Merge branch 'dev' into 'master' (857e60c4) · Commits · REDMIC Project / Docker / Docker deploy

.gitlab-ci.yml

+5 −59

Original line number	Diff line number	Diff line
		include:
		- project: 'redmic-project/gitlab-ci-templates'
		ref: master
		file: '/packaging.yml'

		stages:
		- package
		- test-package

		image: docker:stable

		variables:
		DOCKER_DRIVER: overlay2

		services:
		- docker:dind

		docker-build-development:
		stage: package
		only:
		- branches
		except:
		- master
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest .
		- docker push ${CI_REGISTRY_IMAGE}

		docker-build-stable:
		stage: package
		only:
		- master
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest .
		- docker push ${CI_REGISTRY_IMAGE}

		docker-tag-already-built-image:
		stage: package
		only:
		- tags
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
		- docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
		- docker push ${CI_REGISTRY_IMAGE}

		container-scanning:
		stage: test-package
		allow_failure: true
		only:
		- branches
		script:
		- docker run -d --name db arminc/clair-db:latest
		- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
		- apk add -U wget ca-certificates
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
		- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
		- mv clair-scanner_linux_amd64 clair-scanner
		- chmod +x clair-scanner
		- touch clair-whitelist.yml
		- >
		./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log
		-w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} \|\| true
		artifacts:
		paths: [gl-sast-container-report.json]

README.md

+10 −8

Original line number	Diff line number	Diff line
		@@ -22,7 +22,7 @@ For REDMIC, we use this image from GitLabCI configuration, but you can use it di

		```
		$ docker run --rm --name docker-deploy \
		-e STACK=your-stack-name -e SSH_REMOTE=ssh-user@ssh-host -e GITLAB_DEPLOY_KEY="<your-private-key>" \
		-e STACK=your-stack-name -e SSH_REMOTE=ssh-user@ssh-host -e DEPLOY_KEY="<your-private-key>" \
		registry.gitlab.com/redmic-project/docker/docker-deploy:latest \
		<action> <VAR1>=<value1> <VAR2>=<value2> ...
		```
		@@ -33,13 +33,15 @@ For environment variables, you may define these variables (bold are mandator

		* STACK / SERVICE: Name of Docker stack (Swarm mode) or service (standard mode) to deploy.
		* SSH_REMOTE: SSH user and host of remote machine where you are going to deploy.
		* GITLAB_DEPLOY_KEY: Private key paired with a public key accepted by remote machine, used to authenticate.
		* COMPOSE_FILE: Default `docker-compose.yml`.
		* DEPLOY_PATH: Default `~`.
		* DEPLOY_DIR_NAME: Default `deploy`.
		* DEFAULT_DEPLOY_FILES: Default `docker-compose*.yml .env`.
		* REGISTRY_USER: Default `gitlab-ci-token`.
		* SERVICES_TO_CHECK: Names of services to check, separated by space.
		* DEPLOY_KEY: Private key paired with a public key accepted by remote machine, used to authenticate.
		* COMPOSE_FILE: Name of Docker Compose file with deployment definition. Multiple files are supported, separated by colon (`:`). Default `docker-compose.yml`.
		* DEPLOY_PATH: Path in remote host where deployment directory (containing temporary files) will be created. Default `~`.
		* DEPLOY_DIR_NAME: Name of directory containing files needed for deployment. Default `deploy`.
		* DEFAULT_DEPLOY_FILES: Files needed for deployment, if `${DEPLOY_DIR_NAME}` does not exist. Default `docker-compose*.yml .env`.
		* REGISTRY_URL: Address of Docker registry where Docker images to deploy are stored. Leave it empty to use Docker Hub registry.
		* REGISTRY_USER: Docker registry username of user with read permissions. Required for private registries.
		* REGISTRY_PASS: Docker registry user password of user with read permissions. Required for private registries.
		* SERVICES_TO_CHECK: Names of services to check after deployment, separated by space.
		* STATUS_CHECK_RETRIES: Default `10`.
		* STATUS_CHECK_INTERVAL: Default `20`.
		* STATUS_CHECK_DELAY: Default `120`.

script/_definitions.sh

+0 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,6 @@ COMPOSE_FILE="${COMPOSE_FILE:-docker-compose.yml}"
		DEPLOY_PATH="${DEPLOY_PATH:-~}"
		DEPLOY_DIR_NAME="${DEPLOY_DIR_NAME:-deploy}"
		DEFAULT_DEPLOY_FILES="${DEFAULT_DEPLOY_FILES:-docker-compose*.yml .env}"
		REGISTRY_USER="${REGISTRY_USER:-gitlab-ci-token}"

		STATUS_CHECK_RETRIES="${STATUS_CHECK_RETRIES:-10}"
		STATUS_CHECK_INTERVAL="${STATUS_CHECK_INTERVAL:-20}"

script/_do-deploy.sh

+8 −2

Original line number	Diff line number	Diff line
		@@ -4,12 +4,18 @@ echo -e "\n${INFO_COLOR}Deploying at remote target ${DATA_COLOR}${remoteHost}${I

		deployCmd="\
		cd ${DEPLOY_HOME} && \
		docker login -u ${REGISTRY_USER} -p ${CI_JOB_TOKEN} ${CI_REGISTRY} && \
		if [ ! -z \"${REGISTRY_USER}\" ] ; \
		then \
		docker login -u \"${REGISTRY_USER}\" -p \"${REGISTRY_PASS}\" ${REGISTRY_URL} ; \
		deployAuthParam=\"--with-registry-auth\" ; \
		else \
		deployAuthParam=\"\" ; \
		fi ; \
		if docker stack ls > /dev/null 2> /dev/null ; \
		then \
		composeFileSplitted=\$(echo ${COMPOSE_FILE} \| sed 's/:/ -c /g') && \
		env -i \$(${GREP_BIN} -v '^#\\\| ' .env \| xargs) \
		docker stack deploy -c \${composeFileSplitted} --with-registry-auth ${STACK:-${SERVICE}} ; \
		docker stack deploy -c \${composeFileSplitted} \${deployAuthParam} ${STACK:-${SERVICE}} ; \
		else \
		docker-compose stop ${SERVICE} && \
		docker-compose rm -f ${SERVICE} && \

script/_ssh-config.sh

+3 −3

Original line number	Diff line number	Diff line
		@@ -10,12 +10,12 @@ fi

		remoteHost=$(echo "${SSH_REMOTE}" \| cut -f 2 -d '@')

		if [ -z "${GITLAB_DEPLOY_KEY}" ]
		if [ -z "${DEPLOY_KEY}" ]
		then
		echo -e "${FAIL_COLOR}You must define 'GITLAB_DEPLOY_KEY' in environment, with a SSH private key accepted by remote server${NULL_COLOR}"
		echo -e "${FAIL_COLOR}You must define 'DEPLOY_KEY' in environment, with a SSH private key accepted by remote server${NULL_COLOR}"
		exit 1
		fi

		# Se prepara la identidad para conectar al servidor de despliegue.
		eval "$(ssh-agent -s)"
		echo "${GITLAB_DEPLOY_KEY}" \| tr -d '\r' \| ssh-add - > /dev/null
		echo "${DEPLOY_KEY}" \| tr -d '\r' \| ssh-add - > /dev/null

Original line number	Diff line number	Diff line
		@@ -22,7 +22,7 @@ For REDMIC, we use this image from GitLabCI configuration, but you can use it di

		```
		$ docker run --rm --name docker-deploy \
		-e STACK=your-stack-name -e SSH_REMOTE=ssh-user@ssh-host -e GITLAB_DEPLOY_KEY="<your-private-key>" \
		-e STACK=your-stack-name -e SSH_REMOTE=ssh-user@ssh-host -e DEPLOY_KEY="<your-private-key>" \
		registry.gitlab.com/redmic-project/docker/docker-deploy:latest \
		<action> <VAR1>=<value1> <VAR2>=<value2> ...
		```
		@@ -33,13 +33,15 @@ For environment variables, you may define these variables (bold are mandator

		* STACK / SERVICE: Name of Docker stack (Swarm mode) or service (standard mode) to deploy.
		* SSH_REMOTE: SSH user and host of remote machine where you are going to deploy.
		* GITLAB_DEPLOY_KEY: Private key paired with a public key accepted by remote machine, used to authenticate.
		* COMPOSE_FILE: Default `docker-compose.yml`.
		* DEPLOY_PATH: Default `~`.
		* DEPLOY_DIR_NAME: Default `deploy`.
		* DEFAULT_DEPLOY_FILES: Default `docker-compose*.yml .env`.
		* REGISTRY_USER: Default `gitlab-ci-token`.
		* SERVICES_TO_CHECK: Names of services to check, separated by space.
		* DEPLOY_KEY: Private key paired with a public key accepted by remote machine, used to authenticate.
		* COMPOSE_FILE: Name of Docker Compose file with deployment definition. Multiple files are supported, separated by colon (`:`). Default `docker-compose.yml`.
		* DEPLOY_PATH: Path in remote host where deployment directory (containing temporary files) will be created. Default `~`.
		* DEPLOY_DIR_NAME: Name of directory containing files needed for deployment. Default `deploy`.
		* DEFAULT_DEPLOY_FILES: Files needed for deployment, if `${DEPLOY_DIR_NAME}` does not exist. Default `docker-compose*.yml .env`.
		* REGISTRY_URL: Address of Docker registry where Docker images to deploy are stored. Leave it empty to use Docker Hub registry.
		* REGISTRY_USER: Docker registry username of user with read permissions. Required for private registries.
		* REGISTRY_PASS: Docker registry user password of user with read permissions. Required for private registries.
		* SERVICES_TO_CHECK: Names of services to check after deployment, separated by space.
		* STATUS_CHECK_RETRIES: Default `10`.
		* STATUS_CHECK_INTERVAL: Default `20`.
		* STATUS_CHECK_DELAY: Default `120`.