From 3fe79eac2bcddfeb4c4f144e2b2d74da24ff675a Mon Sep 17 00:00:00 2001 From: Valentyne Stigloher Date: Sat, 15 Mar 2025 13:54:27 +0100 Subject: [PATCH] (ci) only have a single production deploy job --- .deploy.gitlab-ci.yml | 305 ------------------------------------------ .gitlab-ci.yml | 71 +++++++++- 2 files changed, 66 insertions(+), 310 deletions(-) delete mode 100644 .deploy.gitlab-ci.yml diff --git a/.deploy.gitlab-ci.yml b/.deploy.gitlab-ci.yml deleted file mode 100644 index e088c0f7e..000000000 --- a/.deploy.gitlab-ci.yml +++ /dev/null @@ -1,305 +0,0 @@ -.deploy: &deploy - tags: ['deploy'] - needs: - - - job: 'build' - artifacts: false - rules: - - - if: $CI_COMMIT_TAG =~ /^deploy-.*/ && $CI_COMMIT_TAG_MESSAGE =~ $ENVIRONMENT_PATTERN - - - if: $CI_COMMIT_REF_PROTECTED == 'true' && $DEPLOY_TARGET =~ $ENVIRONMENT_PATTERN - - - if: $CI_COMMIT_REF_PROTECTED == 'true' - when: manual - image: node:20.12.2 - before_script: - # see https://docs.gitlab.com/ee/ci/jobs/ssh_keys.html#ssh-keys-when-using-the-docker-executor - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - chmod 400 "$SSH_PRIVATE_KEY" - - ssh-add "$SSH_PRIVATE_KEY" - - mkdir -p ~/.ssh - - chmod 700 ~/.ssh - # see https://docs.gitlab.com/ee/ci/jobs/ssh_keys.html#verifying-the-ssh-host-keys - - cp "$SSH_KNOWN_HOSTS" ~/.ssh/known_hosts - - chmod 644 ~/.ssh/known_hosts - script: - - ssh $SSH_USER@$SSH_HOST "cd ~/www/$ENVIRONMENT_DOMAIN; deployer deploy $CI_COMMIT_SHA" - allow_failure: true - timeout: 10m - -.deploy-staging: &deploy-staging - <<: *deploy - stage: 'deploy staging' - environment: - name: staging/$ENVIRONMENT_INSTANCE - url: https://$ENVIRONMENT_DOMAIN - -.deploy-unpublished: &deploy-unpublished - <<: *deploy - stage: 'deploy unpublished' - variables: - ENVIRONMENT_TIER: 'unpublished' - environment: - name: unpublished/$ENVIRONMENT_INSTANCE - url: https://$ENVIRONMENT_DOMAIN - deployment_tier: 'production' - -.deploy-production: &deploy-production - <<: *deploy - stage: 'deploy production' - rules: - - - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $DEPLOY_TARGET =~ $ENVIRONMENT_PATTERN - - - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH - when: manual - environment: - name: production/$ENVIRONMENT_INSTANCE - url: https://$ENVIRONMENT_DOMAIN - -deploy home: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'home' - ENVIRONMENT_DOMAIN: 'pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(_,home|production)(,|$)/' - -deploy ar: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'ar' - ENVIRONMENT_DOMAIN: 'ar.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(ar|production)(,|$)/' - -deploy de: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'de' - ENVIRONMENT_DOMAIN: 'pronomen.net' - ENVIRONMENT_PATTERN: '/(^|,)(de|production)(,|$)/' - -deploy en: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'en' - ENVIRONMENT_DOMAIN: 'en.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(en|production)(,|$)/' - -deploy en-simple: - <<: *deploy-unpublished - variables: - ENVIRONMENT_INSTANCE: 'en-simple' - ENVIRONMENT_DOMAIN: 'en-simple.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(en-simple|unpublished)(,|$)/' - -deploy eo: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'eo' - ENVIRONMENT_DOMAIN: 'pronomejo.net' - ENVIRONMENT_PATTERN: '/(^|,)(eo|production)(,|$)/' - -deploy es: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'es' - ENVIRONMENT_DOMAIN: 'pronombr.es' - ENVIRONMENT_PATTERN: '/(^|,)(es|production)(,|$)/' - -deploy et: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'et' - ENVIRONMENT_DOMAIN: 'et.