Pone al día los recursos de CI/CD (b7fb3615) · Commits · REDMIC Project / Index page / REDMIC pro

.gitlab-ci.yml

+33 −77

Original line number	Diff line number	Diff line
		image: docker:stable
		include:
		- project: 'redmic-project/gitlab-ci-templates'
		ref: master
		file: '/packaging.yml'
		- project: 'redmic-project/gitlab-ci-templates'
		ref: master
		file: '/_deployment.yml'

		stages:
		- package
		- test-package
		- deploy

		services:
		- docker:dind
		.docker-operations-build:
		variables:
		PARENT_IMAGE_NAME: redmic/docker-index-pages
		PARENT_IMAGE_TAG: v1.0.0
		DOCKER_BUILD_ARGS: --build-arg PARENT_IMAGE_NAME=${PARENT_IMAGE_NAME} --build-arg PARENT_IMAGE_TAG=${PARENT_IMAGE_TAG}

		.deploy:
		variables:
		DOCKER_DRIVER: overlay2
		SSH_REMOTE: ${PRO_SSH_REMOTE}
		STATUS_CHECK_DELAY: 60
		STACK: index
		SERVICES_TO_CHECK: index_${CI_PROJECT_NAME}
		IMAGE_NAME: ${CI_REGISTRY_IMAGE}
		IMAGE_TAG: ${CI_COMMIT_SHA}
		PUBLIC_HOSTNAME: ${PRO_PUBLIC_HOSTNAME}
		STATUS_CHECK_DELAY: 60
		DD_IMAGE_NAME: ${CI_REGISTRY_IMAGE}
		DD_IMAGE_TAG: ${CI_COMMIT_SHA}
		DD_PUBLIC_HOSTNAME: ${PRO_PUBLIC_HOSTNAME}
		environment:
		name: dev
		url: https://index.${PRO_PUBLIC_HOSTNAME}

		docker-build-development:
		stage: package
		variables:
		PARENT_IMAGE_NAME: registry.gitlab.com/redmic-project/docker/index-pages
		PARENT_IMAGE_TAG: latest
		deploy-support-branch-production:
		extends: .deploy
		only:
		- branches
		except:
		- master
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- >
		docker build --build-arg PARENT_IMAGE_NAME=${PARENT_IMAGE_NAME} --build-arg PARENT_IMAGE_TAG=${PARENT_IMAGE_TAG}
		-t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest .
		- docker push ${CI_REGISTRY_IMAGE}
		- schedules

		docker-build-stable:
		stage: package
		variables:
		PARENT_IMAGE_NAME: registry.gitlab.com/redmic-project/docker/index-pages
		PARENT_IMAGE_TAG: latest
		deploy-stable-branch-production:
		extends: .deploy
		only:
		- master
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- >
		docker build --build-arg PARENT_IMAGE_NAME=${PARENT_IMAGE_NAME} --build-arg PARENT_IMAGE_TAG=${PARENT_IMAGE_TAG}
		-t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest .
		- docker push ${CI_REGISTRY_IMAGE}

		container-scanning:
		stage: test-package
		allow_failure: true
		only:
		- branches
		script:
		- docker run -d --name db arminc/clair-db:latest
		- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
		- apk add -U wget ca-certificates
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
		- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
		- mv clair-scanner_linux_amd64 clair-scanner
		- chmod +x clair-scanner
		- touch clair-whitelist.yml
		- >
		./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log
		-w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} \|\| true
		artifacts:
		paths: [gl-sast-container-report.json]

		deploy-development:
		stage: deploy
		image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest
		script:
		- deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} PUBLIC_HOSTNAME=${PUBLIC_HOSTNAME}
		environment:
		name: pro
		url: https://index.${PUBLIC_HOSTNAME}
		only:
		- branches
		except:
		- master
		when: manual
		- schedules

		deploy-stable:
		stage: deploy
		image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest
		script:
		- deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} PUBLIC_HOSTNAME=${PUBLIC_HOSTNAME}
		environment:
		name: pro
		url: https://index.${PUBLIC_HOSTNAME}
		deploy-version-production:
		extends: .deploy
		only:
		- master
		- tags

Dockerfile

+2 −2

Original line number	Diff line number	Diff line
		ARG PARENT_IMAGE_NAME
		ARG PARENT_IMAGE_TAG
		ARG PARENT_IMAGE_NAME=redmic/docker-index-pages
		ARG PARENT_IMAGE_TAG=v1.0.0

		FROM ${PARENT_IMAGE_NAME}:${PARENT_IMAGE_TAG}

deploy/.env

+4 −2

Original line number	Diff line number	Diff line
		SITE_NAME=redmic-pro
		PARENT_IMAGE_NAME=redmic/docker-index-pages
		PARENT_IMAGE_TAG=v1.0.0

		SITE_PORT=3000
		SITE_SUBDOMAIN=index
		SITE_PATH=content

deploy/docker-compose.yml

+28 −20

Original line number	Diff line number	Diff line
		@@ -2,34 +2,42 @@ version: '3.5'

		services:
		redmic-pro:
		image: ${IMAGE_NAME}:${IMAGE_TAG:-latest}
		image: ${IMAGE_NAME:-registry.gitlab.com/redmic-project/index-page/redmic-pro}:${IMAGE_TAG:-latest}
		build:
		context: ..
		dockerfile: ${DOCKERFILE:-Dockerfile}
		args:
		PARENT_IMAGE_NAME:
		PARENT_IMAGE_TAG:
		environment:
		SITE_PORT:
		SITE_PATH:
		networks:
		- traefik-net
		traefik-net:
		healthcheck:
		test: wget --spider http://localhost:${SITE_PORT}
		interval: 30s
		timeout: 10s
		retries: 3
		start_period: 1m
		test: wget --spider -q http://localhost:${SITE_PORT}
		interval: ${HEALTHCHECK_INTERVAL:-30s}
		timeout: ${HEALTHCHECK_TIMEOUT:-10s}
		retries: ${HEALTHCHECK_RETRIES:-10}
		start_period: ${HEALTHCHECK_START_PERIOD:-1m}
		deploy:
		mode: replicated
		replicas: 1
		labels:
		traefik.frontend.rule: Host:${SITE_SUBDOMAIN}.${PUBLIC_HOSTNAME}
		traefik.backend: ${SITE_NAME}
		traefik.port: "${SITE_PORT}"
		placement:
		constraints:
		- node.role == manager
		replicas: ${REPLICAS:-1}
		restart_policy:
		delay: 10s
		window: 30s
		delay: ${RESTART_DELAY:-3s}
		update_config:
		delay: ${UPDATE_DELAY:-1m}
		labels:
		traefik.frontend.rule: Host:${SITE_SUBDOMAIN:-index}.${PUBLIC_HOSTNAME}
		traefik.backend: redmic-pro
		traefik.port: '${SITE_PORT}'
		resources:
		limits:
		cpus: '0.1'
		memory: 64M
		cpus: '${RESOURCES_LIMITS_CPUS:-0.1}'
		memory: ${RESOURCES_LIMITS_MEMORY:-64M}
		reservations:
		memory: 52M
		cpus: '${RESOURCES_RESERVATIONS_CPUS:-0.001}'
		memory: ${RESOURCES_RESERVATIONS_MEMORY:-20M}

		networks:
		traefik-net: