54 lines
1.9 KiB
YAML
54 lines
1.9 KiB
YAML
steps:
|
|
ssh-test:
|
|
image: google/cloud-sdk:latest
|
|
entrypoint:
|
|
- bash
|
|
- -c
|
|
- |
|
|
set -euo pipefail
|
|
|
|
mkdir -p ~/.ssh
|
|
|
|
# ── Install known-hosts from Secret Manager ────────────────
|
|
gcloud secrets versions access latest \
|
|
--secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \
|
|
| base64 -d > ~/.ssh/known_hosts
|
|
chmod 644 ~/.ssh/known_hosts
|
|
|
|
# ── Install private key ───────────────────────────────────
|
|
gcloud secrets versions access latest \
|
|
--secret=STAGING_SSH_KEY --project=aptivaai-dev \
|
|
| base64 -d > ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
|
|
echo "🔑 SSH prerequisites installed"
|
|
|
|
# ── Resolve tag from commit SHA ───────────────────────────
|
|
TAG=$(echo "${CI_COMMIT_SHA:-$CI_COMMIT:-$DRONE_COMMIT_SHA}" | head -c 8)
|
|
if [ -z "$TAG" ]; then
|
|
echo "❌ No valid commit SHA found. Aborting."
|
|
exit 1
|
|
fi
|
|
echo "🚀 Deploying tag ${TAG} to staging"
|
|
|
|
# ── SSH into staging and refresh stack ─────────────────────
|
|
ssh -o StrictHostKeyChecking=yes \
|
|
-i ~/.ssh/id_ed25519 \
|
|
jcoakley@10.128.0.12 \
|
|
"export IMG_TAG=${TAG}; \
|
|
cd /home/jcoakley/aptiva-staging-app; \
|
|
echo 'Pulling containers with IMG_TAG=${IMG_TAG}'; \
|
|
docker compose pull; \
|
|
echo 'Recreating services'; \
|
|
docker compose up -d --force-recreate --remove-orphans; \
|
|
echo '✅ Staging stack refreshed with tag ${IMG_TAG}'"
|
|
|
|
environment:
|
|
- CI_COMMIT_SHA
|
|
- CI_COMMIT
|
|
- DRONE_COMMIT_SHA
|
|
|
|
when:
|
|
event:
|
|
- push
|