diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index e398b2a6..9b2cac44 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -13,8 +13,6 @@ global_job_config: prologue: commands: - checkout - # Export all default variables - - set -a && source .env && set +a - echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin - export CI_COMMIT="${SEMAPHORE_GIT_SHA:0:7}" diff --git a/README.md b/README.md index a6b3c63d..7ed21051 100644 --- a/README.md +++ b/README.md @@ -60,10 +60,7 @@ docker volume rm isco-docker-sync ## Production ```bash -set -a -source .env -CI_COMMIT='local' -set +a +export CI_COMMIT='local' ./ci/build.sh ``` diff --git a/ci/build.sh b/ci/build.sh index 39ddaad5..0e246621 100755 --- a/ci/build.sh +++ b/ci/build.sh @@ -66,15 +66,15 @@ frontend_build () { bash release.sh docker build \ - --tag "${IMAGE_PREFIX}/frontend:latest" \ - --tag "${IMAGE_PREFIX}/frontend:${CI_COMMIT}" frontend + --tag "isco/frontend:latest" \ + --tag "isco/frontend:${CI_COMMIT}" frontend } backend_build () { docker build \ - --tag "${IMAGE_PREFIX}/backend:latest" \ - --tag "${IMAGE_PREFIX}/backend:${CI_COMMIT}" backend + --tag "isco/backend:latest" \ + --tag "isco/backend:${CI_COMMIT}" backend # Test and Code Quality dc down diff --git a/ci/deploy.sh b/ci/deploy.sh index 1e030989..820233f3 100755 --- a/ci/deploy.sh +++ b/ci/deploy.sh @@ -1,46 +1,69 @@ #!/usr/bin/env bash + +# The required env vars require a registry_prefix depending on the deploy environment: +# prod: PROD_ +# test: TEST_ +# For example the required var is CLOUDSDK_CORE_PROJECT. +# In the prod environment it should be PROD_CLOUDSDK_CORE_PROJECT +# # Required env vars: # CLOUDSDK_CORE_PROJECT - ID of the GCP project # CLOUDSDK_CONTAINER_CLUSTER - ID of the GKE cluster -# CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE - # CLOUDSDK_COMPUTE_ZONE - the zone of the gke cluster # GCP_DOCKER_HOST - Where to push the docker images to -# Optional env vars: -# IMAGE_PREFIX - The host (and path if necessary) to push the docker images to # GCP_SERVICE_ACCOUNT_FILE - path to file containing GCP service account credentials +# IMAGE_PREFIX - The host (and path if necessary) to push the docker images to set -exuo pipefail #[[ "${CI_BRANCH}" != "main" && ! "${CI_TAG:=}" =~ promote.* ]] && { echo "Branch different than main and not a tag. Skip deploy"; exit 0; } #[[ "${CI_PULL_REQUEST:-}" == "true" ]] && { echo "Pull request. Skip deploy"; exit 0; } -test -n "${CLOUDSDK_CORE_PROJECT}" -test -n "${CLOUDSDK_CONTAINER_CLUSTER}" -test -n "${CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE}" -test -n "${CLOUDSDK_COMPUTE_ZONE}" -test -n "${GCP_DOCKER_HOST}" +if [[ "${CI_TAG:=}" =~ promote.* ]]; then + PROD_DEPLOY=1 +fi + +export CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=False + +generate_vars(){ + PREFIX="$1" + TO_GEN=( + "CLOUDSDK_CORE_PROJECT" + "CLOUDSDK_CONTAINER_CLUSTER" + "CLOUDSDK_COMPUTE_ZONE" + "GCP_DOCKER_HOST" + "GCP_SERVICE_ACCOUNT_FILE" + "IMAGE_PREFIX" + ) + for to_gen in "${TO_GEN[@]}" ; do + varname="${PREFIX}_${to_gen}" + # ${!varname} = give me value or variable with the name stored in varname + # bash... I know + echo "exporting $to_gen" + export "$to_gen"="${!varname}" + done +} auth () { - gcloud auth activate-service-account --key-file="${GCP_SERVICE_ACCOUNT_FILE:-/home/semaphore/.secrets/gcp.json}" + gcloud auth activate-service-account --key-file="${GCP_SERVICE_ACCOUNT_FILE}" gcloud auth configure-docker "${GCP_DOCKER_HOST}" } push_image () { - prefix="${IMAGE_PREFIX}" - docker push "${prefix}/${1}:${CI_COMMIT}" -} + suffix="${1}:${CI_COMMIT}" -prepare_deployment () { - cluster="production" + local_name="isco/$suffix" + remote_name="${IMAGE_PREFIX}/$suffix" - if [[ "${CI_TAG:=}" =~ promote.* ]]; then - cluster="production" - fi + docker tag $local_name $remote_name + docker push "${remote_name}" +} - gcloud container clusters get-credentials "${cluster}" +prepare_deployment () { + gcloud container clusters get-credentials "${CLOUDSDK_CONTAINER_CLUSTER}" sed "s/\${CI_COMMIT}/${CI_COMMIT}/g;" \ ci/k8s/deployment.template.yml \ - | sed "s/\${BUCKET_FOLDER}/${cluster}/g;" \ + | sed "s/\${BUCKET_FOLDER}/${CLOUDSDK_CONTAINER_CLUSTER}/g;" \ | sed "s|\${IMAGE_PREFIX}|${IMAGE_PREFIX}|g;" \ > ci/k8s/deployment.yml } @@ -50,6 +73,14 @@ apply_deployment () { kubectl apply -f ci/k8s/service.yml } +set +x # Disable printing the variable values; values might be secret +if [[ -n "${PROD_DEPLOY:=}" ]] ; then + generate_vars "PROD" +else + generate_vars "TEST" +fi +set -x # Renable it + auth if [[ -z "${CI_TAG:=}" ]]; then diff --git a/docker-compose.ci.yml b/docker-compose.ci.yml index 52e31ea3..02dccff1 100644 --- a/docker-compose.ci.yml +++ b/docker-compose.ci.yml @@ -12,13 +12,13 @@ services: command: "postgres -c 'shared_buffers=128MB' -c 'fsync=off' -c 'synchronous_commit=off' -c 'full_page_writes=off' -c 'max_connections=100' -c 'bgwriter_lru_maxpages=0' -c 'client_min_messages=warning'" restart: always frontend: - image: ${IMAGE_PREFIX}/frontend:latest + image: isco/frontend:latest command: ["nginx", "-g", "daemon off;"] depends_on: - backend - db backend: - image: ${IMAGE_PREFIX}/backend:latest + image: isco/backend:latest network_mode: service:mainnetwork command: ["sh", "run.sh"] environment: diff --git a/docker-compose.test.yml b/docker-compose.test.yml index c2cb261d..c20829d1 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -12,7 +12,7 @@ services: - ./db/script:/script:ro restart: always backend: - image: ${IMAGE_PREFIX}/backend:latest + image: isco/backend:latest volumes: - ./:/app:delegated working_dir: /app/backend