233 lines
8.2 KiB
YAML
233 lines
8.2 KiB
YAML
labels:
|
|
location: manager
|
|
|
|
clone:
|
|
git:
|
|
image: woodpeckerci/plugin-git
|
|
settings:
|
|
partial: false
|
|
depth: 1
|
|
recursive: true
|
|
|
|
steps:
|
|
# Build and Push for Staging
|
|
build-push-staging:
|
|
name: build-push-staging
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
environment:
|
|
REGISTRY_USER:
|
|
from_secret: REGISTRY_USER
|
|
REGISTRY_PASSWORD:
|
|
from_secret: REGISTRY_PASSWORD
|
|
DOCKER_REGISTRY_USER:
|
|
from_secret: DOCKER_REGISTRY_USER
|
|
DOCKER_REGISTRY_PASSWORD:
|
|
from_secret: DOCKER_REGISTRY_PASSWORD
|
|
# Authelia Core Secrets
|
|
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
|
|
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
|
|
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
|
|
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
|
|
STORAGE_ENCRYPTION_KEY:
|
|
from_secret: STORAGE_ENCRYPTION_KEY
|
|
SESSION_SECRET:
|
|
from_secret: SESSION_SECRET
|
|
NOTIFIER_SMTP_PASSWORD:
|
|
from_secret: NOTIFIER_SMTP_PASSWORD
|
|
# OIDC Secrets
|
|
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
|
|
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
|
|
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
|
|
# # Client Secrets
|
|
# CLIENT_SECRET_HEADSCALE:
|
|
# from_secret: CLIENT_SECRET_HEADSCALE
|
|
# CLIENT_SECRET_HEADADMIN:
|
|
# from_secret: CLIENT_SECRET_HEADADMIN
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
commands:
|
|
- echo "Logging into registries"
|
|
- echo "$${DOCKER_REGISTRY_PASSWORD}" | docker login -u "$${DOCKER_REGISTRY_USER}" --password-stdin
|
|
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
|
|
- echo "Building and pushing application for staging"
|
|
- docker compose -f docker-compose.staging.yml build --no-cache
|
|
- docker compose -f docker-compose.staging.yml push
|
|
when:
|
|
branch: main
|
|
event: push
|
|
|
|
# Deploy Staging
|
|
deploy-staging:
|
|
name: deploy-staging
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
environment:
|
|
REGISTRY_USER:
|
|
from_secret: REGISTRY_USER
|
|
REGISTRY_PASSWORD:
|
|
from_secret: REGISTRY_PASSWORD
|
|
# Authelia Core Secrets
|
|
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
|
|
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
|
|
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
|
|
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
|
|
STORAGE_ENCRYPTION_KEY:
|
|
from_secret: STORAGE_ENCRYPTION_KEY
|
|
SESSION_SECRET:
|
|
from_secret: SESSION_SECRET
|
|
NOTIFIER_SMTP_PASSWORD:
|
|
from_secret: NOTIFIER_SMTP_PASSWORD
|
|
# OIDC Secrets
|
|
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
|
|
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
|
|
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
|
|
# Client Secrets
|
|
CLIENT_SECRET_HEADSCALE:
|
|
from_secret: CLIENT_SECRET_HEADSCALE
|
|
CLIENT_SECRET_HEADADMIN:
|
|
from_secret: CLIENT_SECRET_HEADADMIN
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
commands:
|
|
- echo "Deploying to staging environment"
|
|
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
|
|
- docker stack deploy --with-registry-auth -c ./stack.staging.yml $${CI_REPO_NAME}-staging
|
|
when:
|
|
branch: main
|
|
event: push
|
|
|
|
# Cleanup Staging
|
|
cleanup-staging:
|
|
name: cleanup-staging
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
environment:
|
|
REGISTRY_USER:
|
|
from_secret: REGISTRY_USER
|
|
REGISTRY_PASSWORD:
|
|
from_secret: REGISTRY_PASSWORD
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
commands:
|
|
- echo "Cleaning up staging environment"
|
|
- for i in {1..5}; do docker stack rm ${CI_REPO_NAME}-staging && break || sleep 10; done
|
|
- docker compose -f docker-compose.staging.yml down
