CI: Rework deployment

* Add script for dumping env variables * Reduce commands in gitlab-ci.yml and move operations into deploy.sh. * Closes #2

CI: Rework deployment
0bf5c7d2 · Tsepelakis, Sotirios · 45bafa96 · 0bf5c7d2 · 0bf5c7d2 · 0bf5c7d2
Verified Commit 0bf5c7d2 authored 2 years ago by Tsepelakis, Sotirios
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+# GitLab CI/CD configuration
+
 stages:
  - production

-deploy_production:
+deploy-production:
  stage: production
  environment: production
  script:
-    - ssh gitlab-ci@s194.dl.hpc.tuwien.ac.at "rm -rf ./crdm-keycloak-setup"
-    - cd ..
-    - scp -r "crdm-keycloak-setup" "gitlab-ci@s194.dl.hpc.tuwien.ac.at:./crdm-keycloak-setup"
-    - ssh gitlab-ci@s194.dl.hpc.tuwien.ac.at "cp -r /home/gitlab-ci/cert /home/gitlab-ci/crdm-keycloak-setup/"
-    - ssh gitlab-ci@s194.dl.hpc.tuwien.ac.at "cp -r /home/gitlab-ci/.env /home/gitlab-ci/crdm-keycloak-setup/.env"
-    - ssh gitlab-ci@s194.dl.hpc.tuwien.ac.at " cd crdm-keycloak-setup && docker-compose up --build -d"
+    - ./.gitlab-ci/deploy.sh
  rules:
-    - if: '$CI_COMMIT_BRANCH == "master"'
\ No newline at end of file
+    - if: '$CI_COMMIT_BRANCH == "master"'
--- a/.gitlab-ci/deploy.sh
+++ b/.gitlab-ci/deploy.sh
+#!/bin/sh
+#
+# script for deploying the services
+#
+
+# ---------------- #
+#  Variable checks #
+# ---------------- #
+
+if [ -z "${DEPLOYMENT_MACHINE}" ]; then
+    echo >&2 "ERROR: DEPLOYMENT_MACHINE variable not set."
+    exit 1
+elif [ -z "${SSH_PRIVATE_KEY}" ] || [ ! -f "${SSL_CERT}" ]; then
+    echo >&2 "ERROR: SSH_PRIVATE_KEY or SSL_CERT is not set."
+    exit 1
+fi
+
+SSH_TARGET="${DEPLOYMENT_USER:-gitlab-ci}@${DEPLOYMENT_MACHINE}"
+DEPLOYMENT_PATH="${DEPLOYMENT_PATH:-crdm-keycloak-setup}"
+
+# --------------------------- #
+#  Setting up and redeploying #
+# --------------------------- #
+
+# Step 1 #
+# preparing the relevant files
+chmod 0400 "${SSH_PRIVATE_KEY}"
+touch ".env"
+chmod 0600 ".env"
+./scripts/dump-vars.sh ".env"
+
+# Step 2 #
+# transfer the files
+scp -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" ".env" "${SSH_TARGET}:${DEPLOYMENT_PATH}/.env"
+scp -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" "${SSL_CERT}" "${SSH_TARGET}:${DEPLOYMENT_PATH}/cert/tls.crt"
+
+# Step 3 #
+# ssh to target, pull, build services and deploy
+ssh -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" "${SSH_TARGET}" "bash" <<- EOF
+    cd "${DEPLOYMENT_PATH}"
+    git pull origin master
+    docker compose pull
+    docker compose up -d
+EOF
--- a/scripts/dump-vars.sh
+++ b/scripts/dump-vars.sh
+#!/bin/sh
+#
+# dump environment variables to a file
+#
+# this script is intended to be run by the gitlab runner, to dump all gitlab
+# variables to the secrets file
+
+# the user can optionally specify the output file
+OUTPUT_FILE="${1:-.env}"
+
+# delete the old file if it exists, and create one with secure permissions
+rm -f "${OUTPUT_FILE}"
+
+# rwx only for user
+umask 077
+touch "${OUTPUT_FILE}"
+
+# dump each exported variable
+while read -r var; do
+    echo $var >> "${OUTPUT_FILE}"
+done <<- EOF
+    $(env | grep -E "^POSTGRES_.*|^KEYCLOAK_.*|^TZ$")
+EOF