stages: - build - release - deploy variables: DOCKER_DRIVER: overlay2 IMAGE_PATH: $CI_REGISTRY/$CI_PROJECT_PATH # IMAGE_VERSION: $CI_COMMIT_SHORT_SHA RELEASE_VERSION: $CI_COMMIT_SHORT_SHA before_script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - mkdir -p .ci_status .dedicated-builder: &dedicated-builder tags: - build1-shell .dedicated-runner: &dedicated-runner tags: - runner1-prod-shell vault_wrap_build: <<: *dedicated-builder stage: build script: - DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.yml build vault-wrap - docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev - docker push $IMAGE_PATH/vault-wrap:dev - touch .ci_status/vault_wrap_build only: refs: - main changes: - vault.go - Dockerfile - entrypoint.sh - docker-compose.yml - .gitlab-ci.yml artifacts: paths: - .ci_status/ # --------------- RELEASE STAGE -------------# vault_wrap_release: <<: *dedicated-builder stage: release script: - if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi artifacts: paths: - .ci_status/ only: refs: - main #-------------- DEPLOY STAGE ------------------# vault_wrap_deploy: <<: *dedicated-runner stage: deploy script: - docker volume create vault-wrap_vault-wrap-conf - docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary - docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary - docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v ./html-template/:/files alpine cp files/index.html /temporary # -cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/ # - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/ - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi only: refs: - main traefik_deploy: <<: *dedicated-runner stage: deploy script: - mkdir -p /home/gitlab-runner/traefik - docker volume create vault-wrap_traefik-ssl - docker volume create vault-wrap_traefik-dynamic-conf - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi only: refs: - main