image: docker:stable
stages:
- build
- test
- deploy
- rollback
build:
stage: build
script:
# Setup
- export AWS_REGION="eu-west-1"
- export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
- export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
- export REPO=$CI_ECR_URL
- apk update
- apk --no-cache add --update curl python python-dev py-pip
- pip install awscli --upgrade --user
- export PATH=~/.local/bin:/usr/bin/:$PATH
# AUTH
- CERT=`aws ecr get-login --no-include-email --region ${AWS_REGION}`
- ${CERT}
# Build
- docker build -t ${CI_PROJECT_NAME}:$CI_COMMIT_SHA .
- docker tag $CI_PROJECT_NAME:$CI_COMMIT_SHA $REPO:latest
- docker push $REPO:latest
environment:
name: qa
url: $CI_ALB_URL
lint:
image: $CI_ECR_URL:latest
stage: test
variables:
GIT_STRATEGY: none
script:
- cd ${HOME}
- npm run lint
test:
image: $CI_ECR_URL:latest
stage: test
variables:
GIT_STRATEGY: none
script:
- cd ${HOME}
- npm run test
create-rollback:
stage: test
only:
- master
script:
- export AWS_REGION="eu-west-1"
- export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
- export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
- apk --no-cache add --update curl python python-dev py-pip jq
- pip install awscli --upgrade --user
- export PATH=~/.local/bin:/usr/bin/:$PATH
# Discover the ALB name
- ALB=`aws elbv2 describe-load-balancers --region ${AWS_REGION} --names ${CI_ALB_NAME} | jq .LoadBalancers[0].DNSName`
# Test Keepalive
- /usr/bin/curl --fail http://${ALB//'"'}/keepalive
# IF Keepalive return 200...
# Retrieve & Store this revision as 'last known successful revision' in S3 Bucket
- REV=`aws ecs describe-services --region ${AWS_REGION} --cluster ${CI_CLUSTER_NAME} --service ${CI_SERVICE_NAME} |jq -r '.services[0].deployments[0].taskDefinition'`
- echo successful revision is ${REV} Storing it in S3 Bucket
- echo ${REV} > /${CI_SERVICE_NAME}
# sync rev to S3 here
- aws s3 cp /${CI_SERVICE_NAME} s3://${CI_REV_BUCKET}
environment:
name: qa
url: $CI_ALB_URL
deploy:
stage: deploy
only:
- master
script:
- export AWS_REGION="eu-west-1"
- export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
- export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
- apk --no-cache add --update python python-dev py-pip
- pip install ecs-deploy
