Merge branch 'dev' into 'master' (5a3389cc) · Commits · REDMIC Project / Postgres / Backup PostgreSQL

.gitlab-ci.yml

+11 −65

Original line number	Diff line number	Diff line
		include:
		- project: 'redmic-project/gitlab-ci-templates'
		ref: master
		file: '/packaging.yml'

		stages:
		- pre-package
		- package
		- test-package

		image: docker:stable
		- post-package

		.docker-build:
		variables:
		DOCKER_DRIVER: overlay2

		services:
		- docker:dind

		docker-build-commit-non-master-branches:
		stage: package
		only:
		- branches
		except:
		- master
		- schedules
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest .
		- docker push ${CI_REGISTRY_IMAGE}

		docker-build-commit-master-branch:
		stage: package
		only:
		- master
		except:
		- schedules
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest .
		- docker push ${CI_REGISTRY_IMAGE}

		docker-tag-already-built-image:
		stage: package
		only:
		- tags
		except:
		- schedules
		script:
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
		- docker push ${CI_REGISTRY_IMAGE}

		container-scanning:
		stage: test-package
		allow_failure: true
		only:
		- branches
		except:
		- schedules
		script:
		- docker run -d --name db arminc/clair-db:latest
		- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
		- apk add -U wget ca-certificates
		- docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
		- docker pull ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
		- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
		- mv clair-scanner_linux_amd64 clair-scanner
		- chmod +x clair-scanner
		- touch clair-whitelist.yml
		- >
		./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log
		-w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} \|\| true
		artifacts:
		paths: [gl-sast-container-report.json]
		IMAGE_NAME_VARIABLE_NAME: BACKUP_DB_IMAGE_NAME
		IMAGE_TAG_VARIABLE_NAME: BACKUP_DB_IMAGE_TAG

Dockerfile

+44 −12

Original line number	Diff line number	Diff line
		FROM alpine:3.7
		ARG ALPINE_IMAGE_TAG=3.13

		FROM alpine:${ALPINE_IMAGE_TAG}

		LABEL maintainer="info@redmic.es"

		ENV POSTGRES_PORT="5432" \
		POSTGRES_HOSTNAME="postgresql" \
		POSTGRES_USER="postgres" \
		POSTGRES_PASSWORD="password" \
		POSTGRES_PASS_FILE='/root/.pgpass' \
		POSTGRES_PASS_FILE="/root/.pgpass" \
		POSTGRES_DUMP_PATH="/tmp/backup" \
		AWS_DEFAULT_REGION="eu-west-1" \
		PUSHGATEWAY_HOST="pushgateway:9091" \
		AWS_OUTPUT="json" \
		GZIP="-9"
		AWS_OUTPUT="json"

		COPY scripts /

		RUN apk add --no-cache \
		ARG POSTGRES_PASS_FILE="/root/.pgpass" \
		POSTGRES_DUMP_PATH="/tmp/backup" \
		CURL_VERSION=7.74.0-r1 \
		POSTGRESQL_CLIENT_VERSION=13.2-r0 \
		BASH_VERSION=5.1.0-r0

		RUN apk update && \
		apk list \
		curl \
		postgresql-client \
		python3 \
		bash && \
		rm -rf /var/cache/apk/* && \
		pip3 install --no-cache-dir --upgrade \
		awscli
		apk add --no-cache \
		curl="${CURL_VERSION}" \
		postgresql-client="${POSTGRESQL_CLIENT_VERSION}" \
		bash="${BASH_VERSION}"

		ARG GLIBC_VERSION=2.33-r0 \
		AWS_CLI_VERSION=2.0.30

		ENV GLIBC_VERSION=${GLIBC_VERSION} \
		AWS_CLI_VERSION=${AWS_CLI_VERSION}

		# hadolint ignore=DL3018
		RUN curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub && \
		curl -sL "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk" -o glibc.apk && \
		curl -sL "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk" -o glibc-bin.apk && \
		apk add --no-cache \
		glibc.apk \
		glibc-bin.apk && \
		rm -rf \
		glibc.apk \
		glibc-bin.apk \
		/var/cache/apk/* && \
		curl -s "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip" -o awscliv2.zip && \
		unzip awscliv2.zip && \
		./aws/install && \
		rm -rf \
		awscliv2.zip \
		./aws \
		/usr/local/aws-cli/v2/*/dist/aws_completer \
		/usr/local/aws-cli/v2/*/dist/awscli/data/ac.index \
		/usr/local/aws-cli/v2/*/dist/awscli/examples

		ENTRYPOINT ["/docker-entrypoint.sh"]

backup-db-deployment.yml

0 → 100644

+111 −0

Original line number	Diff line number	Diff line
		include:
		- project: 'redmic-project/gitlab-ci-templates'
		ref: master
		file: '/_deployment.yml'