|
|
- docker compose -f docker-compose.staging.yml rm -f
|
|
when:
|
|
branch: main
|
|
event: push
|
|
|
|
# Build and Push for Production
|
|
build-push-production:
|
|
name: build-push-production
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
environment:
|
|
REGISTRY_USER:
|
|
from_secret: REGISTRY_USER
|
|
REGISTRY_PASSWORD:
|
|
from_secret: REGISTRY_PASSWORD
|
|
DOCKER_REGISTRY_USER:
|
|
from_secret: DOCKER_REGISTRY_USER
|
|
DOCKER_REGISTRY_PASSWORD:
|
|
from_secret: DOCKER_REGISTRY_PASSWORD
|
|
# Authelia Core Secrets
|
|
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
|
|
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
|
|
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
|
|
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
|
|
STORAGE_ENCRYPTION_KEY:
|
|
from_secret: STORAGE_ENCRYPTION_KEY
|
|
SESSION_SECRET:
|
|
from_secret: SESSION_SECRET
|
|
NOTIFIER_SMTP_PASSWORD:
|
|
from_secret: NOTIFIER_SMTP_PASSWORD
|
|
# OIDC Secrets
|
|
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
|
|
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
|
|
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
|
|
# Client Secrets
|
|
CLIENT_SECRET_HEADSCALE:
|
|
from_secret: CLIENT_SECRET_HEADSCALE
|
|
CLIENT_SECRET_HEADADMIN:
|
|
from_secret: CLIENT_SECRET_HEADADMIN
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
commands:
|
|
- echo "Logging into registries"
|
|
- echo "$${DOCKER_REGISTRY_PASSWORD}" | docker login -u "$${DOCKER_REGISTRY_USER}" --password-stdin
|
|
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
|
|
- echo "Building and pushing application for production"
|
|
- docker compose -f docker-compose.production.yml build --no-cache
|
|
- docker compose -f docker-compose.production.yml push
|
|
when:
|
|
branch: main
|
|
event: [push, cron]
|
|
|
|
# Deploy Production
|
|
deploy-production:
|
|
name: deploy-production
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
environment:
|
|
REGISTRY_USER:
|
|
from_secret: REGISTRY_USER
|
|
REGISTRY_PASSWORD:
|
|
from_secret: REGISTRY_PASSWORD
|
|
# Authelia Core Secrets
|
|
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
|
|
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
|
|
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
|
|
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
|
|
STORAGE_ENCRYPTION_KEY:
|
|
from_secret: STORAGE_ENCRYPTION_KEY
|
|
SESSION_SECRET:
|
|
from_secret: SESSION_SECRET
|
|
NOTIFIER_SMTP_PASSWORD:
|
|
from_secret: NOTIFIER_SMTP_PASSWORD
|
|
# OIDC Secrets
|
|
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
|
|
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
|
|
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
|
|
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
|
|
# Client Secrets
|
|
CLIENT_SECRET_HEADSCALE:
|
|
from_secret: CLIENT_SECRET_HEADSCALE
|
|
CLIENT_SECRET_HEADADMIN:
|
|
from_secret: CLIENT_SECRET_HEADADMIN
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
commands:
|
|
- echo "=== DEBUGGING CI WORKSPACE ==="
|
|
- pwd
|
|
- ls -la
|
|
- echo "=== CHECKING SCRIPTS DIRECTORY ==="
|
|
- ls -la scripts/ || echo "scripts directory not found"
|
|
- echo "=== AVAILABLE SHELLS ==="
|
|
- which bash || echo "bash not found"
|
|
- which sh || echo "sh not found"
|
|
- echo "=== ENVIRONMENT INFO ==="
|
|
- uname -a || echo "uname not available"
|
|
- echo "=== ATTEMPTING DEPLOYMENT ==="
|
|
- sh ./scripts/ci-deploy-production.sh
|
|
when:
|
|
branch: main
|
|
event: [push, cron]
|
|
|
|
# Post-Deployment Smoke Tests
|
|
post-deploy-smoke-tests:
|
|
name: run-post-deploy-smoke-tests
|
|
image: git.nixc.us/colin/playwright:latest
|
|
environment:
|
|
BASE_URL: https://git.nixc.us
|
|
when:
|
|
branch: main
|
|
event: push
|