ci: refinie web deploy job

.gitlab-ci.yml

@@ -25,11 +25,17 @@ web:
   script:
     - >
       if [ "$RELEASE_TYPE" == "staging" ]; then
-        echo "Handle staging artifact here";
+        # USE GITLAB PROTECTED & MASKED CI VARIABLES TO PROVIDE THE FOLLOWING DATA!
+        # USE AN UNPRIVILIGED USER WITH ACCESS ONLY TO THIS DIRECTORY
+        # example: $STAGING_SCP_TARGET = deployuser@staging.environment.com:/path/for/web/data
+        sh static/scripts/ssh_deploy.sh $STAGING_SCP_TARGET $STAGING_TARGET_SSH_PRIVATE_KEY
       fi
 
       if [ "$RELEASE_TYPE" == "production" ]; then
-        echo "Handle production artifact here";
+        # USE GITLAB PROTECTED & MASKED CI VARIABLES TO PROVIDE THE FOLLOWING DATA!
+        # USE AN UNPRIVILIGED USER WITH ACCESS ONLY TO THIS DIRECTORY
+        # example: $PRODUCTION_SCP_TARGET = deployuser@production.environment.com:/path/for/web/data
+        sh static/scripts/ssh_deploy.sh $PRODUCTION_SCP_TARGET $PRODUCTION_TARGET_SSH_PRIVATE_KEY
       fi
   artifacts:
     untracked: false

Dockerfile

@@ -10,7 +10,8 @@ RUN apt-get update && \
     apt-get install -y --no-install-recommends \
     xmlstarlet \
     ruby-full \
-    zip
+    zip \
+    openssh-client
 
 RUN gem install bundler
 

Makefile

@@ -27,7 +27,7 @@ web-build: configuration-web
 	cd app && ionic build --prod
 
 web: web-build
-	cd app && zip -r ../www.zip www
+	cd app/www && zip -r ../../www.zip .
 	echo "Web application artifact for version ${VERSION} is archived in www.zip"
 
 prepare-android: configuration-android

app.conf.sample

@@ -20,6 +20,7 @@ APPLE_API_KEY_ID="123ACAB456"                                   # Your API key i
 APPLE_API_KEY_ISSUER_ID="1234578-1234-1234-1234-12345678901"    # Your API key issuer id
 
 # Provide the following environment variable in a secure fashion.
+# When used in CI protect and mask the variable.
 # Don't change the following line!
 APPLE_API_KEY_CONTENT="${APPLE_API_KEY_CONTENT:-'unset'}"       # Base64 encoded contents of Apple API key file (.p8 file) 
 
@@ -29,6 +30,7 @@ APPLE_API_KEY_CONTENT="${APPLE_API_KEY_CONTENT:-'unset'}"       # Base64 encoded
 ANDROID_PACKAGE_NAME="de.anyschool.app.android"                           # Your Google Playconsole app package name
 
 # Provide the following environment variables in a secure fashion.
+# When used in CI protect and mask the variables.
 # Don't change the following lines!
 ANDROID_API_KEY_CONTENT="${ANDROID_API_KEY_CONTENT:-'unset'}"             # Base64 encoded contents of your API key file (.json file)
 ANDROID_KEYSTORE_PASSWORD="${ANDROID_KEYSTORE_PASSWORD:-'unset'}"         # Passwort to your keyfile

static/scripts/ssh_deploy.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+set -e
+
+SSH_DEPLOY_TARGET=$1
+SSH_DEPLOY_TARGET="${SSH_DEPLOY_TARGET:-"missingtarget"}"
+
+SSH_PRIVATE_KEY=$2
+SSH_PRIVATE_KEY="${SSH_PRIVATE_KEY:-"missingkey"}"
+
+GOTO_FAIL=false
+
+if [ "$SSH_DEPLOY_TARGET" = "missingtarget" ]; then
+  echo "SSH target for web deployment job is unset!"
+  GOTO_FAIL=true
+fi
+
+if [ "$SSH_PRIVATE_KEY" = "missingkey" ]; then
+  echo "SSH key for web deployment job is unset!"
+  GOTO_FAIL=true
+fi
+
+if [ "$GOTO_FAIL" = true ]; then
+  return 1  
+fi
+
+IFS='@' read -ra TARGET_COMPONENTS <<< "$SSH_DEPLOY_TARGET"
+
+SSH_DEPLOY_TARGET_USER="${TARGET_COMPONENTS[0]:-"missinguser"}"
+
+IFS=':' read -ra TARGET_COMPONENTS <<< "$TARGET_COMPONENTS"
+
+SSH_DEPLOY_TARGET_HOST="${TARGET_COMPONENTS[0]:-"missinghost"}"
+SSH_DEPLOY_TARGET_PATH="${TARGET_COMPONENTS[1]:-"missingpath"}"
+
+## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
+## We're using tr to fix line endings which makes ed25519 keys work
+## without extra base64 encoding.
+## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
+##
+echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+##
+## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
+## with your own domain name. You can copy and repeat that command if you have
+## more than one server to connect to.
+
+mkdir -p ~/.ssh
+chmod 700 ~/.ssh
+ssh-keyscan $SSH_DEPLOY_TARGET_HOST >> ~/.ssh/known_hosts
+chmod 644 ~/.ssh/known_hosts
+
+scp www.zip "$SSH_DEPLOY_TARGET"
+ssh "$SSH_DEPLOY_TARGET_USER@$SSH_DEPLOY_TARGET_HOST" "cd $SSH_DEPLOY_TARGET_PATH && unzip -o www.zip && rm -f www.zip"