YAML
FINAL
variables:
REVERT_IT: "no"
PREVIOUS_SHA: "previous_sha"
before_script:
- "which ssh-agent || ( apk add openssh )"
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_STAGE" | ssh-add -
- echo "$DOT_ENV_ROUTER" > .envrouter
- echo "$ENTRYPOINT" > docker-entrypoint.sh
- echo "$NGINX_CONF" > default
- echo "$REACT_APP_PASSPHRASE"
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
stages:
- build_docker_dit_dah
- revert_sha
- deploy_dit_dah
build_docker_dit_dah:
stage: build_docker_dit_dah
only:
refs:
- dit_dah_stage
variables:
- $REVERT_IT == "no"
script:
- cat envs/.env.dit_dah.qa > .env
- docker login -u "$DOCKER_LOGIN" -p "$DOCKER_PASS" registry.dit-dah.click
- docker build -t registry.dit-dah.click/cubik_set/dit-dah.click:$CI_COMMIT_SHORT_SHA .
- docker push registry.dit-dah.click/cubik_set/dit-dah.click:$CI_COMMIT_SHORT_SHA
revert_sha:
stage: revert_sha
only:
refs:
- stage
variables:
- $REVERT_IT == "yes"
script:
- docker pull registry.dit-dah.click/cubik_set/dit-dah.click:$PREVIOUS_SHA
- docker tag registry.dit-dah.click/cubik_set/dit-dah.click:$PREVIOUS_SHA
registry.dit-dah.click/cubik_set/dit-dah.click:latest
- docker push registry.dit-dah.click/cubik_set/dit-dah.click:latest
deploy_dit_dah:
stage: deploy_dit_dah
type: stage
script:
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_DOCKER" | ssh-add -
- ssh -o StrictHostKeyChecking=no dit8dah8docker@192.168.1.10 "cd /usr/share/nginx/html/dit-dah.click && docker login -u
\"$DOCKER_LOGIN\" -p \"$DOCKER_PASS\" registry.dit-dah.click && docker-compose pull && docker-compose up -d && exit"
only:
- dit_dah_stage
WITH AWS CALLS
++++++++++++++
variables:
REVERT_IT: "no"
PREVIOUS_SHA: "previous_sha"
before_script:
- "which ssh-agent || ( apk add openssh )"
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_STAGE" | ssh-add -
- echo "$DOT_ENV_ROUTER" > .envrouter
- echo "$ENTRYPOINT" > docker-entrypoint.sh
- echo "$NGINX_CONF" > default
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
stages:
- build_docker_dit_dah
- revert_sha
- deploy_dit_dah
- build_artifact_dit_dah
build_docker_dit_dah:
stage: build_docker_dit_dah
only:
refs:
- dit_dah_stage
variables:
- $REVERT_IT == "no"
script:
- cat envs/.env.dit_dah.qa > .env
- docker login -u "$DOCKER_LOGIN" -p "$DOCKER_PASS" registry.dit-dah.click
- docker build -t registry.dit-dah.click/cubik_set/dit-dah.click:$CI_COMMIT_SHORT_SHA .
- docker push registry.dit-dah.click/cubik_set/dit-dah.click:$CI_COMMIT_SHORT_SHA
revert_sha:
stage: revert_sha
only:
refs:
- stage
variables:
- $REVERT_IT == "yes"
script:
- docker pull registry.dit-dah.click/cubik_set/dit-dah.click:$PREVIOUS_SHA
- docker tag registry.dit-dah.click/cubik_set/dit-dah.click:$PREVIOUS_SHA registry.dit-dah.click/cubik_set/dit-dah.click:latest
- docker push registry.dit-dah.click/cubik_set/dit-dah.click:latest
deploy_dit_dah:
stage: deploy_dit_dah
type: stage
script:
- ssh ubuntu@your-deployment-server-ip "cd /home/ubuntu/Docker && docker login -u \"$DOCKER_LOGIN\" -p \"$DOCKER_PASS\" registry.dit-dah.click && docker pull registry.dit-dah.click/cubik_set/dit-dah.click:$CI_COMMIT_SHORT_SHA && docker-compose up -d && exit"
only:
- dit_dah_stage
build_artifact_dit_dah:
stage: build_artifact_dit_dah
only:
- dit_dah_stage
variables:
ARTIFACT_TYPE: whitelabel
DESTINATION_S3_BUCKET: ns-quantox-artifacts
script:
- cat envs/.env.dit_dah.qa > .env
- ARTIFACT_BUILD_TIMESTAMP=$(date --utc '+%Y-%m-%d-%H-%M')
- TEMP_CONTAINER_TAG="build-artifact:$CI_COMMIT_SHORT_SHA"
- docker image build -f Dockerfile.ci -t $TEMP_CONTAINER_TAG --build-arg NPM_TOKEN --build-arg ARTIFACT_BUILD_TIMESTAMP --build-arg CI_COMMIT_REF_NAME --build-arg CI_COMMIT_SHORT_SHA --build-arg NPM_USER --build-arg NPM_PASS --build-arg NPM_EMAIL .
- TEMP_ARTIFACT_DIR=$(mktemp -d -p .)
- mkdir -p -v "${TEMP_ARTIFACT_DIR}/build/"
- CONTAINER_ID=$(docker container create $TEMP_CONTAINER_TAG)
- docker container cp $CONTAINER_ID:/var/www/whitelabel/build/ "${TEMP_ARTIFACT_DIR}/"
- docker container cp $CONTAINER_ID:/var/www/whitelabel/lumen-router/ "${TEMP_ARTIFACT_DIR}/lumen-router/"
- docker container rm $CONTAINER_ID
- cp README.md nginx.conf "${TEMP_ARTIFACT_DIR}/"
- ARTIFACT_NAME="${ARTIFACT_BUILD_TIMESTAMP}_${ARTIFACT_TYPE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHORT_SHA}.tar.gz"
- tar cvzf "$(pwd)/${ARTIFACT_NAME}" -C "${TEMP_ARTIFACT_DIR}" .
- rm -rf "$TEMP_ARTIFACT_DIR"
- echo "Build artifact created:" "${ARTIFACT_NAME}"
- tar tzf "${ARTIFACT_NAME}"
- JOB_CONTAINER_ID=$(docker ps -q -f "label=com.gitlab.gitlab-runner.job.id=$CI_JOB_ID")
- docker container run --env AWS_ACCESS_KEY_ID --env AWS_SECRET_ACCESS_KEY --env AWS_REGION --volumes-from "${JOB_CONTAINER_ID}:ro" --workdir "${PWD}" --rm amazon/aws-cli:latest s3 cp "${ARTIFACT_NAME}" "s3://${DESTINATION_S3_BUCKET}/${ARTIFACT_TYPE}/${ARTIFACT_NAME}"
++++++++++++++++++++++
NO AWS
+++++++++++++++++++++++++++
variables:
REVERT_IT: "no"
PREVIOUS_SHA: "previous_sha"
before_script:
- "which ssh-agent || ( apk add openssh )"
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_STAGE" | ssh-add -
- echo "$DOT_ENV_ROUTER" > .envrouter
- echo "$ENTRYPOINT" > docker-entrypoint.sh
- echo "$NGINX_CONF" > default
- echo "$REACT_APP_PASSPHRASE"
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
stages:
- build_docker_dit_dah
- revert_sha
- deploy_dit_dah
build_docker_dit_dah:
stage: build_docker_dit_dah
only:
refs:
- dit_dah_stage
variables:
- $REVERT_IT == "no"
script:
- cat envs/.env.dit_dah.qa > .env
- docker login -u "$DOCKER_LOGIN" -p "$DOCKER_PASS" registry.dit-dah.click
- docker build -t registry.dit-dah.click/cubik_set/dit-dah.click:$CI_COMMIT_SHORT_SHA .
- docker push registry.dit-dah.click/cubik_set/dit-dah.click:$CI_COMMIT_SHORT_SHA
revert_sha:
stage: revert_sha
only:
refs:
- stage
variables:
- $REVERT_IT == "yes"
script:
- docker pull registry.dit-dah.click/cubik_set/dit-dah.click:$PREVIOUS_SHA
- docker tag registry.dit-dah.click/cubik_set/dit-dah.click:$PREVIOUS_SHA registry.dit-dah.click/cubik_set/dit-dah.click:latest
- docker push registry.dit-dah.click/cubik_set/dit-dah.click:latest
deploy_dit_dah:
stage: deploy_dit_dah
type: stage
script:
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_DOCKER" | ssh-add -
- ssh -o StrictHostKeyChecking=no dit8dah8docker@192.168.1.10 "cd /usr/share/nginx/html/dit-dah.click && docker login -u \"$DOCKER_LOGIN\" -p \"$DOCKER_PASS\" registry.dit-dah.click && docker-compose pull && docker-compose up -d && exit"
only:
- dit_dah_stage
VARIABLES
To set up environment variables for your .gitlab-ci.yml pipeline on spiffydesign.com, follow these steps to add the required variables for deploying to dit-dah.click:
Navigate to Project Settings:
- Go to your GitLab project for
dit-dah.clickonspiffydesign.com. - In the left sidebar, go to Settings > CI/CD.
- Go to your GitLab project for
Add Environment Variables:
- Scroll down to the Variables section and click Expand.
- Click Add Variable to create each environment variable needed.
Define the Following Variables:
SSH_PRIVATE_KEY_STAGE: Add the private SSH key used for secure deployment. Paste your private key directly here.- Key:
SSH_PRIVATE_KEY_STAGE - Value:
<Your SSH Private Key> - Protected: Enabled if you want it available only in protected branches.