		.deploy-backup-db-stage: &deploy-backup-db-stage
		stage: deploy-backup-db

		.deploy-backup-db:
		variables: &deploy-backup-db-variables
		DEPLOY_DIR_NAME: deploy_backup-db
		BACKUP_DB_REPOSITORY_URL: https://gitlab.com/redmic-project/postgres/backup-db
		BACKUP_DB_REPOSITORY_BRANCH: dev
		BACKUP_DB_DEPLOY_FILES: .env docker-compose.tmpl.yml docker-compose.dev.yml docker-compose.prod.yml

		.deploy-backup-db-before_script: &deploy-backup-db-before_script
		before_script:
		- >
		mkdir -p ${DEPLOY_DIR_NAME};
		cd ${DEPLOY_DIR_NAME};
		urlBase="${BACKUP_DB_REPOSITORY_URL}/-/raw/${BACKUP_DB_REPOSITORY_BRANCH}/deploy";
		for deployFile in ${BACKUP_DB_DEPLOY_FILES};
		do
		wget -q "$(echo ${urlBase}/${deployFile})";
		done;
		cd -;

		.deploy-backup-db-development:
		extends: .deploy-development
		<<: *deploy-backup-db-stage
		variables:
		<<: *deploy-backup-db-variables
		<<: *deploy-backup-db-before_script
		environment:
		name: dev/backup-db

		.deploy-backup-db-production:
		extends: .deploy-production
		<<: *deploy-backup-db-stage
		variables:
		<<: *deploy-backup-db-variables
		<<: *deploy-backup-db-before_script
		environment:
		name: pro/backup-db

		.deploy-backup-db-branch-base:
		variables: &deploy-backup-db-branch-base-variables
		DD_IMAGE_NAME: ${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}
		DD_IMAGE_TAG: ${CI_COMMIT_SHA}

		.deploy-backup-db-support-branch: &deploy-backup-db-support-branch
		rules:
		- if: $CI_MERGE_REQUEST_ID \|\|
		$CI_COMMIT_TAG \|\|
		$CI_PIPELINE_SOURCE == "schedule" \|\|
		$CI_COMMIT_BRANCH == "master"
		when: never
		- if: $CI_COMMIT_BRANCH
		when: manual
		allow_failure: true

		deploy-backup-db-support-branch-development:
		extends: .deploy-backup-db-development
		variables:
		<<: *deploy-backup-db-branch-base-variables
		<<: *deploy-backup-db-support-branch

		.deploy-backup-db-stable-branch: &deploy-backup-db-stable-branch
		rules:
		- if: $CI_MERGE_REQUEST_ID \|\|
		$CI_COMMIT_TAG \|\|
		$CI_PIPELINE_SOURCE == "schedule"
		when: never
		- if: $CI_COMMIT_BRANCH == "master"
		when: manual
		allow_failure: true

		deploy-backup-db-stable-branch-development:
		extends: .deploy-backup-db-development
		variables:
		<<: *deploy-backup-db-branch-base-variables
		<<: *deploy-backup-db-stable-branch

		deploy-backup-db-stable-branch-production:
		extends: .deploy-backup-db-production
		variables:
		<<: *deploy-backup-db-branch-base-variables
		<<: *deploy-backup-db-stable-branch

		.deploy-backup-db-tag-base:
		variables: &deploy-backup-db-tag-base-variables
		DD_IMAGE_NAME: ${CI_REGISTRY_IMAGE}
		DD_IMAGE_TAG: ${CI_COMMIT_TAG}

		.deploy-backup-db-tag: &deploy-backup-db-tag
		rules:
		- if: $CI_COMMIT_TAG
		when: manual
		allow_failure: true

		deploy-backup-db-tag-development:
		extends: .deploy-backup-db-development
		variables:
		<<: *deploy-backup-db-tag-base-variables
		<<: *deploy-backup-db-tag

		deploy-backup-db-tag-production:
		extends: .deploy-backup-db-production
		variables:
		<<: *deploy-backup-db-tag-base-variables
		<<: *deploy-backup-db-tag

deploy/.env

0 → 100644

+22 −0

Original line number	Diff line number	Diff line
		ALPINE_IMAGE_TAG=3.13
		POSTGRES_PASS_FILE=/root/.pgpass
		POSTGRES_DUMP_PATH=/tmp/backup
		CURL_VERSION=7.74.0-r1
		POSTGRESQL_CLIENT_VERSION=13.2-r0
		BASH_VERSION=5.1.0-r0
		GLIBC_VERSION=2.33-r0
		AWS_CLI_VERSION=2.0.30

		POSTGRES_HOSTNAME=changeme
		POSTGRES_PORT=5432
		POSTGRES_USER=postgres
		POSTGRES_PASSWORD=changeme

		AWS_DEFAULT_REGION=eu-west-1
		AWS_ACCESS_KEY_ID=changeme
		AWS_SECRET_ACCESS_KEY=changeme
		BUCKET_BACKUP_DB=backup-db
		AWS_OUTPUT=json

		PUSHGATEWAY_HOST=pushgateway:9091
		PUSHGATEWAY_JOB=changeme

deploy/docker-compose.dev.yml

0 → 100644

+1 −0

Original line number	Diff line number	Diff line
		version: '3.5'