add pipeline logic and dockerfile

.gitlab-ci.yml

+workflow:
+  rules:
+    # NOTE: don't run pipeline if commit is a Merge/Pull-Request
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: 'never'
+    # Otherwise:
+    - when: 'always'
+
+variables:
+  version: '0.0.$CI_PIPELINE_IID'
+  k8sVersion: '1.20.5'
+
+stages:
+  - build
+  - test
+  - deploy
+  - release
+
+
+job_build-image:
+  stage: build
+  tags:
+    - docker-privileged
+  image: docker:20.10.12
+  services:
+    - name: docker:20.10.12-dind
+  script:
+    - docker build
+        --file "./Containerfile"
+        --tag "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+        "./"
+    # NOTE: push image to local registry so that it can be accessed in subsequent jobs
+    - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
+    - docker push "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+  after_script:
+    - docker image rm --force "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+
+job_test-image:
+  stage: test
+  tags:
+    - docker-privileged
+  image: docker:20.10.12
+  services:
+    - name: docker:20.10.12-dind
+      alias: containerhost
+  variables:
+    # NOTE: some random port that hopefully is free on the runner
+    outerPort: '38080'
+  before_script:
+    - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
+    - docker pull "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+  script:
+    - docker run
+        --detach
+        --publish "${outerPort}:8080"
+        --name "${CI_PROJECT_ID}-${CI_PIPELINE_IID}"
+        "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+        ./main.js --port 8080
+    - |
+      attempts=1
+      while (wget "http://containerhost:${outerPort}" 2>&1 || true) | grep 'Connection refused' && [ "${attempts}" -lt 5 ]; do
+        sleep 1 && echo sleeping
+        attempts=$((attempts + 1))
+      done
+    - (wget --no-cache --quiet --output-document - "http://containerhost:${outerPort}/health" | docker run --rm --interactive stedolan/jq -e '.status == "pass"')
+        || (echo 'Test failed' && exit 1)
+  after_script:
+    # NOTE: clean up after test run (stop and remove container)
+    - docker rm --force "${CI_PROJECT_ID}-${CI_PIPELINE_IID}"
+
+
+job_deploy-new-version:
+  stage: deploy
+  needs:
+    - job_build-image
+    - job_test-image
+  tags:
+    - docker
+  image:
+    name: quay.io/bitnami/kubectl:1.20.5
+    entrypoint: ['']
+  script:
+    - VERSION="${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+    - IMAGE="${CI_REGISTRY_IMAGE}:${VERSION}"
+    - DEPLOYMENT_MANIFEST=$(sed -e "s,{{image}},${IMAGE},g" ./infra/deployment.yaml.tmpl)
+    - echo "${DEPLOYMENT_MANIFEST}" | kubectl apply
+        --kubeconfig ${SECRET_KUBECONFIG_PATH}
+        --namespace devops-lecture-showcase
+        --filename -
+
+
+job_create-release:
+  stage: release
+  only:
+    - stable
+  needs:
+    - job_build-image
+  tags:
+    - docker-privileged
+  image: docker:20.10.12
+  services:
+    - name: docker:20.10.12-dind
+  before_script:
+    - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
+    - docker pull "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}"
+  script:
+    - VERSION=$(cat ./src/package.json | docker run --interactive stedolan/jq --raw-output '.version')
+    - docker tag "${CI_REGISTRY_IMAGE}:${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}" "${CI_REGISTRY_IMAGE}:${VERSION}"
+    - docker push "${CI_REGISTRY_IMAGE}:${VERSION}"
+    - git tag "v${VERSION}" && git push origin "v${VERSION}"
+  after_script:
+    - docker image rm --force
+        $(docker images --format '{{.Repository}}{{.Tag}}' | grep '${CI_REGISTRY_IMAGE}')
+
+job_deploy-new-release:
+  only:
+    - stable
+  tags:
+    - docker-privileged
+  image: docker:20.10.12
+  services:
+    - name: docker:20.10.12-dind
+  script:
+    - VERSION=$(cat ./src/package.json | docker run --interactive stedolan/jq --raw-output '.version')
+    - IMAGE="${CI_REGISTRY_IMAGE}:${VERSION}"
+    - DEPLOYMENT_MANIFEST=$(sed -e "s/{{image}}/${IMAGE}/g" infra/deployment.yaml.tmpl)
+    - echo "${DEPLOYMENT_MANIFEST}" | docker run
+        --rm
+        --volume ${SECRET_KUBECONFIG_PATH}:/.kube/config
+        quay.io/bitnami/kubectl:1.20.5
+        apply --namespace devops-lecture-showcase --filename -
+
+
+job_update-infra:
+  stage: deploy
+  rules:
+    - changes:
+        - infra/*
+  tags:
+    - docker
+  image:
+    name: quay.io/bitnami/kubectl:1.20.5
+    entrypoint: ['']
+  script:
+    - kubectl apply
+        --kubeconfig ${SECRET_KUBECONFIG_PATH}
+        --namespace devops-lecture-showcase
+        --filename ./infra

Containerfile

+# NOTE: image from quay.io (e.g. quay.io/fedora/fedora:36) is incompatible with Docker
+#       (broken DNS resolution). If you want to take images from quay.io, use Podman
+FROM alpine
+
+ARG NODEJS_VERSION='16.9.0'
+
+
+ENV CNTROOT=/opt/ctnroot
+
+RUN dnf update -y \
+    && dnf install -y curl jq \
+    && dnf clean -y all
+
+WORKDIR ${CNTROOT}
+RUN ARCHIVE_FILE_NAME="node-v${NODEJS_VERSION}-linux-x64.tar.gz" \
+    && curl --silent --remote-name --location \
+        "https://nodejs.org/dist/v${NODEJS_VERSION}/${ARCHIVE_FILE_NAME}" \
+    && tar -vxz \
+           -C "${CNTROOT}" \
+           --strip 1 \
+           -f "./${ARCHIVE_FILE_NAME}" >/dev/null 2>&1 \
+    && rm -rf ${ARCHIVE_FILE_NAME}
+
+
+ENV \
+    HOME=/opt/ctnroot/src \
+    PATH=/opt/ctnroot/src/bin:/opt/ctnroot/bin:${PATH}
+
+WORKDIR ${HOME}
+COPY ./src/* ./
+RUN npm install --production
+
+RUN groupadd --gid 2002 ctnrgroup \
+    && useradd --uid 1001 --system --gid 2002 --home-dir ${HOME} \
+            --shell /sbin/nologin --comment "ctnr user" \
+            ctnruser \
+    && chown -R 1001:2002 ${CNTROOT}
+
+USER 1001
+
+ENTRYPOINT [ "node" ]
+CMD [ "./main.js", \
+        "--port", "8023" \
+]
+
+EXPOSE 8023