Merge branch 'feature/vault' into develop
This commit is contained in:
commit
86558dc76d
|
|
@ -18,6 +18,7 @@ magephp:
|
||||||
- "/var/cache/*"
|
- "/var/cache/*"
|
||||||
- "/var/log/*"
|
- "/var/log/*"
|
||||||
- "/public/media"
|
- "/public/media"
|
||||||
|
- "/.secrets"
|
||||||
hosts:
|
hosts:
|
||||||
- ssh_host
|
- ssh_host
|
||||||
on-deploy:
|
on-deploy:
|
||||||
|
|
|
||||||
39
.novops.yml
Normal file
39
.novops.yml
Normal file
|
|
@ -0,0 +1,39 @@
|
||||||
|
environments:
|
||||||
|
build:
|
||||||
|
variables:
|
||||||
|
- name: MYSQLDUMP
|
||||||
|
value:
|
||||||
|
hvault_kv2:
|
||||||
|
mount: kv
|
||||||
|
path: deblan/deblan.io-murph
|
||||||
|
key: mysqldump
|
||||||
|
|
||||||
|
deploy:
|
||||||
|
variables:
|
||||||
|
- name: SSH_USER
|
||||||
|
value:
|
||||||
|
hvault_kv2:
|
||||||
|
mount: kv
|
||||||
|
path: deblan/deblan.io-murph
|
||||||
|
key: ssh_user
|
||||||
|
|
||||||
|
- name: SSH_HOST
|
||||||
|
value:
|
||||||
|
hvault_kv2:
|
||||||
|
mount: kv
|
||||||
|
path: deblan/deblan.io-murph
|
||||||
|
key: ssh_host
|
||||||
|
|
||||||
|
- name: SSH_PRIV_KEY
|
||||||
|
value:
|
||||||
|
hvault_kv2:
|
||||||
|
mount: kv
|
||||||
|
path: deblan/deblan.io-murph
|
||||||
|
key: ssh_priv_key
|
||||||
|
|
||||||
|
- name: APP_DIRECTORY
|
||||||
|
value:
|
||||||
|
hvault_kv2:
|
||||||
|
mount: kv
|
||||||
|
path: deblan/deblan.io-murph
|
||||||
|
key: app_directory
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
variables:
|
variables:
|
||||||
- &volumes
|
volumes: &volumes
|
||||||
- node16_cache:/root/.npm
|
- node_cache:/root/.npm
|
||||||
- /data/${CI_REPO}:/builds
|
- /data/${CI_REPO}:/builds
|
||||||
|
|
||||||
when:
|
when:
|
||||||
|
|
@ -13,10 +13,16 @@ steps:
|
||||||
commands:
|
commands:
|
||||||
- /bin/timeout -t 30 -v -c 'while true; do nc -z -v db 3306 2>&1 | grep succeeded && exit 0; sleep 0.5; done'
|
- /bin/timeout -t 30 -v -c 'while true; do nc -z -v db 3306 2>&1 | grep succeeded && exit 0; sleep 0.5; done'
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
image: gitnet.fr/deblan/novops
|
||||||
|
secrets: [vault_addr, vault_token]
|
||||||
|
commands:
|
||||||
|
- novops load -e build > .secrets
|
||||||
|
|
||||||
db-create:
|
db-create:
|
||||||
image: mariadb:10.3
|
image: mariadb:10.3
|
||||||
secrets: [mysqldump]
|
|
||||||
commands:
|
commands:
|
||||||
|
- . ./.secrets
|
||||||
- mysql -hdb -uroot -proot -e "CREATE DATABASE app"
|
- mysql -hdb -uroot -proot -e "CREATE DATABASE app"
|
||||||
- eval "$MYSQLDUMP" | mysql -hdb -uroot -proot app
|
- eval "$MYSQLDUMP" | mysql -hdb -uroot -proot app
|
||||||
|
|
||||||
|
|
@ -80,4 +86,4 @@ services:
|
||||||
- MARIADB_ROOT_PASSWORD=root
|
- MARIADB_ROOT_PASSWORD=root
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
node16_cache:
|
node_cache:
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
variables:
|
variables:
|
||||||
- &volumes
|
volumes: &volumes
|
||||||
- /data/${CI_REPO}:/builds
|
- /data/${CI_REPO}:/builds
|
||||||
|
|
||||||
when:
|
when:
|
||||||
|
|
@ -8,11 +8,17 @@ when:
|
||||||
skip_clone: true
|
skip_clone: true
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
secrets:
|
||||||
|
image: gitnet.fr/deblan/novops
|
||||||
|
secrets: [vault_addr, vault_token]
|
||||||
|
commands:
|
||||||
|
- novops load -e deploy > .secrets
|
||||||
|
|
||||||
app-deploy:
|
app-deploy:
|
||||||
image: deblan/mage
|
image: deblan/mage
|
||||||
secrets: [ssh_user, ssh_host, ssh_priv_key, app_directory]
|
|
||||||
volumes: *volumes
|
volumes: *volumes
|
||||||
commands:
|
commands:
|
||||||
|
- . ./.secrets
|
||||||
- cd "/builds/$CI_COMMIT_SHA"
|
- cd "/builds/$CI_COMMIT_SHA"
|
||||||
- mkdir "$HOME/.ssh"
|
- mkdir "$HOME/.ssh"
|
||||||
- echo "$SSH_PRIV_KEY" > "$HOME/.ssh/id_ed25519"
|
- echo "$SSH_PRIV_KEY" > "$HOME/.ssh/id_ed25519"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue