Skip to content

Instantly share code, notes, and snippets.

@htuscher
Created August 3, 2017 08:12
Show Gist options
  • Save htuscher/b566b91573256064c797860ec01f9021 to your computer and use it in GitHub Desktop.
Save htuscher/b566b91573256064c797860ec01f9021 to your computer and use it in GitHub Desktop.
Deploying with docker-compose via SSH tunnel in Gitlab CI
deploy:live:
image: 1drop/docker:git
stage: deploy
when: manual
environment:
name: production
url: https://www.somecustomer.de
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "$SSH_PRIVATE_KEY")
- mkdir -p ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
- apk add socat
script:
- ./bin/deploy.sh
tags:
- vpn
only:
- master
#!/usr/bin/env bash
set -o pipefail # trace ERR through pipes
set -o errtrace # trace ERR through 'time command' and other functions
set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
set -o errexit ## set -e : exit the script if any statement returns a non-true return value
[email protected] # todo: change here
TYPO3_IMAGE=registry.gitlab.com/vendor/customer/typo3 # todo: change here
echo " * OPENING DOCKER SOCKET TUNNEL"
socat \
"UNIX-LISTEN:/tmp/docker.sock,reuseaddr,fork" \
"EXEC:'ssh -kTax $REMOTE socat STDIO UNIX-CONNECT\:/var/run/docker.sock'" \
&
export DOCKER_HOST=unix:///tmp/docker.sock
export COMPOSE_PROJECT_NAME=some-fixed-name # todo: change here
echo " * LOGIN WITH GITLAB-CI TOKEN"
docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
# backup current image if already present locally
if [[ ! "$(docker images -q ${TYPO3_IMAGE} 2> /dev/null)" == "" ]]; then
echo " * BACKING UP CURRENT IMAGE VERSION"
docker tag ${TYPO3_IMAGE} typo3-backup
fi
echo " * PULLING NEW IMAGES"
docker-compose -f docker-compose.live.yml pull
echo " * UPDATING RUNNING CONTAINERS"
docker-compose -f docker-compose.live.yml up -d
echo " * CLEANING OLD IMAGES"
ssh -t ${REMOTE} "docker-clean images"
@ldnunes
Copy link

ldnunes commented Feb 3, 2020

Excelent solution! Thanks for sharing!

However, just a heads up: setting "Host StrictHostKeyChecking no" could be a security issue. A better solution would be to setup the known_hosts file with the hosts key before trying to connect to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment