pipline build v26 - TAG GCP added, deploy_all.sh updated
This commit is contained in:
parent
0d6b3c2e5b
commit
5a1817e4f5
@ -1,53 +1,45 @@
|
|||||||
steps:
|
- name: ssh-test
|
||||||
ssh-test:
|
image: google/cloud-sdk:latest
|
||||||
image: google/cloud-sdk:latest
|
entrypoint:
|
||||||
entrypoint:
|
- bash
|
||||||
- bash
|
- -c
|
||||||
- -c
|
- |
|
||||||
- |
|
set -euo pipefail
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
mkdir -p ~/.ssh
|
mkdir -p ~/.ssh
|
||||||
|
|
||||||
# ── Inject known-hosts and SSH key ──────────────────────────────
|
# ── Inject known-hosts and SSH key ───────────────────────────────
|
||||||
gcloud secrets versions access latest \
|
gcloud secrets versions access latest \
|
||||||
--secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \
|
--secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \
|
||||||
| base64 -d > ~/.ssh/known_hosts
|
| base64 -d > ~/.ssh/known_hosts
|
||||||
chmod 644 ~/.ssh/known_hosts
|
chmod 644 ~/.ssh/known_hosts
|
||||||
|
|
||||||
gcloud secrets versions access latest \
|
gcloud secrets versions access latest \
|
||||||
--secret=STAGING_SSH_KEY --project=aptivaai-dev \
|
--secret=STAGING_SSH_KEY --project=aptivaai-dev \
|
||||||
| base64 -d > ~/.ssh/id_ed25519
|
| base64 -d > ~/.ssh/id_ed25519
|
||||||
chmod 600 ~/.ssh/id_ed25519
|
chmod 600 ~/.ssh/id_ed25519
|
||||||
|
|
||||||
echo "🔑 SSH prerequisites installed"
|
echo "🔑 SSH prerequisites installed"
|
||||||
|
|
||||||
# ── Grab full commit SHA and slice tag ──────────────────────────
|
# ── Fetch IMG_TAG from canonical source ───────────────────────────
|
||||||
echo "📦 CI_COMMIT_SHA: ${CI_COMMIT_SHA:-unset}"
|
IMG_TAG=$(gcloud secrets versions access latest \
|
||||||
TAG="${CI_COMMIT_SHA:-}"
|
--secret=IMG_TAG --project=aptivaai-dev)
|
||||||
if [ -z "$TAG" ]; then
|
echo "📦 IMG_TAG=${IMG_TAG}"
|
||||||
echo "❌ CI_COMMIT_SHA is blank. Aborting."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
TAG=$(echo "$TAG" | head -c 8)
|
|
||||||
echo "🚀 Deploying tag ${TAG} to staging"
|
|
||||||
|
|
||||||
# ── SSH into staging and refresh the stack ──────────────────────
|
# ── SSH into staging and refresh the stack ───────────────────────
|
||||||
ssh -o StrictHostKeyChecking=yes \
|
ssh -o StrictHostKeyChecking=yes \
|
||||||
-i ~/.ssh/id_ed25519 \
|
-i ~/.ssh/id_ed25519 \
|
||||||
jcoakley@10.128.0.12 \
|
jcoakley@10.128.0.12 \
|
||||||
"export IMG_TAG=${TAG}; \
|
"export IMG_TAG=${IMG_TAG}; \
|
||||||
cd /home/jcoakley/aptiva-staging-app; \
|
cd /home/jcoakley/aptiva-staging-app; \
|
||||||
echo 'IMG_TAG = ${IMG_TAG}'; \
|
echo 'IMG_TAG = ${IMG_TAG}'; \
|
||||||
echo '→ Pulling containers'; \
|
echo '→ Pulling containers'; \
|
||||||
docker compose pull; \
|
docker compose pull; \
|
||||||
echo '→ Recreating services'; \
|
echo '→ Recreating services'; \
|
||||||
docker compose up -d --force-recreate --remove-orphans; \
|
docker compose up -d --force-recreate --remove-orphans; \
|
||||||
echo '✅ Staging stack refreshed with tag ${IMG_TAG}'"
|
echo '✅ Staging stack refreshed with tag ${IMG_TAG}'"
|
||||||
|
|
||||||
environment:
|
|
||||||
CI_COMMIT_SHA: ${CI_COMMIT_SHA}
|
|
||||||
|
|
||||||
|
secrets: [ gcp-creds ]
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- push
|
- push
|
||||||
|
|||||||
@ -41,6 +41,15 @@ else
|
|||||||
fi
|
fi
|
||||||
echo "✅ .env updated with IMG_TAG=${TAG}"
|
echo "✅ .env updated with IMG_TAG=${TAG}"
|
||||||
|
|
||||||
|
# ─────────────────────────────────────────────────────────────
|
||||||
|
# 1a. Publish IMG_TAG to GCP Secret Manager (canonical source)
|
||||||
|
# ─────────────────────────────────────────────────────────────
|
||||||
|
echo "${TAG}" | gcloud secrets versions add IMG_TAG_DEV1 \
|
||||||
|
--data-file=- \
|
||||||
|
--project="$PROJECT"
|
||||||
|
|
||||||
|
echo "📦 IMG_TAG pushed to Secret Manager as IMG_TAG_DEV1"
|
||||||
|
|
||||||
# ─────────────────────────────────────────────────────────────
|
# ─────────────────────────────────────────────────────────────
|
||||||
# 2. Export secrets straight from Secret Manager
|
# 2. Export secrets straight from Secret Manager
|
||||||
# (they live only in this shell, never on disk)
|
# (they live only in this shell, never on disk)
|
||||||
@ -61,7 +70,6 @@ export FROM_SECRETS_MANAGER=true
|
|||||||
# Preserve only the variables docker‑compose needs for expansion
|
# Preserve only the variables docker‑compose needs for expansion
|
||||||
preserve=IMG_TAG,FROM_SECRETS_MANAGER,REACT_APP_API_URL,$(IFS=,; echo "${SECRETS[*]}")
|
preserve=IMG_TAG,FROM_SECRETS_MANAGER,REACT_APP_API_URL,$(IFS=,; echo "${SECRETS[*]}")
|
||||||
|
|
||||||
|
|
||||||
echo "🚀 docker compose up -d (with preserved env: $preserve)"
|
echo "🚀 docker compose up -d (with preserved env: $preserve)"
|
||||||
sudo --preserve-env="$preserve" docker compose up -d --force-recreate 2> >(grep -v 'WARN
|
sudo --preserve-env="$preserve" docker compose up -d --force-recreate 2> >(grep -v 'WARN
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user