CI/CD pipeline for production (sdc.astron.nl)

.gitlab-ci.yml

@@ -16,6 +16,7 @@ docker-build-master:
   only:
     - master
     - acceptance
+    - release
 
 docker-build-branch:
   # Official docker image.
@@ -30,10 +31,10 @@ docker-build-branch:
     - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
   except:
     - master
+    - acceptance
+    - release
 
-# this deploys the 'esap-gateway-query' branch (a dev/test branch) as 'vermaas'
-# by running /docker_compose/esap-api-gateway/docker-compose-query-cd.yml
-
+# deploy test/dev version on 'sdc-dev.astron.nl'
 docker-deploy-master:
   image: docker:latest
   stage: deploy
@@ -52,6 +53,7 @@ docker-deploy-master:
   only:
     - master
 
+# deploy acceptance version on 'dop457.astron.nl'
 docker-deploy-acceptance:
   image: docker:latest
   stage: deploy
@@ -69,3 +71,22 @@ docker-deploy-acceptance:
   when: manual
   only:
     - acceptance
+
+# deploy release version on 'sdc.astron.nl'
+docker-deploy-release:
+  image: docker:latest
+  stage: deploy
+  before_script:
+    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan dop821.astron.nl >> ~/.ssh/known_hosts
+    - chmod 644 ~/.ssh/known_hosts
+  script:
+    - ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker pull "$CI_REGISTRY_IMAGE""
+    - ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker-compose -p atdb -f /opt/dockercompose/docker-compose-production-cd.yml up -d"
+  when: manual
+  only:
+    - release
\ No newline at end of file

atdb/atdb/settings/dev.py

@@ -7,30 +7,6 @@ DEBUG = True
 ALLOWED_HOSTS = ["*"]
 CORS_ORIGIN_ALLOW_ALL = True
 
-#####################################################
-# These settings mainly deal with https.
-# See http://django-secure.readthedocs.io/en/latest/middleware.html
-# Check the warning and instructions with:
-# (.env) atdb@/var/.../atdb ./manage.py check --deploy --settings=atdb.settings.prod
-#####################################################
-# Assume SSL is correctly set up.
-SSL_ENABLED = False
-if SSL_ENABLED:
-    # True: Django now checks that cookies are ONLY sent over SSL.
-    # https://docs.djangoproject.com/en/1.11/ref/settings/#session-cookie-secure
-    SESSION_COOKIE_SECURE = True
-    # True: Django now checks that csrf tokens are ONLY sent over SSL.
-    # https://docs.djangoproject.com/en/1.11/ref/settings/#csrf-cookie-secure
-    CSRF_COOKIE_SECURE = True
-    # True: Always redirect requests back to https (currently ignored as Nginx should enforces https).
-    #       Alternatively, enable and add set SECURE_PROXY_SSL_HEADER.
-    SECURE_SSL_REDIRECT = False
-    # Setting this to a non-zero value, will default the client UA always to connect over https.
-    # Unclear how or if this possibly affects other *.astron.nl domains. Especially, if these do
-    # not support https whether this option then breaks those http-only locations.
-    # SECURE_HSTS_SECONDS = 31536000
-
-
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',

atdb/docker/docker-compose-atdb-ldv-acc-cd.yml

@@ -29,4 +29,6 @@ services:
 
     depends_on:
       - atdb-ldv-db
+    env_file:
+      - /data/shared/atdb_ldv.env
     restart: always

atdb/docker/docker-compose-atdb-ldv-acc.yml

@@ -34,4 +34,6 @@ services:
 
     depends_on:
       - atdb-ldv-db
+    env_file:
+      - /data/shared/atdb_ldv.env
     restart: always

atdb/docker/docker-compose-production-cd.yml

@@ -23,4 +23,6 @@ services:
       - "traefik.http.routers.atdb-backend.service=atdb-backend"
       - "traefik.http.routers.atdb-backend.rule=Host(`sdc.astron.nl`) && PathPrefix(`/atdb`)"
       - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
+    env_file:
+      - $HOME/shared/atdb_ldv.env
     restart: always

atdb/docker/docker-compose-production.yml

@@ -22,4 +22,6 @@ services:
       - "traefik.http.routers.atdb-backend.service=atdb-backend"
       - "traefik.http.routers.atdb-backend.rule=Host(`sdc.astron.nl`) && PathPrefix(`/atdb`)"
       - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
+    env_file:
+      - $HOME/shared/atdb_ldv.env
     restart: always

atdb/taskdatabase/templates/taskdatabase/index.html

@@ -44,7 +44,7 @@
     </div>
     {% include 'taskdatabase/pagination.html' %}
 </div>
-    <p class="footer"> Version 1.0.0 (11 feb 2021 - 14:00)
+    <p class="footer"> Version 1.0.0 (11 feb 2021 - 16:15)
     <script type="text/javascript">
         (function(seconds) {
             var refresh,