File: /var/www/quadcode-jobs/.gitlab-ci.yml
variables:
CI_REGISTRY_IMAGE: "registry.mobbtech.com/${CI_PROJECT_PATH}"
SERVICE_VERSION: "${CI_COMMIT_REF_NAME}"
DOCKER_VERSION: '1.0.0'
DOCKER_COMPOSE_VERSION: '1.29.2'
stages:
- security
- build
- deploy
include:
- project: application_security_public/configurations
file: /SAST/jobs-quadcode-site/jobs_quadcode_site.yml
docker-image:jobs:publish:
stage: build
services:
- name: '${DOCKER_DIND_IMAGE}'
before_script:
- docker info
script:
- echo "Build image for service version $SERVICE_VERSION"
- echo "Build php image"
- cp .env.example .env
- docker run -v "$PWD":/usr/src/app -w /usr/src/app node:16.18-alpine sh -c 'npm ci && npm run prod'
- docker build --pull -f .docker/php/Dockerfile -t "$CI_REGISTRY_IMAGE${tag}-php" .
- docker push "$CI_REGISTRY_IMAGE${tag}-php"
- echo "Build nginx image"
- docker build --pull -f .docker/nginx/Dockerfile -t "$CI_REGISTRY_IMAGE${tag}-nginx" .
- docker push "$CI_REGISTRY_IMAGE${tag}-nginx"
- echo "Build postgres image"
- docker build --pull -f .docker/postgres/Dockerfile -t "$CI_REGISTRY_IMAGE${tag}-postgres" .
- docker push "$CI_REGISTRY_IMAGE${tag}-postgres"
when: manual
tags:
- linux_amd64_standard
build_php:
stage: build
only:
- /^.*deploy$/
cache:
key: ${CI_COMMIT_REF_NAME}
script:
- mkdir -m 700 ~/.ssh && ssh-keyscan -H gitlab.mobbtech.com >> ~/.ssh/known_hosts
- composer install --prefer-dist --no-dev
image: composer:latest
artifacts:
name: jobs_quadcode
expire_in: 1d
paths:
- app
- artisan
- bootstrap
- composer.json
- composer.lock
- config
- database
- phpunit.xml
- routes
- server.php
- storage
- tests
- vendor
tags:
- linux_amd64_standard
build_node:
stage: build
only:
- /^.*deploy$/
cache:
key: ${CI_COMMIT_REF_NAME}
script:
- npm ci
- npm run prod
image: node:16-alpine
artifacts:
name: jobs_quadcode
expire_in: 1d
paths:
- package-lock.json
- package.json
- public
- resources
- webpack.mix.js
tags:
- linux_amd64_standard
.deploy: &deploy
stage: deploy
script:
- test "${SSH_KEY}" || exit 1
- mkdir -m 700 ~/.ssh
- echo "${SSH_KEY}" > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- eval `ssh-agent -s`
- ssh-add ~/.ssh/id_rsa
- ssh-keyscan gitlab.mobbtech.com >> ~/.ssh/known_hosts
- tar -czf $PWD_DIR/.deploy/playbooks/app.tgz app artisan bootstrap composer.json composer.lock config database package-lock.json package.json phpunit.xml public resources routes server.php storage vendor webpack.mix.js
- chmod -v 700 $PWD_DIR/.deploy
- cd $PWD_DIR/.deploy && ansible-galaxy install -r roles/requirements.yml
- chmod 755 $PWD_DIR/.deploy && cd $PWD_DIR/.deploy && ansible-playbook -i inventory -l $GITLAB_DEPLOY_TO playbooks/.deploy.yml -vv -D
image: registry.mobbtech.com/infra/ansible-ci:2.9.14-2
dependencies:
- build_php
- build_node
when: manual
deploy:production:
<<: *deploy
before_script:
- export GITLAB_DEPLOY_TO=production
- PWD_DIR=$(pwd)
environment: production
tags:
- linux_amd64_standard
- production
only:
- /^deploy.*$/
deploy:integration:
<<: *deploy
before_script:
- export GITLAB_DEPLOY_TO=integration
- PWD_DIR=$(pwd)
environment: integration
tags:
- linux_amd64_standard
- integration
only:
- /^int_deploy.*$/
when: manual