projects/usbcheck.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update .gitlab-ci.yml file

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2025-11-13 00:53:11 +01:00
parent 5af5a28387
commit 3bf2ee4be4
1 changed files with 26 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
.gitlab-ci.yml
View File

@@ -1,4 +1,7 @@
stages: [install, build, deploy] stages:
- install
- build
- deploy
variables: variables:
NODE_ENV: production NODE_ENV: production
@@ -13,23 +16,25 @@ variables:
- corepack prepare pnpm@9.12.0 --activate - corepack prepare pnpm@9.12.0 --activate
- pnpm -v - pnpm -v
# Cache node_modules für schnellere Builds
cache: cache:
key: ${CI_COMMIT_REF_SLUG} key: ${CI_COMMIT_REF_SLUG}
paths: paths:
- node_modules/ - node_modules/
# 1) Dependencies installieren
install: install:
stage: install stage: install
<<: *node_pnpm <<: *node_pnpm
script: script:
- echo "📦 Installing deps..." - echo "📦 Installing deps..."
# Nutze --frozen-lockfile nur, wenn pnpm-lock.yaml im Repo committed ist
- if [ -f pnpm-lock.yaml ]; then pnpm install --frozen-lockfile --reporter=append-only; else pnpm install --reporter=append-only; fi - if [ -f pnpm-lock.yaml ]; then pnpm install --frozen-lockfile --reporter=append-only; else pnpm install --reporter=append-only; fi
artifacts: artifacts:
paths: paths:
- node_modules/ - node_modules/
expire_in: 1h expire_in: 1h
# 2) Build erzeugen
build: build:
stage: build stage: build
<<: *node_pnpm <<: *node_pnpm
@@ -42,22 +47,29 @@ build:
- ${BUILD_DIR}/ - ${BUILD_DIR}/
expire_in: 1 week expire_in: 1 week
.deploy_template: &deploy # 3) Template für FTPS-Deploy (lftp)
.deploy_ftps_template: &deploy_ftps
stage: deploy stage: deploy
image: alpine:3.20 image: alpine:3.20
before_script: before_script:
- apk add --no-cache openssh-client rsync - echo "📡 Installing lftp..."
- mkdir -p ~/.ssh - apk add --no-cache lftp
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
- ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
script: script:
- rsync -az --delete ${BUILD_DIR}/ $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH - echo "🚀 Deploy via FTPS to $FTP_HOST:$FTP_PATH ..."
- lftp -e "
set ftp:passive-mode true;
set ssl:verify-certificate no;
open -u $FTP_USER,$FTP_PASSWORD $FTP_HOST;
mirror -R --delete --parallel=4 ${BUILD_DIR}/ $FTP_PATH;
bye
"
- echo "✅ Deploy finished."
# 3a) Staging-Deployment
deploy:staging: deploy:staging:
<<: *deploy <<: *deploy_ftps
variables: variables:
DEPLOY_PATH: /www/htdocs/w020df28/projects/usbcheck/staging/ FTP_PATH: $FTP_PATH_STAGING
environment: environment:
name: staging name: staging
url: https://staging.usbcheck.it url: https://staging.usbcheck.it
@@ -65,36 +77,14 @@ deploy:staging:
- develop - develop
- merge_requests - merge_requests
# 3b) Production-Deployment
deploy:production: deploy:production:
<<: *deploy <<: *deploy_ftps
variables: variables:
DEPLOY_PATH: /www/htdocs/w020df28/projects/usbcheck/web/ FTP_PATH: $FTP_PATH_PROD
environment: environment:
name: production name: production
url: https://www.usbcheck.it url: https://www.usbcheck.it
only: only:
- main - main
when: manual when: manual
ssh:diagnose:
stage: deploy
image: alpine:3.20
script:
- apk add --no-cache openssh-client
- mkdir -p ~/.ssh && chmod 700 ~/.ssh
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
# zeige Fingerprint & public key (sollte zum KAS-Eintrag passen)
- echo "Public key derived from private key:"
- ssh-keygen -y -f ~/.ssh/id_ed25519 | tee /tmp/ci_pubkey.pub
- echo "Fingerprint:"; ssh-keygen -lf ~/.ssh/id_ed25519
# Hostkey anlernen
- ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
# Sehr ausführlicher Login-Test (ohne Befehl)
- echo "Trying SSH with -vvv..."
- ssh -vvv -o IdentitiesOnly=yes -o PreferredAuthentications=publickey $DEPLOY_USER@$DEPLOY_HOST 'echo OK'
when: manual