-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy path.gitlab-ci.yml
131 lines (119 loc) · 4.37 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#
# Variables which should be set in the gitlab project or group :
#
# STACK_NAME (eg, 'amazingapp' - as in 'docker stack deploy $STACK_NAME')
# TRAEFIK_BACKEND (eg 'amazingapp-web' - label for traefik dashboard)
# TRAEFIK_QA_HOSTNAME (eg, amazing.qa-domain.ac.uk - hostname your app will be available on)
# TRAEFIK_PROD_HOSTNAME (eg, amazing.prod-domain.ac.uk - hostname your app will be available on)
# QA_DOTENV (*qa/test* .env file contents)
# QA_SERVER (eg, qaserver.domain.ac.uk)
# QA_SSH_KEY (private key for the deployer user on QA)
# PROD_DOTENV (*production* .env file contents)
# PROD_SERVER (see above)
# PROD_SSH_KEY (see above)
#
# There should also be two environments in your gitlab project - 'prod' and 'qa'
#
stages:
- build-qa
- test
- build-prod
- deploy
variables:
QA_IMAGE_NAME: $CI_REGISTRY/$CI_PROJECT_PATH:qa-$CI_COMMIT_SHA
PROD_IMAGE_NAME: $CI_REGISTRY/$CI_PROJECT_PATH:prod-$CI_COMMIT_SHA
LOCAL_QA_IMAGE_NAME: localhost:5000/$CI_PROJECT_PATH:qa-$CI_COMMIT_SHA
LOCAL_PROD_IMAGE_NAME: localhost:5000/$CI_PROJECT_PATH:prod-$CI_COMMIT_SHA
# This folder is cached between builds
# http://docs.gitlab.com/ce/ci/yaml/README.html#cache
cache:
paths:
# - vendor/
# - node_modules/
test:
image: $QA_IMAGE_NAME
services:
- mysql:5.7
variables:
MYSQL_DATABASE: homestead
MYSQL_ROOT_PASSWORD: secret
MYSQL_USER: homestead
MYSQL_PASSWORD: secret
# If you need Node.js
#- curl -sL https://deb.nodesource.com/setup_10.x | bash -
#- apt-get install -y nodejs
#- npm install
#- npm run dev
script:
# - php vendor/bin/phpunit --coverage-text --colors=never
- cd /var/www/html
- mkdir -p /run/secrets
- cp -f .env.gitlab /run/secrets/.env
- export APP_ENV=testing
- php artisan key:generate
- php artisan config:clear
- php artisan migrate:fresh
- cat .env
- php vendor/bin/phpunit --colors=never --testdox
- if [[ -f /usr/local/bin/security-checker ]]; then php /usr/local/bin/security-checker security:check ./composer.lock ; fi
- if [[ -f /usr/local/bin/phpcs ]]; then php /usr/local/bin/phpcs --config-set ignore_warnings_on_exit 1 ; php /usr/local/bin/phpcs --standard=PSR2 app ; fi
build-qa-tagged:
stage: build-qa
image: docker:stable
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- DOCKER_BUILDKIT=1 docker build --build-arg PHP_VERSION=${PHP_VERSION} --target=ci -t $QA_IMAGE_NAME .
- docker push $QA_IMAGE_NAME
build-prod-tagged:
stage: build-prod
image: docker:stable
only:
- master
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- DOCKER_BUILDKIT=1 docker build --build-arg PHP_VERSION=${PHP_VERSION} --target=prod -t $PROD_IMAGE_NAME .
- docker push $PROD_IMAGE_NAME
deploy_to_qa:
stage: deploy
when: manual
environment: qa
image: docker:stable
script:
- apk add -qU openssh
- eval $(ssh-agent -s)
- export IMAGE_NAME=$LOCAL_QA_IMAGE_NAME
- export TRAEFIK_BACKEND=$TRAEFIK_BACKEND
- export TRAEFIK_HOSTNAME=$TRAEFIK_QA_HOSTNAME
- export NOW=`date +%Y-%m-%d-%H-%M-%S`
- export DOTENV_NAME="${CI_PROJECT_PATH_SLUG}-qa-dotenv-${NOW}"
- echo "$QA_SSH_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan ${QA_SERVER} > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- echo "${QA_DOTENV}" | docker -H ssh://deployer@${QA_SERVER} secret create ${DOTENV_NAME} -
- echo "Deploying stack ${STACK_NAME} image ${IMAGE_NAME} with secret ${DOTENV_NAME}"
- docker -H ssh://deployer@${QA_SERVER} stack deploy -c qa-stack.yml ${STACK_NAME}
deploy_to_prod:
stage: deploy
when: manual
only:
- master
environment: prod
image: docker:stable
script:
- apk add -qU openssh
- eval $(ssh-agent -s)
- export IMAGE_NAME=$LOCAL_PROD_IMAGE_NAME
- export TRAEFIK_BACKEND=$TRAEFIK_BACKEND
- export TRAEFIK_HOSTNAME=$TRAEFIK_PROD_HOSTNAME
- export NOW=`date +%Y-%m-%d-%H-%M-%S`
- export DOTENV_NAME="${CI_PROJECT_PATH_SLUG}-prod-dotenv-${NOW}"
- echo "$PROD_SSH_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan ${PROD_SERVER} > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- echo "${PROD_DOTENV}" | docker -H ssh://deployer@${PROD_SERVER} secret create ${DOTENV_NAME} -
- echo "Deploying stack ${STACK_NAME} image ${IMAGE_NAME} with secret ${DOTENV_NAME}"
- docker -H ssh://deployer@${PROD_SERVER} stack deploy -c prod-stack.yml ${STACK_NAME}