2024-07-09 16:28:45 +03:00
stages :
- build
- release
- deploy
variables :
DOCKER_DRIVER : overlay2
IMAGE_PATH : $CI_REGISTRY/$CI_PROJECT_PATH
# IMAGE_VERSION: $CI_COMMIT_SHORT_SHA
RELEASE_VERSION : $CI_COMMIT_SHORT_SHA
before_script :
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- mkdir -p .ci_status
.dedicated-builder : &dedicated-builder
tags :
- build1-shell
.dedicated-runner : &dedicated-runner
tags :
- runner1-prod-shell
vault_wrap_build :
<< : *dedicated-builder
stage : build
script :
2024-07-09 16:43:37 +03:00
- DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.yml build vault-wrap
2024-07-09 16:28:45 +03:00
- docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev
- docker push $IMAGE_PATH/vault-wrap:dev
- touch .ci_status/vault_wrap_build
only :
refs :
2024-07-09 16:40:30 +03:00
- main
2024-07-09 16:28:45 +03:00
changes :
- vault-wrap.go
- Dockerfile
- entrypoint.sh
- docker-compose.yml
- .gitlab-ci.yml
artifacts :
paths :
- .ci_status/
# --------------- RELEASE STAGE -------------#
vault_wrap_release :
<< : *dedicated-builder
stage : release
script :
- if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi
artifacts :
paths :
- .ci_status/
only :
refs :
2024-07-09 16:40:30 +03:00
- main
2024-07-09 16:28:45 +03:00
#-------------- DEPLOY STAGE ------------------#
vault_wrap_deploy :
<< : *dedicated-runner
stage : deploy
script :
2024-07-10 15:12:03 +03:00
- docker volume create vault-wrap_vault-wrap-conf
2024-07-10 15:27:45 +03:00
- docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
2024-07-10 15:29:08 +03:00
- docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
2024-07-11 09:32:18 +03:00
- docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v ./html-template/index.html:/files alpine cp files/index.html /temporary
2024-07-10 15:26:15 +03:00
# -cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
# - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
2024-07-10 15:00:54 +03:00
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
- export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
2024-07-09 16:28:45 +03:00
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi
only :
refs :
2024-07-09 16:40:30 +03:00
- main
2024-07-10 15:00:54 +03:00
2024-07-11 08:20:24 +03:00
# traefik_deploy:
# <<: *dedicated-runner
# stage: deploy
# script:
# - mkdir -p /home/gitlab-runner/traefik
# - docker volume create vault-wrap_traefik-ssl
# - docker volume create vault-wrap_traefik-dynamic-conf
# - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
# - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
# - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
# - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
# - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
# - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
# - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
# only:
# refs:
# - main
2024-07-10 15:42:29 +03:00
