Skip to content

Instantly share code, notes, and snippets.

@taufiqpsumarna

taufiqpsumarna/.gitlab-ci.yaml

Last active August 29, 2022 08:13
Show Gist options
  • Save taufiqpsumarna/15f9509037b29632df220df62a1f6fa3 to your computer and use it in GitHub Desktop.
Save taufiqpsumarna/15f9509037b29632df220df62a1f6fa3 to your computer and use it in GitHub Desktop.
Download ZIP
Gitlab Pipeline Remote SSH To Server Staging Auto Deploy & Production Manual Deploy
Raw
.gitlab-ci.yaml
#Pipeline Created by Taufiq - 2022
image: alpine:latest
stages:
- build-server-stg
- deploy-server-stg
- build-server-prd
- deploy-server-prd
################################################
#Staging pipeline configuration : Auto Deployment
################################################
build-server-stg:
stage: build-server-stg
before_script:
- 'which ssh-agent || ( apk update && apk add openssh )'
- mkdir -p ~/.ssh
- eval $(ssh-agent -s)
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- ssh-add <(echo "$SECRET_KEY_base64_STAGING" | base64 -d)
- ssh -o StrictHostKeyChecking=no $SSH_USER_STAGING@$SSH_HOST_STAGING -p $SSH_PORT_STAGING "linux_command_here"
only:
refs:
- staging #Run only for branches
changes:
- "server/**/*" #Run only changes folder in repository for triggering pipeline
deploy-server-stg:
stage: deploy-server-stg
before_script:
- 'which ssh-agent || ( apk update && apk add openssh )'
- mkdir -p ~/.ssh
- eval $(ssh-agent -s)
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- ssh-add <(echo "$SECRET_KEY_base64_STAGING" | base64 -d)
- ssh -o StrictHostKeyChecking=no $SSH_USER_STAGING@$SSH_HOST_STAGING -p $SSH_PORT_STAGING "linux_command_here"
only:
refs:
- staging
changes:
- "server/**/*" #Define changes in repository for triggering pipeline
################################################
#Production pipeline configuration: Manual Deployment
################################################
build-server-prd:
stage: build-server-prd
before_script:
- 'which ssh-agent || ( apk update && apk add openssh )'
- mkdir -p ~/.ssh
- eval $(ssh-agent -s)
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- ssh-add <(echo "$SECRET_KEY_base64_PRODUCTION" | base64 -d)
- ssh -o StrictHostKeyChecking=no $SSH_USER_STAGING@$SSH_HOST_PRODUCTION -p $SSH_PORT_PRODCUTION "linux_command_here"
only:
refs:
- main #Run only for branches
changes:
- "server/**/*" #Define changes in repository for triggering pipeline
deploy-server-prd:
stage: deploy-server-prd
before_script:
- 'which ssh-agent || ( apk update && apk add openssh )'
- mkdir -p ~/.ssh
- eval $(ssh-agent -s)
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- ssh-add <(echo "$SECRET_KEY_base64_PRODUCTION" | base64 -d)
- ssh -o StrictHostKeyChecking=no $SSH_USER_PRODUCTION@$SSH_HOST_STAGING -p $SSH_PORT_PRODUCTION "linux_command_here"
only:
refs:
- main #Run only for branches
changes:
- "server/**/*" #Define changes in repository for triggering pipeline
when: manual #Deploy manually
Raw
README
##Setup the variable on gitlab
$SECRET_KEY_base64
$SSH_USER*
$SSH_HOST*
$SSH_PORT*
Notes: Checklist protected variable for running pipeline only on it and configure the protected branch in
Repository > Settings > General > Protected Branhces
##Generate the secret key
ssh-keygen -t rsa
###Add public key to authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
###Encode private key with base64 encoding
cat ~/.ssh/id_rsa | base64
@taufiqpsumarna
Copy link
Author

Early I used ubuntu:latest for the base image but its slow, I suggest to use alpine:latest instead

ubuntu:latest 00:03:38
alpine:latest 00:02:14

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment