repo/frontend@$(cat digest-frontend.txt)|g" docker-compose.generated.yml sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/internal_frontend|registry.boomlab.party/rheinsw/rheinsw-mono-repo/internal_frontend@$(cat digest-internal_frontend.txt)|g" docker-compose.generated.yml echo "Copying docker-compose.generated.yml to $HOST:$REMOTE_ENV_PATH/docker-compose.yml" # Ensure remote path exists before scp ssh -p "$PORT" "$DEPLOY_USER@$HOST" "mkdir -p $REMOTE_ENV_PATH" # Copy scp -P "$PORT" docker-compose.generated.yml "$DEPLOY_USER@$HOST:$REMOTE_ENV_PATH/docker-compose.yml" scp -P "$PORT" internal_frontend/.env "$DEPLOY_USER@$HOST:$REMOTE_ENV_PATH/internal_frontend.env" echo "Deploying on $HOST" ssh -p "$PORT" "$DEPLOY_USER@$HOST" " cd $REMOTE_ENV_PATH echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin docker compose down || true docker compose pull || true docker compose up -d "