Update .gitlab-ci.yml file

.gitlab-ci.yml

@@ -1,23 +1,13 @@
 stages:
   - build
+  - deploy
 
 variables:
-  # --- Git checkout behavior (fix "Retrying in 5s" checkout issues) ---
-  CI_DEBUG_TRACE: "true"
-  GIT_TRACE: "1"
-  GIT_CURL_VERBOSE: "1"
-  GIT_STRATEGY: clone
-  GIT_DEPTH: "20"
-  GIT_SUBMODULE_STRATEGY: none
-  GIT_LFS_SKIP_SMUDGE: "1"
-
-  # --- Docker-in-Docker ---
   DOCKER_BUILDKIT: "1"
   DOCKER_DRIVER: overlay2
   DOCKER_HOST: tcp://docker:2375
   DOCKER_TLS_CERTDIR: ""
 
-  # --- Image tags ---
   IMAGE_TAG: "stg-ec2_${CI_COMMIT_SHORT_SHA}"
   IMAGE_NAME: "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"
   IMAGE_LATEST_STG_EC2: "${CI_REGISTRY_IMAGE}:stg-ec2_latest"
@@ -30,60 +20,53 @@ build:stg-ec2:
       command: ["--mtu=1460"]
   rules:
     - if: '$CI_COMMIT_BRANCH == "stg-ec2"'
-
   before_script:
     - docker info
     - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
-
   script:
     - docker build -t "$IMAGE_NAME" -f Dockerfile .
     - docker push "$IMAGE_NAME"
     - docker tag "$IMAGE_NAME" "$IMAGE_LATEST_STG_EC2"
     - docker push "$IMAGE_LATEST_STG_EC2"
 
-  after_script:
-    - docker system prune -af || true
+deploy:stg-ec2:
+  stage: deploy
+  image: alpine:3.20
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "stg-ec2"'
+  needs:
+    - job: build:stg-ec2
 
-# =========================
-# DEPLOY: Server pull image + docker compose up
-# =========================
-# deploy:stg-ec2:
-#   stage: deploy
-#   image: alpine:3.20
-#   rules:
-#     - if: '$CI_COMMIT_BRANCH == "stg-ec2"'
-#   needs: ["build:stg-ec2"]
+  before_script:
+    - apk add --no-cache openssh-client bash ca-certificates
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
 
-#   before_script:
-#     - apk add --no-cache openssh-client bash curl ca-certificates
-#     - mkdir -p ~/.ssh
+    # SSH_PRIVATE_KEY = multiline private key (bukan File)
+    - printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+    - sed -i 's/\r$//' ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
 
-#     # penting: buang CRLF biar key tidak "error in libcrypto"
-#     - printf "%s" "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
-#     - chmod 600 ~/.ssh/id_rsa
+    # debug aman: pastikan header & footer key kebaca
+    - head -n 1 ~/.ssh/id_rsa
+    - tail -n 1 ~/.ssh/id_rsa
 
-#     - eval "$(ssh-agent -s)"
-#     - ssh-add ~/.ssh/id_rsa
+    - eval "$(ssh-agent -s)"
+    - ssh-add ~/.ssh/id_rsa
+    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
 
-#     - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+  script:
+    - >
+      ssh "$SERVER_USER@$SERVER_IP"
+      "export CI_REGISTRY_USER='$CI_REGISTRY_USER';
+       export CI_REGISTRY_PASSWORD='$CI_REGISTRY_PASSWORD';
+       export CI_REGISTRY='$CI_REGISTRY';
+       set -e;
+       cd /home/ubuntu/docker/deployment/staging/stg-lti-api;
+       echo \"\$CI_REGISTRY_PASSWORD\" | docker login -u \"\$CI_REGISTRY_USER\" --password-stdin \"\$CI_REGISTRY\";
+       docker compose pull;
+       docker compose up -d;
+       docker image prune -f"
 
-#   script:
-#     - echo "Deploy on server: $SERVER_USER@$SERVER_IP"
-#     - echo "Target dir: /docker/deployment/stg-ec2/stg-lti-api"
-#     - |
-#       ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
-#         set -e
-#         cd /docker/deployment/stg-ec2/stg-lti-api
-
-#         echo 'Login registry on server...'
-#         echo '$CI_REGISTRY_PASSWORD' | docker login -u '$CI_REGISTRY_USER' --password-stdin '$CI_REGISTRY'
-
-#         echo 'Pull new image...'
-#         docker compose pull
-
-#         echo 'Restart containers...'
-#         docker compose up -d
-
-#         echo 'Cleanup old images...'
-#         docker image prune -af --filter 'until=168h' || true
-#       "
+  environment:
+    name: staging