Merge branch 'dev' into 'master' (70e4e461) · Commits · REDMIC Project / Docker / Docker deploy

.dockerignore

0 → 100644

+2 −0

Original line number	Diff line number	Diff line
		*
		!script/*/

.gitignore

0 → 100644

+0 −0

Empty file added.

.gitlab-ci.yml

0 → 100644

+56 −0

Original line number	Diff line number	Diff line
		image: docker:stable

		stages:
		- package
		- test-package

		docker-build-development:
		stage: package
		variables:
		DOCKER_DRIVER: overlay2
		services:
		- docker:dind
		only:
		- branches
		except:
		- master
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest .
		- docker push ${CI_REGISTRY_IMAGE}

		docker-build-stable:
		stage: package
		variables:
		DOCKER_DRIVER: overlay2
		services:
		- docker:dind
		only:
		- master
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest .
		- docker push ${CI_REGISTRY_IMAGE}

		container-scanning:
		stage: test-package
		variables:
		DOCKER_DRIVER: overlay2
		allow_failure: true
		services:
		- docker:stable-dind
		only:
		- branches
		script:
		- docker run -d --name db arminc/clair-db:latest
		- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
		- apk add -U wget ca-certificates
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
		- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
		- mv clair-scanner_linux_amd64 clair-scanner
		- chmod +x clair-scanner
		- touch clair-whitelist.yml
		- ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} \|\| true
		artifacts:
		paths: [gl-sast-container-report.json]

Dockerfile

0 → 100644

+45 −0

Original line number	Diff line number	Diff line
		FROM docker:latest

		LABEL maintainer="info@redmic.es"

		ENV DOCKER_COMPOSE_VERSION=1.21.2 \
		ALPINE_GLIBC_PACKAGE_VERSION="2.27-r0" \
		ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" \
		LANG=C.UTF-8

		RUN ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
		ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
		ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
		apk add --no-cache --virtual=.build-dependencies wget ca-certificates && \
		wget \
		"https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub" \
		-O "/etc/apk/keys/sgerrand.rsa.pub" && \
		wget \
		"$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
		"$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
		"$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \
		apk add --no-cache \
		"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
		"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
		"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \
		\
		rm "/etc/apk/keys/sgerrand.rsa.pub" && \
		/usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" \|\| true && \
		echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \
		\
		apk del glibc-i18n && \
		\
		rm "/root/.wget-hsts" && \
		apk del .build-dependencies && \
		rm \
		"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
		"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
		"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME"

		RUN apk --update --no-cache add openssh-client && \
		wget \
		"https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" \
		-O /usr/local/bin/docker-compose && \
		chmod +x /usr/local/bin/docker-compose

		COPY script/ /usr/bin/

script/_check-deploy.sh

0 → 100755

+46 −0

Original line number	Diff line number	Diff line
		#!/bin/sh

		checkDeployCmd="\
		docker stack ls > /dev/null 2> /dev/null ; \
		if [ \"\${?}\" -eq \"0\" ]; \
		then \
		SWARM_MODE=true ; \
		fi ; \
		hits=0 && \
		for i in \$(seq 1 ${STATUS_CHECK_RETRIES}) ; \
		do \
		echo \"Checking service status, try \${i}/${STATUS_CHECK_RETRIES} ...\" && \
		if [ \"\${SWARM_MODE}\" = true ]; \
		then \
		stackServices=\$(docker service ls -f name=${SERVICE} --format '{{.Replicas}}') ; \
		serviceCount=\$(echo \"\${stackServices}\" \| /usr/bin/grep -cE '.+') ; \
		runningServiceCount=\$(echo \"\${stackServices}\" \| /usr/bin/grep -cE '([0-9]+)\/\1') ; \
		statusCheckCmd=\"[ \"\${serviceCount}\" -ne \"0\" -a \"\${serviceCount:-_}\" = \"\${runningServiceCount:--}\" ]\" ; \
		else \
		runningContainersIds=\$(docker ps -f status=running --format '{{.ID}}' --no-trunc) ; \
		successfullyExitedContainersIds=\$(docker ps -a -f exited=0 --format '{{.ID}}' --no-trunc) ; \
		serviceContainerId=\$(docker inspect --format='{{.ID}}' ${SERVICE} 2> /dev/null) ; \
		runningService=\$(echo \"\${runningContainersIds}\" \| grep \"\${serviceContainerId:--}\") ; \
		successfullyExitedService=\$(echo \"\${successfullyExitedContainersIds}\" \| grep \"\${serviceContainerId:--}\") ; \
		statusCheckCmd=\"[ \${serviceContainerId:-_} = \${runningService:--} -o \
		\${serviceContainerId:-_} = \${successfullyExitedService:--} ]\" ; \
		fi ; \
		eval \"\${statusCheckCmd}\" ; \
		if [ \"\${?}\" -eq \"0\" ] ; \
		then \
		echo -e \"${PASS_COLOR}[PASS]${NULL_COLOR}\" && \
		hits=\$((\${hits} + 1)) && \
		if [ \"\${hits}\" -eq \"${STATUS_CHECK_MIN_HITS}\" ] ; \
		then \
		echo -e \"Service is running, got ${PASS_COLOR}\${hits}/${STATUS_CHECK_MIN_HITS}${NULL_COLOR} status hits\" && \
		exit 0 ; \
		fi ; \
		else \
		echo -e \"${FAIL_COLOR}[FAIL]${NULL_COLOR}\" ; \
		fi ; \
		sleep ${STATUS_CHECK_INTERVAL} ; \
		done ; \
		echo -e \"Service is not running, got ${FAIL_COLOR}\${hits}/${STATUS_CHECK_MIN_HITS}${NULL_COLOR} status hits\" && \
		exit 1 \
		"
		ssh ${SSH_PARAMS} "${SSH_REMOTE}" "${checkDeployCmd}"