ajout du CI/CD

.gitignore

-.terraform*
-terraform.tfstate*
-# Vagrant file
-.vagrant
-# fichiers temporaires de la gamme office
-~*
-# répertoire partargé avec les VMs
-shared
-infra/terraform/.terraform
-# ssh keypairs
-#*.pem
-# executables files
-*.exe
-# terraform file
-*.tfstate
-*.tfstate.backup
-*.lock.hcl
 
-# some cache by githubaction
-*.cache
\ No newline at end of file
+*.pem

.gitlab-ci.yml

 image: docker:latest
+
 services:
   - name: docker:dind
     alias: docker
@@ -7,52 +8,113 @@ stages:
   - build
   - test
   - publish
-  - deploy
+  - deploy_review
+  - deploy_staging
+  - deploy_prod
 
 variables:
-  SERVER_USER: ubuntu
-  SERVER_IP: 54.161.122.212
+  IMAGE_NAME: mini-projet-gitlab
+  IMAGE_TAG: v1
+  HOST_PORT: 80
+  CONTAINER_PORT: 80
+  SERVER_USERNAME: ubuntu
 
+# ========================
+# BUILD
+# ========================
 build:
   stage: build
-  script: 
-    - docker build -t mini-projet-gitlab .
-    - docker save mini-projet-gitlab > mini-projet-gitlab.tar
+  script:
+    - docker build --no-cache -t $IMAGE_NAME:$IMAGE_TAG .
+    - docker save -o mini-projet-gitlab.tar $IMAGE_NAME:$IMAGE_TAG
   artifacts:
     paths:
-      - mini-projet-gitlab.tar 
+      - mini-projet-gitlab.tar
 
+# ========================
+# TEST
+# ========================
 test:
   stage: test
   script:
-    - docker load < mini-projet-gitlab.tar
-    - docker run --rm -d -p 80:80 --name website mini-projet-gitlab
+    - docker load -i mini-projet-gitlab.tar
+    - docker run -d -p $HOST_PORT:$CONTAINER_PORT --name test-app $IMAGE_NAME:$IMAGE_TAG
     - sleep 5
     - apk --no-cache add curl
-    - curl -I "http://docker"
+    - curl -I http://docker | grep -i 200
 
+# ========================
+# PUBLISH
+# ========================
 publish:
   stage: publish
   script:
     - docker load < mini-projet-gitlab.tar
-    - docker tag mini-projet-gitlab "${IMAGE_NAME}:${CI_COMMIT_REF_NAME}"
-    - docker tag mini-projet-gitlab "${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}"
+    - docker tag $IMAGE_NAME:$IMAGE_TAG "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
+    - docker tag $IMAGE_NAME:$IMAGE_TAG "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA"
     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-    - docker push "${IMAGE_NAME}:${CI_COMMIT_REF_NAME}"
-    - docker push "${IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}"
+    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
+    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA"
+
+# ========================
+# REVIEW ENVIRONMENT
+# ========================
+deploy_review:
+  image: alpine:latest
+  stage: deploy_review
+  variables:
+    $REVIEW_SERVER_IP: 18.234.82.173:80
+  script:
+    - apk add --no-cache openssh-client
+    - chmod 600 $ID_RSA
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$REVIEW_SERVER_IP "docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$REVIEW_SERVER_IP "docker container rm -f review-app || true"
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$REVIEW_SERVER_IP "docker run -d -p 80:80 --name review-app $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
+  environment:
+    name: review/$CI_COMMIT_REF_NAME
+    url: http://$REVIEW_SERVER_IP:80
+  only:
+    - branches
+  except:
+    - master
+    - develop
+
+# ========================
+# STAGING
+# ========================
+deploy_staging:
+  image: alpine:latest
+  stage: deploy_staging
+  variables:
+    $STAGING_SERVER_IP: 54.174.177.10
+  script:
+    - apk add --no-cache openssh-client
+    - chmod 600 $ID_RSA
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$STAGING_SERVER_IP "docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$STAGING_SERVER_IP "docker container rm -f staging-app || true"
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$STAGING_SERVER_IP "docker run -d -p 80:80 --name staging-app $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
+  environment:
+    name: staging
+    url: http://$STAGING_SERVER_IP:80
+  only:
+    - develop
 
