Skip to content

Latest commit

 

History

History
190 lines (164 loc) · 6.17 KB

README.md

File metadata and controls

190 lines (164 loc) · 6.17 KB
Raw

deployment-documentation

Documentation on how Squeeble sets up a deployment pipeline. This documentation is published online for transparency.

We think transparency is importent since Squeeble is a privacy first company.

Deploy keys

Setting up your deploy key so the workflows can clone the repository. Do this per server instance so when one server is compromised we can delete the deployment key linked to that server.
This required for the following types of repositories:

  • Private with write and/or read access
  • Public with write access

Base documentation comes from GitHub Docs

  1. The first step is to generate a new ssh key on the server.
    So ssh in there on the correct account 
    cd ~/.ssh/
ssh-keygen -t ed25519
    ssh-keygen requests a file name. To not lose track of the ssh key and repository link we recommend you to give it the repository name. Otherwise you can name it and have a secure note that links them together.
  2. In the sidebar, click Deploy Keys.
  3. Click Add deploy key.
  4. In the "Title" field, provide a title of the key name or alias and server identification (if
  5. In the "Key" field, paste your public key.
    To get the public key you can do 
    cat <deploy-key-name>.pub
  6. Click Add key

Secrets and veriables

  1. In the sidebar, click Secrets and veriables.
  2. Click Actions from the unvolded menu.
  3. Click New repository secret
  4. Set the "Name" to REPO_SSH_NAME for reusability of our workflows
  5. At the Deploy keys step we have named the deploy key.
    We need to set this as the "Secret"
  6. Head to the tab Variables
  7. Click New repository variable
  8. Set the "Name" to REPO_NAME for reusability of our workflows
  9. Set the "Value" to the repository name as it shows in the URL
  10. Head back the tab Secrets
  11. Now select Manage organization secrets
    (or let someone with acces do the following steps)
  12. Add your repository for the following secrets:
    • GHA_PW
    • GHA_SSH
    • GHA_USER
    • MAIN_IP

Docker

  1. Create the following dockerfiles for the project depending on environments
    (We do not include an example since they can be vastly different. Depending on project)

    • prd.dockerfile
    • rcp.dockerfile (optional)
    • acc.dockerfile (optional)
    • dev.dockerfile

  2. Setup a docker-compose.yml

    version: '3'

services:
  prd:
    container_name: <repo-name>-prd
    build:
      context: .
      dockerfile: prd.dockerfile
      ports:
        -  '0000:0000'
  acc:
    container_name: <repo-name>-acc
    build:
      context: .
      dockerfile: acc.dockerfile
      ports:
        -  '0001:0001'
  dev:
    container_name: <repo-name>-dev
    build:
      context: .
      dockerfile: dev.dockerfile
      ports:
        -  '0002:0002'

    Keep the services that are relevant for the project or add more when missing

  3. Make sure locally docker compose up <service> works before continueing

Nginx

To have the reverse proxy pickup our project we have /nginx folder in the root of the repository. Here we will have the following configs: (We do not include an example since they can be vastly different. Depending on project)

  • prd.conf
  • rcp.conf (optional)
  • acc.conf (optional)
  • dev.conf

Workflows

We currently have 2 default workflows copy them to the /.github/workflows directory or create it.

  • Production deploy-prd.yml

    name: Deploy Node.js CI - DO-001

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: [ubuntu-22.04]
    env:
      NODE_ENV: production

    steps:
      - name: Deploy production
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.MAIN_IP }}
          username: ${{ secrets.GHA_USER }}
          key: ${{ secrets.GHA_SSH }}
          passphrase: ${{ secrets.GHA_PW }}
          script: |
            eval `ssh-agent -s`
            cd ./_server/${{ vars.REPO_NAME }}/prd/
            rm -rf ./${{ vars.REPO_NAME }}
            ssh-add ~/.ssh/${{ secrets.REPO_SSH_NAME }}
            git clone [email protected]:squeeble-ink/${{ vars.REPO_NAME }}.git
            cd ./${{ vars.REPO_NAME }}
            rm ./nginx/dev.conf
            docker compose up prd -d --build

  • Development deploy-dev.yml

    name: Deploy Node.js CI - DO-001

on:
  push:
    branches: [develop]

jobs:
  build:
    runs-on: [ubuntu-22.04]

    steps:
      - name: Deploy development
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.MAIN_IP }}
          username: ${{ secrets.GHA_USER }}
          key: ${{ secrets.GHA_SSH }}
          passphrase: ${{ secrets.GHA_PW }}
          script: |
            eval `ssh-agent -s`
            cd ./_server/${{ vars.REPO_NAME }}/dev/
            rm -rf ./${{ vars.REPO_NAME }}
            ssh-add ~/.ssh/${{ secrets.REPO_SSH_NAME }}
            git clone [email protected]:squeeble-ink/${{ vars.REPO_NAME }}.git
            cd ./${{ vars.REPO_NAME }}
            git checkout develop
            rm ./nginx/prd.conf
            docker compose up dev -d --build

When a project needs additional environment variables please do not forget to update the following files:

  • /.github/workflows/deploy-*.yml
  • /docker-compose.yml
  • /*.dockerfile

To fully deploy the repository we need to make sure these files get on the develop and main branch via Pull Requests

When that is all allright we need to do is a reload on the nginx instance on the server(s) So ssh in there on the correct account

sudo nginx -t

Check if the new nginx configs from the project are correct and if so run the next command.

sudo systemctl restart nginx

If this project has its own domain do not forget to update the DNS servers to point to the correct one.