- Masked: Enabled (hides the value in logs for security).
- Key:
DOT_ENV: Add any.envconfiguration values specific todit-dah.click. Include essential environment configurations needed for deployment.- Key:
DOT_ENV - Value:
<Your .env contents> - Protected: Enabled if applicable.
- Masked: Enabled if it includes sensitive data.
- Key:
DOCKER_LOGIN: Your Docker username for accessingregistry.dit-dah.click.- Key:
DOCKER_LOGIN - Value:
<Your Docker Username> - Masked: Enabled.
- Key:
DOCKER_PASS: Your Docker password or access token.- Key:
DOCKER_PASS - Value:
<Your Docker Password or Token> - Masked: Enabled.
- Key:
Save and Test:
- Once you add these variables, save the settings.
- Run a test pipeline to confirm that the variables are correctly recognized and used during the CI/CD process.
These variables will now be securely available in your .gitlab-ci.yml pipeline on spiffydesign.com, allowing it to deploy to dit-dah.click. Let me know if you encounter any specific issues or need further adjustments.
You said:
A variable key can only contain letters, numbers, and '_'.
ChatGPT said:
ChatGPT
In GitLab CI/CD, variable keys indeed need to follow specific naming conventions. So for keys that don't meet these requirements, you’ll need to rename them to valid identifiers.
Here’s how to adapt the keys:
SSH_PRIVATE_KEY_STAGE: This key name is valid and does not need modification.- Key:
SSH_PRIVATE_KEY_STAGE
- Key:
DOT_ENV: This key name is valid as well.- Key:
DOT_ENV
- Key:
DOCKER_LOGIN: This key is valid.- Key:
DOCKER_LOGIN
- Key:
DOCKER_PASS: This key is valid.- Key:
DOCKER_PASS
- Key:
Ensure all variable keys are uppercase with underscores, which should meet GitLab’s naming requirements. After renaming (if needed), save the variables and test the pipeline. Let me know if you encounter any other issues!
It sounds like the .gitlab-ci.yml configuration is in good shape! Here’s a quick checklist of other configurations you may need to ensure everything works smoothly for deploying to dit-dah.click:
1. Additional Environment Variables in GitLab CI/CD
Make sure you’ve added all necessary environment variables in Settings > CI/CD > Variables for the dit-dah.click project:
SSH_PRIVATE_KEY_STAGE: Your SSH private key for secure access.DOCKER_LOGIN: Your Docker username.DOCKER_PASS: Your Docker password or access token.DOT_ENV_ROUTER: Any environment-specific configuration needed for.envrouterif required in the deployment process.- Any Other Environment Variables: Any other configuration variables referenced in
.gitlab-ci.ymlthat might be specific to thedit-dah.clickenvironment (e.g.,ENTRYPOINT,NGINX_CONF).
2. SSH Key on Deployment Server
Ensure that the corresponding public key for SSH_PRIVATE_KEY_STAGE is added to the authorized_keys on the deployment server (your-deployment-server-ip). This allows the GitLab runner to securely connect to the server via SSH.
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
3. Docker Registry Access
Verify that your GitLab project’s Docker registry (registry.dit-dah.click) is accessible with the credentials you’ve set in the environment variables (DOCKER_LOGIN and DOCKER_PASS). You can test this manually by logging in from your local machine:
docker login -u "<your-docker-username>" -p "<your-docker-password>" registry.dit-dah.click
4. Server Configuration for Docker and Docker Compose
- Ensure Docker and Docker Compose are installed and properly configured on the deployment server.
- The
docker-compose.ymlfile on the server should be set up to use theregistry.dit-dah.clickimages as defined in your.gitlab-ci.ymlfile.
5. Firewall and Security Group Settings (if applicable)
- Confirm that ports required for SSH (typically port 22), HTTP (port 80), and HTTPS (port 443) are open on the deployment server.
- Check that no firewall settings block the registry or any required services.
6. Test the Deployment Pipeline
Run a test pipeline in GitLab to ensure each stage completes successfully:
- Build: Builds and pushes the Docker image.
- Revert (optional): Verifies that an earlier version can be reverted to.
- Deploy: SSHs into the deployment server, pulls the Docker image, and runs
docker-compose up.
Monitor the pipeline’s logs for any issues and make sure each step completes as expected.
Optional: Add Debugging and Notification
- Debugging: Add echo statements in the
.gitlab-ci.ymlfile to print environment variable values (excluding sensitive info) for troubleshooting if something fails. - Notifications: Configure GitLab to notify you when pipeline jobs succeed or fail to keep track of deployments.
With these configurations set up, your .gitlab-ci.yml pipeline should be ready to deploy to dit-dah.click. Let me know if you need more assistance with any part!