From e9aa744d90bd8e36b80e7ea1eb0568735b55ced4 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 1 Dec 2023 13:46:38 -0600 Subject: [PATCH 01/21] feat: add deploy to live for general --- config.yml | 60 +++++++++++++++++++--- scripts/general/deploy-to-live | 39 ++++++++++++++ scripts/general/remote/backup | 45 ++++++++++++++++ scripts/general/remote/drush-commands | 24 +++++++++ scripts/general/remote/drush-config-import | 15 ++++++ scripts/general/remote/remote_deploy | 55 ++++++++++++++++++++ 6 files changed, 232 insertions(+), 6 deletions(-) create mode 100755 scripts/general/deploy-to-live create mode 100644 scripts/general/remote/backup create mode 100755 scripts/general/remote/drush-commands create mode 100755 scripts/general/remote/drush-config-import create mode 100644 scripts/general/remote/remote_deploy diff --git a/config.yml b/config.yml index 8bd6460..b27ca4b 100644 --- a/config.yml +++ b/config.yml @@ -304,6 +304,18 @@ jobs: - deploy-to-pantheon-env: environment: 'live' + deploy_to_live_general: + <<: *defaults + steps: + - checkout + - run: + name: setup-environment-vars + command: | + if [ -f "./.circleci/scripts/set-environment" ]; then + ./.circleci/scripts/set-environment + else + ./vendor/fourkitchens/pots/scripts/set-environment + fi # Run this on one of the main branches to push a release back to github. # # This usually will do things like create a change log and bump the version @@ -380,8 +392,7 @@ workflows: - 'master' build-deploy-acquia: when: - not: - equal: [ pantheon, << pipeline.parameters.host-variant >> ] + equal: [ acquia, << pipeline.parameters.host-variant >> ] jobs: - static_tests - build @@ -389,13 +400,50 @@ workflows: requires: - static_tests - build + - release: + requires: + - deploy + filters: + branches: + only: + - 'main' + - 'master' + build-deploy-general: + when: + equal: [ general, << pipeline.parameters.host-variant >> ] + jobs: + - static_tests: + filters: + branches: + ignore: /^deploy-.*$/ + - build: + filters: + branches: + ignore: /^deploy-.*$/ + - deploy: + requires: + - static_tests + - build + filters: + branches: + ignore: /^deploy-.*$/ + - approve_deploy_to_live: + type: approval + requires: + - deploy + filters: + branches: + only: + - 'deploy-main' + - 'deploy-master' + - deploy_to_live_general: + requires: + - approve_deploy_to_live filters: branches: only: - - main - - master - - develop - - /release-.*/ + - 'deploy-main' + - 'deploy-master' - release: requires: - deploy diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live new file mode 100755 index 0000000..6cbaf16 --- /dev/null +++ b/scripts/general/deploy-to-live @@ -0,0 +1,39 @@ +#!/bin/bash + +set -eo pipefail + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +if [[ -z "$DOCROOT" ]]; then + DOCROOT=web +fi + +if [[ -z "$REMOTE_PROJECT_ROOT" ]]; then + echo 'You must define $REMOTE_PROJECT_ROOT as an evnvironment variable.' + exit 1; +fi +if [[ -z "$SSH_COMMAND_LIVE" ]]; then + echo 'You must define $SSH_COMMAND_LIVE as an evnvironment variable.' + exit 1; +fi +if [[ -z "$DEPLOY_BRANCH" ]]; then + DEPLOY_BRANCH="$CI_BRANCH" +fi + +if [[ -z "$BACKUP_SCRIPT_PATH" ]]; then + BACKUP_SCRIPT_PATH="$SCRIPT_DIR/remote/backup" +fi +if [[ -z "$DEPLOY_SCRIPT_PATH" ]]; then + DEPLOY_SCRIPT_PATH="$SCRIPT_DIR/remote/remote_deploy" +fi +if [[ -z "$REMOTE_BACKUP_DIRECTORY" ]]; then + REMOTE_BACKUP_DIRECTORY="$REMOTE_PROJECT_ROOT/backups" +fi +if [[ -z "$DRUSH_CMD" ]]; then + DRUSH_CMD='./vendor/bin/drush' +fi +if [[ -z "$SYNC_CONIG" ]]; then + SYNC_CONFIG="YES" +fi + +$SSH_COMMAND_LIVE "bash -s " < "$BACKUP_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$REMOTE_BACKUP_DIRECTORY" "$DRUSH_CMD"; +$SSH_COMMAND_LIVE "bash -s " < "$DEPLOY_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$DEPLOY_BRANCH" "$DOCROOT" "$DRUSH_CMD" "$SYNC_CONFIG"; diff --git a/scripts/general/remote/backup b/scripts/general/remote/backup new file mode 100644 index 0000000..85ede18 --- /dev/null +++ b/scripts/general/remote/backup @@ -0,0 +1,45 @@ +#!/bin/bash + +set -eo pipefail + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +REMOTE_ENV_NAME="$1" +HOSTING_PATH="$2" +BACKUP_DIRECTORY="$3" +DRUSH_CMD="$3" + +if [[ -z "$REMOTE_ENV_NAME" ]]; then + echo "Argument 1: Remote Env Name is missing." + exit 1 +fi +if [[ -z "$HOSTING_PATH" ]]; then + echo "Argument 2: Hosting Path is missing." + exit 1 +fi +if [[ -z "$BACKUP_DIRECTORY" ]]; then + BACKUP_DIRECTORY="~/backups" + echo $BACKUP_DIRECTORY +fi +if [[ -z "$DRUSH_CMD" ]]; then + DRUSH_CMD='./vendor/bin/drush' +fi + +echo "Moving to $HOSTING_PATH" +cd "$HOSTING_PATH" + +if $DRUSH_CMD status | grep "Drupal version"; then + echo "$DRUSH_CMD is failing to bootstrap drupal. The build may not be complete. Aborting." + exit 1; +fi + +if [[ -f ./vendor/bin/drush ]]; then + if [[ ! -d "$BACKUP_DIRECTORY" ]]; then + echo "BACKUP DIRECTORY $BACKUP_DIRECTORY doesn't exit. Attempting to create it." + mkdir -p $BACKUP_DIRECTORY + fi + BACKUP_FILE="$BACKUP_DIRECTORY/$REMOTE_ENV_NAME-$( date +"%F_%T" ).sql.gz" + echo "Backing up DB for $HOSTING_PATH at $BACKUP_FILE" + ./vendor/bin/drush sql:dump --structure-tables-list=cache,cache_* --extra-dump=--no-tablespaces | gzip > "$BACKUP_FILE" +else + echo "./vendor/bin/drush doesn't exist. Must be the first time a deployment has ever happened." +fi diff --git a/scripts/general/remote/drush-commands b/scripts/general/remote/drush-commands new file mode 100755 index 0000000..5014886 --- /dev/null +++ b/scripts/general/remote/drush-commands @@ -0,0 +1,24 @@ +#!