# Deploy
- ecs deploy ${CI_CLUSTER_NAME} ${CI_SERVICE_NAME} --region ${AWS_REGION} --timeout 600 -e ${CI_CONTAINER_NAME} AWS_S3_ACCESS_KEY $AWS_S3_ACCESS_KEY -e ${CI_CONTAINER_NAME} AWS_S3_SECRET_KEY $AWS_S3_SECRET_KEY -e ${CI_CONTAINER_NAME} AWS_S3_REGION $AWS_S3_REGION -e ${CI_CONTAINER_NAME} AWS_S3_BUCKET $AWS_S3_BUCKET -e ${CI_CONTAINER_NAME} AWS_SES_SECRET_KEY $AWS_SES_SECRET_KEY -e ${CI_CONTAINER_NAME} AWS_SES_ACCESS_KEY $AWS_SES_ACCESS_KEY -e ${CI_CONTAINER_NAME} AWS_SES_REGION $AWS_SES_REGION -e ${CI_CONTAINER_NAME} EMAIL_SENDER $EMAIL_SENDER -e ${CI_CONTAINER_NAME} secret $SECRET -e ${CI_CONTAINER_NAME} DATABASE $DATABASE -e ${CI_CONTAINER_NAME} DB_USER $DB_USER -e ${CI_CONTAINER_NAME} DB_PASS $DB_PASS -e ${CI_CONTAINER_NAME} DB_HOST $DB_HOST -e ${CI_CONTAINER_NAME} ORCID_CLIENT_ID $ORCID_CLIENT_ID -e ${CI_CONTAINER_NAME} ORCID_CLIENT_SECRET $ORCID_CLIENT_SECRET -e ${CI_CONTAINER_NAME} CLIENT_BASE_URL $CLIENT_BASE_URL -e ${CI_CONTAINER_NAME} FTP_USERNAME $FTP_USERNAME -e ${CI_CONTAINER_NAME} FTP_PASSWORD $FTP_PASSWORD -e ${CI_CONTAINER_NAME} FTP_HOST $FTP_HOST
environment:
name: qa
url: $CI_ALB_URL
aws-qa:
stage: deploy
when: manual
only:
- develop
script:
- export AWS_REGION="eu-west-1"
- export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
- export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
- apk --no-cache add --update python python-dev py-pip
- pip install ecs-deploy
# Deploy
- ecs deploy ${CI_CLUSTER_NAME} ${CI_SERVICE_NAME} --region ${AWS_REGION} --timeout 600 -e ${CI_CONTAINER_NAME} AWS_S3_ACCESS_KEY $AWS_S3_ACCESS_KEY -e ${CI_CONTAINER_NAME} AWS_S3_SECRET_KEY $AWS_S3_SECRET_KEY -e ${CI_CONTAINER_NAME} AWS_S3_REGION $AWS_S3_REGION -e ${CI_CONTAINER_NAME} AWS_S3_BUCKET $AWS_S3_BUCKET -e ${CI_CONTAINER_NAME} AWS_SES_SECRET_KEY $AWS_SES_SECRET_KEY -e ${CI_CONTAINER_NAME} AWS_SES_ACCESS_KEY $AWS_SES_ACCESS_KEY -e ${CI_CONTAINER_NAME} AWS_SES_REGION $AWS_SES_REGION -e ${CI_CONTAINER_NAME} EMAIL_SENDER $EMAIL_SENDER -e ${CI_CONTAINER_NAME} secret $SECRET -e ${CI_CONTAINER_NAME} DATABASE $DATABASE -e ${CI_CONTAINER_NAME} DB_USER $DB_USER -e ${CI_CONTAINER_NAME} DB_PASS $DB_PASS -e ${CI_CONTAINER_NAME} DB_HOST $DB_HOST -e ${CI_CONTAINER_NAME} ORCID_CLIENT_ID $ORCID_CLIENT_ID -e ${CI_CONTAINER_NAME} ORCID_CLIENT_SECRET $ORCID_CLIENT_SECRET -e ${CI_CONTAINER_NAME} CLIENT_BASE_URL $CLIENT_BASE_URL -e ${CI_CONTAINER_NAME} FTP_USERNAME $FTP_USERNAME -e ${CI_CONTAINER_NAME} FTP_PASSWORD $FTP_PASSWORD -e ${CI_CONTAINER_NAME} FTP_HOST $FTP_HOST
environment:
name: qa
url: $CI_ALB_URL
rollback:
stage: rollback
when: on_failure
only:
- master
script:
- export AWS_REGION="us-east-1"
- export AWS_ACCESS_KEY_ID=$aws_access_key_id
- export AWS_SECRET_ACCESS_KEY=$aws_secret_access_key
- apk --no-cache add --update curl python python-dev py-pip
- pip install awscli --upgrade --user
- export PATH=~/.local/bin:/usr/bin/:$PATH
- pip install ecs-deploy
- aws s3 cp s3://${CI_REV_BUCKET}/${CI_SERVICE_NAME} ./
- REV=`cat ./${CI_SERVICE_NAME}`
- echo rev is $REV
