Topics

Gitlab crontab deploy script

Deploy new builds from Gitlab without exposing your instances security using this simple bash script. It scans the API for a new build, download the latest then executes the deploy.sh script inside of the build. Make sure you have jq installed before you continue.

#!/usr/bin/env bash

set -euo pipefail

cd `dirname $0`

#Project ID
PROJECT=827639846934
#https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
PRIVATE_TOKEN=-BDlsq86JKHsndiwhD24

BASE_URL=https://gitlab.com
touch /root/deployed_build
DEPLOYED_BUILD=$(cat /root/deployed_build)
OUT_FILE=/tmp/build.tar.bz2

# lock it
PIDFILE="/tmp/$(basename "${BASH_SOURCE[0]%.*}.pid")"
exec 200>${PIDFILE}
flock -n 200 || ( echo "${BASH_SOURCE[0]} script is already running. Aborting . ." && exit 1 )
PID=$$
echo ${PID} 1>&200

if [ "${1-}" ]; then
  LAST_SUCCESSFUL_BUILD="$1"
else
  LAST_SUCCESSFUL_BUILD=$(curl -s -H "PRIVATE-TOKEN: ${PRIVATE_TOKEN}" "${BASE_URL}/api/v4/projects/${PROJECT}/jobs?per_page=1&scope[]=success" | jq -c '.[0] | .id')
fi

OUT_DIR="/tmp/build_${LAST_SUCCESSFUL_BUILD}"

download_latest() {
  curl -fksSL -o ${OUT_FILE} -H "PRIVATE-TOKEN: ${PRIVATE_TOKEN}" "${BASE_URL}/api/v4/projects/${PROJECT}/jobs/${LAST_SUCCESSFUL_BUILD}/artifacts/build.tar.bz2"
}

if [ "${DEPLOYED_BUILD}" == "${LAST_SUCCESSFUL_BUILD}" ]; then
    echo "Build ${LAST_SUCCESSFUL_BUILD} already deployed"
    exit 0
fi

rm -rf /tmp/build*

download_latest

rm -rf ${OUT_DIR}
mkdir -p ${OUT_DIR}
tar jxf ${OUT_FILE} --directory ${OUT_DIR}


${OUT_DIR}/deploy.sh $LAST_SUCCESSFUL_BUILD

if [ ! "${1-}" ]; then
    echo ${LAST_SUCCESSFUL_BUILD} > /root/deployed_build
fi

rm -rf /tmp/build*

echo "Build ${LAST_SUCCESSFUL_BUILD} deployed successfully"