stackoom
  简体   繁体   中英

How Can I Optimize My gitlab-ci.yml Any Ideas?

 原文  2020-09-17 13:41:02       git/ docker/ ssh/ gitlab/ gitlab-ci

Question

I Recently Maked A Pipeline For Myself To Auto Pull After A Tag Is Created In My Project In Gitlab

But It Has SERIOUS Security Issue Because I Use Echo Function In Docker Image To Import My Private Key

And My Public Key To Image

My Question Is

How Can I Read Public And Private Key From My Gitlab Profile Safely In Variables Helps Appreciated

## Author : RaminSubZero (0VERL0RD Corporation)

## PLEASE READ COMMENTS

## This CI Pulls Your Repository On Your Server With Some Statements

## This CI Triggers Only When You Make A Tag For Your Repo

## Start
image: trion/ng-cli-karma

## Setting Server Configuration For CI/CD Integration
## Config This Variables As You Need
## We Set This Stage Deploy 
deploy_stage:
  variables:
    SSH_PRIVATE_KEY_PATH : "/root/.ssh/id_rsa"
    SSH_PRIVATE_KEY : "-----BEGIN RSA PRIVATE KEY-----
    example
    -----END RSA PRIVATE KEY-----"
    SSH_PUBLIC_KEY : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQAexample3v3P RaminSub-Zero@PC"
    SERVER: "example.com"
    USER: "root"
    PORT: "22"
    PROJECT_DIR: "public_html/"
    BRANCH: "master"
  ## This Git Pre Commands Save Your Local Changes To Server For Allowing Save Your Custom Files In Server
  ## You Can Set This Variables Empty If You Want
  ## For Setting This Variables Empty Replace This Lines With This Code
  ## GIT_PRESAVE_COMMAND: ""
  ## GIT_POSTSAVE_COMMAND: ""
  ## Start Saving Variables
    GIT_PRESAVE_COMMAND: "&& git stash"
    GIT_POSTSAVE_COMMAND: "&& git stash apply"
  ## End Saving Variables
    CUSTOM_COMMAND: "" 
    CUSTOM_COMMAND2: ""
  ## You Can Run Any Command In Your Server You Want | For Example (CUSTOM_COMMAND: "&& systemctl restart nginx")
  ## Note : You Have To Use && First Of Your Command
  
  # Here We Set Rule For Trigger This CI Per Tag Release
  rules:
   - if: '$CI_COMMIT_TAG != null'
  stage: deploy
  script:
  - apt-get update
  - apt-get update -y && apt-get install openssh-client -y
  - mkdir /root/.ssh
  - chmod 777 /root/.ssh 
  - touch /root/.ssh/id_rsa /root/.ssh/id_rsa.pub
  - echo "$SSH_PRIVATE_KEY" > /root/.ssh/id_rsa ; echo "$SSH_PUBLIC_KEY" > /root/.ssh/id_rsa.pub
  - chmod 600 /root/.ssh/id_rsa.pub
  - chmod 600 /root/.ssh/id_rsa
  - ssh -o "StrictHostKeyChecking no" -i $SSH_PRIVATE_KEY_PATH $USER@$SERVER -p $PORT "cd $PROJECT_DIR $GIT_PRESAVE_COMMAND && git pull origin $BRANCH $GIT_POSTSAVE_COMMAND $CUSTOM_COMMAND $CUSTOM_COMMAND2 && exit"
## In The End We Exit From Server To Finish Our Updating Session

## End

1 answers

solution1
 1 ACCPTED  2020-09-17 14:05:23

You should remove the variable with private key from .gitlab-ci.yml and add it via UI: https://gitlab.com/help/ci/variables/README#create-a-custom-variable-in-the-ui . That way it won't be commited in the repository.

As for CI logs, you should move everything under script: to a separate *.sh file - then every line won't show separately in the logs.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I change gitlab-ci.yml file mid execution? How can I use different script in .gitlab-ci.yml depending on pushed branched Gitlab-ci.yml Configuration Why my delpoy stage was not recognizedin gitlab-ci.yml? How to do a simple pull with gitlab-ci.yml? Multiple Docker images in .gitlab-ci.yml Gitlab-ci.yml to create merge reqeust Are predefined variables in Gitlab CI/CD avaliable in .gitlab-ci.yml? Is there any way to change branch name automatically inside the .gitlab-ci.yml file? .gitlab-ci.yml Gitlab Deploy SFTP Not Working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM