deploy.yml

variables:
    RELEASES_FOLDER: 'releases'
    CURRENT_RELEASE_FOLDER: 'current'
    KEEP_RELEASES: 2

# Load environment-specific variables
# @see https://gitlab.com/gitlab-org/gitlab-foss/-/issues/20367#note_89285011
.load_env_vars: &load_env_vars
    - ENV_VAR_SUFFIX="_${CI_ENVIRONMENT_NAME^^}"
    - for var in $(compgen -e | grep "${ENV_VAR_SUFFIX}$"); do declare -x ${var%${ENV_VAR_SUFFIX}}="${!var}"; done

# Create a .env file based on .env.example, filled in using current environment variables
.create_dotenv:
  script:
    - cp .env.example .env
    - for key in $(compgen -e); do value=$(echo ${!key} | sed -e 's/\//\\\//g' -e "s/\n//") && sed -i "s/^$key=.*/$key=\"${value}\"/" .env; done
  artifacts:
    paths:
      - .env

# Deploy files to a remote server and optionally run a post-deploy script
.deploy:
    before_script:
        # Setup ssh
        - which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
        - mkdir -p ~/.ssh
        - chmod 700 ~/.ssh
        - eval $(ssh-agent -s)
        - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
        - echo "$DEPLOY_SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
        # Setup rsync
        - apt-get update
        - apt-get install rsync -y
        # Setup variables
        - export DEPLOY_DATE_ISO_8601=$(date -u +"%Y-%m-%dT%H-%M-%SZ")
        - export DEPLOY_DATE_TIMESTAMP=$(date -u +%s)
        - export RELEASES_PATH="${DEPLOY_PATH}/${RELEASES_FOLDER}"
        - export NEXT_RELEASE_PATH="${RELEASES_PATH}/${CI_COMMIT_SHORT_SHA}_${DEPLOY_DATE_ISO_8601}"
        - export CURRENT_RELEASE_PATH="${DEPLOY_PATH}/${CURRENT_RELEASE_FOLDER}"

    script:
        - ssh -p22 $DEPLOY_SERVER_USER@$DEPLOY_SERVER_HOST "mkdir -p $RELEASES_PATH $CURRENT_RELEASE_PATH $NEXT_RELEASE_PATH && cp -r $CURRENT_RELEASE_PATH/. $NEXT_RELEASE_PATH"
        - rsync -ra -e ssh --stats --delete --filter='. .deploy/.rsync-filter' ./ $DEPLOY_SERVER_USER@$DEPLOY_SERVER_HOST:$NEXT_RELEASE_PATH
        - ssh -p22 $DEPLOY_SERVER_USER@$DEPLOY_SERVER_HOST "rm -rf $CURRENT_RELEASE_PATH && ln -s $NEXT_RELEASE_PATH $CURRENT_RELEASE_PATH"
        - ssh -p22 $DEPLOY_SERVER_USER@$DEPLOY_SERVER_HOST "ls -tpd $RELEASES_PATH/* | grep '/$' | tail -n +$((KEEP_RELEASES+1)) | xargs -I {} rm -rf -- {}"
        - '[[ ! -f .deploy/post-deploy.sh ]] || ssh -p22 $DEPLOY_SERVER_USER@$DEPLOY_SERVER_HOST  "cd $CURRENT_RELEASE_PATH && /bin/bash -s " < .deploy/post-deploy.sh'

.create_sentry_release:
    image: getsentry/sentry-cli
    script:
        - echo "Creating a new release $CI_COMMIT_SHA"
        - sentry-cli releases new $CI_COMMIT_SHA
        - sentry-cli releases set-commits --auto $CI_COMMIT_SHA
        - sentry-cli releases finalize $CI_COMMIT_SHA
        - echo "Finalized release for $CI_COMMIT_SHA"

# Limit a job to Semantic Versioning 2.0-compliant refs. The regex is taken from the official website:
# https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string
.only_semver:
  only:
    - /^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)(?:-(?P<prerelease>(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+(?P<buildmetadata>[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/

# Limit a job to Git Flow release/feature/hotfix branches
.only_release:
  only:
    - /^release\/.+$/

.only_feature:
  only:
    - /^feature\/.+$/

.only_hotfix:
  only:
    - /^hotfix\/.+$/

# Some commonly used environments
.only_production:
  environment:
    name: production
  extends:
    - .only_semver

.only_staging:
  environment:
    name: staging
  extends:
    - .only_release