Gitlab CI SSH Deploy

  1. Create SSH Key on Remote host
 $ remote-server: ssh-keygen -o -t rsa -b 4096 -C "yoru@email.com"

2. Copy Generated Private key from remote Server

$ remote-server: cat .ssh/id_rsa

3. Save this Generated Private Key in to Gitlab as this case LIVE_SSH_KEY

4. Generate SS Key for gitlab-runner or root user from Gitlab Server

$gitlab-runner@gitlab-server: ssh-keygen -o -t rsa -b 4096

5. Write Gitlab Runner Public key on the Remote Server

$gitlab-runner@gitlab-server: cat ~/.ssh/id_rsa.pub | ssh yoursshusername@remote-server.com 'cat >> .ssh/authorized_keys'

Now, SSH without Password connection completed.

6. Creating our gitlab-ci.yml for Auto deployment (For information, in this example, i have two http request added for DB update actions and etc., if you not need, please not using this curl requests)

image:  ubuntu

before_script:
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
  - eval $(ssh-agent -s)
  - mkdir -p ~/.ssh
  - echo "$DEV_SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
  - chmod 700 ~/.ssh/id_rsa
  - eval "$(ssh-agent -s)"
  - ssh-add ~/.ssh/id_rsa
  - ssh-keyscan -H 'remote-server.com' >> ~/.ssh/known_hosts
  - apt-get install rsync -y -qq
  - apt-get install curl -y -qq

stages:
  - deploy_production
  - deploy_live



deploy_production:
  stage: deploy_production
  script:
    # Upload .htaccess for Waiting.
    - rsync -avz .htaccess_update_redirect sshusername@remote-server.com:./www/htdocs/your/production/directory/
    # Change .htaccess to .htaccess_live and .htaccess_update_redirect to .htaccess
    - ssh sshusername@remote-server.com "cd /www/htdocs/your/production/directory/ && mv .htaccess .htaccess_live && mv .htaccess_update_redirect .htaccess"
    # Upload new files without .git directory, .gitlab-ci.yml und .htaccess'S files
    - rsync -avzuh -e ssh ./ sshusername@remote-server.com:./www/htdocs/your/production/directory/ --progress --exclude '.git' --exclude '.gitlab-ci.yml' --exclude '.htaccess'  --exclude '.htaccess_lock'
    # DB UPDATE EXAMPLE
    - curl --request GET --url 'https://your-url.com/dbupdate.php?security=123' && curl --request GET --url 'https://your-url.com/sendEmail.php?security=123'
    # ROLLBACK THE .htaccess workflow
    - ssh sshusername@remote-server.com "cd /www/htdocs/your/production/directory/ && mv .htaccess .htaccess_lock && mv .htaccess_live .htaccess"
  only:
    - master

deploy_live:
  stage: deploy_live
  script:
    # Upload .htaccess for Waiting.
    - rsync -avz .htaccess_update_redirect sshusername@remote-server.com:./www/htdocs/your/live/directory/
    # Change .htaccess to .htaccess_live and .htaccess_update_redirect to .htaccess
    - ssh sshusername@remote-server.com "cd /www/htdocs/your/live/directory/ && mv .htaccess .htaccess_live && mv .htaccess_update_redirect .htaccess"
    # Upload new files without .git directory, .gitlab-ci.yml und .htaccess'S files
    - rsync -avzuh -e ssh ./ sshusername@remote-server.com:./www/htdocs/your/live/directory/ --progress --exclude '.git' --exclude '.gitlab-ci.yml' --exclude '.htaccess'  --exclude '.htaccess_lock'
    # DB UPDATE EXAMPLE
    - curl --request GET --url 'https://your-url.com/dbupdate.php?security=123' && curl --request GET --url 'https://your-url.com/sendEmail.php?security=123'
    # ROLLBACK THE .htaccess workflow
    - ssh sshusername@remote-server.com "cd /www/htdocs/your/live/directory/ && mv .htaccess .htaccess_lock && mv .htaccess_live .htaccess"
  only:
    - develop