/bin/bash + +set -eo pipefail + +echo "Starting environment deploy commmands." +./vendor/bin/drush updb -y +echo "Clearing Drupal cache." +./vendor/bin/drush cr +# If exported configuration is available, then import it. +if [[ "$SYNC_CONFIG" != "NO" ]]; then + if [ -f "./.circleci/scripts/drush-config-import" ]; then + ./.circleci/scripts/drush-config-import + else + "$( dirname $0 )/drush-config-import" + fi +else + echo "SYNC_CONFIG is set to 'NO'. Leaving configuration alone." +fi + +# We make the assummption that this script is being run from the project root. +# Allow for post deployment hooks. +if [ -f "./.circleci/scripts/post-drush-commands" ]; then + ./.circleci/scripts/post-drush-commands +fi diff --git a/scripts/general/remote/drush-config-import b/scripts/general/remote/drush-config-import new file mode 100755 index 0000000..d30a53e --- /dev/null +++ b/scripts/general/remote/drush-config-import @@ -0,0 +1,15 @@ +#!/bin/bash + +set -eo pipefail + +# Check for a system.site.yml file somewhere in the config directory. +if find ./config -name "system.site.yml" | grep "./config" -q ; then + echo "Importing Configuration" + ./vendor/bin/drush config-import --yes +else + echo "We didn't import any configuration." +fi + +# Clear Drupal cache +echo "Clearing Drupal cache again." +./vendor/bin/drush drush -- cr diff --git a/scripts/general/remote/remote_deploy b/scripts/general/remote/remote_deploy new file mode 100644 index 0000000..6da7cee --- /dev/null +++ b/scripts/general/remote/remote_deploy @@ -0,0 +1,55 @@ +#!/bin/bash + +set -eo pipefail + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +HOSTING_ENV=$1 +HOSTING_PATH=$2 +RELEASE_BRANCH=$3 +DOCROOT=$4 +SYNC_CONFIG=$5 + +if [[ -z "$HOSTING_ENV" ]]; then + echo "Argument 1: Hosting Env is missing." + exit 1 +fi +if [[ -z "$HOSTING_PATH" ]]; then + echo "Argument 2: Hosting Path is missing." + exit 1 +fi +if [[ -z "$RELEASE_BRANCH" ]]; then + echo "Argument 3: Release Branch is missing." + exit 1 +fi +if [[ -z "$DOCROOT" ]]; then + DOCROOT=web +fi + +if [[ -z "$DRUSH_CMD" ]]; then + DRUSH_CMD='./vendor/bin/drush' +fi + +echo "Moving to $HOSTING_PATH" +cd "$HOSTING_PATH" + +if $DRUSH_CMD status | grep "Drupal version"; then + echo "$DRUSH_CMD is failing to bootstrap drupal. The build may not be complete. Aborting." + exit 1; +fi + +echo "Resetting site/default to writable so we can update settings files." +chmod u+w $DOCROOT/sites/default $DOCROOT/sites/default/*.* + +echo "Fetch and checkout release using git." +git fetch --all || exit +git checkout -f origin/$RELEASE_BRANCH +git clean -fd + +if [ -f "./.circleci/scripts/drush-commands" ]; then + ./.circleci/scripts/drush-commands "$HOSTING_PATH" "$DRUSH_CMD" "$SYNC_CONFIG" +else + ./vendor/fourkitchens/pots/scripts/general/remote/drush-commands "$HOSTING_PATH" "$DRUSH_CMD" "$SYNC_CONFIG" +fi + +echo "Reset sites/default to the way it was" +chmod a-w $DOCROOT/sites/default $DOCROOT/sites/default/*.* From 23b44118d67ff1360a292510b176bd52b7d98d83 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 1 Dec 2023 14:07:21 -0600 Subject: [PATCH 02/21] fix: fix generic deploy branch name --- scripts/general/deploy | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/general/deploy b/scripts/general/deploy index 1777f4a..5edd9db 100755 --- a/scripts/general/deploy +++ b/scripts/general/deploy @@ -20,5 +20,6 @@ find ./* -type d | grep .git | xargs rm -rf # Commit and push to a "deploy" branch. git add . git commit -am "Built assets." -git push origin $CIRCLE_BRANCH:$CIRCLE_BRANCH-deploy -f --tags +DEPLOY_BRANCH=deploy-$CIRCLE_BRANCH +git push origin $CIRCLE_BRANCH:$DEPLOY_BRANCH -f --tags echo "If deployment was successful, an artifact should be availible in the origin repo at $CIRCLE_BRANCH-deploy". From 97a536e3a675a5891afcb77ba4b396d020beb4bf Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 1 Dec 2023 14:31:45 -0600 Subject: [PATCH 03/21] fix: updating workflow and fixing deploy script --- config.yml | 10 ++++++++-- scripts/general/deploy-to-live | 1 + 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/config.yml b/config.yml index b27ca4b..c8478df 100644 --- a/config.yml +++ b/config.yml @@ -316,6 +316,14 @@ jobs: else ./vendor/fourkitchens/pots/scripts/set-environment fi + - run: + name: Deploy to live + command: | + if [ -f "./.circleci/scripts/deploy-to-live" ]; then + ./.circleci/scripts/deploy-to-live + else + ./vendor/fourkitchens/pots/scripts/general/deploy-to-live + fi # Run this on one of the main branches to push a release back to github. # # This usually will do things like create a change log and bump the version @@ -429,8 +437,6 @@ workflows: ignore: /^deploy-.