GitLab CI, Ansible & Docker workflow for deploying a node app to a private VPS via SSH.

.gitlab-ci.yml

image: docker:18.09.7

services:
  - docker:18.09.7-dind

stages:
  - build
  - push
  - deploy

variables:
  port: $PORT
  redis_port: $REDIS_PORT
  redis_host: $REDIS_HOST

before_script:
  # docker login asks for the password to be passed through stdin for security
  # we use $CI_JOB_TOKEN here which is a special token provided by GitLab
  # - echo -n $CI_TOKEN | docker login -u joduplessis --password-stdin $CI_REGISTRY
  # We only want this on the Docker stages (don't run on deploy stage)

Build:
  stage: build
  image: docker:18.09.7
  only:
    - master
  script:
    - echo -n $CI_TOKEN | docker login -u joduplessis --password-stdin $CI_REGISTRY
    - docker pull $CI_REGISTRY_IMAGE:latest || true
    # cache-from here tells a tagged image to be used as a cache source
    - >
      docker build
      --build-arg PORT=$port
      --build-arg REDIS_HOST=$redis_host
      --build-arg REDIS_PORT=$redis_port
      --cache-from $CI_REGISTRY_IMAGE:latest
      --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
      .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA

# Push our Docker image to the registry
Push latest:
  variables:
    GIT_STRATEGY: none
  stage: push
  image: docker:18.09.7
  only:
    - master
  script:
    - echo -n $CI_TOKEN | docker login -u joduplessis --password-stdin $CI_REGISTRY
    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
    - docker push $CI_REGISTRY_IMAGE:latest

# For any pushed tags
Push tag:
  variables:
    GIT_STRATEGY: none
  stage: push
  only:
    - tags
  script:
    - echo -n $CI_TOKEN | docker login -u joduplessis --password-stdin $CI_REGISTRY
    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME

Deploy:
  image: ubuntu:latest
  stage: deploy
  script:
    - apt-get update
    - apt-get install software-properties-common -y
    - apt-add-repository --yes --update ppa:ansible/ansible
    - apt-get install ansible -y
    - DOCKER_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ansible-playbook ./playbook/deploy.yml -i ./playbook/hosts
  only:
    - master

Dockerfile

FROM node:10
MAINTAINER Jo du Plessis <jo@joduplessis.com>

ARG PORT
ARG REDIS_HOST
ARG REDIS_PORT

ENV PORT=$PORT
ENV REDIS_HOST=$REDIS_HOST
ENV REDIS_PORT=$REDIS_PORT

EXPOSE $PORT
EXPOSE $REDIS_PORT

WORKDIR /var/www/app

COPY . /var/www/app

RUN npm i
RUN npm run build

CMD ["npm", "run", "start"]

playbook-deploy.yaml

---
- name: Deploy
  hosts: all
  gather_facts: yes
  become: yes
  remote_user: root

  tasks:

    - name: Log into private registry and force re-authorization
      docker_login:
        registry: registry.gitlab.com
        username: joduplessis
        password: "{{ lookup('env','PASSWORD') }}"
        reauthorize: yes

    - name: Pull default Docker image
      docker_image:
        name: "{{ lookup('env','DOCKER_IMAGE') }}"
        source: pull

    - name: Create default containers
      docker_container:
        name: websocket
        image: "{{ lookup('env','DOCKER_IMAGE') }}"
        state: present
        detach: yes

playbook-inventory

[vps]
root@127.0.0.1 ansible_ssh_user=root ansible_ssh_pass="{{ lookup('env','ROOT_PASSWORD') }}"
root@127.0.0.1 ansible_python_interpreter=/usr/bin/python3