100 lines
3.5 KiB
YAML
100 lines
3.5 KiB
YAML
stages: [docker, deploy]
|
|
|
|
variables:
|
|
REGISTRY: registry.itsh.dev
|
|
BACKEND_IMAGE: registry.itsh.dev/vikingowl/marktvogt.de/backend
|
|
WEB_IMAGE: registry.itsh.dev/vikingowl/marktvogt.de/web
|
|
|
|
# ── Backend ─────────────────────────────────────────────────────────────────
|
|
|
|
backend:docker:
|
|
stage: docker
|
|
image: docker:29
|
|
services:
|
|
- docker:29-dind
|
|
variables:
|
|
DOCKER_TLS_CERTDIR: "/certs"
|
|
before_script:
|
|
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
|
|
- docker context create tls-env
|
|
- docker buildx create --name ci-builder --driver docker-container --use tls-env
|
|
- export SOURCE_DATE_EPOCH=$(git log -1 --format=%ct)
|
|
script:
|
|
- docker buildx build --output "type=image,push=true,rewrite-timestamp=true" -f backend/deploy/Dockerfile -t "$BACKEND_IMAGE:${CI_COMMIT_SHORT_SHA}" backend/
|
|
rules:
|
|
- if: '$CI_COMMIT_BRANCH == "main"'
|
|
changes: [backend/**/*, .gitlab-ci.yml]
|
|
|
|
backend:deploy:
|
|
stage: deploy
|
|
image:
|
|
name: alpine/helm:4.1
|
|
entrypoint: [""]
|
|
before_script:
|
|
- mkdir -p ~/.kube
|
|
- echo "$KUBECONFIG_DATA" > ~/.kube/config
|
|
- chmod 600 ~/.kube/config
|
|
script:
|
|
- |
|
|
helm upgrade --install marktvogt-backend ./backend/deploy/helm/ \
|
|
--namespace tenant-2 \
|
|
--set image.tag="${CI_COMMIT_SHORT_SHA}" \
|
|
--set smtp.host="$SMTP_HOST" \
|
|
--set smtp.user="$SMTP_USER" \
|
|
--set smtp.password="$SMTP_PASSWORD" \
|
|
--set ai.apiKey="$AI_API_KEY" \
|
|
--set ai.agentSimple="$AI_AGENT_SIMPLE" \
|
|
--set ai.agentDiscovery="$AI_AGENT_DISCOVERY" \
|
|
--set discovery.token="$DISCOVERY_TOKEN" \
|
|
--set turnstile.secretKey="$TURNSTILE_SECRET_KEY" \
|
|
--rollback-on-failure --wait=watcher --timeout 5m
|
|
needs: [backend:docker]
|
|
rules:
|
|
- if: '$CI_COMMIT_BRANCH == "main"'
|
|
changes: [backend/**/*, .gitlab-ci.yml]
|
|
|
|
# ── Web ──────────────────────────────────────────────────────────────────────
|
|
|
|
web:docker:
|
|
stage: docker
|
|
image: docker:29
|
|
services:
|
|
- docker:29-dind
|
|
variables:
|
|
DOCKER_TLS_CERTDIR: "/certs"
|
|
before_script:
|
|
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
|
|
- docker context create tls-env
|
|
- docker buildx create --name ci-builder --driver docker-container --use tls-env
|
|
- export SOURCE_DATE_EPOCH=$(git log -1 --format=%ct)
|
|
script:
|
|
- |
|
|
docker buildx build --output "type=image,push=true,rewrite-timestamp=true" \
|
|
-f web/Dockerfile \
|
|
--build-arg PUBLIC_API_BASE_URL=https://api.marktvogt.de \
|
|
--build-arg PUBLIC_TURNSTILE_SITE_KEY=0x4AAAAAACjLCV-78Ql1oTPz \
|
|
-t "$WEB_IMAGE:${CI_COMMIT_SHORT_SHA}" web/
|
|
rules:
|
|
- if: '$CI_COMMIT_BRANCH == "main"'
|
|
changes: [web/**/*, .gitlab-ci.yml]
|
|
|
|
web:deploy:
|
|
stage: deploy
|
|
image:
|
|
name: alpine/helm:4.1
|
|
entrypoint: [""]
|
|
before_script:
|
|
- mkdir -p ~/.kube
|
|
- echo "$KUBECONFIG_DATA" > ~/.kube/config
|
|
- chmod 600 ~/.kube/config
|
|
script:
|
|
- |
|
|
helm upgrade --install marktvogt-web ./web/deploy/helm/ \
|
|
--namespace tenant-2 \
|
|
--set image.tag="${CI_COMMIT_SHORT_SHA}" \
|
|
--rollback-on-failure --wait=watcher --timeout 5m
|
|
needs: [web:docker]
|
|
rules:
|
|
- if: '$CI_COMMIT_BRANCH == "main"'
|
|
changes: [web/**/*, .gitlab-ci.yml]
|