Change rules cicd no conflicts

.gitlab-ci.yml

@@ -1,132 +1,20 @@
-stages:
-  - build
-  - migrate
-  - deploy
-  - seed
-
-default:
-  tags:
-    - self-hosted-prod
-
 workflow:
   rules:
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
-      when: always
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+    - if: '$CI_COMMIT_BRANCH == "development"'
+    - if: '$CI_COMMIT_BRANCH == "staging"'
+    - if: '$CI_COMMIT_BRANCH == "production"'
     - when: never
 
-variables:
-  DOCKER_BUILDKIT: "1"
+include:
+  - local: "ci/development.yml"
+    rules:
+      - if: '$CI_COMMIT_BRANCH == "development"'
 
-  IMAGE_TAG: "production_${CI_COMMIT_SHORT_SHA}"
-  IMAGE_NAME: "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"
-  IMAGE_LATEST: "${CI_REGISTRY_IMAGE}:production_latest"
-
-  DEPLOY_DIR: "/opt/deploy/lti"
-  COMPOSE_FILE: "docker-compose.yaml"
-
-# =========================
-# BUILD (AUTO) 
-# =========================
-build_production:
-  stage: build
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
-  script: |
-    set -e
-    docker info
-
-    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
-
-    echo "✅ Build image: $IMAGE_NAME"
-    docker build -t "$IMAGE_NAME" -f Dockerfile .
-
-    echo "✅ Push image: $IMAGE_NAME"
-    docker push "$IMAGE_NAME"
-
-    echo "✅ Tag latest: $IMAGE_LATEST"
-    docker tag "$IMAGE_NAME" "$IMAGE_LATEST"
-    docker push "$IMAGE_LATEST"
-
-
-# =========================
-# MIGRATE (PRODUCTION - MANUAL)
-# =========================
-migrate_production:
-  stage: migrate
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
-      when: manual
-      allow_failure: false
-  needs:
-    - job: build_production
-      artifacts: false
-  script: |
-    set -e
-    cd /opt/deploy/lti
-    test -f .env || (echo "❌ .env not found" && exit 1)
-
-    set -a
-    . ./.env
-    set +a
-
-    # Validasi env wajib
-    : "${DB_HOST:?DB_HOST not set}"
-    : "${DB_PORT:?DB_PORT not set}"
-    : "${DB_USER:?DB_USER not set}"
-    : "${DB_PASSWORD:?DB_PASSWORD not set}"
-    : "${DB_NAME:?DB_NAME not set}"
-
-    DB_SSLMODE="${DB_SSLMODE:-require}"
-    export DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=${DB_SSLMODE}"
-
-    echo "✅ Running migrations (production)..."
-    docker run --rm \
-      -v "$CI_PROJECT_DIR/internal/database/migrations:/migrations:ro" \
-      migrate/migrate:v4.15.2 \
-      -path=/migrations -database "$DATABASE_URL" up
-
-
-# =========================
-# DEPLOY (AUTO)
-# =========================
-deploy_production:
-  stage: deploy
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
-  needs:
-    - job: migrate_production
-      artifacts: false
-    - job: build_production
-      artifacts: false
-  script: |
-    set -e
-    docker info
-    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
-
-    cd "$DEPLOY_DIR"
-    test -f "$COMPOSE_FILE" || (echo "❌ $COMPOSE_FILE not found in $DEPLOY_DIR" && exit 1)
-    test -f .env || (echo "❌ .env not found in $DEPLOY_DIR" && exit 1)
-
-    docker compose -f "$COMPOSE_FILE" pull
-    docker compose -f "$COMPOSE_FILE" up -d --force-recreate
-    docker image prune -f
-
-
-# =========================
-# SEED (MANUAL)
-# =========================
-seed_production:
-  stage: seed
-  rules:
-    - if: '$CI_COMMIT_BRANCH == "production"'
-      when: manual
-  script: |
-    set -e
-    cd /opt/deploy/lti
-    test -f .env || (echo "❌ .env not found" && exit 1)
-
-    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
-
-    docker compose --env-file .env pull seed
-    docker compose --env-file .env run --rm seed
+  - local: "ci/staging.yml"
+    rules:
+      - if: '$CI_COMMIT_BRANCH == "staging"'
 
+  - local: "ci/production.yml"
+    rules:
+      - if: '$CI_COMMIT_BRANCH == "production"'

ci/development.yml

@@ -0,0 +1,90 @@
+stages:
+  - deploy
+
+deploy-dev:
+  stage: deploy
+  image: alpine:3.20
+  variables:
+    DEPLOY_APP: "LTI-MBUGROUP"
+    # Opsional: kalau pakai submodule, ini bikin clone submodule pakai SSH juga
+    GIT_SUBMODULE_STRATEGY: recursive
+    GIT_DEPTH: "1"
+
+  before_script:
+    - echo "🧰 Installing dependencies..."
+    - apk update && apk add --no-cache openssh git curl bash
+
+    # Setup SSH di runner
+    - mkdir -p ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - eval "$(ssh-agent -s)"
+    - ssh-add ~/.ssh/id_rsa
+
+    # Trust host keys (server + gitlab) biar SSH gak nanya interaktif
+    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+    - ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
+
+  script:
+    - echo "🚀 Deploying latest code to $SERVER_USER@$SERVER_IP"
+
+    - >
+      if ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
+        set -e
+
+        cd /home/devops/docker/deployment/development/lti-api
+
+        # Pastikan remote origin SSH (antisipasi kalau pernah ke-set HTTPS)
+        git remote set-url origin git@gitlab.com:mbugroup/lti-api.git
+
+        # Pastikan server percaya gitlab.com juga (untuk git fetch via SSH)
+        mkdir -p ~/.ssh
+        ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
+
+        # Fetch/reset pakai SSH
+        GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git fetch origin development
+        git reset --hard origin/development
+
+        docker compose restart dev-api-lti || docker compose up -d dev-api-lti
+      "; then
+        STATUS='success';
+      else
+        STATUS='failed';
+      fi;
+
+      RUN_URL="${CI_PROJECT_URL}/-/pipelines/${CI_PIPELINE_ID}";
+
+      if [ "$STATUS" = "success" ]; then
+        COLOR=3066993;
+        TITLE="✅ Deployment API Succeeded";
+        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` completed successfully.";
+      else
+        COLOR=15158332;
+        TITLE="❌ Deployment API Failed Gaes";
+        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` failed.";
+      fi;
+
+      echo "{
+        \"username\": \"CI Bot\",
+        \"embeds\": [{
+          \"title\": \"$TITLE\",
+          \"description\": \"$DESC\",
+          \"color\": $COLOR,
+          \"fields\": [
+            {\"name\": \"Repository\", \"value\": \"${CI_PROJECT_PATH}\", \"inline\": true},
+            {\"name\": \"Actor\", \"value\": \"${GITLAB_USER_LOGIN}\", \"inline\": true},
+            {\"name\": \"Commit\", \"value\": \"${CI_COMMIT_SHA}\", \"inline\": false},
+            {\"name\": \"Pipeline\", \"value\": \"[Open run](${RUN_URL})\", \"inline\": false}
+          ]
+        }]
+      }" > payload.json;
+
+      echo "📡 Sending notification to Discord...";
+      curl -sS -H "Content-Type: application/json" \
+        -d @payload.json "$DISCORD_WEBHOOK_URL";
+
+  only:
+    - development
+
+  environment:
+    name: development

ci/production.yml

@@ -0,0 +1,133 @@
+stages:
+  - build
+  - migrate
+  - deploy
+  - seed
+
+default:
+  tags:
+    - self-hosted-prod
+
+workflow:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+      when: always
+    - when: never
+
+variables:
+  DOCKER_BUILDKIT: "1"
+
+  IMAGE_TAG: "production_${CI_COMMIT_SHORT_SHA}"
+  IMAGE_NAME: "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"
+  IMAGE_LATEST: "${CI_REGISTRY_IMAGE}:production_latest"
+
+  DEPLOY_DIR: "/opt/deploy/lti"
+  COMPOSE_FILE: "docker-compose.yaml"
+
+# =========================
+# BUILD (AUTO) 
+# =========================
+build_production:
+  stage: build
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+  script: |
+    set -e
+    docker info
+
+    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+    echo "✅ Build image: $IMAGE_NAME"
+    docker build -t "$IMAGE_NAME" -f Dockerfile .
+
+    echo "✅ Push image: $IMAGE_NAME"
+    docker push "$IMAGE_NAME"
+
+    echo "✅ Tag latest: $IMAGE_LATEST"
+    docker tag "$IMAGE_NAME" "$IMAGE_LATEST"
+    docker push "$IMAGE_LATEST"
+
+
+# =========================
+# MIGRATE (PRODUCTION - MANUAL)
+# =========================
+migrate_production:
+  stage: migrate
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+      when: manual
+      allow_failure: false
+  needs:
+    - job: build_production
+      artifacts: false
+  script: |
+    set -e
+    cd /opt/deploy/lti
+    test -f .env || (echo "❌ .env not found" && exit 1)
+
+    set -a
+    . ./.env
+    set +a
+
+    # Validasi env wajib
+    : "${DB_HOST:?DB_HOST not set}"
+    : "${DB_PORT:?DB_PORT not set}"
+    : "${DB_USER:?DB_USER not set}"
+    : "${DB_PASSWORD:?DB_PASSWORD not set}"
+    : "${DB_NAME:?DB_NAME not set}"
+
+    DB_SSLMODE="${DB_SSLMODE:-require}"
+    export DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=${DB_SSLMODE}"
+
+    echo "✅ Running migrations (production)..."
+    docker run --rm \
+      -v "$CI_PROJECT_DIR/internal/database/migrations:/migrations:ro" \
+      migrate/migrate:v4.15.2 \
+      -path=/migrations -database "$DATABASE_URL" up
+
+
+# =========================
+# DEPLOY (AUTO)
+# =========================
+deploy_production:
+  stage: deploy
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+  needs:
+    - job: migrate_production
+      artifacts: false
+    - job: build_production
+      artifacts: false
+  script: |
+    set -e
+    docker info
+    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+    cd "$DEPLOY_DIR"
+    test -f "$COMPOSE_FILE" || (echo "❌ $COMPOSE_FILE not found in $DEPLOY_DIR" && exit 1)
+    test -f .env || (echo "❌ .env not found in $DEPLOY_DIR" && exit 1)
+
+    docker compose -f "$COMPOSE_FILE" pull
+    docker compose -f "$COMPOSE_FILE" up -d --force-recreate
+    docker image prune -f
+
+
+# =========================
+# SEED (MANUAL)
+# =========================
+seed_production:
+  stage: seed
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "production"'
+      when: manual
+  script: |
+    set -e
+    cd /opt/deploy/lti
+    test -f .env || (echo "❌ .env not found" && exit 1)
+
+    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+    docker compose --env-file .env pull seed
+    docker compose --env-file .env run --rm seed
+
+

