This commit is contained in:
Stephan D
@@ -22,9 +22,6 @@ steps:
|
||||
commands:
|
||||
- apk add --no-cache curl bash coreutils sed python3 openssh-keygen
|
||||
- mkdir -p secrets
|
||||
# fetch registry creds
|
||||
- ./ci/vlt kv_to_file kv registry user secrets/REGISTRY_USER 600
|
||||
- ./ci/vlt kv_to_file kv registry password secrets/REGISTRY_PASS 600
|
||||
# fetch SSH private key for deploy (base64-encoded) and decode
|
||||
- ./ci/vlt kv_to_file kv ops/deploy/ssh_key private_b64 secrets/SSH_KEY.b64 600
|
||||
- base64 -d secrets/SSH_KEY.b64 > secrets/SSH_KEY
|
||||
|
||||
@@ -11,17 +11,11 @@ REMOTE_TARGET="${SSH_USER}@${SSH_HOST}"
|
||||
ssh -o StrictHostKeyChecking=no "$REMOTE_TARGET" "mkdir -p ${REMOTE_DIR}/{compose,env}"
|
||||
rsync -avz --delete ci/prod/compose/ "$REMOTE_TARGET:${REMOTE_DIR}/compose/"
|
||||
rsync -avz ci/prod/.env.runtime "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.runtime"
|
||||
rsync -avz secrets/REGISTRY_USER "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.registry.user"
|
||||
rsync -avz secrets/REGISTRY_PASS "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.registry.pass"
|
||||
ssh -o StrictHostKeyChecking=no "$REMOTE_TARGET" REMOTE_DIR="$REMOTE_DIR" <<'EOSSH'
|
||||
set -xeuo pipefail
|
||||
cd "${REMOTE_DIR}/compose"
|
||||
set -a
|
||||
. ../env/.env.runtime
|
||||
export REGISTRY_USER="$(cat ../env/.env.registry.user)"
|
||||
export REGISTRY_PASS="$(cat ../env/.env.registry.pass)"
|
||||
mkdir -p ~/.docker
|
||||
echo "${REGISTRY_PASS}" | docker login "${REGISTRY_URL}" --username "${REGISTRY_USER}" --password-stdin >/dev/null
|
||||
set +a
|
||||
docker compose -f db.yml pull
|
||||
docker compose -f db.yml up -d --remove-orphans
|
||||
|
||||
Reference in New Issue
Block a user