From 1e9fdd2b0da1d1541baca8174668a7512d54b9bc Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Thu, 18 Dec 2025 06:41:04 +0000
Subject: [PATCH] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 127 +++++++++++++++++++++----------------------------
 1 file changed, 54 insertions(+), 73 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 53f28b3e..62acf585 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,90 +1,71 @@
 stages:
+  - build
   - deploy
 
-deploy-dev:
+variables:
+  DOCKER_BUILDKIT: "1"
+  DOCKER_DRIVER: overlay2
+  DOCKER_HOST: tcp://docker:2375
+  DOCKER_TLS_CERTDIR: ""
+
+  IMAGE_TAG: "staging_${CI_COMMIT_SHORT_SHA}"
+  IMAGE_NAME: "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"
+  IMAGE_LATEST_STG_EC2: "${CI_REGISTRY_IMAGE}:staging_latest"
+
+build:staging:
+  stage: build
+  image: docker:27.0.3
+  services:
+    - name: docker:27.0.3-dind
+      command: ["--mtu=1460"]
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "staging"'
+  before_script:
+    - docker info
+    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+  script:
+    - docker build -t "$IMAGE_NAME" -f Dockerfile .
+    - docker push "$IMAGE_NAME"
+    - docker tag "$IMAGE_NAME" "$IMAGE_LATEST_STG_EC2"
+    - docker push "$IMAGE_LATEST_STG_EC2"
+
+deploy:staging:
   stage: deploy
   image: alpine:3.20
-  variables:
-    DEPLOY_APP: "LTI-MBUGROUP"
-    # Opsional: kalau pakai submodule, ini bikin clone submodule pakai SSH juga
-    GIT_SUBMODULE_STRATEGY: recursive
-    GIT_DEPTH: "1"
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "staging"'
+  needs:
+    - job: build:staging
 
   before_script:
-    - echo "🧰 Installing dependencies..."
-    - apk update && apk add --no-cache openssh git curl bash
-
-    # Setup SSH di runner
+    - apk add --no-cache openssh-client bash ca-certificates
     - mkdir -p ~/.ssh
-    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
+    - chmod 700 ~/.ssh
+
+    # SSH_PRIVATE_KEY = multiline private key (bukan File)
+    - printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+    - sed -i 's/\r$//' ~/.ssh/id_rsa
     - chmod 600 ~/.ssh/id_rsa
+
+    - head -n 1 ~/.ssh/id_rsa
+    - tail -n 1 ~/.ssh/id_rsa
+
     - eval "$(ssh-agent -s)"
     - ssh-add ~/.ssh/id_rsa
-
-    # Trust host keys (server + gitlab) biar SSH gak nanya interaktif
     - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
-    - ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
 
   script:
-    - echo "🚀 Deploying latest code to $SERVER_USER@$SERVER_IP"
-
     - >
-      if ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
-        set -e
-
-        cd /home/devops/docker/deployment/development/lti-api
-
-        # Pastikan remote origin SSH (antisipasi kalau pernah ke-set HTTPS)
-        git remote set-url origin git@gitlab.com:mbugroup/lti-api.git
-
-        # Pastikan server percaya gitlab.com juga (untuk git fetch via SSH)
-        mkdir -p ~/.ssh
-        ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
-
-        # Fetch/reset pakai SSH
-        GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git fetch origin development
-        git reset --hard origin/development
-
-        docker compose restart dev-api-lti || docker compose up -d dev-api-lti
-      "; then
-        STATUS='success';
-      else
-        STATUS='failed';
-      fi;
-
-      RUN_URL="${CI_PROJECT_URL}/-/pipelines/${CI_PIPELINE_ID}";
-
-      if [ "$STATUS" = "success" ]; then
-        COLOR=3066993;
-        TITLE="✅ Deployment API Succeeded";
-        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` completed successfully.";
-      else
-        COLOR=15158332;
-        TITLE="❌ Deployment API Failed Gaes";
-        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` failed.";
-      fi;
-
-      echo "{
-        \"username\": \"CI Bot\",
-        \"embeds\": [{
-          \"title\": \"$TITLE\",
-          \"description\": \"$DESC\",
-          \"color\": $COLOR,
-          \"fields\": [
-            {\"name\": \"Repository\", \"value\": \"${CI_PROJECT_PATH}\", \"inline\": true},
-            {\"name\": \"Actor\", \"value\": \"${GITLAB_USER_LOGIN}\", \"inline\": true},
-            {\"name\": \"Commit\", \"value\": \"${CI_COMMIT_SHA}\", \"inline\": false},
-            {\"name\": \"Pipeline\", \"value\": \"[Open run](${RUN_URL})\", \"inline\": false}
-          ]
-        }]
-      }" > payload.json;
-
-      echo "📡 Sending notification to Discord...";
-      curl -sS -H "Content-Type: application/json" \
-        -d @payload.json "$DISCORD_WEBHOOK_URL";
-
-  only:
-    - development
+      ssh "$SERVER_USER@$SERVER_IP"
+      "export CI_REGISTRY_USER='$CI_REGISTRY_USER';
+       export CI_REGISTRY_PASSWORD='$CI_REGISTRY_PASSWORD';
+       export CI_REGISTRY='$CI_REGISTRY';
+       set -e;
+       cd /home/ubuntu/docker/deployment/staging/stg-lti-api;
+       echo \"\$CI_REGISTRY_PASSWORD\" | docker login -u \"\$CI_REGISTRY_USER\" --password-stdin \"\$CI_REGISTRY\";
+       docker compose pull;
+       docker compose up -d;
+       docker image prune -f"
 
   environment:
-    name: development
\ No newline at end of file
+    name: staging
\ No newline at end of file