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(et|production)(,|$)/' - -deploy fo: - <<: *deploy-unpublished - variables: - ENVIRONMENT_INSTANCE: 'fo' - ENVIRONMENT_DOMAIN: 'fo.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(fo|unpublished)(,|$)/' - -deploy fr: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'fr' - ENVIRONMENT_DOMAIN: 'pronoms.fr' - ENVIRONMENT_PATTERN: '/(^|,)(fr|production)(,|$)/' - -deploy hbs: - <<: *deploy-unpublished - variables: - ENVIRONMENT_INSTANCE: 'hbs' - ENVIRONMENT_DOMAIN: 'hbs.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(hbs|unpublished)(,|$)/' - -deploy he: - <<: *deploy-unpublished - variables: - ENVIRONMENT_INSTANCE: 'he' - ENVIRONMENT_DOMAIN: 'he.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(he|unpublished)(,|$)/' - -deploy it: - <<: *deploy-unpublished - variables: - ENVIRONMENT_INSTANCE: 'it' - ENVIRONMENT_DOMAIN: 'it.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(it|unpublished)(,|$)/' - -deploy ja: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'ja' - ENVIRONMENT_DOMAIN: 'ja.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(ja|production)(,|$)/' - -deploy ko: - <<: *deploy-unpublished - variables: - ENVIRONMENT_INSTANCE: 'ko' - ENVIRONMENT_DOMAIN: 'ko.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(ko|unpublished)(,|$)/' - -deploy lad: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'lad' - ENVIRONMENT_DOMAIN: 'lad.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(lad|production)(,|$)/' - -deploy nl: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'nl' - ENVIRONMENT_DOMAIN: 'nl.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(nl|production)(,|$)/' - -deploy nb: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'nb' - ENVIRONMENT_DOMAIN: 'nb.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(nb|production)(,|$)/' - -deploy no: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'no' - ENVIRONMENT_DOMAIN: 'no.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(no|production)(,|$)/' - -deploy nn: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'nn' - ENVIRONMENT_DOMAIN: 'nn.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(nn|production)(,|$)/' - -deploy pl: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'pl' - ENVIRONMENT_DOMAIN: 'zaimki.pl' - ENVIRONMENT_PATTERN: '/(^|,)(pl|production)(,|$)/' - -deploy pt: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'pt' - ENVIRONMENT_DOMAIN: 'pt.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(pt|production)(,|$)/' - -deploy ro: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'ro' - ENVIRONMENT_DOMAIN: 'ro.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(ro|production)(,|$)/' - -deploy ru: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'ru' - ENVIRONMENT_DOMAIN: 'ru.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(ru|production)(,|$)/' - -deploy sv: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'sv' - ENVIRONMENT_DOMAIN: 'sv.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(sv|production)(,|$)/' - -deploy tok: - <<: *deploy-unpublished - variables: - ENVIRONMENT_INSTANCE: 'tok' - ENVIRONMENT_DOMAIN: 'tok.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(tok|unpublished)(,|$)/' - -deploy tr: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'tr' - ENVIRONMENT_DOMAIN: 'tr.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(tr|production)(,|$)/' - -deploy ua: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'ua' - ENVIRONMENT_DOMAIN: 'ua.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(ua|production)(,|$)/' - -deploy vi: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'vi' - ENVIRONMENT_DOMAIN: 'vi.