Simple deploy via gitlab ci and ssh
- Create ssh key and add it to target server so you can login via the key
ssh-keygen -t ed25519 -C 'mydeploy@server' -f ./deploy_keycat ./deploy_key.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
- Copy private key into gitlab-ci as variable named
SSH_DEV_PRIVATE_KEY
- Install docker and docker-compose on target server
File: .gitlab-ci.yml
stages:
- build
- deploy
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ''
build:app:
stage: build
image: docker:stable
services:
- docker:dind
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE/app:$CI_COMMIT_REF_SLUG
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull $IMAGE_TAG || true
- docker build -f Dockerfile -t $IMAGE_TAG --cache-from $IMAGE_TAG .
- docker push $IMAGE_TAG
build:deploy:
stage: build
image: docker:stable
services:
- docker:dind
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE/deploy:$CI_COMMIT_REF_SLUG
script:
- cd deploy
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull $IMAGE_TAG || true
- docker build -f Dockerfile -t $IMAGE_TAG --cache-from $IMAGE_TAG .
- docker push $IMAGE_TAG
deploy:review:
stage: deploy
image: $CI_REGISTRY_IMAGE/deploy:$CI_COMMIT_REF_SLUG
variables:
SERVER_IP: 127.0.0.1
SSH_PRIVATE_KEY: $SSH_DEV_PRIVATE_KEY
DOMAIN: $CI_ENVIRONMENT_SLUG.dev.example.com
BRANCH_NAME: $CI_COMMIT_REF_SLUG
script:
- envsubst < ./docker-compose.yml > ./docker-compose.new.yml
- rm ./docker-compose.yml && mv ./docker-compose.new.yml ./docker-compose.yml
- ssh root@$SERVER_IP rm -rf /app/$CI_COMMIT_REF_SLUG || true
- ssh root@$SERVER_IP mkdir /app/$CI_COMMIT_REF_SLUG
- scp ./docker-compose.yml root@$SERVER_IP:/app/$CI_COMMIT_REF_SLUG
- scp ./.scripts/* root@$SERVER_IP:/app/$CI_COMMIT_REF_SLUG
- ssh root@$SERVER_IP chmod -R +x /app
- ssh root@$SERVER_IP docker --config ./.local_docker_config login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- ssh root@$SERVER_IP "cd /app/$CI_COMMIT_REF_SLUG && ./deploy.sh" || true
when: manual
environment:
name: review/$CI_COMMIT_REF_NAME
url: https://$CI_ENVIRONMENT_SLUG.dev.example.com
stop:review:
stage: deploy
image: $CI_REGISTRY_IMAGE/deploy:$CI_COMMIT_REF_SLUG
variables:
SERVER_IP: 127.0.0.1
SSH_PRIVATE_KEY: $SSH_DEV_PRIVATE_KEY
script:
- ssh root@$SERVER_IP "cd /app/$CI_COMMIT_REF_SLUG && ./teardown.sh" || true
- ssh root@$SERVER_IP docker --config ./.local_docker_config login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- ssh root@$SERVER_IP rm -rf /app/$CI_COMMIT_REF_SLUG || true
when: manual
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
File: deploy.sh
#!/usr/bin/env sh
docker-compose pull
docker-compose down --remove-orphans
docker-compose up -d
exit 0
File: teardown.sh
#!/usr/bin/env sh
docker-compose down --remove-orphans
exit 0
File: deploy/Dockerfile
FROM debian:stable-slim
RUN apt-get update -y && apt-get install gettext -y
RUN which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
RUN mkdir -p ~/.ssh
ADD start.sh /
RUN apt-get clean && rm -rf /var/lib/apt/lists/*
ENTRYPOINT ["./start.sh"]
File: deploy/start.sh
#!/bin/bash
eval $(ssh-agent -s)
ssh-add <(echo "$SSH_PRIVATE_KEY")
[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
bash
ci, deploy, devops, gitlab — May 3, 2022