ci/staging.yml

@@ -0,0 +1,133 @@
+stages:
+  - build
+  - migrate
+  - deploy
+  - seed
+
+default:
+  tags:
+    - self-hosted-prod
+
+workflow:
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+      when: always
+    - when: never
+
+variables:
+  DOCKER_BUILDKIT: "1"
+
+  IMAGE_TAG: "production_${CI_COMMIT_SHORT_SHA}"
+  IMAGE_NAME: "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"
+  IMAGE_LATEST: "${CI_REGISTRY_IMAGE}:production_latest"
+
+  DEPLOY_DIR: "/opt/deploy/lti"
+  COMPOSE_FILE: "docker-compose.yaml"
+
+# =========================
+# BUILD (AUTO) 
+# =========================
+build_production:
+  stage: build
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+  script: |
+    set -e
+    docker info
+
+    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+    echo "✅ Build image: $IMAGE_NAME"
+    docker build -t "$IMAGE_NAME" -f Dockerfile .
+
+    echo "✅ Push image: $IMAGE_NAME"
+    docker push "$IMAGE_NAME"
+
+    echo "✅ Tag latest: $IMAGE_LATEST"
+    docker tag "$IMAGE_NAME" "$IMAGE_LATEST"
+    docker push "$IMAGE_LATEST"
+
+
+# =========================
+# MIGRATE (PRODUCTION - MANUAL)
+# =========================
+migrate_production:
+  stage: migrate
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+      when: manual
+      allow_failure: false
+  needs:
+    - job: build_production
+      artifacts: false
+  script: |
+    set -e
+    cd /opt/deploy/lti
+    test -f .env || (echo "❌ .env not found" && exit 1)
+
+    set -a
+    . ./.env
+    set +a
+
+    # Validasi env wajib
+    : "${DB_HOST:?DB_HOST not set}"
+    : "${DB_PORT:?DB_PORT not set}"
+    : "${DB_USER:?DB_USER not set}"
+    : "${DB_PASSWORD:?DB_PASSWORD not set}"
+    : "${DB_NAME:?DB_NAME not set}"
+
+    DB_SSLMODE="${DB_SSLMODE:-require}"
+    export DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=${DB_SSLMODE}"
+
+    echo "✅ Running migrations (production)..."
+    docker run --rm \
+      -v "$CI_PROJECT_DIR/internal/database/migrations:/migrations:ro" \
+      migrate/migrate:v4.15.2 \
+      -path=/migrations -database "$DATABASE_URL" up
+
+
+# =========================
+# DEPLOY (AUTO)
+# =========================
+deploy_production:
+  stage: deploy
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+  needs:
+    - job: migrate_production
+      artifacts: false
+    - job: build_production
+      artifacts: false
+  script: |
+    set -e
+    docker info
+    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+    cd "$DEPLOY_DIR"
+    test -f "$COMPOSE_FILE" || (echo "❌ $COMPOSE_FILE not found in $DEPLOY_DIR" && exit 1)
+    test -f .env || (echo "❌ .env not found in $DEPLOY_DIR" && exit 1)
+
+    docker compose -f "$COMPOSE_FILE" pull
+    docker compose -f "$COMPOSE_FILE" up -d --force-recreate
+    docker image prune -f
+
+
+# =========================
+# SEED (MANUAL)
+# =========================
+seed_production:
+  stage: seed
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "production"'
+      when: manual
+  script: |
+    set -e
+    cd /opt/deploy/lti
+    test -f .env || (echo "❌ .env not found" && exit 1)
+
+    echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+    docker compose --env-file .env pull seed
+    docker compose --env-file .env run --rm seed
+
+