Compare commits
2 Commits
feature/cl
...
feature/cl
| Author | SHA1 | Date | |
|---|---|---|---|
| 403c6dd0a0 | |||
| a3030703ce |
85
Jenkinsfile
vendored
Normal file
85
Jenkinsfile
vendored
Normal file
@@ -0,0 +1,85 @@
|
||||
pipeline {
|
||||
agent any
|
||||
|
||||
environment {
|
||||
REGISTRY_IMAGE = "plesk-agency-portal"
|
||||
IMAGE_LATEST = "${REGISTRY_IMAGE}:latest"
|
||||
IMAGE_BUILD = "${REGISTRY_IMAGE}:build-${BUILD_NUMBER}"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('Checkout') {
|
||||
steps {
|
||||
checkout scm
|
||||
}
|
||||
}
|
||||
|
||||
stage('Install dependencies') {
|
||||
steps {
|
||||
sh 'npm ci'
|
||||
}
|
||||
}
|
||||
|
||||
stage('Lint') {
|
||||
steps {
|
||||
script {
|
||||
def hasLint = sh(script: "node -e \"const fs=require('fs');const p=require('./package.json');process.exit(p?.scripts?.lint?0:1)\"", returnStatus: true)
|
||||
if (hasLint == 0) {
|
||||
sh 'npm run lint'
|
||||
} else {
|
||||
echo 'No lint script configured; skipping lint stage.'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Build application') {
|
||||
steps {
|
||||
sh 'npm run build'
|
||||
}
|
||||
}
|
||||
|
||||
stage('Build Docker image') {
|
||||
steps {
|
||||
sh 'docker build -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .'
|
||||
}
|
||||
}
|
||||
|
||||
stage('Deploy') {
|
||||
steps {
|
||||
script {
|
||||
if (!env.DEPLOY_SSH_CREDENTIAL_ID) {
|
||||
error 'DEPLOY_SSH_CREDENTIAL_ID is required'
|
||||
}
|
||||
}
|
||||
sshagent(credentials: ["${env.DEPLOY_SSH_CREDENTIAL_ID}"]) {
|
||||
sh '''
|
||||
set -euo pipefail
|
||||
: "${DEPLOY_SSH_HOST:?Missing DEPLOY_SSH_HOST}"
|
||||
: "${DEPLOY_SSH_USER:?Missing DEPLOY_SSH_USER}"
|
||||
: "${DEPLOY_PATH:?Missing DEPLOY_PATH}"
|
||||
|
||||
rsync -az \
|
||||
docker-compose.prod.yml \
|
||||
scripts/deploy-prod.sh \
|
||||
scripts/smoke-check.sh \
|
||||
scripts/rollback-prod.sh \
|
||||
${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST}:${DEPLOY_PATH}/
|
||||
|
||||
docker save ${IMAGE_LATEST} ${IMAGE_BUILD} \
|
||||
| ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} 'docker load'
|
||||
|
||||
ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} \
|
||||
"chmod +x ${DEPLOY_PATH}/deploy-prod.sh ${DEPLOY_PATH}/smoke-check.sh ${DEPLOY_PATH}/rollback-prod.sh && APP_IMAGE='${IMAGE_BUILD}' DEPLOY_PATH='${DEPLOY_PATH}' ${DEPLOY_PATH}/deploy-prod.sh"
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Smoke check') {
|
||||
steps {
|
||||
sh 'chmod +x scripts/smoke-check.sh && scripts/smoke-check.sh ${APP_BASE_URL}'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,7 @@
|
||||
services:
|
||||
web:
|
||||
container_name: plesk-agency-portal
|
||||
image: ${APP_IMAGE:-plesk-agency-portal:latest}
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
|
||||
@@ -56,3 +56,66 @@ Before deploying, set production-safe values in `.env` (using `.env.example` as
|
||||
- cron/job shared secrets
|
||||
|
||||
Keep secrets out of source control.
|
||||
|
||||
## Jenkins pipeline flow
|
||||
|
||||
The repository includes a declarative `Jenkinsfile` with the following stages:
|
||||
|
||||
1. **Checkout**
|
||||
2. **Install dependencies** (`npm ci`)
|
||||
3. **Lint** (runs only when `package.json` contains a `lint` script)
|
||||
4. **Build application** (`npm run build`)
|
||||
5. **Build Docker image** (tags `latest` and `build-${BUILD_NUMBER}`)
|
||||
6. **Deploy** over SSH to the app host
|
||||
7. **Smoke check** against `/api/health`
|
||||
|
||||
## Required Jenkins configuration
|
||||
|
||||
Configure these values in Jenkins job/folder/global environment or credentials-backed environment variables:
|
||||
|
||||
- `DEPLOY_SSH_HOST` - remote app host
|
||||
- `DEPLOY_SSH_USER` - SSH user on remote host
|
||||
- `DEPLOY_SSH_CREDENTIAL_ID` - Jenkins SSH Agent credential ID
|
||||
- `DEPLOY_PATH` - remote deployment path (for example `/opt/plesk-agency-portal`)
|
||||
- `APP_BASE_URL` - externally reachable app URL used by smoke check
|
||||
|
||||
The pipeline assumes Jenkins credentials are managed outside this repository.
