Loading .dockerignore 0 → 100644 +2 −0 Original line number Diff line number Diff line * !script .gitlab-ci.yml 0 → 100644 +174 −0 Original line number Diff line number Diff line stages: - package - test-package - deploy - maintenance image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 STACK: mqtt SERVICES_TO_CHECK: mqtt_${CI_PROJECT_NAME} STATUS_CHECK_DELAY: 30 IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} services: - docker:dind docker-build-commit-non-master-branches: stage: package only: - branches except: - master - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-commit-master-branch: stage: package only: - master except: - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} docker-tag-already-built-image: stage: package only: - tags script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE} container-scanning: stage: test-package allow_failure: true only: - branches except: - schedules script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] deploy-supporting-branch-develop: stage: deploy variables: SSH_REMOTE: ${DEV_SSH_REMOTE} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml AWS_ACCESS_KEY_ID: ${DEV_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${DEV_AWS_SECRET_ACCESS_KEY} AWS_BUCKET: ${DEV_AWS_BUCKET} script: - > deploy.sh IMAGE_TAG=${IMAGE_TAG} IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} AWS_REGION=${AWS_REGION} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} AWS_BUCKET=${AWS_BUCKET} environment: name: dev only: - branches except: - master - schedules when: manual deploy-stable-branch-develop: stage: deploy variables: SSH_REMOTE: ${DEV_SSH_REMOTE} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml AWS_ACCESS_KEY_ID: ${DEV_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${DEV_AWS_SECRET_ACCESS_KEY} AWS_BUCKET: ${DEV_AWS_BUCKET} script: - > deploy.sh IMAGE_TAG=${IMAGE_TAG} IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} AWS_REGION=${AWS_REGION} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} AWS_BUCKET=${AWS_BUCKET} environment: name: dev only: - master except: - schedules when: manual deploy-supporting-branch-production: stage: deploy variables: SSH_REMOTE: ${PRO_SSH_REMOTE} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml AWS_ACCESS_KEY_ID: ${PRO_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${PRO_AWS_SECRET_ACCESS_KEY} AWS_BUCKET: ${PRO_AWS_BUCKET} script: - > deploy.sh IMAGE_TAG=${IMAGE_TAG} IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} AWS_REGION=${AWS_REGION} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} AWS_BUCKET=${AWS_BUCKET} environment: name: pro only: - branches except: - master - schedules when: manual deploy-stable-branch-production: stage: deploy variables: SSH_REMOTE: ${PRO_SSH_REMOTE} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml AWS_ACCESS_KEY_ID: ${PRO_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${PRO_AWS_SECRET_ACCESS_KEY} AWS_BUCKET: ${PRO_AWS_BUCKET} script: - > deploy.sh IMAGE_TAG=${IMAGE_TAG} IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} AWS_REGION=${AWS_REGION} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} AWS_BUCKET=${AWS_BUCKET} environment: name: pro only: - master except: - schedules when: manual scheduled-run-stable-branch-develop: stage: maintenance variables: SSH_REMOTE: ${DEV_SSH_REMOTE} SERVICE: mqtt_${CI_PROJECT_NAME} script: relaunch.sh only: - schedules #scheduled-run-stable-branch-production: # stage: maintenance # variables: # SSH_REMOTE: ${PRO_SSH_REMOTE} # SERVICE: mqtt_${CI_PROJECT_NAME} # script: relaunch.sh # only: # - schedules Dockerfile 0 → 100644 +14 −0 Original line number Diff line number Diff line FROM alpine:3.9 LABEL maintainer="info@redmic.es" RUN apk --no-cache update && \ apk --no-cache add \ redis \ python3 RUN pip3 install --no-cache-dir --upgrade awscli COPY script / ENTRYPOINT [ "/entrypoint.sh" ] deploy/.env 0 → 100644 +10 −0 Original line number Diff line number Diff line REDIS_HOST=vmq-redis REDIS_PORT=6379 REMOTE_BACKUP_PATH=/data LOCAL_BACKUP_PATH=/redis AWS_BUCKET=backup.vmq-redis AWS_ACCESS_KEY_ID=changeme AWS_SECRET_ACCESS_KEY=changeme AWS_DEFAULT_REGION=eu-west-1 PUSHGATEWAY_HOST=pushgateway:9091 PUSHGATEWAY_JOB=vmq-redis-backup deploy/docker-compose.dev.yml 0 → 100644 +1 −0 Original line number Diff line number Diff line version: '3.5' Loading
