Auto-deploy to production #106
Comments
Without this change, someone needs to verify that the automated deployment to the test environment succeeded and then manually type two or three commands to deploy to production. At the moment, there is only one person who has ever done such production deployments. With this change, however, the deployment to the test environment gets verified by visiting a URL that exposes the current deployed version. When the body of a request sent to that URL returns the same string as the version (tag) sent to this deployment job, this action can safely conclude that the test deployment has succeeded. How and why can it make such a haughty conclusion? Several reasons: * The `deploy.sh` script saves the new version only on success. * The server in the `reverse-proxy` container serves the version that the `deploy.sh` script wrote. * The `reverse-proxy` container does not start until the `database` and `web` containers are running according to docker health checks. In other words, accessing this version string implies that the state of the environment is OK. If the version string matches in the test environment, this gives some confidence that auto-deploying to the production environment is relatively safe. Therefore it auto-deploys to production. This means that merging pull requests in the `service` repository is sufficient to cause automatic deployments to production and at the same time the production deployment is safe due to the same steps having run for a deployment to test. It means no more asking for some person to deploy to production anymore! Issue #106 Auto-deploy to production
Without this change, someone needs to verify that the automated deployment to the test environment succeeded and then manually type two or three commands to deploy to production. At the moment, there is only one person who has ever done such production deployments. With this change, however, the deployment to the test environment gets verified by visiting a URL that exposes the current deployed version. When the body of a request sent to that URL returns the same string as the version (tag) sent to this deployment job, this action can safely conclude that the test deployment has succeeded. How and why can it make such a haughty conclusion? Several reasons: * The `deploy.sh` script saves the new version only on success. * The server in the `reverse-proxy` container serves the version that the `deploy.sh` script wrote. * The `reverse-proxy` container does not start until the `database` and `web` containers are running according to docker health checks. In other words, accessing this version string implies that the state of the environment is OK. If the version string matches in the test environment, this gives some confidence that auto-deploying to the production environment is relatively safe. Therefore it auto-deploys to production. This means that merging pull requests in the `service` repository is sufficient to cause automatic deployments to production and at the same time the production deployment is safe due to the same steps having run for a deployment to test. It means no more asking for some person to deploy to production anymore! Since "send tag to machine" is indecipherable, the action is renamed. Issue #106 Auto-deploy to production
Without this change, someone needs to verify that the automated deployment to the test environment succeeded and then manually type two or three commands to deploy to production. At the moment, there is only one person who has ever done such production deployments. With this change, however, the deployment to the test environment gets verified by visiting a URL that exposes the current deployed version. When the body of a request sent to that URL returns the same string as the version (tag) sent to this deployment job, this action can safely conclude that the test deployment has succeeded. How and why can it make such a haughty conclusion? Several reasons: * The `deploy.sh` script saves the new version only on success. * The server in the `reverse-proxy` container serves the version that the `deploy.sh` script wrote. * The `reverse-proxy` container does not start until the `database` and `web` containers are running according to docker health checks. In other words, accessing this version string implies that the state of the environment is OK. If the version string matches in the test environment, this gives some confidence that auto-deploying to the production environment is relatively safe. Therefore it auto-deploys to production. This means that merging pull requests in the `service` repository is sufficient to cause automatic deployments to production and at the same time the production deployment is safe due to the same steps having run for a deployment to test. It means no more asking for some person to deploy to production anymore! Since "send tag to machine" is indecipherable, the action is renamed. Issue #106 Auto-deploy to production
Without this change, someone needs to verify that the automated deployment to the test environment succeeded and then manually type two or three commands to deploy to production. At the moment, there is only one person who has ever done such production deployments. With this change, however, the deployment to the test environment gets verified by visiting a URL that exposes the current deployed version. When the body of a request sent to that URL returns the same string as the version (tag) sent to this deployment job, this action can safely conclude that the test deployment has succeeded. How and why can it make such a haughty conclusion? Several reasons: * The `deploy.sh` script saves the new version only on success. * The server in the `reverse-proxy` container serves the version that the `deploy.sh` script wrote. * The `reverse-proxy` container does not start until the `database` and `web` containers are running according to docker health checks. In other words, accessing this version string implies that the state of the environment is OK. If the version string matches in the test environment, this gives some confidence that auto-deploying to the production environment is relatively safe. Therefore it auto-deploys to production. This means that merging pull requests in the `service` repository is sufficient to cause automatic deployments to production and at the same time the production deployment is safe due to the same steps having run for a deployment to test. It means no more asking for some person to deploy to production anymore! Since "send tag to machine" is indecipherable, the action is renamed. Issue #106 Auto-deploy to production
|
I just tested the guard against production deployment (by pushing a tag on a branch) and that part seemed to work, see https://github.com/PhilanthropyDataCommons/deploy/actions/runs/8468483885/job/23201622661: However the test deployment did not work. And I don't think the SSH stuff needs to be passed to the action that checks for a tag to be in main. |
Before this commit, the `KNOWN_HOSTS` variable was not sent to `trigger_deployment.sh`, causing failures. It also seems inappropriate to pass secrets to 3rd-party actions if avoidable, so this commit also removes access to the secrets for the action that checks for the given tag to be on the main branch. Issue #106 Auto-deploy to production
|
Oh, right, passing the same tag on the same (old) branch means the old workflow ran here: https://github.com/PhilanthropyDataCommons/deploy/actions/runs/8469064608/workflow, need to try a new tag on a rebased branch. |
|
The Locally, And the action partially works as expected in that it asks every 20 seconds successfully, nginx logs on the test host: And it timed out successfully after 10 minutes. However, it should have succeeded. I wonder if I passed the wrong variable name. There was some inconsistency in the documentation about snake_case versus camelCase. Uh, this is odd:
Those look pretty identical to me but maybe there's a whitespace difference. Yes, the presence of an empty line 17 means there's a newline while the expected body does not have the newline. |
|
Two options:
Because this version ends up in files on a GNU system, I think we should keep it and expect it (option 1). |
|
Surprise: it is not clear how to best represent a line terminator in YAML. yaml.info says you can use escape characters in a double-quoted string. I'll try the straightforward addition of |
Without this change, the CI action that asks which version is running in a target environment would fail because of a line terminator difference in the expected string versus the returned string. This change attempts to fix the issue by adding an escaped endline to the expected response body. Issue #106 Auto-deploy to production
|
Oh no, the function that reads the Next try: |
Without this change, the CI action that asks which version is running in a target environment would fail because of a line terminator difference in the expected string versus the returned string. This change attempts to fix the issue by using a regular expression that allows trailing whitespace. An attempt to add an escaped endline to the expected response body fails because inputs are trimmed in the action (at the time of this commit). Issue #106 Auto-deploy to production
|
The outstanding issues should be resolved. It is time to try the full pipeline beginning with a service repo merge. Edit: OK, I was hoping to find an easy dependabot PR to merge in Hmm, main branch check is not as expected either. It might be with the way it's doing a Probably that's an issue. Reproduced locally like this, following (most of) the commands run by the checkout action: And I do not see main in there. Suppose I do it without the |
In order to check whether the checked-out tag is part of the main branch, the tags (including branch names) need to be present for the check to succeed. Issue #106 Auto-deploy to production
In order to check whether the checked-out tag is part of the main branch, the tags (including branch names) need to be present for the check to succeed. Issue #106 Auto-deploy to production
|
Ah, here is how it's supposed to look when the check-if-this-tag-is-in-that-branch action successfully determines that it does not exist in that branch: The failures earlier were actual errors when running the action. This looks much better:
|
|
I pushed tag Good:
|
|
Apparently I enabled a protection rule at https://github.com/PhilanthropyDataCommons/deploy/settings/environments/556150864/edit a long time ago:
I'm removing that review requirement. |
|
It should work fine. If not, re-open. |
Last week I suggested it would not be a heavy lift to auto-deploy to production. The team requested it. In order to deploy to production more safely, I added PR #102 so that the deployment script can verify that deployment to test worked.
The text was updated successfully, but these errors were encountered: