ci: Support deploying to test and production

Env vars with prefixes have to be present and they are then stripped of their prefix
 depending on which env to deploy to.

IMAGE_PREFIX is now only used in the deploy script as it's the only one that realistically needs it.

#122: Deploy to separate GCP project

.semaphore/semaphore.yml

@@ -13,8 +13,6 @@ global_job_config:
   prologue:
     commands:
       - checkout
-      # Export all default variables
-      - set -a && source .env && set +a
       - echo "${DOCKER_PASSWORD}" | docker login --username
         "${DOCKER_USERNAME}" --password-stdin
       - export CI_COMMIT="${SEMAPHORE_GIT_SHA:0:7}"

README.md

@@ -60,10 +60,7 @@ docker volume rm isco-docker-sync
 ## Production
 
 ```bash
-set -a
-source .env
-CI_COMMIT='local'
-set +a
+export CI_COMMIT='local'
 ./ci/build.sh
 ```
 

ci/build.sh

@@ -66,15 +66,15 @@ frontend_build () {
        bash release.sh
 
     docker build \
-        --tag "${IMAGE_PREFIX}/frontend:latest" \
-        --tag "${IMAGE_PREFIX}/frontend:${CI_COMMIT}" frontend
+        --tag "isco/frontend:latest" \
+        --tag "isco/frontend:${CI_COMMIT}" frontend
 }
 
 backend_build () {
 
     docker build \
-        --tag "${IMAGE_PREFIX}/backend:latest" \
-        --tag "${IMAGE_PREFIX}/backend:${CI_COMMIT}" backend
+        --tag "isco/backend:latest" \
+        --tag "isco/backend:${CI_COMMIT}" backend
 
     # Test and Code Quality
     dc down

ci/deploy.sh

@@ -1,46 +1,69 @@
 #!/usr/bin/env bash
+
+# The required env vars require a registry_prefix depending on the deploy environment:
+#   prod: PROD_
+#   test: TEST_
+# For example the required var is CLOUDSDK_CORE_PROJECT.
+# In the prod environment it should be PROD_CLOUDSDK_CORE_PROJECT
+#
 # Required env vars:
 #   CLOUDSDK_CORE_PROJECT - ID of the GCP project
 #   CLOUDSDK_CONTAINER_CLUSTER - ID of the GKE cluster
-#   CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE -
 #   CLOUDSDK_COMPUTE_ZONE - the zone of the gke cluster
 #   GCP_DOCKER_HOST - Where to push the docker images to
-# Optional env vars:
-#   IMAGE_PREFIX - The host (and path if necessary) to push the docker images to
 #   GCP_SERVICE_ACCOUNT_FILE - path to file containing GCP service account credentials
+#   IMAGE_PREFIX - The host (and path if necessary) to push the docker images to
 set -exuo pipefail
 
 #[[ "${CI_BRANCH}" !=  "main" && ! "${CI_TAG:=}" =~ promote.* ]] && { echo "Branch different than main and not a tag. Skip deploy"; exit 0; }
 #[[ "${CI_PULL_REQUEST:-}" ==  "true" ]] && { echo "Pull request. Skip deploy"; exit 0; }
 
-test -n "${CLOUDSDK_CORE_PROJECT}"
-test -n "${CLOUDSDK_CONTAINER_CLUSTER}"
-test -n "${CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE}"
-test -n "${CLOUDSDK_COMPUTE_ZONE}"
-test -n "${GCP_DOCKER_HOST}"
+if [[ "${CI_TAG:=}" =~ promote.* ]]; then
+  PROD_DEPLOY=1
+fi
+
+export CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=False
+
+generate_vars(){
+  PREFIX="$1"
+  TO_GEN=(
+    "CLOUDSDK_CORE_PROJECT"
+    "CLOUDSDK_CONTAINER_CLUSTER"
+    "CLOUDSDK_COMPUTE_ZONE"
+    "GCP_DOCKER_HOST"
+    "GCP_SERVICE_ACCOUNT_FILE"
+    "IMAGE_PREFIX"
+  )
+  for to_gen in "${TO_GEN[@]}" ; do
+      varname="${PREFIX}_${to_gen}"
+      # ${!varname} = give me value or variable with the name stored in varname
+      # bash... I know
+      echo "exporting $to_gen"
+      export "$to_gen"="${!varname}"
+  done
+}
 
 auth () {
-    gcloud auth activate-service-account --key-file="${GCP_SERVICE_ACCOUNT_FILE:-/home/semaphore/.secrets/gcp.json}"
+    gcloud auth activate-service-account --key-file="${GCP_SERVICE_ACCOUNT_FILE}"
     gcloud auth configure-docker "${GCP_DOCKER_HOST}"
 }
 
 push_image () {
-    prefix="${IMAGE_PREFIX}"
-    docker push "${prefix}/${1}:${CI_COMMIT}"
-}
+    suffix="${1}:${CI_COMMIT}"
 
-prepare_deployment () {
-    cluster="production"
+    local_name="isco/$suffix"
+    remote_name="${IMAGE_PREFIX}/$suffix"
 
-    if [[ "${CI_TAG:=}" =~ promote.* ]]; then
-        cluster="production"
-    fi
+    docker tag $local_name $remote_name
+    docker push "${remote_name}"
+}
 
-    gcloud container clusters get-credentials "${cluster}"
+prepare_deployment () {
+    gcloud container clusters get-credentials "${CLOUDSDK_CONTAINER_CLUSTER}"
 
     sed "s/\${CI_COMMIT}/${CI_COMMIT}/g;" \
         ci/k8s/deployment.template.yml \
-        | sed "s/\${BUCKET_FOLDER}/${cluster}/g;" \
+        | sed "s/\${BUCKET_FOLDER}/${CLOUDSDK_CONTAINER_CLUSTER}/g;" \
         | sed "s|\${IMAGE_PREFIX}|${IMAGE_PREFIX}|g;" \
         > ci/k8s/deployment.yml
 }
@@ -50,6 +73,14 @@ apply_deployment () {
     kubectl apply -f ci/k8s/service.yml
 }
 
+set +x  # Disable printing the variable values; values might be secret
+if [[ -n "${PROD_DEPLOY:=}" ]] ; then
+  generate_vars "PROD"
+else
+  generate_vars "TEST"
+fi
+set -x  # Renable it
+
 auth
 
 if [[ -z "${CI_TAG:=}" ]]; then

docker-compose.ci.yml

@@ -12,13 +12,13 @@ services:
     command: "postgres -c 'shared_buffers=128MB' -c 'fsync=off' -c 'synchronous_commit=off' -c 'full_page_writes=off' -c 'max_connections=100' -c 'bgwriter_lru_maxpages=0' -c 'client_min_messages=warning'"
     restart: always
   frontend:
-    image: ${IMAGE_PREFIX}/frontend:latest
+    image: isco/frontend:latest
     command: ["nginx", "-g", "daemon off;"]
     depends_on:
       - backend
       - db
   backend:
-    image: ${IMAGE_PREFIX}/backend:latest
+    image: isco/backend:latest
     network_mode: service:mainnetwork
     command: ["sh", "run.sh"]
     environment:

docker-compose.test.yml

@@ -12,7 +12,7 @@ services:
       - ./db/script:/script:ro
     restart: always
   backend:
-    image: ${IMAGE_PREFIX}/backend:latest
+    image: isco/backend:latest
     volumes:
       - ./:/app:delegated
     working_dir: /app/backend