-deploy:
+# ========================
+# PRODUCTION
+# ========================
+deploy_prod:
   image: alpine:latest
-  stage: deploy
+  stage: deploy_prod
+  variables:
+    $PROD_SERVER_IP: 98.81.91.170
   script:
-    - chmod og= $ID_RSA
-    - apk update && apk add openssh-client
-    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY"
-    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull ${IMAGE_NAME}:${CI_COMMIT_REF_NAME}"
-    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
-    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run --rm -d -p 80:80 --name my-app ${IMAGE_NAME}:${CI_COMMIT_REF_NAME}"
+    - apk add --no-cache openssh-client
+    - chmod 600 $ID_RSA
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$PROD_SERVER_IP "docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$PROD_SERVER_IP "docker container rm -f prod-app || true"
+    - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USERNAME@$PROD_SERVER_IP "docker run -d -p 80:80 --name prod-app $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
   environment:
-    name: test
-    url: http://$SERVER_IP
+    name: production
+    url: http://$PROD_SERVER_IP
   only:
     - master
\ No newline at end of file

Dockerfile

 ARG version="latest"
 FROM nginx:$version
 
-LABEL maintainer="Ulrich NOUMSI"
+LABEL maintainer="ABM"
 
 RUN rm -rf /var/lib/apt/lists/*   # Remove temporary files
 RUN apt-get update && \
-    apt-get install --no-install-recommends -y git \
+    apt-get install  -y git \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 

infra/packer/docker.pkr.hcl

-packer {
-  required_plugins {
-    amazon = {
-      source  = "github.com/hashicorp/amazon"
-      version = "~> 1"
-    }
-  }
-}
-
-
-locals {
-  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
-}
-
-
-source "amazon-ebs" "docker_image" {
-  access_key    = "PUT YOUR OWN"
-  secret_key    = "PUT YOUR OWN"
-  ami_name      = "docker_image_${local.timestamp}"
-  instance_type = "t2.medium"
-  region        = "us-east-1"
-  source_ami    = "ami-0fc5d935ebf8bc3bc"
-  ssh_username  = "ubuntu"
-  launch_block_device_mappings {
-    device_name           = "/dev/sda1"
-    volume_size           = 20
-    volume_type           = "gp2"
-    delete_on_termination = true
-  }
-  tags = {
-    project = "aws_labs_project"
-  }
-}
-
-build {
-  name    = "docker_image"
-  sources = ["source.amazon-ebs.docker_image"]
-
-  provisioner "shell" {
-    scripts = ["./scripts/docker.sh"]
-  }
-}
\ No newline at end of file

infra/packer/scripts/docker.sh

-#!/bin/bash
-# AMI ami-0876777837c27e668
-sudo apt update -y
-sudo curl -fsSL https://get.docker.com -o get-docker.sh
-sudo sh get-docker.sh
-sudo service docker start
-sudo chkconfig docker on
-sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
-sudo chmod +x /usr/local/bin/docker-compose
-sudo apt install -y git python3 python3-pip
-sudo usermod -aG docker ubuntu
\ No newline at end of file

infra/terraform/infos_ec2.txt

-PUBLIC IP: 54.161.122.212

infra/terraform/main.tf

-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.0"
-    }
-  }
-}
-provider "aws" {
-    region = "us-east-1"
-    access_key    = "PUT YOUR OWN"
-    secret_key    = "PUT YOUR OWN"
-  
-}
-module "services" {
-  source = "./modules/services"
-  aws_sg = "docker"
-
-}
-module "docker" {
-  source         = "./modules/docker"
-  aws_ami        = "ami-0b9b79f2f89fdbe9c" #Image with Docker && Docker-compose
-  aws_sg         = module.services.output_sg_name
-  aws_common_tag = "docker"
-  aws_key_file   = var.aws_key
-  aws_number     = var.number
-}
\ No newline at end of file