*$/ - approve_deploy_to_live: type: approval - requires: - - deploy filters: branches: only: diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 6cbaf16..2adbb81 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -34,6 +34,7 @@ fi if [[ -z "$SYNC_CONIG" ]]; then SYNC_CONFIG="YES" fi +REMOTE_ENV_NAME="live" $SSH_COMMAND_LIVE "bash -s " < "$BACKUP_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$REMOTE_BACKUP_DIRECTORY" "$DRUSH_CMD"; $SSH_COMMAND_LIVE "bash -s " < "$DEPLOY_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$DEPLOY_BRANCH" "$DOCROOT" "$DRUSH_CMD" "$SYNC_CONFIG"; From 365a6f6dccd447a1b08c8d64de32fb4daebedc9b Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 1 Dec 2023 15:37:15 -0600 Subject: [PATCH 04/21] remove .gitignore files --- scripts/general/deploy | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/general/deploy b/scripts/general/deploy index 5edd9db..1a79645 100755 --- a/scripts/general/deploy +++ b/scripts/general/deploy @@ -11,6 +11,7 @@ sed -i '1,/# :::::::::::::::::::::: cut ::::::::::::::::::::::/d' .gitignore # returns all files/dirs that are NOT dot (hidden). This protects our repos' # .git folder from being blown away. find ./* -type d | grep .git | xargs rm -rf +find ./* -type f | grep .gitignore | xargs rm -rf # Remove unwanted gitignores here. Follow the example below. # Remove simplesamlphp .gitignore which would cause our config and metadata From 3c73fc3c00276628a374415a05e72e1c39bdb927 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 1 Dec 2023 15:48:24 -0600 Subject: [PATCH 05/21] fix: fixing ifstatement --- scripts/general/remote/backup | 3 +++ scripts/general/remote/remote_deploy | 2 ++ 2 files changed, 5 insertions(+) diff --git a/scripts/general/remote/backup b/scripts/general/remote/backup index 85ede18..5b76dab 100644 --- a/scripts/general/remote/backup +++ b/scripts/general/remote/backup @@ -27,7 +27,10 @@ fi echo "Moving to $HOSTING_PATH" cd "$HOSTING_PATH" + if $DRUSH_CMD status | grep "Drupal version"; then + echo "Drush will be run as '$DRUSH_CMD'" +else echo "$DRUSH_CMD is failing to bootstrap drupal. The build may not be complete. Aborting." exit 1; fi diff --git a/scripts/general/remote/remote_deploy b/scripts/general/remote/remote_deploy index 6da7cee..0747bcb 100644 --- a/scripts/general/remote/remote_deploy +++ b/scripts/general/remote/remote_deploy @@ -33,6 +33,8 @@ echo "Moving to $HOSTING_PATH" cd "$HOSTING_PATH" if $DRUSH_CMD status | grep "Drupal version"; then + echo "Drush will be run as '$DRUSH_CMD'" +else echo "$DRUSH_CMD is failing to bootstrap drupal. The build may not be complete. Aborting." exit 1; fi From 514af1df7bd926629e617752e1100ea52a20a94c Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 1 Dec 2023 15:56:52 -0600 Subject: [PATCH 06/21] fix: fixing backup script --- scripts/general/remote/backup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/general/remote/backup b/scripts/general/remote/backup index 5b76dab..89c9dc5 100644 --- a/scripts/general/remote/backup +++ b/scripts/general/remote/backup @@ -6,7 +6,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" REMOTE_ENV_NAME="$1" HOSTING_PATH="$2" BACKUP_DIRECTORY="$3" -DRUSH_CMD="$3" +DRUSH_CMD="$4" if [[ -z "$REMOTE_ENV_NAME" ]]; then echo "Argument 1: Remote Env Name is missing." From 81a0a4c4b34fd598667b0b969d561200a7d62bfc Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 1 Dec 2023 16:05:36 -0600 Subject: [PATCH 07/21] fix: fixing drush scripts --- scripts/general/remote/drush-commands | 8 ++++++-- scripts/general/remote/drush-config-import | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/scripts/general/remote/drush-commands b/scripts/general/remote/drush-commands index 5014886..6bdf81c 100755 --- a/scripts/general/remote/drush-commands +++ b/scripts/general/remote/drush-commands @@ -2,10 +2,14 @@ set -eo pipefail +if [[ -z "$DRUSH_CMD" ]]; then + DRUSH_CMD='./vendor/bin/drush' +fi + echo "Starting environment deploy commmands." -./vendor/bin/drush updb -y +$DRUSH_CMD updb -y echo "Clearing Drupal cache." -./vendor/bin/drush cr +$DRUSH_CMD cr # If exported configuration is available, then import it. if [[ "$SYNC_CONFIG" != "NO" ]]; then if [ -f "./.circleci/scripts/drush-config-import" ]; then diff --git a/scripts/general/remote/drush-config-import b/scripts/general/remote/drush-config-import index d30a53e..05d7584 100755 --- a/scripts/general/remote/drush-config-import +++ b/scripts/general/remote/drush-config-import @@ -2,14 +2,18 @@ set -eo pipefail +if [[ -z "$DRUSH_CMD" ]]; then + DRUSH_CMD='./vendor/bin/drush' +fi + # Check for a system.site.yml file somewhere in the config directory. if find ./config -name "system.site.yml" | grep "./config" -q ; then echo "Importing Configuration" - ./vendor/bin/drush config-import --yes + $DRUSH_CMD config-import --yes else echo "We didn't import any configuration." fi # Clear Drupal cache echo "Clearing Drupal cache again." -./vendor/bin/drush drush -- cr +$DRUSH_CMD cr From 612e979c7a9271eba5d0416154a66d0b29ecc600 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Mon, 29 Jan 2024 15:00:20 -0600 Subject: [PATCH 08/21] feat: symlinking to newest for simplicity in scripting --- scripts/general/remote/backup | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/general/remote/backup b/scripts/general/remote/backup index 89c9dc5..20f937a 100644 --- a/scripts/general/remote/backup +++ b/scripts/general/remote/backup @@ -43,6 +43,10 @@ if [[ -f ./vendor/bin/drush ]]; then BACKUP_FILE="$BACKUP_DIRECTORY/$REMOTE_ENV_NAME-$( date +"%F_%T" ).sql.gz" echo "Backing up DB for $HOSTING_PATH at $BACKUP_FILE" ./vendor/bin/drush sql:dump --structure-tables-list=cache,cache_* --extra-dump=--no-tablespaces | gzip > "$BACKUP_FILE" + if [ -f "$BACKUP_DIRECTORY/newest.sql.gz" ]; then + rm "$BACKUP_DIRECTORY/newest.sql.gz" + fi + ln -s "$BACKUP_FILE" "$BACKUP_DIRECTORY/newest.sql.gz" else echo "./vendor/bin/drush doesn't exist. Must be the first time a deployment has ever happened." fi From 23486084cf890303c0fc5203354ab7d431f14ae1 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Sun, 30 Jun 2024 16:26:11 -0500 Subject: [PATCH 09/21] fix passing arguments --- scripts/general/remote/drush-commands | 3 +++ scripts/general/remote/remote_deploy | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/general/remote/drush-commands b/scripts/general/remote/drush-commands index 6bdf81c..e9d8a8e 100755 --- a/scripts/general/remote/drush-commands +++ b/scripts/general/remote/drush-commands @@ -1,6 +1,9 @@ #!/bin/bash set -eo pipefail +HOSTING_PATH=$1 +DRUSH_CMD=$2 +SYNC_CONFIG=$3 if [[ -z "$DRUSH_CMD" ]]; then DRUSH_CMD='./vendor/bin/drush' diff --git a/scripts/general/remote/remote_deploy b/scripts/general/remote/remote_deploy index 0747bcb..b664325 100644 --- a/scripts/general/remote/remote_deploy +++ b/scripts/general/remote/remote_deploy @@ -7,7 +7,8 @@ HOSTING_ENV=$1 HOSTING_PATH=$2 RELEASE_BRANCH=$3 DOCROOT=$4 -SYNC_CONFIG=$5 +DRUSH_CMD=$5 +SYNC_CONFIG=$6 if [[ -z "$HOSTING_ENV" ]]; then echo "Argument 1: Hosting Env is missing." From e426ff35abbbbdafcdf209616277f41af5821f68 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Sun, 30 Jun 2024 16:27:23 -0500 Subject: [PATCH 10/21] fixing variable typo --- scripts/general/deploy-to-live | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 2adbb81..fcbc4c5 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -31,7 +31,7 @@ fi if [[ -z "$DRUSH_CMD" ]]; then DRUSH_CMD='./vendor/bin/drush' fi -if [[ -z "$SYNC_CONIG" ]]; then +if [[ -z "$SYNC_CONFIG" ]]; then SYNC_CONFIG="YES" fi REMOTE_ENV_NAME="live" From 4df8e24ec59afed4708c7ffb01aef254ade093e4 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 11 Oct 2024 11:53:21 -0500 Subject: [PATCH 11/21] fix: allow ssh key forwarding --- scripts/general/deploy-to-live | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index fcbc4c5..84074e4 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -2,17 +2,21 @@ set -eo pipefail +# Allow CircleCI to forward any SSH Keys so the remote server can pull from git. +mkdir -p ~/.ssh +printf "Host *\nForwardAgent yes" >> ~/.ssh/config + SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" if [[ -z "$DOCROOT" ]]; then DOCROOT=web fi if [[ -z "$REMOTE_PROJECT_ROOT" ]]; then - echo 'You must define $REMOTE_PROJECT_ROOT as an evnvironment variable.' + echo "You must define $REMOTE_PROJECT_ROOT as an evnvironment variable." exit 1; fi if [[ -z "$SSH_COMMAND_LIVE" ]]; then - echo 'You must define $SSH_COMMAND_LIVE as an evnvironment variable.' + echo "You must define $SSH_COMMAND_LIVE as an evnvironment variable." exit 1; fi if [[ -z "$DEPLOY_BRANCH" ]]; then From 4894615edd17b8eaf51f8a5b2c4396f36259268c Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 11 Oct 2024 12:39:04 -0500 Subject: [PATCH 12/21] fix: fixing backups --- scripts/general/remote/backup | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/general/remote/backup b/scripts/general/remote/backup index 20f937a..eb62b22 100644 --- a/scripts/general/remote/backup +++ b/scripts/general/remote/backup @@ -2,7 +2,6 @@ set -eo pipefail -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" REMOTE_ENV_NAME="$1" HOSTING_PATH="$2" BACKUP_DIRECTORY="$3" @@ -17,8 +16,7 @@ if [[ -z "$HOSTING_PATH" ]]; then exit 1 fi if [[ -z "$BACKUP_DIRECTORY" ]]; then - BACKUP_DIRECTORY="~/backups" - echo $BACKUP_DIRECTORY + BACKUP_DIRECTORY="$HOME/backups" fi if [[ -z "$DRUSH_CMD" ]]; then DRUSH_CMD='./vendor/bin/drush' @@ -39,10 +37,16 @@ if [[ -f ./vendor/bin/drush ]]; then if [[ ! -d "$BACKUP_DIRECTORY" ]]; then echo "BACKUP DIRECTORY $BACKUP_DIRECTORY doesn't exit. Attempting to create it." mkdir -p $BACKUP_DIRECTORY + else + echo "BACKUP DIRECTORY $BACKUP_DIRECTORY does exit. Moving on." fi BACKUP_FILE="$BACKUP_DIRECTORY/$REMOTE_ENV_NAME-$( date +"%F_%T" ).sql.gz" echo "Backing up DB for $HOSTING_PATH at $BACKUP_FILE" ./vendor/bin/drush sql:dump --structure-tables-list=cache,cache_* --extra-dump=--no-tablespaces | gzip > "$BACKUP_FILE" + if [ -s "$BACKUP_FILE" ]; then + echo "A backup was not successfully made." + exit 1; + fi if [ -f "$BACKUP_DIRECTORY/newest.sql.gz" ]; then rm "$BACKUP_DIRECTORY/newest.sql.gz" fi From d9c2f9b653eba2f705e6991180cfc3aa3c368ea8 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 11 Oct 2024 12:56:15 -0500 Subject: [PATCH 13/21] fix: switching to drushcmd for backup and double checking for it --- scripts/general/deploy-to-live | 4 ++-- scripts/general/remote/backup | 8 +++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 84074e4..7d74ce5 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -12,11 +12,11 @@ if [[ -z "$DOCROOT" ]]; then fi if [[ -z "$REMOTE_PROJECT_ROOT" ]]; then - echo "You must define $REMOTE_PROJECT_ROOT as an evnvironment variable." + echo "You must define \$REMOTE_PROJECT_ROOT as an evnvironment variable." exit 1; fi if [[ -z "$SSH_COMMAND_LIVE" ]]; then - echo "You must define $SSH_COMMAND_LIVE as an evnvironment variable." + echo "You must define \$SSH_COMMAND_LIVE as an evnvironment variable." exit 1; fi if [[ -z "$DEPLOY_BRANCH" ]]; then diff --git a/scripts/general/remote/backup b/scripts/general/remote/backup index eb62b22..b1b41a3 100644 --- a/scripts/general/remote/backup +++ b/scripts/general/remote/backup @@ -36,14 +36,16 @@ fi if [[ -f ./vendor/bin/drush ]]; then if [[ ! -d "$BACKUP_DIRECTORY" ]]; then echo "BACKUP DIRECTORY $BACKUP_DIRECTORY doesn't exit. Attempting to create it." - mkdir -p $BACKUP_DIRECTORY + mkdir -p "$BACKUP_DIRECTORY" else echo "BACKUP DIRECTORY $BACKUP_DIRECTORY does exit. Moving on." fi BACKUP_FILE="$BACKUP_DIRECTORY/$REMOTE_ENV_NAME-$( date +"%F_%T" ).sql.gz" echo "Backing up DB for $HOSTING_PATH at $BACKUP_FILE" - ./vendor/bin/drush sql:dump --structure-tables-list=cache,cache_* --extra-dump=--no-tablespaces | gzip > "$BACKUP_FILE" - if [ -s "$BACKUP_FILE" ]; then + + if [ -d "$BACKUP_DIRECTORY" ] && $DRUSH_CMD sql:dump --structure-tables-list=cache,cache_* --extra-dump=--no-tablespaces | gzip > "$BACKUP_FILE" && [ -s "$BACKUP_FILE" ]; then + echo "Backup successful" + else echo "A backup was not successfully made." exit 1; fi From 4014780c440b07a153a0eaf637ef2e3f7a8e3b48 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 11 Oct 2024 14:47:56 -0500 Subject: [PATCH 14/21] chore: fix markdown lint errors --- README.MD | 221 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 143 insertions(+), 78 deletions(-) diff --git a/README.MD b/README.MD index 3528899..d8673d8 100644 --- a/README.MD +++ b/README.MD @@ -5,48 +5,55 @@ a hosted site on something like Acquia. ## TOC -* [Upgrading](#upgrading) -* [Dependencies](#dependencies) -* [Installation](#installation) -* [Configure Environment](#configure-environment) - + [Shared](#shared) +- [Circle CI Starter for Projects](#circle-ci-starter-for-projects) + - [TOC](#toc) + - [Upgrading](#upgrading) + - [Dependencies](#dependencies) + - [Installation](#installation) + - [Configure Environment](#configure-environment) + - [Shared Environment Setup Tasks](#shared-environment-setup-tasks) - [Deploy Bot Setup](#deploy-bot-setup) - * [Create a GitHub Account for the Deploy Bot](#create-a-github-account-for-the-deploy-bot) + - [Create a GitHub Account for the Deploy Bot](#create-a-github-account-for-the-deploy-bot) - [Configure an SSH Key](#configure-an-ssh-key) - [Get a Github Token](#get-a-github-token) - [Configure Environment Variables](#configure-environment-variables) - + [Pantheon](#pantheon) + - [Pantheon](#pantheon) - [Create a Pantheon Account for your Deploy Bot](#create-a-pantheon-account-for-your-deploy-bot) - [Set up SSH Key](#set-up-ssh-key) - [Get a Terminus Token (or Machine Token)](#get-a-terminus-token-or-machine-token) - [Configure More CircleCi Environment Variables](#configure-more-circleci-environment-variables) - + [Acquia](#acquia) + - [Acquia](#acquia) - [Create an Acquia Account for your Deploy Bot](#create-an-acquia-account-for-your-deploy-bot) - - [Set up SSH Key](#set-up-ssh-key-1) - - [Configure More CircleCi Environment Variables](#configure-more-circleci-environment-variables-1) -* [Configure CircleCI config.yml](#configure-circleci-configyml) - + [Pipeline Parameter Defaults](#pipeline-parameter-defaults) + - [Set up SSH Key on Acquia](#set-up-ssh-key-on-acquia) + - [Configure More CircleCi Environment Variables to work with