Skip to content
Permalink
Browse files

WIP - only enable if key set

  • Loading branch information...
shmish111 committed Jun 12, 2019
1 parent ff1ca44 commit 33ddf9ebf7bc64326c868b75f2566c73ca634635
@@ -1 +1,9 @@
# deployment-server

The deployment server listens for the github `pull_request` web hook, if the event has the `merged_at` attribute set then it will `nixops deploy` the `origin/master` branch from where it is running.

Note that for simplicity it will exclude the `nixops` machine so if you make changes to that machine configuration you will need to deploy manually. One of the issues is that if a change is made to the deployment server service then it will restart _during_ the deployment and end the deployment early.

## Deployment

The deployment server is run on the nixops server however it is only enabled if the `githubWebhookKey` is present in `secrets.json`.
@@ -30,8 +30,8 @@ deploy event configDir stateFile extraIncludes = withSystemTempDirectory "deploy
runIn nixopsDir $ "cp" <+> configDir <> "/*.json ."
putStrLn $ "deploy" <+> deployment
runIn nixopsDir $ "nixops modify ./default.nix ./network.nix" <+> args
runIn nixopsDir $ "nixops deploy --exclude nixops" <+> args
pure ()
(exitCode, _, _) <- readIn nixopsDir $ "nixops deploy --exclude nixops" <+> args
putStrLn $ "finished deployment with exit code " <> show exitCode
where
runIn dir = runProcess . setWorkingDir dir . shell
readIn dir = readProcess . setWorkingDir dir . shell
@@ -5,6 +5,7 @@ let
machines = (plutus.pkgs.lib.importJSON ./machines.json);
overlays = import ./overlays.nix;
secrets = (plutus.pkgs.lib.importJSON ./secrets.json);
enableGithubHooks = plutus.pkgs.lib.hasAttr "githubWebhookKey" secrets;
deploymentConfigDir = plutus.pkgs.copyPathToStore ../nixops ;
githubhooks = plutus.haskellPackages.deployment-server;
mkConfig = redirectUrl: name: plutus.pkgs.writeTextFile {
@@ -42,7 +43,7 @@ let
meadowA = serverTemplate.mkInstance meadowOptions machines.meadowA;
meadowB = serverTemplate.mkInstance meadowOptions machines.meadowB;
nixops = prometheusTemplate.mkInstance
(options // {configDir = deploymentConfigDir; inherit githubhooks;})
(options // {configDir = deploymentConfigDir; inherit githubhooks enableGithubHooks;})
{dns = "nixops.internal.${machines.environment}.${machines.plutusTld}";
ip = "127.0.0.1";
name = "nixops"; };
@@ -1,4 +1,4 @@
{ mkInstance = { machines, defaultMachine, secrets, githubhooks, configDir, ... }: node: { config, pkgs, lib, ... }:
{ mkInstance = { machines, defaultMachine, secrets, githubhooks, configDir, enableGithubHooks, ... }: node: { config, pkgs, lib, ... }:

let
servers = [machines.meadowA machines.meadowB machines.playgroundA machines.playgroundB];
@@ -182,7 +182,7 @@ in
};

systemd.services.githubhooks = {
enable = true;
enable = enableGithubHooks;
path = ["${githubhooks}" pkgs.git pkgs.nixops pkgs.nix pkgs.gnutar pkgs.gzip ];
script = "deployment-server-exe --keyfile ${configDir}/secrets.json --port 8080 --configDir ${configDir} --stateFile /root/.nixops/deployments.nixops --include nixos=/root/.nix-defexpr/channels/nixos --include nixpkgs=https://github.com/shmish111/nixpkgs/archive/c73222f0ef9ba859f72e5ea2fb16e3f0e0242492.tar.gz";
};

0 comments on commit 33ddf9e

Please sign in to comment.
You can’t perform that action at this time.