2023-06-14 21:53:27 +02:00
|
|
|
stages:
|
|
|
|
- build
|
2023-06-23 11:25:22 +02:00
|
|
|
- deploy
|
2023-06-14 21:53:27 +02:00
|
|
|
|
2024-03-12 15:49:08 +01:00
|
|
|
variables:
|
|
|
|
LATEST_IMAGE: '$CI_REGISTRY_IMAGE:latest'
|
|
|
|
PRODUCTION_URL: 'https://home.unjx.de'
|
|
|
|
|
|
|
|
image: docker:$DOCKER_VERSION-git
|
|
|
|
|
|
|
|
.auth_gitlab:
|
|
|
|
before_script:
|
|
|
|
- echo $CI_REGISTRY_PASSWORD | docker login --username $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
|
|
|
|
after_script:
|
|
|
|
- docker logout
|
|
|
|
|
|
|
|
.rules:deploy:
|
|
|
|
rules:
|
2024-03-12 15:56:17 +01:00
|
|
|
- if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
|
2024-03-12 15:49:08 +01:00
|
|
|
|
|
|
|
build:
|
|
|
|
rules: !reference [.rules:deploy, rules]
|
|
|
|
stage: build
|
|
|
|
variables:
|
|
|
|
DOCKER_BUILDKIT: 1
|
|
|
|
CURRENT_IMAGE: '$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG'
|
|
|
|
before_script:
|
|
|
|
- !reference [.auth_gitlab, before_script]
|
|
|
|
script:
|
|
|
|
- docker compose build godash
|
|
|
|
- docker tag $CURRENT_IMAGE $LATEST_IMAGE
|
|
|
|
- docker push $CURRENT_IMAGE
|
|
|
|
- docker push $LATEST_IMAGE
|
|
|
|
after_script:
|
|
|
|
- !reference [.auth_gitlab, after_script]
|
|
|
|
|
|
|
|
deploy:
|
|
|
|
rules: !reference [.rules:deploy, rules]
|
|
|
|
stage: deploy
|
|
|
|
image: debian:${DEBIAN_VERSION}-slim
|
|
|
|
id_tokens:
|
|
|
|
TBOT_GITLAB_JWT:
|
|
|
|
aud: tp.unjx.de
|
|
|
|
script:
|
|
|
|
- apt-get update && apt-get install curl -y
|
|
|
|
- cp tbot.yaml /tmp
|
|
|
|
- cd /tmp
|
|
|
|
- 'curl -O https://cdn.teleport.dev/teleport-v${TELEPORT_VERSION}-linux-amd64-bin.tar.gz'
|
|
|
|
- tar -xvf teleport-v${TELEPORT_VERSION}-linux-amd64-bin.tar.gz
|
|
|
|
- ./teleport/install
|
|
|
|
- 'tbot start -c tbot.yaml'
|
2024-03-12 16:03:16 +01:00
|
|
|
- 'tsh -i /tmp/machine-id/identity --proxy tp.unjx.de:443 ssh gitlab@berg "docker compose -f /opt/docker/home/compose.yml up home -d --pull always && docker system prune --force"'
|
2024-03-12 15:49:08 +01:00
|
|
|
environment:
|
|
|
|
name: production
|
|
|
|
url: $PRODUCTION_URL
|