CI/CD Pipeline

GitLab CI/CD configuration for the GSign platform.

Pipeline Overview

┌─────────┐    ┌─────────┐    ┌─────────┐
│  test   │ →  │  build  │ →  │ deploy  │
└─────────┘    └─────────┘    └─────────┘

Pipelines

Service	Test	Build	Deploy
HSM Backend	✅	-	✅
Backend	✅	✅	✅
Frontend	-	✅	✅
Documentation	-	✅	✅

Configuration

.gitlab-ci.yml is located in the project root.

Stages

stages:
  - test
  - build
  - deploy

HSM Backend

hsm-test:
  stage: test
  image: golang:1.21-alpine
  script:
    - cd hsm-backend
    - go mod download
    - go vet ./...
    - go test -v ./...

hsm-deploy:
  stage: deploy
  tags:
    - shell
  script:
    - cd hsm-backend
    - docker build -t gsign/hsm-backend .
    - docker run ... gsign/hsm-backend

Backend

backend-test:
  stage: test
  image: golang:1.21-alpine
  script:
    - cd gsign-backend
    - go mod download
    - go vet ./...
    - go test -v ./...

backend-build:
  stage: build
  tags:
    - shell
  script:
    - cd gsign-backend
    - docker build -t gsign-backend .

backend-deploy:
  stage: deploy
  tags:
    - shell
  script:
    - docker run -d -p 3000:8080 gsign-backend

Frontend

frontend-build:
  stage: build
  tags:
    - shell
  script:
    - cd gsign-frontend
    - docker build -t gsign-frontend .

frontend-deploy:
  stage: deploy
  tags:
    - shell
  script:
    - docker run -d -p 3002:3000 gsign-frontend

Documentation

docs-build:
  stage: build
  tags:
    - shell
  script:
    - cd gsign-docs
    - docker build -t gsign-docs .

docs-deploy:
  stage: deploy
  tags:
    - shell
  script:
    - docker run -d -p 3003:80 gsign-docs

GitLab Runners

Two runners are configured:

Docker Executor

• For running tests in isolated containers
• Uses Docker images (golang, node, etc.)

Shell Executor

• For building Docker images
• For deploying to the server
• Tag: shell

Environment Variables

Variable	Description
DB_PASSWORD	PostgreSQL password
REDIS_PASSWORD	Redis password
JWT_SECRET	JWT signing secret
HSM_API_KEY	HSM service API key
HSM_KEY_ENCRYPTION_KEY	HSM encryption key (32 bytes)

Set in GitLab → Settings → CI/CD → Variables.

Triggering Pipelines

Pipelines trigger on:

• Push to master branch
• Changes in specific directories

only:
  changes:
    - gsign-backend/**/*
  refs:
    - master

Health Checks

Each deploy job includes health checks:

- sleep 15
- |
  for i in 1 2 3 4 5; do
    if curl -sf http://localhost:3000/health; then
      echo "Health check passed!"
      exit 0
    fi
    sleep 3
  done
  exit 1

Viewing Pipelines

1. Go to GitLab: https://gitlab.gesign.mn
2. Navigate to: CI/CD → Pipelines
3. Click on a pipeline to see jobs
4. Click on a job to see logs

Rollback

To rollback to a previous version:

# SSH to server
ssh -i "esign.pem" ubuntu@16.171.135.212

# List images
docker images | grep gsign

# Run previous version
docker stop gsign-backend
docker rm gsign-backend
docker run -d --name gsign-backend ... gsign-backend:<previous-tag>

Manual Deployment

If CI/CD fails, deploy manually:

cd /home/ubuntu/gsign-master-prompts

# Backend
cd gsign-backend
docker build -t gsign-backend .
docker stop gsign-backend && docker rm gsign-backend
docker run -d --name gsign-backend -p 3000:8080 ... gsign-backend

# Frontend
cd gsign-frontend
docker build -t gsign-frontend .
docker stop gsign-frontend && docker rm gsign-frontend
docker run -d --name gsign-frontend -p 3002:3000 gsign-frontend