-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
93 lines (86 loc) · 3.86 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Developed by Nicholas Dehnen & Vincent Scharf.
# Copyright (c) 2019 Deutsche Telekom Intellectual Property.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variables:
GIT_SUBMODULE_STRATEGY: recursive
#CI_DEBUG_TRACE: "true"
stages:
- build
- deploy
build_image:
image: docker:latest
stage: build
services:
- docker:dind
before_script:
- docker info
- apk update
- apk upgrade
- apk add python alpine-sdk openssl-dev libffi-dev python-dev py-pip build-base
- pip install docker-compose
script:
- docker-compose build
deploy_live:
variables:
SSH_USER: gitlab
stage: deploy
only:
- master
image: ubuntu:18.04
before_script:
- apt-get update -qqy && apt-get install expect -qqy
- apt-get install openvpn screen iputils-ping -qqy
- echo $OVPN_CONFIG | base64 -d > ~/gitlab-runner.ovpn
# run openvpn in background
- screen -d -m -S bukkit bash -c 'openvpn --float --config ~/gitlab-runner.ovpn'
# mae sure openvpn is up and running and all interfaces are created
- sleep 1m
# add routes and print setup (routes are getting pushed by vpn server in the current setup)
#- export VPN_GATEWAY=$(ip addr show tun0 | awk '/inet / {gsub(/\/.*/,"",$2); print $4}' | cut -d "/" -f1)
#- export VPN_SUBNET=$(echo $LIVE_URL | tr "." " " | awk ' { print $1"."$2"."$3"."0"/"24 }')
#- ip route add 10.8.0.0/24 via $(echo $VPN_GATEWAY) dev tun0
- ip r
- ip addr
# wait until $LIVE_URL is reachable
- until ping -c1 $(echo $LIVE_URL) &>/dev/null; do :; done
# connect to host
- 'which ssh-agent || ( apt-get install openssh-client -qqy )'
##
## Create the SSH directory and give it the right permissions
##
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- eval $(ssh-agent -s)
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
- chmod +x ssh-add-pass.sh
##
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
#- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
# - echo $LIVE_PRIVATE_KEY | base64 -d
- echo $LIVE_PRIVATE_KEY | base64 -d > ~/.ssh/id_rsa
# - cat ~/.ssh/id_rsa
- chmod 0600 ~/.ssh/id_rsa
- ./ssh-add-pass.sh ~/.ssh/id_rsa
- ssh-add -l
- apt-get install rsync -qqy
script:
- ssh -p22 $(echo $LIVE_SSH_USER)@$(echo $LIVE_URL) "sudo [ -d '/etc/vvp-web' ] && sudo docker-compose -f /etc/vvp-web/docker-compose.yml down || sudo mkdir -p /etc/vvp-web"
- rsync -rav -e ssh --rsync-path="sudo rsync" --exclude='.git/' --exclude='.gitlab-ci.yml' --delete ./ $(echo $LIVE_SSH_USER)@$(echo $LIVE_URL):/etc/vvp-web/ --exclude='redis/' --exclude='git/'
- ssh -p22 $(echo $LIVE_SSH_USER)@$(echo $LIVE_URL) "sudo [ ! -d '/etc/vvp-web/git' ] && sudo mkdir /etc/vvp-web/git || echo "Directory already exists!""
- ssh -p22 $(echo $LIVE_SSH_USER)@$(echo $LIVE_URL) "sudo [ ! -d '/etc/vvp-web/redis' ] && sudo mkdir /etc/vvp-web/redis || echo "Directory already exists!""
- ssh -p22 $(echo $LIVE_SSH_USER)@$(echo $LIVE_URL) "sudo docker-compose --version"
- ssh -p22 $(echo $LIVE_SSH_USER)@$(echo $LIVE_URL) "sudo docker-compose -f /etc/vvp-web/docker-compose.yml up -d --build"