944131535e
deploy.sh handles decryption on the server. CI only needs SSH credentials (SSH_PRIVATE_KEY, SSH_KNOWN_HOSTS, DEPLOY_USER, DEPLOY_HOST). All app secrets removed from GitLab CI variables. Dead ADMIN_PASSWORD removed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
33 lines
782 B
YAML
33 lines
782 B
YAML
stages:
|
|
- test
|
|
- deploy
|
|
|
|
test:
|
|
stage: test
|
|
image: python:3.12-slim
|
|
before_script:
|
|
- pip install uv
|
|
script:
|
|
- uv sync
|
|
- uv run pytest web/tests/ -x -q
|
|
- uv run ruff check web/src/ web/tests/
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "master"
|
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
|
|
|
deploy:
|
|
stage: deploy
|
|
image: alpine:latest
|
|
needs: [test]
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "master"
|
|
before_script:
|
|
- apk add --no-cache openssh-client
|
|
- eval $(ssh-agent -s)
|
|
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
|
|
- mkdir -p ~/.ssh
|
|
- chmod 700 ~/.ssh
|
|
- echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
|
|
script:
|
|
- ssh "$DEPLOY_USER@$DEPLOY_HOST" "cd /opt/padelnomics && git pull origin master && ./deploy.sh"
|