infra/terraform/mini-projet-gitlab.pem

------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA3u5qAEQWIyvQLJc6L3LhdQVsd//8xIX8869L17ZbvnWyljjO
-UdY0ZYJm++mubcZSeTWgNhTqUDqeX65fHxrLfk/wsgVQGDQft4RoOzSlrOTpRkS8
-+ZbwpcICcdJ8X4Pt/ewnYUy31wohTQXFFULCx8kNKxDiEQLHq6tfGWCCRHqCdfcj
-5pD6S1iTHHXWyiZSqzpiJlnjut0VDql3+ALudqLiR2ou9H8hnI01UATYUVo3OSEg
-ixP9D+gEu6YKoz4DTJ7EjCVWOd2yXF0qSaF/JzXgqpT2WqAzcsmPzTDJUlt4Pdad
-/EBJ6uv520QavaX+c4Sz5p57vugc+hhtWbm2/QIDAQABAoIBAAhXOzgPVBS0yvEg
-J1knHzBVp51FwptHuBMV9+x2MjCKDsh4D6AYN5Wkr121fIU26lcGnpvnZGzkBJDn
-4T80rXBoZUUD1d9R8+3V0mCEs74oQmISqE9eSlqpS5YenfCk6v6ZG1AUorw08NIE
-6T7GZKs85nU6CHtCc14E52X3qmgNa3R3BsnpF3PqleNWJjzSEgXW7KOA2nOAD3zS
-Z6gdA/qj157QSWmhY9OvjrFxAGO4Sw4i9Zih0Vi5mNBgM7mZkxNNfYRSYUStC6p6
-qqXCfpZQ5w8qR5wduR61po1P/2SxA+enorgdkBHTIeKclG1b228ya8PzA1G8MIYa
-S9l+xYECgYEA/NduiNtmShD9PjZno+dmSz9I8cpBq8GVVhDTn0T7UU5yhnAOnodq
-vlZUxS9ASD7s60YpNa/AAOsAoTDPDzLnWlFALwxsNdcywmfkRHSI78QfXq8Pd2LX
-JIGALesF0TtqNAzOXokveL/7lSV3CnP2liAlXNuT+MrrX6PhgxYTRzkCgYEA4bdU
-5h342XeIqeRhjt6KsdG+OxGaT723Wxax4Z+/xh6aMqMqQvdvsayZ6Yz2fF5cuEaz
-Cc2bm9OUH0O9FE7LGuZt80YaQ/tGQXCt0VMY8QZuEGIdowzx2xzY6UzP2sjOH8nt
-sKZnPqXNV//hNavLuQZWQr//T+zwZI/4EYrKCeUCgYEA2TWFyuKYvHZd6E06ue73
-zRr/4l/8DL6QOVDZTFEpig7XijDIDl6NUBjAWGmgUrBkPjaW/n0OeHtqng9dQlRb
-thZpCkIk0BggjixMSJbIcRpOTLwdkFWEN+Ncp5Xo+HePZEnAHCzEcHqVeeqmmn9G
-zm+tSVmFhE1m6VHTURbs1tkCgYB+sPl9RFt2LKrPuTmtCGpOzsx4uTOlCHaPMRjc
-7F6m5GxmecDx35KY5qlpNs7vFcPzRvOdUAPEnihouAu8B1HnImmaf8GkYLiZaJaX
-hI3eU16Z4YiDCXQDKZjyskOEqOtRWnUIjw4qUsQEXcJZ7rilfNIUG1JB2VtBBrIV
-npIypQKBgQDfGOqOcVxzac7mXNLcdhzMILjtLhj3rKyj0wSBT7ikqdSM+mqJtYFG
-h5KzAQgs3dCTjl63l6Jryzk4VcQvPQOyx93JEr45FAydPrKAQmEJWCdGYdWfPwxD
-8eg9xkUYzKc1zRCc29XenlTP7kINekKlwH6wOkJsMSuL6SFLASuGig==
------END RSA PRIVATE KEY-----
\ No newline at end of file

