stages: - build - deploy variables: IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA IMAGE_TAG_LATEST: $CI_REGISTRY_IMAGE:latest build_and_push: stage: build image: docker:29 services: - name: docker:29-dind command: ["--tls=false"] variables: DOCKER_TLS_CERTDIR: "" DOCKER_HOST: tcp://docker:2375 rules: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' script: - test -n "$CI_REGISTRY" -a -n "$CI_REGISTRY_IMAGE" || (echo "GitLab Container Registry is not enabled/configured for this project." && exit 1) - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" - docker build --target production -t "$IMAGE_TAG" -t "$IMAGE_TAG_LATEST" . - docker push "$IMAGE_TAG" - docker push "$IMAGE_TAG_LATEST" deploy_production: stage: deploy image: alpine:3.20 environment: name: production url: https://api-finance.ai-assistant-bot.xyz rules: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' when: manual allow_failure: false before_script: - apk add --no-cache openssh-client rsync - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts script: - ssh "$DEPLOY_USER@$DEPLOY_HOST" "mkdir -p /opt/apps/api-finance" - rsync -az --delete \ --exclude='.git' \ --exclude='.env' \ --exclude='.env.*' \ --exclude='node_modules' \ --exclude='coverage' \ --exclude='dist' \ ./ "$DEPLOY_USER@$DEPLOY_HOST:/opt/apps/api-finance/" - test -n "$CI_REGISTRY" -a -n "$CI_REGISTRY_IMAGE" || (echo "GitLab Container Registry is not enabled/configured for this project." && exit 1) - ssh "$DEPLOY_USER@$DEPLOY_HOST" "echo '$CI_REGISTRY_PASSWORD' | docker login -u '$CI_REGISTRY_USER' --password-stdin '$CI_REGISTRY'" - ssh "$DEPLOY_USER@$DEPLOY_HOST" "cd /opt/apps/api-finance && APP_IMAGE='$IMAGE_TAG' docker compose -f docker-compose.server.yml pull" - ssh "$DEPLOY_USER@$DEPLOY_HOST" "cd /opt/apps/api-finance && APP_IMAGE='$IMAGE_TAG' docker compose -f docker-compose.server.yml up -d"