Acquia](#configure-more-circleci-environment-variables-to-work-with-acquia) + - [Generic Hosting](#generic-hosting) + - [Set up SSH Key on CircleCI](#set-up-ssh-key-on-circleci) + - [Set up SSH Key on Host Server](#set-up-ssh-key-on-host-server) + - [Configure More CircleCi Environment Variables to work with Generic Hosting](#configure-more-circleci-environment-variables-to-work-with-generic-hosting) + - [Configure CircleCI config.yml](#configure-circleci-configyml) + - [Pipeline Parameter Defaults](#pipeline-parameter-defaults) - [php-version](#php-version) - [tz](#tz) - [host-variant](#host-variant) - * [pantheon](#pantheon) - * [acquia](#acquia) - * [general](#general) + - [pantheon](#pantheon-1) + - [acquia](#acquia-1) + - [general](#general) - [docroot](#docroot) - - [artifact_workspace](#artifact_workspace) - + [Other Configuration](#other-configuration) - - [persisting_dirs](#persisting_dirs) -* [Configurable Environment Variables](#configurable-environment-variables) - + [Shared](#shared-1) - + [Pantheon Specific](#pantheon-specific) - + [Acquia Specific](#acquia-specific) -* [Helper Environment Variables](#helper-environment-variables) -* [Configure Composer.json](#configure-composerjson) -* [Configure Scripts](#configure-scripts) - + [Pantheon Specific Scripts](#pantheon-specific-scripts) -* [Automatic security Updates](#automatic-security-updates) - + [Steps to set the keys](#steps-to-set-the-keys) - + [Steps to set IA key](#steps-to-set-ia-key) + - [artifact\_workspace](#artifact_workspace) + - [Other Configuration](#other-configuration) + - [persisting\_dirs](#persisting_dirs) + - [Configurable Environment Variables](#configurable-environment-variables) + - [Shared Variables](#shared-variables) + - [Pantheon Specific](#pantheon-specific) + - [Acquia Specific](#acquia-specific) + - [Generic Hosting Specific](#generic-hosting-specific) + - [Helper Environment Variables](#helper-environment-variables) + - [Configure Composer.json](#configure-composerjson) + - [Configure Scripts](#configure-scripts) + - [Pantheon Specific Scripts](#pantheon-specific-scripts) + - [Automatic Security Updates](#automatic-security-updates) + - [Steps to set the keys](#steps-to-set-the-keys) + - [Steps to set IA key](#steps-to-set-ia-key) ## Upgrading @@ -56,7 +63,8 @@ should be easier. With each version upgrade, you should check your The easiest way to do this is to use a standardized diff tool and diff `.circleci/config.yml` with `config.yml`. An example may look like: -``` + +```bash diff -u --color .circleci/config.yml ./vendor/fourkitchens/pots/config.yml ``` @@ -68,7 +76,8 @@ This package expects your project to have the following support scaffolding to run out of the box: - the composer scripts lint and code-sniff. Example: - ``` + + ```json "scripts": { "lint": [ "./node_modules/.bin/eslint ./", @@ -79,12 +88,15 @@ run out of the box: ] } ``` + - package.json with a build-theme script. Example: - ``` + + ```json "scripts": { "theme-build": "cd ./docroot/themes/custom/sdsu && npm run build" } ``` + - package.lock or shrinkwrap. - preferably a .nvmrc - .gitignore files with cut lines in them to distinguish source from artifact. @@ -94,23 +106,25 @@ Set up of the Circle tasks assumes you are doing this with a bot user. Please ensure that the bot user you are using has account on both the GitHub organization where your site lives and the hosting provider. You will need: - - the ability to log in as the bot user in GitHub and on the hosting provider - - an SSH Key (private and public) - - an api or machine token for the hosting tooling such as terminus or acli + +- the ability to log in as the bot user in GitHub and on the hosting provider +- an SSH Key (private and public) +- an api or machine token for the hosting tooling such as terminus or acli ## Installation 1. Install the package and copy over the template config.yml - ``` + ```bash composer require fourkitchens/pots mkdir .circleci cp vendor/fourkitchens/pots/config.yml .circleci/config.yml ``` + 2. Make sure your composer.json and package.json meet the requirements of the default scripts. 3. Push the changes to a public GitHub branch. -4. Log in to https://app.circleci.com/ +4. Log in to [CircleCI](https://app.circleci.com/) 5. Navigate to the organization that your site's code lives under by clicking the icon in the top left corner where your name is and selecting the correct one. @@ -124,15 +138,17 @@ need: 12. Click "Set Up Project" The first pass will always fail. Move on to configuration. + ## Configure Environment There are some configuration steps that are shared between hosting environments. Make sure to check out the settings specific to the environment you are pushing to. -### Shared +### Shared Environment Setup Tasks #### Deploy Bot Setup + A Deploy Bot user will be needed. This tooling assumes Bender (the Four Kitchens deploy bot) as the default, but does not provide any credentials you need to set the tooling up. Ask a Web Chef about Bender, have the organization you are @@ -140,8 +156,9 @@ working with create a new bot, or create the new bot for them using the steps below. You will need to log in as this bot to do some of the configuration. ##### Create a GitHub Account for the Deploy Bot + 1. Open a new browser instance or log out of your current GitHub instance. -2. Go to https://github.com/join. +2. Go to [Github](https://github.com/join). 