infra/terraform/modules/docker/main.tf

-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.0"
-    }
-  }
-}
-
-
-resource "aws_instance" "docker" {
-  count           = var.aws_number
-  ami             = var.aws_ami
-  instance_type   = var.aws_instance_type
-  key_name        = var.aws_key_file
-  security_groups = ["${var.aws_sg}"]
-  # iam_instance_profile = "ulrich"
-  ebs_optimized = true
-  monitoring    = true
-  metadata_options {
-    http_tokens = "required"
-  }
-  tags = {
-    Name = "${var.aws_common_tag}-${count.index}"
-  }
-
-  root_block_device {
-    delete_on_termination = true
-    volume_size           = var.aws_stockage
-    encrypted             = true
-  }
-  
-}
-
-resource "null_resource" "infos" {
-  provisioner "local-exec" {
-    command = "echo PUBLIC IP: ${join(", ", aws_instance.docker[*].public_ip)} > infos_ec2.txt"
-  }
-}
\ No newline at end of file

infra/terraform/modules/docker/outputs.tf

-output "aws_public_ip" {
-  value = [aws_instance.docker[*].public_ip]
-  
-}
\ No newline at end of file

infra/terraform/modules/docker/variables.tf

-variable "aws_sg" {
-  type    = string
-  default = "NULL"
-}
-
-locals {
-  private_key = "${var.aws_key_file}.pem"
-}
-
-variable "aws_key_file" {
-  type = string
-}
-variable "aws_ami" {
-  type = string
-}
-
-variable "aws_instance_type" {
-  default = "t3.medium"
-  type    = string
-}
-
-variable "aws_stockage" {
-  default = 50
-  type    = number
-}
-
-variable "aws_number" {
-  default = 1
-  type    = number
-}
-
-variable "aws_common_tag" {
-  type = string
-}
\ No newline at end of file

infra/terraform/modules/services/main.tf

-resource "aws_security_group" "Security_group_labs" {
-  name        = "${var.aws_sg}-sg"
-  description = "Allow all traffic on specified ports"
-
-  dynamic "ingress" {
-    for_each = var.aws_port
-    content {
-      description = "ingress port ${ingress.value}"
-      from_port   = ingress.value
-      to_port     = ingress.value
-      protocol    = "tcp"
-      cidr_blocks = ["0.0.0.0/0"]
-    }
-  }
-
-  dynamic "egress" {
-    for_each = var.aws_port
-    content {
-      description = "egress port ${egress.value}"
-      from_port   = egress.value
-      to_port     = egress.value
-      protocol    = "tcp"
-      cidr_blocks = ["0.0.0.0/0"]
-    }
-  }
-}
\ No newline at end of file

infra/terraform/modules/services/outputs.tf

-output "output_sg_name" {
-  value = aws_security_group.Security_group_labs.name
-}
\ No newline at end of file

infra/terraform/modules/services/variables.tf

-variable "aws_sg" {
-  type        = string
-  description = "security group for all infrastructure"
-  default     = "ulrich_sg"
-}
-
-variable "aws_port" {
-  type    = list(number)
-  default = [22, 80, 443, 8080]
-
-}
\ No newline at end of file

infra/terraform/terraform.tfvars

-number  = 1
-aws_key = "mini-projet-gitlab"
\ No newline at end of file

infra/terraform/variables.tf

-variable "aws_region" {
-  default = "us-east-1"
-}
-variable "aws_stack" {
-  type    = string
-  default = "docker"
-}
-variable "number" {
-  type    = number
-  default = 1
-}
-
-variable "aws_key" {
-  type    = string
-  default = "ulrich.pem"
-}
\ No newline at end of file