Update files for keycloak v17 & improve CI

• Update setup and scripts
• CI: Add staging environment
• CI: Improve the logic in deploy.sh

.gitlab-ci/deploy.sh

@@ -3,42 +3,64 @@
 # script for deploying the services
 #
 
-# ---------------- #
-#  Variable checks #
-# ---------------- #
+set -eu
+
+# --------------- #
+# Variable checks #
+# --------------- #
 
 if [ -z "${DEPLOYMENT_MACHINE}" ]; then
     echo >&2 "ERROR: DEPLOYMENT_MACHINE variable not set."
     exit 1
-elif [ -z "${SSH_PRIVATE_KEY}" ] || [ ! -f "${SSL_CERT}" ]; then
-    echo >&2 "ERROR: SSH_PRIVATE_KEY or SSL_CERT is not set."
+elif [ -z "${SSH_PRIVATE_KEY}" ] || [ ! -f "${SSL_CERT}" ]  || [ ! -f "${SSL_KEY}" ]; then
+    echo >&2 "ERROR: SSH_PRIVATE_KEY or SSL_CERT or SSL_KEY is not set."
     exit 1
 fi
 
+# helpers
 SSH_TARGET="${DEPLOYMENT_USER:-gitlab-ci}@${DEPLOYMENT_MACHINE}"
 DEPLOYMENT_PATH="${DEPLOYMENT_PATH:-crdm-keycloak-setup}"
+REPO_URL="https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.tuwien.ac.at/fairdata/crdm-keycloak-setup.git"
 
-# --------------------------- #
-#  Setting up and redeploying #
-# --------------------------- #
+# -------------------------- #
+# Setting up and redeploying #
+# -------------------------- #
 
 # Step 1 #
-# preparing the relevant files
+# prepare the relevant files
 chmod 0400 "${SSH_PRIVATE_KEY}"
 touch ".env"
 chmod 0600 ".env"
+# set keycloak host variable: required for production mode
+export KC_HOST="${DEPLOYMENT_MACHINE}"
+# dump the vars
 ./scripts/dump-vars.sh ".env"
 
 # Step 2 #
-# transfer the files
-scp -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" ".env" "${SSH_TARGET}:${DEPLOYMENT_PATH}/.env"
-scp -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" "${SSL_CERT}" "${SSH_TARGET}:${DEPLOYMENT_PATH}/cert/tls.crt"
+# ssh to target, initialize repo or fetch
+ssh -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" "${SSH_TARGET}" "bash" <<- EOF
+set -eu pipefail
+mkdir -p "${DEPLOYMENT_PATH}" && cd "${DEPLOYMENT_PATH}"
+
+if git status; then
+    echo "INFO: Fetching origin."
+    git fetch "${REPO_URL}"
+else
+    echo "INFO: Git repository doesn't exist, cloning."
+    git clone "${REPO_URL}" .
+fi
+
+chmod a+w ./export
+git checkout "${CI_COMMIT_BRANCH}"
+EOF
 
 # Step 3 #
-# ssh to target, pull, build services and deploy
+# transfer files (.env & certificates), build services and deploy
+scp -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" ".env" "${SSH_TARGET}:${DEPLOYMENT_PATH}/.env"
+scp -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" "${SSL_CERT}" "${SSH_TARGET}:${DEPLOYMENT_PATH}/ssl/tls.crt"
+scp -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" "${SSL_KEY}" "${SSH_TARGET}:${DEPLOYMENT_PATH}/ssl/tls.key"
+
 ssh -i "${SSH_PRIVATE_KEY}" -o "StrictHostKeyChecking=accept-new" "${SSH_TARGET}" "bash" <<- EOF
-    cd "${DEPLOYMENT_PATH}"
-    git pull origin master
-    docker compose pull
-    docker compose up -d
+cd "${DEPLOYMENT_PATH}" 
+docker compose down && docker compose up -d
 EOF