3. Type a username, your email address, and a password. NOTE: Make sure the email address you enter goes to a real email account. If you use gmail, it is possible to have multiple "addresses" go to the same account using the `+` in @@ -152,13 +169,14 @@ below. You will need to log in as this bot to do some of the configuration. the site, [invite the bot user to the organization](https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization#inviting-a-user-to-join-your-organization). #### Configure an SSH Key + An SSH key is needed to be able to push commits from circleci to the hosting provider's git repository. In some instances, the same ssh key is also needed to be able to ssh into the hosting platform itself. Ask the client to generate an ssh key pair or [generate](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key) and securely provide the ssh key pair to the client. -1. Log in to https://app.circleci.com/ +1. Log in to [CircleCI](https://app.circleci.com/) 2. Navigate to the organization that your site's code lives under by clicking the icon in the top left corner where your name is and selecting the correct one. @@ -179,6 +197,7 @@ and securely provide the ssh key pair to the client. `ssh-keygen -l -E md5 -f id_rsa` where idrsa is the filename of your key. #### Get a Github Token + You must have a GitHub token so the Deploy Bot can post comments back to commits or pull requests. This allows it to provide links and information about the environments it created. @@ -198,11 +217,11 @@ Here you will configure the common environment variables. Hosting specific variables and steps will be provided farther down. The variables to configure are as follows. -* `GITHUB_TOKEN` A GitHub access token so the bot user can comment back on the +- `GITHUB_TOKEN` A GitHub access token so the bot user can comment back on the commit. -* `GIT_EMAIL` An arbitrary email that will be used as the committer when +- `GIT_EMAIL` An arbitrary email that will be used as the committer when building the artifact. -* `CANONICAL_ENV` The environment to get canonical database and files from. +- `CANONICAL_ENV` The environment to get canonical database and files from. If you skipped here, make sure you follow steps 1-6 of "Configure an SSH Key" to get to Circle's Project Settings" @@ -221,8 +240,8 @@ get to Circle's Project Settings" ### Pantheon -* `SITE_NAME`: The Pantheon site id used to run terminus commands. -* `TERMINUS_TOKEN`: The Pantheon Machine Token used to operate terminus. +- `SITE_NAME`: The Pantheon site id used to run terminus commands. +- `TERMINUS_TOKEN`: The Pantheon Machine Token used to operate terminus. #### Create a Pantheon Account for your Deploy Bot @@ -241,11 +260,13 @@ deployments are linked to any one pantheon user. 10. Accept the invitation. #### Set up SSH Key + Your bot will need an ssh key configured to be able to push commits to Pantheon. Use the public key of the pair generated in the "Configure an SSH Key" section. Log out of your Pantheon account or use a separate browser instance to follow the instructions from Pantheon to [Add Your SSH Key to Pantheon](https://pantheon.io/docs/ssh-keys#add-your-ssh-key-to-pantheon). + #### Get a Terminus Token (or Machine Token) 1. In the same browser instance as above, follow the instructions from Pantheon @@ -254,6 +275,7 @@ to [Create a Machine Token](https://pantheon.io/docs/machine-tokens#create-a-mac be displayed once. #### Configure More CircleCi Environment Variables + 1. Navigate back to your CircleCI -> Project Settings -> Environment Variables browser instance. 2. Click "Add Environment Variable" @@ -270,14 +292,16 @@ to [Create a Machine Token](https://pantheon.io/docs/machine-tokens#create-a-mac 9. Click "Add Environment Variable" to accept the changes. ### Acquia -* `SITE_NAME`: The acquia site id used to run Acquia Cloud API commands. -* `ACQUIA_REALM`: The Cloud API Realm. Usually "prod" or "devcloud". -* `ACQUIA_REPO`: The Acquia git repo. + +- `SITE_NAME`: The acquia site id used to run Acquia Cloud API commands. +- `ACQUIA_REALM`: The Cloud API Realm. Usually "prod" or "devcloud". +- `ACQUIA_REPO`: The Acquia git repo. + #### Create an Acquia Account for your Deploy Bot **TODO: FILL OUT THIS BIT** -#### Set up SSH Key +#### Set up SSH Key on Acquia Your bot will need an ssh key configured to be able to push commits to Acquia. Use the public key of the pair generated in the "Configure an SSH Key" section. @@ -285,7 +309,8 @@ Use the public key of the pair generated in the "Configure an SSH Key" section. Log out of your Acquia account or use a separate browser instance to follow the instructions from Acquia to [Add a public key to an Acquia profile](https://docs.acquia.com/cloud-platform/manage/ssh/enable/add-key/). -#### Configure More CircleCi Environment Variables +#### Configure More CircleCi Environment Variables to work with Acquia + 1. Navigate back to your CircleCI -> Project Settings -> Environment Variables browser instance. 