101 lines
2.5 KiB
YAML
101 lines
2.5 KiB
YAML
stages: [install, build, deploy]
|
|
|
|
variables:
|
|
NODE_ENV: production
|
|
BUILD_DIR: dist
|
|
|
|
# Gemeinsames pnpm-Setup für alle Node-Jobs
|
|
.node_pnpm: &node_pnpm
|
|
image: node:20-bullseye
|
|
before_script:
|
|
- echo "🧩 Corepack/Pnpm aktivieren..."
|
|
- corepack enable
|
|
- corepack prepare pnpm@9.12.0 --activate
|
|
- pnpm -v
|
|
|
|
cache:
|
|
key: ${CI_COMMIT_REF_SLUG}
|
|
paths:
|
|
- node_modules/
|
|
|
|
install:
|
|
stage: install
|
|
<<: *node_pnpm
|
|
script:
|
|
- echo "📦 Installing deps..."
|
|
# Nutze --frozen-lockfile nur, wenn pnpm-lock.yaml im Repo committed ist
|
|
- if [ -f pnpm-lock.yaml ]; then pnpm install --frozen-lockfile --reporter=append-only; else pnpm install --reporter=append-only; fi
|
|
artifacts:
|
|
paths:
|
|
- node_modules/
|
|
expire_in: 1h
|
|
|
|
build:
|
|
stage: build
|
|
<<: *node_pnpm
|
|
script:
|
|
- echo "🏗️ Building..."
|
|
- pnpm build
|
|
- echo "✅ Build complete."
|
|
artifacts:
|
|
paths:
|
|
- ${BUILD_DIR}/
|
|
expire_in: 1 week
|
|
|
|
.deploy_template: &deploy
|
|
stage: deploy
|
|
image: alpine:3.20
|
|
before_script:
|
|
- apk add --no-cache openssh-client rsync
|
|
- mkdir -p ~/.ssh
|
|
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
|
|
- chmod 600 ~/.ssh/id_ed25519
|
|
- ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
|
|
script:
|
|
- rsync -az --delete ${BUILD_DIR}/ $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH
|
|
|
|
deploy:staging:
|
|
<<: *deploy
|
|
variables:
|
|
DEPLOY_PATH: /www/htdocs/w020df28/projects/usbcheck/staging/
|
|
environment:
|
|
name: staging
|
|
url: https://staging.usbcheck.it
|
|
only:
|
|
- develop
|
|
- merge_requests
|
|
|
|
deploy:production:
|
|
<<: *deploy
|
|
variables:
|
|
DEPLOY_PATH: /www/htdocs/w020df28/projects/usbcheck/web/
|
|
environment:
|
|
name: production
|
|
url: https://www.usbcheck.it
|
|
only:
|
|
- main
|
|
when: manual
|
|
|
|
|
|
ssh:diagnose:
|
|
stage: deploy
|
|
image: alpine:3.20
|
|
script:
|
|
- apk add --no-cache openssh-client
|
|
- mkdir -p ~/.ssh && chmod 700 ~/.ssh
|
|
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
|
|
- chmod 600 ~/.ssh/id_ed25519
|
|
|
|
# zeige Fingerprint & public key (sollte zum KAS-Eintrag passen)
|
|
- echo "Public key derived from private key:"
|
|
- ssh-keygen -y -f ~/.ssh/id_ed25519 | tee /tmp/ci_pubkey.pub
|
|
- echo "Fingerprint:"; ssh-keygen -lf ~/.ssh/id_ed25519
|
|
|
|
# Hostkey anlernen
|
|
- ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
|
|
|
|
# Sehr ausführlicher Login-Test (ohne Befehl)
|
|
- echo "Trying SSH with -vvv..."
|
|
- ssh -vvv -o IdentitiesOnly=yes -o PreferredAuthentications=publickey $DEPLOY_USER@$DEPLOY_HOST 'echo OK'
|
|
when: manual
|