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(vi|production)(,|$)/' - -deploy yi: - <<: *deploy-unpublished - variables: - ENVIRONMENT_INSTANCE: 'yi' - ENVIRONMENT_DOMAIN: 'yi.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(yi|unpublished)(,|$)/' - -deploy zh: - <<: *deploy-production - variables: - ENVIRONMENT_INSTANCE: 'zh' - ENVIRONMENT_DOMAIN: 'zh.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(zh|production)(,|$)/' - -deploy test: - <<: *deploy-staging - variables: - ENVIRONMENT_INSTANCE: 'default' - ENVIRONMENT_DOMAIN: 'test.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(test|staging)(,|$)/' - -deploy test/pink: - <<: *deploy-staging - variables: - ENVIRONMENT_INSTANCE: 'pink' - ENVIRONMENT_DOMAIN: 'test-pink.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(test/pink|staging)(,|$)/' - -deploy test/purple: - <<: *deploy-staging - variables: - ENVIRONMENT_INSTANCE: 'purple' - ENVIRONMENT_DOMAIN: 'test-purple.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(test/purple|staging)(,|$)/' - -deploy test/single: - <<: *deploy-staging - variables: - ENVIRONMENT_INSTANCE: 'single' - ENVIRONMENT_DOMAIN: 'test-single.pronouns.page' - ENVIRONMENT_PATTERN: '/(^|,)(test/single|staging)(,|$)/' diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index eeebd1129..365ee9d13 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,11 +1,7 @@ -include: '.deploy.gitlab-ci.yml' - stages: - 'test' - 'build' - - 'deploy staging' - - 'deploy unpublished' - - 'deploy production' + - 'deploy' workflow: rules: @@ -143,6 +139,71 @@ build: - 'locale/*/img/*' timeout: 20m +.deploy: &deploy + stage: 'deploy' + tags: ['deploy'] + needs: + - + job: 'build' + artifacts: false + image: node:20.12.2 + before_script: + # see https://docs.gitlab.com/ee/ci/jobs/ssh_keys.html#ssh-keys-when-using-the-docker-executor + - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' + - eval $(ssh-agent -s) + - chmod 400 "$SSH_PRIVATE_KEY" + - ssh-add "$SSH_PRIVATE_KEY" + - mkdir -p ~/.ssh + - chmod 700 ~/.ssh + # see https://docs.gitlab.com/ee/ci/jobs/ssh_keys.html#verifying-the-ssh-host-keys + - cp "$SSH_KNOWN_HOSTS" ~/.ssh/known_hosts + - chmod 644 ~/.ssh/known_hosts + script: + - ssh $SSH_USER@$SSH_HOST "cd ~/www/$ENVIRONMENT_DOMAIN; deployer deploy $CI_COMMIT_SHA" + timeout: 10m + +deploy production: + <<: *deploy + rules: + - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $DEPLOY_TARGET == 'production' + - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH + when: manual + environment: + name: production + url: https://$ENVIRONMENT_DOMAIN + variables: + ENVIRONMENT_DOMAIN: 'pronouns.page' + +.deploy-test: &deploy-test + <<: *deploy + rules: + - if: $CI_COMMIT_TAG =~ /^deploy-.*/ && $CI_COMMIT_TAG_MESSAGE == 'test/$ENVIRONMENT_INSTANCE' + - if: $CI_COMMIT_REF_PROTECTED == 'true' && $DEPLOY_TARGET == 'test/$ENVIRONMENT_INSTANCE' + - if: $CI_COMMIT_REF_PROTECTED == 'true' + when: manual + environment: + name: test/$ENVIRONMENT_INSTANCE + url: https://$ENVIRONMENT_DOMAIN + allow_failure: true + +deploy test: + <<: *deploy-test + variables: + ENVIRONMENT_INSTANCE: 'default' + ENVIRONMENT_DOMAIN: 'test.pronouns.page' + +deploy test/pink: + <<: *deploy-test + variables: + ENVIRONMENT_INSTANCE: 'pink' + ENVIRONMENT_DOMAIN: 'test-pink.pronouns.page' + +deploy test/purple: + <<: *deploy-test + variables: + ENVIRONMENT_INSTANCE: 'purple' + ENVIRONMENT_DOMAIN: 'test-purple.pronouns.page' + # include: # - template: Security/Dependency-Scanning.gitlab-ci.yml #