.gitlab-ci.yml 0 → 100644 +174 −0 Original line number Diff line number Diff line stages: - package - test-package - deploy - maintenance image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 STACK: mqtt SERVICES_TO_CHECK: mqtt_${CI_PROJECT_NAME} STATUS_CHECK_DELAY: 30 IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} services: - docker:dind docker-build-commit-non-master-branches: stage: package only: - branches except: - master - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-commit-master-branch: stage: package only: - master except: - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} docker-tag-already-built-image: stage: package only: - tags script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE} container-scanning: stage: test-package allow_failure: true only: - branches except: - schedules script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] deploy-supporting-branch-develop: stage: deploy variables: SSH_REMOTE: ${DEV_SSH_REMOTE} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml AWS_ACCESS_KEY_ID: ${DEV_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${DEV_AWS_SECRET_ACCESS_KEY} AWS_BUCKET: ${DEV_AWS_BUCKET} script: - > deploy.sh IMAGE_TAG=${IMAGE_TAG} IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} AWS_REGION=${AWS_REGION} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} AWS_BUCKET=${AWS_BUCKET} environment: name: dev only: - branches except: - master - schedules when: manual deploy-stable-branch-develop: stage: deploy variables: SSH_REMOTE: ${DEV_SSH_REMOTE} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml AWS_ACCESS_KEY_ID: ${DEV_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${DEV_AWS_SECRET_ACCESS_KEY} AWS_BUCKET: ${DEV_AWS_BUCKET} script: - > deploy.sh IMAGE_TAG=${IMAGE_TAG} IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} AWS_REGION=${AWS_REGION} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} AWS_BUCKET=${AWS_BUCKET} environment: name: dev only: - master except: - schedules when: manual deploy-supporting-branch-production: stage: deploy variables: SSH_REMOTE: ${PRO_SSH_REMOTE} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml AWS_ACCESS_KEY_ID: ${PRO_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${PRO_AWS_SECRET_ACCESS_KEY} AWS_BUCKET: ${PRO_AWS_BUCKET} script: - > deploy.sh IMAGE_TAG=${IMAGE_TAG} IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} AWS_REGION=${AWS_REGION} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} AWS_BUCKET=${AWS_BUCKET} environment: name: pro only: - branches except: - master - schedules when: manual deploy-stable-branch-production: stage: deploy variables: SSH_REMOTE: ${PRO_SSH_REMOTE} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml AWS_ACCESS_KEY_ID: ${PRO_AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${PRO_AWS_SECRET_ACCESS_KEY} AWS_BUCKET: ${PRO_AWS_BUCKET} script: - > deploy.sh IMAGE_TAG=${IMAGE_TAG} IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} AWS_REGION=${AWS_REGION} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} AWS_BUCKET=${AWS_BUCKET} environment: name: pro only: - master except: - schedules when: manual scheduled-run-stable-branch-develop: stage: maintenance variables: SSH_REMOTE: ${DEV_SSH_REMOTE} SERVICE: mqtt_${CI_PROJECT_NAME} script: relaunch.sh only: - schedules #scheduled-run-stable-branch-production: # stage: maintenance # variables: # SSH_REMOTE: ${PRO_SSH_REMOTE} # SERVICE: mqtt_${CI_PROJECT_NAME} # script: relaunch.sh # only: # - schedules
Dockerfile 0 → 100644 +14 −0 Original line number Diff line number Diff line FROM alpine:3.9 LABEL maintainer="info@redmic.es" RUN apk --no-cache update && \ apk --no-cache add \ redis \ python3 RUN pip3 install --no-cache-dir --upgrade awscli COPY script / ENTRYPOINT [ "/entrypoint.sh" ]
deploy/.env 0 → 100644 +10 −0 Original line number Diff line number Diff line REDIS_HOST=vmq-redis REDIS_PORT=6379 REMOTE_BACKUP_PATH=/data LOCAL_BACKUP_PATH=/redis AWS_BUCKET=backup.vmq-redis AWS_ACCESS_KEY_ID=changeme AWS_SECRET_ACCESS_KEY=changeme AWS_DEFAULT_REGION=eu-west-1 PUSHGATEWAY_HOST=pushgateway:9091 PUSHGATEWAY_JOB=vmq-redis-backup
deploy/docker-compose.dev.yml 0 → 100644 +1 −0 Original line number Diff line number Diff line version: '3.5'
