Created
June 26, 2016 16:49
-
-
Save guillaumewuip/f1768e93a6cdc2b4d7b8a90332c0df3a to your computer and use it in GitHub Desktop.
Gitlab CI to dokku
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # Variables # | |
| ############################################################################### | |
| variables: | |
| DOKKU_HOST: 'host.com' | |
| PROJECT_NAME: 'project_name' | |
| ############################################################################### | |
| # Cache # | |
| ############################################################################### | |
| cache: | |
| untracked: true | |
| paths: | |
| - node_modules/ | |
| key: 'web_dependencies' | |
| ############################################################################### | |
| # Templates # | |
| ############################################################################### | |
| .deploy_template: &deploy_definition | |
| image: ubuntu | |
| stage: deploy | |
| before_script: | |
| # Install | |
| - apt-get update -y &>/dev/null | |
| - which ssh-keyscan || (apt-get install -y ssh &>/dev/null) | |
| - which git || (apt-get install -y git &>/dev/null) | |
| - which ssh-agent || (apt-get install openssh-client -y) | |
| # Add ssh private key $SSH_DEPLOY_KEY | |
| - eval $(ssh-agent -s) | |
| - ssh-add <(echo "$SSH_DEPLOY_KEY") | |
| # SSH config | |
| - mkdir -p ~/.ssh | |
| - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config | |
| # Add dokku to known hosts | |
| - ssh-keyscan -H $DOKKU_HOST >> ~/.ssh/known_hosts | |
| script: | |
| - echo git push dokku@$DOKKU_HOST:$PROJECT_NAME master # debug | |
| - git push dokku@$DOKKU_HOST:$PROJECT_NAME master | |
| ############################################################################### | |
| # Stages # | |
| ############################################################################### | |
| stages: | |
| - deploy | |
| deploy_to_dokku: | |
| <<: *deploy_definition | |
| only: | |
| - master | |
| environment: production |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It's a nice base, but you should remove the "StrictHostKeyChecking" line otherwise the known hosts definition is not used since it is not checked.
Also, redefining known host each time you run the CI pipeline does not protects you against man in the middle. The ssh-keyscan command should be ran once from a trusted network, its output saved to a Gitlab CI secret. Then, inside this ci script, place the contents of that secret inside the known_hosts file.