diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c370124..8bd89f5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,7 @@ stages: - test - build + - deploy - release # AutoDevOps templates for security @@ -13,6 +14,8 @@ variables: COMPOSER_MEMORY_LIMIT: '-1' TIMEZONE: "Europe/Paris" SENTRY_URL: "" + # List of Docker containers to restart on deploy + DOCKER_CONTAINERS: "varnish nginx app cron worker" test: image: roadiz/php83-runner @@ -91,6 +94,51 @@ build_tag: #- "docker buildx bake --set *.args.COMPOSER_DEPLOY_TOKEN=${COMPOSER_DEPLOY_TOKEN} --push" - "docker buildx bake --push" +# ========================================== +# Deploy to production environment +# +# Need to generate a SSH (ed25519) key pair and add the private key to the Gitlab CI variables (base64 -w 0 encoded) and +# the public key to the server ~/.ssh/authorized_keys file. +# ssh-keygen -C "My project Gitlab CI deploy key" -t ed25519 -b 2048 -f my_project.id_ed25519 +# ========================================== +deploy_develop: + stage: deploy + image: alpine:3.21 + only: + - develop + needs: + - build_develop + when: on_success + after_script: + - rm -rf ~/.ssh + before_script: + - apk update + - apk add --no-cache openssh-client + - install -m 600 -D /dev/null ~/.ssh/id_ed25519 + - echo "${PREPROD_SSH_PRIVATE_KEY}" | base64 -d > ~/.ssh/id_ed25519 + - ssh-keyscan -p ${PREPROD_SSH_PORT} -H "${PREPROD_SSH_HOST}" > ~/.ssh/known_hosts + script: + - ssh -p ${PREPROD_SSH_PORT} ${PREPROD_SSH_USER}@${PREPROD_SSH_HOST} "cd ${PREPROD_WORKDIR} && docker compose pull && docker compose up -d ${DOCKER_CONTAINERS} && exit" + +deploy_production: + stage: deploy + image: alpine:3.21 + rules: + - if: $CI_COMMIT_TAG + needs: + - build_tag + when: on_success + after_script: + - rm -rf ~/.ssh + before_script: + - apk update + - apk add --no-cache openssh-client + - install -m 600 -D /dev/null ~/.ssh/id_ed25519 + - echo "${PROD_SSH_PRIVATE_KEY}" | base64 -d > ~/.ssh/id_ed25519 + - ssh-keyscan -p ${PROD_SSH_PORT} -H "${PROD_SSH_HOST}" > ~/.ssh/known_hosts + script: + - ssh -p ${PROD_SSH_PORT} ${PROD_SSH_USER}@${PROD_SSH_HOST} "cd ${PROD_WORKDIR} && docker compose pull && docker compose up -d ${DOCKER_CONTAINERS} && exit" + create_gitlab_release: stage: release image: registry.gitlab.com/gitlab-org/release-cli:latest @@ -98,7 +146,7 @@ create_gitlab_release: - if: $CI_COMMIT_TAG script: - echo "Running the release job." - needs: [ "build_tag" ] + needs: [ "deploy_production" ] when: on_success release: tag_name: $CI_COMMIT_TAG diff --git a/CHANGELOG.md b/CHANGELOG.md index 7250c90..3e41c6f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to project will be documented in this file. +## [2.4.1](https://github.com/roadiz/skeleton/compare/v2.4.0...v2.4.1) - 2024-12-11 + +### Documentation + +- Added Gitlab CI example how to deploy docker compose to distant SSH servers - ([d0ee7b3](https://github.com/roadiz/skeleton/commit/d0ee7b3ffdc65748ae6a74672d45fd0b08946c97)) - Ambroise Maupate + ## [2.4.0](https://github.com/roadiz/skeleton/compare/v2.3.9...v2.4.0) - 2024-12-06 ### ⚠ Breaking changes @@ -31,7 +37,6 @@ All notable changes to project will be documented in this file. ### Features -- Config updates for api-platform 3.3 - ([3baf2d0](https://github.com/roadiz/skeleton/commit/3baf2d0308dd4d6de461267c8a86ec61d3225163)) - Ambroise Maupate - Prevent cron docker entrypoint to run as non-root user - ([2dc6c62](https://github.com/roadiz/skeleton/commit/2dc6c6248a6ef72f0a557c3727ad8286ce8d0fed)) - Ambroise Maupate - Replace `squizlabs/php_codesniffer` package with `friendsofphp/php-cs-fixer` - ([a369090](https://github.com/roadiz/skeleton/commit/a36909011b085eb91aa6a0579a14859edbd9d234)) - Ambroise Maupate - [**breaking**]Migrate Dockerfile to multi-stage build and get rid of `roadiz/php83-fpm-alpine` base image - ([d2f3899](https://github.com/roadiz/skeleton/commit/d2f3899d10e2fc5df5e341354a387e8129f26789)) - Ambroise Maupate @@ -51,6 +56,10 @@ All notable changes to project will be documented in this file. - Removed useless `themes` folder - ([f06198c](https://github.com/roadiz/skeleton/commit/f06198ce0b7584b8b7294cb42662a73b9fe9b7c0)) - Ambroise Maupate +### Features + +- Config updates for api-platform 3.3 - ([3baf2d0](https://github.com/roadiz/skeleton/commit/3baf2d0308dd4d6de461267c8a86ec61d3225163)) - Ambroise Maupate + ## [2.3.8](https://github.com/roadiz/skeleton/compare/v2.3.7...v2.3.8) - 2024-06-26 ### Bug Fixes diff --git a/Dockerfile b/Dockerfile index c96c72f..c6e6f81 100644 --- a/Dockerfile +++ b/Dockerfile @@ -319,6 +319,6 @@ FROM varnish:${VARNISH_VERSION}-alpine AS varnish LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com" -ENV VARNISH_SIZE 512G +ENV VARNISH_SIZE 256G COPY --link docker/varnish/default.vcl /etc/varnish/ diff --git a/README.md b/README.md index f50552f..579ef53 100644 --- a/README.md +++ b/README.md @@ -117,16 +117,6 @@ Use built-in command to generate your key pair (following command should have be docker compose exec app bin/console lexik:jwt:generate-keypair ``` -Or manually using `openssl` - -```shell script -# Reveal your JWT_PASSPHRASE -docker compose exec app bin/console secrets:list --reveal -# Fill JWT_PASSPHRASE env var. -openssl genpkey -out config/jwt/private.pem -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096; -openssl pkey -in config/jwt/private.pem -out config/jwt/public.pem -pubout; -``` - ### Install database Use `make install` command to install your database schema and fixtures.