GitLab CI build and deploy to Acquia

.gitlab-ci.yml

stages:
  - Deploy

# @todo implement a Build and Test step to verify code quality before deploy

# IMPORTANT: `acli push:artifact` leverages composer internally to build dependencies, so no separate build step is required.
'Deploy to Acquia':
  image: php:8.2
  stage: Deploy
  rules:
    - if: '$CI_COMMIT_BRANCH'
    - if: '$CI_COMMIT_TAG'
  before_script:
    - env | sort -f
    - apt-get update && apt-get install -y git jq openssh-client libpng-dev libjpeg-dev libfreetype6-dev libz-dev zip unzip
    - docker-php-ext-configure gd --with-freetype --with-jpeg
    - docker-php-ext-install gd
    - curl -OL https://github.com/acquia/cli/releases/latest/download/acli.phar
    - chmod +x acli.phar
    - mv acli.phar /usr/local/bin/acli
    - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
  script:
    - bash ./scripts/deploy_to_acquia.sh

deploy_to_acquia.sh

#!/usr/bin/env bash

# Used by the .gitlab-ci.yml Deploy step.
#
# Installation:
#
# 1.  Follow Acquia docs for creating an SSH Keypair with Passphrase, and
#     upload it to your profile in Acquia.
#
#     https://docs.acquia.com/acquia-cloud-platform/manage-apps/command-line/ssh/getting-started/add-key
#
# 2.  Follow Acquia docs for creating an API Key and Secret via Acquia Cloud UI.
#
#     https://docs.acquia.com/acquia-cloud-platform/develop-apps/api/auth
#
# 3.  Go to Settings > CI/CD and expand section "Variables".
#
#     You must have 'Maintainer' role on your GitLab project to be able to add
#     the required Environment variables necessary to push to Acquia git remote.
#
# 4.  Click "Add Variable" and create variables for the following items,
#     ensureing they're marked as "masked".
#
#     - ACQUIA_CLOUD_API_KEY
#     - ACQUIA_CLOUD_API_SECRET
#     - ACQUIA_CLOUD_SSH_KEY (this is the public key)
#     - ACQUIA_CLOUD_SSH_PASSPHRASE

set -euo pipefail

git config --global user.email "[email protected]"
git config --global user.name "Acquia CI/CD"
git config --global --add safe.directory "."

echo 'error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED' >> /usr/local/etc/php/conf.d/docker-php-error_reporting.ini

acli auth:login --key="${ACQUIA_CLOUD_API_KEY}" --secret="${ACQUIA_CLOUD_API_SECRET}"

mkdir -p ~/.ssh
chmod -R 700 ~/.ssh
eval "$(ssh-agent -s)"

echo "${ACQUIA_CLOUD_SSH_KEY}" | base64 -d > /tmp/ssh-key.key
chmod 600 /tmp/ssh-key.key

echo "#!/usr/bin/env bash
echo '${ACQUIA_CLOUD_SSH_PASSPHRASE}'" > ~/.ssh/.print_ssh_password
chmod 711 ~/.ssh/.print_ssh_password

cat "/tmp/ssh-key.key" | DISPLAY=":0.0" SSH_ASKPASS=~/.ssh/.print_ssh_password setsid ssh-add - &>/dev/null

ssh-add -L

VCS_URL=$(acli api:applications:environment-list | jq -r '.[0] | .vcs.url')
VCS_HOST=$(echo "$VCS_URL" | cut -d '@' -f2 | cut -d ':' -f1)
ssh-keyscan "$VCS_HOST" >> ~/.ssh/known_hosts

chmod 644 ~/.ssh/known_hosts

# Determine the destination branch or tag name for deployment.
DESTINATION_REF="gitlab-ci-build-${CI_COMMIT_REF_NAME}"

DESTINATION="--destination-git-branch=${DESTINATION_REF}"
if [ "${CI_COMMIT_TAG-}" == "$CI_COMMIT_REF_NAME" ]
then
  DESTINATION="--destination-git-tag=${DESTINATION_REF} --source-git-tag=${CI_COMMIT_TAG}"
fi

# Deploy the artifact to the appropriate destination branch or tag at Acquia.
acli push:artifact $DESTINATION --no-interaction -vvv