Created
October 19, 2019 07:49
-
-
Save joduplessis/af4cff3cca4e5cc59ea9c6eec1f30fa9 to your computer and use it in GitHub Desktop.
GitLab CI, Ansible & Docker workflow for deploying a node app to a private VPS via SSH.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
image: docker:18.09.7 | |
services: | |
- docker:18.09.7-dind | |
stages: | |
- build | |
- push | |
- deploy | |
variables: | |
port: $PORT | |
redis_port: $REDIS_PORT | |
redis_host: $REDIS_HOST | |
before_script: | |
# docker login asks for the password to be passed through stdin for security | |
# we use $CI_JOB_TOKEN here which is a special token provided by GitLab | |
# - echo -n $CI_TOKEN | docker login -u joduplessis --password-stdin $CI_REGISTRY | |
# We only want this on the Docker stages (don't run on deploy stage) | |
Build: | |
stage: build | |
image: docker:18.09.7 | |
only: | |
- master | |
script: | |
- echo -n $CI_TOKEN | docker login -u joduplessis --password-stdin $CI_REGISTRY | |
- docker pull $CI_REGISTRY_IMAGE:latest || true | |
# cache-from here tells a tagged image to be used as a cache source | |
- > | |
docker build | |
--build-arg PORT=$port | |
--build-arg REDIS_HOST=$redis_host | |
--build-arg REDIS_PORT=$redis_port | |
--cache-from $CI_REGISTRY_IMAGE:latest | |
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | |
. | |
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | |
# Push our Docker image to the registry | |
Push latest: | |
variables: | |
GIT_STRATEGY: none | |
stage: push | |
image: docker:18.09.7 | |
only: | |
- master | |
script: | |
- echo -n $CI_TOKEN | docker login -u joduplessis --password-stdin $CI_REGISTRY | |
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | |
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest | |
- docker push $CI_REGISTRY_IMAGE:latest | |
# For any pushed tags | |
Push tag: | |
variables: | |
GIT_STRATEGY: none | |
stage: push | |
only: | |
- tags | |
script: | |
- echo -n $CI_TOKEN | docker login -u joduplessis --password-stdin $CI_REGISTRY | |
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA | |
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME | |
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME | |
Deploy: | |
image: ubuntu:latest | |
stage: deploy | |
script: | |
- apt-get update | |
- apt-get install software-properties-common -y | |
- apt-add-repository --yes --update ppa:ansible/ansible | |
- apt-get install ansible -y | |
- DOCKER_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA ansible-playbook ./playbook/deploy.yml -i ./playbook/hosts | |
only: | |
- master |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM node:10 | |
MAINTAINER Jo du Plessis <jo@joduplessis.com> | |
ARG PORT | |
ARG REDIS_HOST | |
ARG REDIS_PORT | |
ENV PORT=$PORT | |
ENV REDIS_HOST=$REDIS_HOST | |
ENV REDIS_PORT=$REDIS_PORT | |
EXPOSE $PORT | |
EXPOSE $REDIS_PORT | |
WORKDIR /var/www/app | |
COPY . /var/www/app | |
RUN npm i | |
RUN npm run build | |
CMD ["npm", "run", "start"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Deploy | |
hosts: all | |
gather_facts: yes | |
become: yes | |
remote_user: root | |
tasks: | |
- name: Log into private registry and force re-authorization | |
docker_login: | |
registry: registry.gitlab.com | |
username: joduplessis | |
password: "{{ lookup('env','PASSWORD') }}" | |
reauthorize: yes | |
- name: Pull default Docker image | |
docker_image: | |
name: "{{ lookup('env','DOCKER_IMAGE') }}" | |
source: pull | |
- name: Create default containers | |
docker_container: | |
name: websocket | |
image: "{{ lookup('env','DOCKER_IMAGE') }}" | |
state: present | |
detach: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[vps] | |
root@127.0.0.1 ansible_ssh_user=root ansible_ssh_pass="{{ lookup('env','ROOT_PASSWORD') }}" | |
root@127.0.0.1 ansible_python_interpreter=/usr/bin/python3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment