Rewrite server deploy script #1793
Conversation
This requires renaming `private/secret.json` to `private/secret-production.json` in the working tree used for deployment.
paulmelnikow
added
the
operations
Makefile
Outdated
| cp private/secret-production.json ${SERVER_TMP}/private/secret.json | ||
| cp Verdana.ttf ${SERVER_TMP} | ||
| git -C ${SERVER_TMP} add private/secret.json Verdana.ttf | ||
| git -C ${SERVER_TMP} commit -m '[DEPLOY] MUST NOT BE ON GITHUB' |
There was a problem hiding this comment.
That is a significant change in behavior. It feels like it does more than just use secret-production.json instead of secret.json. Could you explain this change further please?
There was a problem hiding this comment.
Without a working tree, the solution as far as I can see is to:
- Back up the existing
private/secret.json, if it exists - Copy
private/secret-production.jsontoprivate/secret.json - Check it in
- Restore the original
private/secret.jsonafterward
That has more moving parts than I'd like, seems brittle, and also seems like it could result in accidental data loss.
By moving the branch manipulation into a separate working tree, private/secret.json can be copied for deployment without needing to preserve the original.
The other change is how the branching is handled, which I'll respond to below.
Makefile
Outdated
| git checkout master | ||
| rm -rf ${SERVER_TMP} | ||
| git worktree prune | ||
| git worktree add -B production ${SERVER_TMP} |
There was a problem hiding this comment.
The use of git worktree feels a bit like tempting the devil. The use of -B in particular risks losing information without realizing.
In general, I prefer having deployment procedures so dumb that it takes a lot for them to go wrong, and when they do, they are dumb enough that it is simple to fix them.
There was a problem hiding this comment.
Yes, I agree that deployment procedures should be as easy to reason about as possible. If they fail, they should fail in very safe ways.
To that end, I'd like to avoid modifying the existing working tree during deployment. I'd also like to avoid branch switching to make sure the current ref gets deployed. In the current process, if two servers are deployed at once, I believe the second one will get master. I'd also like to deploy the exact same front-end build to each server. There's no need to build it again and it's one less thing to reason about.
When I was working on #1774 I was initially reluctant to use git worktree, mostly because I don't like adding new tooling that isn't necessary. The other alternative I experimented with was copying or re-cloning to an entirely separate working copy. This was messier and more brittle than using git worktree.
I'm not thrilled with using -B. I took it from the github pages deploy, which starts with a git checkout -B gh-pages.
Before my change, the deploy commits happen on a detached head. Nothing is deleted in the process, however it's deleted right afterward. Without a branch, it's difficult to inspect what was pushed to the server. I don't like deleting data. However, it is not surprising that a deploy process would clobber a branch named production. I'd rather reserve a branch for the production deploy work than do it all on a detached head that gets tossed right after it runs.
Would you be more comfortable using a name that was really explicit like server-deploy-working-branch?
There was a problem hiding this comment.
#1941 is another issue with the current scripts. git worktree has been working more reliably for deploy-gh-pages than the current deploy is for the servers.
Yes, the deploy process should be safe, simple, and reliable. Using worktree makes it safer, by not doing the work inside a tree, and in a way throws away less because the deploy branch sticks around after the deploy is done. It also lets you push the same build to each machine rather than running a new build for each one. Let's not rush this discussion; I'll circle back. |
Generated by 🚫 dangerJS |
|
I can confirm that the current scripts, when aborted in the middle, leave a deploy commit hanging on the working copy. When I reset to last commit from master, Verdana.ttf, the server config, and the build are removed from the working copy. Any thoughts about my comments? |
|
I continue to encounter issues where I accidentally run things using production credentials while deploying. I feel it's necessary to move forward with this. I will update it in light of #2178 and then it would be great if someone would please give a cursory 👍to merge it. |
# Conflicts: # .prettierignore
paulmelnikow
changed the title
There was a problem hiding this comment.
Accepting that I can't test this and haven't run it, I've had a read through the code and I can't see anything that looks obviously wrong or buggy. If this is the process you are actually using to deploy the site, I think it makes sense for the repo to reflect reality in this respect.
As an additional risk mitigation, do you think we should set up any branch names used in deployment with a branch protection rule in https://github.com/badges/shields/settings/branches to prevent us accidentally pushing it to GH?
|
This shouldn't be a blocker for this PR, but for the front-end part of the build/deploy, have you ever looked at this package: https://github.com/tschaub/gh-pages ? |
It's not a bad idea. I just added branch protection for |
|
Okay, this is updated. I'll re-test it on a real deploy before merging. Added: Done! |
I haven't run this yet but I will do that when I run the deploy later today. Would appreciate an "eyeballs" review first!To run this requires renaming
private/secret.jsontoprivate/secret-production.jsonin the working tree used for deployment.Goals:
masteris deployed, leaveHEADalone; don't reset tomasterThis makes use of Git working trees, which is a relatively new but stable feature in Git. I was initially reluctant to use git worktree, mostly because I don't like adding new tooling that isn't necessary. The other alternative I experimented with was copying or re-cloning to an entirely separate working copy. This was messier and more brittle than using
git worktree.cc @espadrine