An automated deployment process for several Libero standard projects, targeting a single VM infrastructure at first, instantiated in multiple environments.
To:
unstable: everymasterbuild of this repository deploys the newest versions of the projects.demo: pushing a new git tag to thelibero/environmentsGithub repository using the prefixlatest/deploys the latest docker images to the demo environment.
deploy.sh logs in into a target VM over SSH to run a deployment command that should be present there. The VM is expected to maintain state across deployments:
- storing the deployed project revision
- keeping any non-deployed project around
- keeping the last used revision of that non-deployed project as the revision to run
By default, deploy.sh uses latest-revision.sh to find out the most recent revision of each project to deploy. A future development is to allow specific versions to be passed in.
Eventually deploy.sh can accept new revisions of some projects passed as an argument, for example by customizing its Travis CI build.
The remote-deploy.sh script is checks out a repository like sample-configuration, and executes docker-compose with customized environment variables.
Some of the variables, like secrets, can be put in place by infrastructure. The variables such as the projects revisions should be passed in from here instead.
Every new deployment modifies one or more of the projects revisions, and restart the services in docker-compose.
keys/ contains SSH private keys to access the servers to deploy on. These keys are encrypted transparently using git-crypt so they should show in plain text after git crypt unlock.
Travis CI can access these keys because it has been added as one of the git-crypt users. Its git-crypt key is stored safely via travis encrypt. All new keys/ items can be added transparently, Travis CI will be able to access them.
Refer to the infrastructure repository documentation on secrets management for details on git-crypt usage.
Log in into the server:
ssh -i keys/single-node--unstable.key ubuntu@unstable.libero.pub
Take down all the containers, since they would keep the volumes in use:
docker-compose -f docker-compose.yml -f docker-compose.secrets.yml down --volumes
Remove and recreate external volumes:
.docker/remove-volumes.sh
.docker/initialize-volumes.sh
Start all the services again:
docker-compose -f docker-compose.yml -f docker-compose.secrets.yml up --force-recreate --detach
Run smoke tests:
PUBLIC_PORT_HTTP=80 PUBLIC_PORT_HTTPS=443 .travis/smoke-test.sh