95 lines
3.3 KiB
YAML
95 lines
3.3 KiB
YAML
stages:
|
|
- build
|
|
- release
|
|
- deploy
|
|
|
|
variables:
|
|
DOCKER_DRIVER: overlay2
|
|
IMAGE_PATH: $CI_REGISTRY/$CI_PROJECT_PATH
|
|
# IMAGE_VERSION: $CI_COMMIT_SHORT_SHA
|
|
RELEASE_VERSION: $CI_COMMIT_SHORT_SHA
|
|
|
|
before_script:
|
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
- mkdir -p .ci_status
|
|
|
|
.dedicated-builder: &dedicated-builder
|
|
tags:
|
|
- build1-shell
|
|
|
|
|
|
.dedicated-runner: &dedicated-runner
|
|
tags:
|
|
- runner1-prod-shell
|
|
|
|
vault_wrap_build:
|
|
<<: *dedicated-builder
|
|
stage: build
|
|
script:
|
|
- DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f docker-compose.yml build vault-wrap
|
|
- docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev
|
|
- docker push $IMAGE_PATH/vault-wrap:dev
|
|
- touch .ci_status/vault_wrap_build
|
|
only:
|
|
refs:
|
|
- main
|
|
changes:
|
|
- vault-wrap.go
|
|
- Dockerfile
|
|
- entrypoint.sh
|
|
- docker-compose.yml
|
|
- .gitlab-ci.yml
|
|
artifacts:
|
|
paths:
|
|
- .ci_status/
|
|
|
|
# --------------- RELEASE STAGE -------------#
|
|
vault_wrap_release:
|
|
<<: *dedicated-builder
|
|
stage: release
|
|
script:
|
|
- if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi
|
|
artifacts:
|
|
paths:
|
|
- .ci_status/
|
|
only:
|
|
refs:
|
|
- main
|
|
|
|
|
|
#-------------- DEPLOY STAGE ------------------#
|
|
vault_wrap_deploy:
|
|
<<: *dedicated-runner
|
|
stage: deploy
|
|
script:
|
|
- docker volume create vault-wrap_vault-wrap-conf
|
|
- docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
|
|
- docker run --rm -v vault-wrap_vault-wrap-conf:/temporary -v /etc/ssl/private/:/files alpine cp big-data/runner1-prod.corp.samsonopt.ru.key /temporary
|
|
# -cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
|
|
# - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
|
|
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
|
|
- export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
|
|
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi
|
|
only:
|
|
refs:
|
|
- main
|
|
|
|
# traefik_deploy:
|
|
# <<: *dedicated-runner
|
|
# stage: deploy
|
|
# script:
|
|
# - mkdir -p /usr/local/etc/traefik
|
|
# - docker volume create traefik_traefik-ssl
|
|
# - docker volume create traefik_traefik-dynamic-conf
|
|
# - cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/traefik_traefik-ssl/_data
|
|
# - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/traefik_traefik-ssl/_data
|
|
# - cp traefik-files/traefik.yml /usr/local/etc/traefik/traefik.yml
|
|
# - cp traefik-files/certificates.yml /srv/docker/volumes/traefik_traefik-dynamic-conf/_data/certificates.yml
|
|
# - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
|
|
# - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
|
|
# - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
|
|
# only:
|
|
# refs:
|
|
# - main
|
|
#
|