|
||||
|
||||
## Deploy flow
|
||||
|
||||
Deployment is intentionally simple and bash-based:
|
||||
|
||||
1. Jenkins builds Docker image tags locally.
|
||||
2. Jenkins syncs deployment files (`docker-compose.prod.yml`, deploy/smoke/rollback scripts) to the remote deploy path.
|
||||
3. Jenkins streams Docker images to the remote host (`docker save | ssh docker load`).
|
||||
4. Jenkins runs `scripts/deploy-prod.sh` remotely.
|
||||
5. Script applies the selected image tag via:
|
||||
|
||||
```bash
|
||||
APP_IMAGE=<tag> docker compose -f docker-compose.prod.yml up -d --no-build
|
||||
```
|
||||
|
||||
6. Script prints `docker compose ps` status.
|
||||
|
||||
## Rollback flow
|
||||
|
||||
Rollback uses `scripts/rollback-prod.sh` with a previously built image tag:
|
||||
|
||||
```bash
|
||||
DEPLOY_PATH=/opt/plesk-agency-portal \
|
||||
APP_BASE_URL=https://your-app.example.com \
|
||||
scripts/rollback-prod.sh plesk-agency-portal:build-123
|
||||
```
|
||||
|
||||
Rollback redeploys that image with compose, then immediately reruns smoke checks.
|
||||
|
||||
## Smoke check behavior
|
||||
|
||||
`scripts/smoke-check.sh`:
|
||||
|
||||
- accepts a base URL argument
|
||||
- requests `${BASE_URL}/api/health`
|
||||
- fails on non-200 responses
|
||||
- fails on invalid JSON or missing expected fields (`ok: true`, `service` string)
|
||||
|
||||
This gives a quick post-deploy validation gate for both deploy and rollback operations.
|
||||
|
||||
30
scripts/deploy-prod.sh
Executable file
30
scripts/deploy-prod.sh
Executable file
@@ -0,0 +1,30 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
|
||||
APP_IMAGE="${APP_IMAGE:-plesk-agency-portal:latest}"
|
||||
SOURCE_PATH="${SOURCE_PATH:-${DEPLOY_PATH}}"
|
||||
|
||||
mkdir -p "${DEPLOY_PATH}"
|
||||
|
||||
for file in docker-compose.prod.yml deploy-prod.sh smoke-check.sh rollback-prod.sh; do
|
||||
if [ -f "${SOURCE_PATH}/${file}" ]; then
|
||||
cp "${SOURCE_PATH}/${file}" "${DEPLOY_PATH}/${file}"
|
||||
fi
|
||||
done
|
||||
|
||||
chmod +x "${DEPLOY_PATH}/deploy-prod.sh" \
|
||||
"${DEPLOY_PATH}/smoke-check.sh" \
|
||||
"${DEPLOY_PATH}/rollback-prod.sh" 2>/dev/null || true
|
||||
|
||||
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
|
||||
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd "${DEPLOY_PATH}"
|
||||
|
||||
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build
|
||||
|
||||
docker compose -f docker-compose.prod.yml ps
|
||||
30
scripts/rollback-prod.sh
Executable file
30
scripts/rollback-prod.sh
Executable file
@@ -0,0 +1,30 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
PREVIOUS_IMAGE_TAG="${1:-}"
|
||||
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
|
||||
APP_BASE_URL="${APP_BASE_URL:-}"
|
||||
|
||||
if [ -z "${PREVIOUS_IMAGE_TAG}" ]; then
|
||||
echo "Usage: $0 <previous-image-tag>" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "${APP_BASE_URL}" ]; then
|
||||
echo "APP_BASE_URL is required" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
|
||||
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd "${DEPLOY_PATH}"
|
||||
|
||||
APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build
|
||||
|
||||
"${DEPLOY_PATH}/smoke-check.sh" "${APP_BASE_URL}"
|
||||
|
||||
docker compose -f docker-compose.prod.yml ps
|
||||
27
scripts/smoke-check.sh
Executable file
27
scripts/smoke-check.sh
Executable file
@@ -0,0 +1,27 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
BASE_URL="${1:-}"
|
||||
|
||||
if [ -z "${BASE_URL}" ]; then
|
||||
echo "Usage: $0 <base-url>" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
URL="${BASE_URL%/}/api/health"
|
||||
TMP_FILE="$(mktemp)"
|
||||
|
||||
trap 'rm -f "${TMP_FILE}"' EXIT
|
||||
|
||||
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}")
|
||||
|
||||
if [ "${HTTP_CODE}" != "200" ]; then
|
||||
echo "Smoke check failed: ${URL} returned ${HTTP_CODE}" >&2
|
||||
cat "${TMP_FILE}" >&2 || true
|
||||
exit 1
|
||||
fi
|
||||
|
||||
node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"
|
||||
|
||||
echo "Smoke check passed: ${URL}"
|
||||
Reference in New Issue
Block a user