From 3ca95750a77e3a6f5b6076618132029c0cf08330 Mon Sep 17 00:00:00 2001 From: kris Date: Wed, 17 Dec 2025 08:04:18 +0000 Subject: [PATCH] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 89 ++++++++++++++++++++------------------------------ 1 file changed, 36 insertions(+), 53 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f8d67d7c..27664e92 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,23 +1,13 @@ stages: - build + - deploy variables: - # --- Git checkout behavior (fix "Retrying in 5s" checkout issues) --- - CI_DEBUG_TRACE: "true" - GIT_TRACE: "1" - GIT_CURL_VERBOSE: "1" - GIT_STRATEGY: clone - GIT_DEPTH: "20" - GIT_SUBMODULE_STRATEGY: none - GIT_LFS_SKIP_SMUDGE: "1" - - # --- Docker-in-Docker --- DOCKER_BUILDKIT: "1" DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 DOCKER_TLS_CERTDIR: "" - # --- Image tags --- IMAGE_TAG: "stg-ec2_${CI_COMMIT_SHORT_SHA}" IMAGE_NAME: "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}" IMAGE_LATEST_STG_EC2: "${CI_REGISTRY_IMAGE}:stg-ec2_latest" @@ -30,60 +20,53 @@ build:stg-ec2: command: ["--mtu=1460"] rules: - if: '$CI_COMMIT_BRANCH == "stg-ec2"' - before_script: - docker info - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" - script: - docker build -t "$IMAGE_NAME" -f Dockerfile . - docker push "$IMAGE_NAME" - docker tag "$IMAGE_NAME" "$IMAGE_LATEST_STG_EC2" - docker push "$IMAGE_LATEST_STG_EC2" - after_script: - - docker system prune -af || true +deploy:stg-ec2: + stage: deploy + image: alpine:3.20 + rules: + - if: '$CI_COMMIT_BRANCH == "stg-ec2"' + needs: + - job: build:stg-ec2 -# ========================= -# DEPLOY: Server pull image + docker compose up -# ========================= -# deploy:stg-ec2: -# stage: deploy -# image: alpine:3.20 -# rules: -# - if: '$CI_COMMIT_BRANCH == "stg-ec2"' -# needs: ["build:stg-ec2"] + before_script: + - apk add --no-cache openssh-client bash ca-certificates + - mkdir -p ~/.ssh + - chmod 700 ~/.ssh -# before_script: -# - apk add --no-cache openssh-client bash curl ca-certificates -# - mkdir -p ~/.ssh + # SSH_PRIVATE_KEY = multiline private key (bukan File) + - printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa + - sed -i 's/\r$//' ~/.ssh/id_rsa + - chmod 600 ~/.ssh/id_rsa -# # penting: buang CRLF biar key tidak "error in libcrypto" -# - printf "%s" "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa -# - chmod 600 ~/.ssh/id_rsa + # debug aman: pastikan header & footer key kebaca + - head -n 1 ~/.ssh/id_rsa + - tail -n 1 ~/.ssh/id_rsa -# - eval "$(ssh-agent -s)" -# - ssh-add ~/.ssh/id_rsa + - eval "$(ssh-agent -s)" + - ssh-add ~/.ssh/id_rsa + - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts -# - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts + script: + - > + ssh "$SERVER_USER@$SERVER_IP" + "export CI_REGISTRY_USER='$CI_REGISTRY_USER'; + export CI_REGISTRY_PASSWORD='$CI_REGISTRY_PASSWORD'; + export CI_REGISTRY='$CI_REGISTRY'; + set -e; + cd /home/ubuntu/docker/deployment/staging/stg-lti-api; + echo \"\$CI_REGISTRY_PASSWORD\" | docker login -u \"\$CI_REGISTRY_USER\" --password-stdin \"\$CI_REGISTRY\"; + docker compose pull; + docker compose up -d; + docker image prune -f" -# script: -# - echo "Deploy on server: $SERVER_USER@$SERVER_IP" -# - echo "Target dir: /docker/deployment/stg-ec2/stg-lti-api" -# - | -# ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" " -# set -e -# cd /docker/deployment/stg-ec2/stg-lti-api - -# echo 'Login registry on server...' -# echo '$CI_REGISTRY_PASSWORD' | docker login -u '$CI_REGISTRY_USER' --password-stdin '$CI_REGISTRY' - -# echo 'Pull new image...' -# docker compose pull - -# echo 'Restart containers...' -# docker compose up -d - -# echo 'Cleanup old images...' -# docker image prune -af --filter 'until=168h' || true -# " + environment: + name: staging \ No newline at end of file