- ecs deploy --region ${AWS_REGION} ${CLUSTER_NAME} ${CI_SERVICE_NAME} --task ${REV} -e ${CI_CONTAINER_NAME} AWS_S3_ACCESS_KEY $AWS_S3_ACCESS_KEY -e ${CI_CONTAINER_NAME} AWS_S3_SECRET_KEY $AWS_S3_SECRET_KEY -e ${CI_CONTAINER_NAME} AWS_S3_REGION $AWS_S3_REGION -e ${CI_CONTAINER_NAME} AWS_S3_BUCKET $AWS_S3_BUCKET -e ${CI_CONTAINER_NAME} AWS_SES_SECRET_KEY $AWS_SES_SECRET_KEY -e ${CI_CONTAINER_NAME} AWS_SES_ACCESS_KEY $AWS_SES_ACCESS_KEY -e ${CI_CONTAINER_NAME} AWS_SES_REGION $AWS_SES_REGION -e ${CI_CONTAINER_NAME} EMAIL_SENDER $EMAIL_SENDER -e ${CI_CONTAINER_NAME} secret $SECRET -e ${CI_CONTAINER_NAME} DATABASE $DATABASE -e ${CI_CONTAINER_NAME} DB_USER $DB_USER -e ${CI_CONTAINER_NAME} DB_PASS $DB_PASS -e ${CI_CONTAINER_NAME} DB_HOST $DB_HOST -e ${CI_CONTAINER_NAME} ORCID_CLIENT_ID $ORCID_CLIENT_ID -e ${CI_CONTAINER_NAME} ORCID_CLIENT_SECRET $ORCID_CLIENT_SECRET -e ${CI_CONTAINER_NAME} CLIENT_BASE_URL $CLIENT_BASE_URL -e ${CI_CONTAINER_NAME} FTP_USERNAME $FTP_USERNAME -e ${CI_CONTAINER_NAME} FTP_PASSWORD $FTP_PASSWORD -e ${CI_CONTAINER_NAME} FTP_HOST $FTP_HOST
environment:
name: qa
url: $CI_ALB_URL
rollback-qa:
stage: rollback
when: manual
only:
- develop
script:
- export AWS_REGION="us-east-1"
- export AWS_ACCESS_KEY_ID=$aws_access_key_id
- export AWS_SECRET_ACCESS_KEY=$aws_secret_access_key
- apk --no-cache add --update curl python python-dev py-pip
- pip install awscli --upgrade --user
- export PATH=~/.local/bin:/usr/bin/:$PATH
- pip install ecs-deploy
- aws s3 cp s3://${CI_REV_BUCKET}/${CI_SERVICE_NAME} ./
- REV=`cat ./${CI_SERVICE_NAME}`
- echo rev is $REV
- ecs deploy --region ${AWS_REGION} ${CLUSTER_NAME} ${CI_SERVICE_NAME} --task ${REV} -e ${CI_CONTAINER_NAME} AWS_S3_ACCESS_KEY $AWS_S3_ACCESS_KEY -e ${CI_CONTAINER_NAME} AWS_S3_SECRET_KEY $AWS_S3_SECRET_KEY -e ${CI_CONTAINER_NAME} AWS_S3_REGION $AWS_S3_REGION -e ${CI_CONTAINER_NAME} AWS_S3_BUCKET $AWS_S3_BUCKET -e ${CI_CONTAINER_NAME} AWS_SES_SECRET_KEY $AWS_SES_SECRET_KEY -e ${CI_CONTAINER_NAME} AWS_SES_ACCESS_KEY $AWS_SES_ACCESS_KEY -e ${CI_CONTAINER_NAME} AWS_SES_REGION $AWS_SES_REGION -e ${CI_CONTAINER_NAME} EMAIL_SENDER $EMAIL_SENDER -e ${CI_CONTAINER_NAME} secret $SECRET -e ${CI_CONTAINER_NAME} DATABASE $DATABASE -e ${CI_CONTAINER_NAME} DB_USER $DB_USER -e ${CI_CONTAINER_NAME} DB_PASS $DB_PASS -e ${CI_CONTAINER_NAME} DB_HOST $DB_HOST -e ${CI_CONTAINER_NAME} ORCID_CLIENT_ID $ORCID_CLIENT_ID -e ${CI_CONTAINER_NAME} ORCID_CLIENT_SECRET $ORCID_CLIENT_SECRET -e ${CI_CONTAINER_NAME} CLIENT_BASE_URL $CLIENT_BASE_URL -e ${CI_CONTAINER_NAME} FTP_USERNAME $FTP_USERNAME -e ${CI_CONTAINER_NAME} FTP_PASSWORD $FTP_PASSWORD -e ${CI_CONTAINER_NAME} FTP_HOST $FTP_HOST
environment:
name: qa
url: $CI_ALB_URL