2. Click "Add Environment Variable". @@ -305,7 +330,8 @@ the instructions from Acquia to [Add a public key to an Acquia profile](https:// 13. Click "Add Environment Variable" to accept the changes. 14. Click "Add Environment Variable". 15. Type "ZD_REQUESTER_ID" in the name. -16. Type Client requester id into "Value". The user ID can be obtained from the user's url. e.g. https://advomatic.zendesk.com/agent/users/378771022972/requested_tickets +16. Type Client requester id into "Value". The user ID can be obtained from the + user's url. e.g. https://advomatic.zendesk.com/agent/users/378771022972/requested_tickets 17. Click "Add Environment Variable" to accept the changes. 18. Click "Add Environment Variable". 19. Type "ZD_TOKEN" in the name. @@ -316,7 +342,27 @@ the instructions from Acquia to [Add a public key to an Acquia profile](https:// 24. Type Project lead email value id into "Value". The projects lead email. 25. Click "Add Environment Variable" to accept the changes. +### Generic Hosting + +#### Set up SSH Key on CircleCI + +Unlike other hosting options, we commit the artifact builds back to the original +repository to a branch with the same name as the one you are working on prefixed +with `deploy-`. To do this, you must either add a User Key as your bot user or +provide an additional ssh key that allows your bot user to commit back to +Github. + +#### Set up SSH Key on Host Server + +This will depend on your hosting provider and may not be necessary, but you will +need to know **how** to connect to your production host via ssh so that your +bot user can push the code live and run backups. + +#### Configure More CircleCi Environment Variables to work with Generic Hosting + + ## Configure CircleCI config.yml + There are many options you have, some shared, and some hosting specific. ### Pipeline Parameter Defaults @@ -328,14 +374,17 @@ the repository that houses your .circleci/config.yml. In each one, change the value after the `default:` key. For example, to change the docroot across the whole project, change: -``` + +```yaml docroot: description: "Where composer installs drupal." default: "web" type: string ``` + to -``` + +``` yaml docroot: description: "Where composer installs drupal." default: "docroot" #NOTE I CHANGED THIS @@ -343,7 +392,9 @@ to ``` The following parameters exist: + #### php-version + This is a string that represents the version number for PHP version to use across the entire build. @@ -356,12 +407,14 @@ On other hosting platforms, you can use a three digit version number allowed. #### tz + This is a string that represents the timezone. This may be important so that jobs that do time calculations, print time stamps, or make commits are accurate. See a [full list of timezone values](https://vdc-repo.vmware.com/vmwb-repository/dcr-public/3d076a12-29a2-4d17-9269-cb8150b5a37f/8b5969e2-1a66-4425-af17-feff6d6f705d/doc/timezone.html) to find an appropriate one for you to use. #### host-variant + This affects how the whole build behaves and what configurations are available to you. The current options are "pantheon", "acquia", and "general". All our workflows will provide you with "Artifact Build", committed the appropriate @@ -369,6 +422,7 @@ repository. This allows you to use Git history to follow a build back to the sou commit we use in development. ##### pantheon + Pantheon provides you a workflow that builds multidev environments, options around development branches, and a workflow to deploy code via approval through the CircleCI user interface. The deploy process provided by this setting creates @@ -378,6 +432,7 @@ plugin. These changes are committed only to the Pantheon git repository and not to your "Source Repository", the one you create coding changes in. ##### acquia + Acquia provides you a very minimal workflow, however, it does provide [acquia cli](https://github.com/acquia/cli) as part of the build. This allows you to use supporting deploy methods like our [cloud hooks](https://github.com/fourkitchens/acquia-cloud-hooks) @@ -388,18 +443,21 @@ commands. These changes are committed only to the Acquia git repository and not to your "Source Repository", the one you create coding changes in. ##### general + General provides you with the barest of deployments, committing an artifact build back to your source repository under a new branch that follows the naming convention `deploy-{BRANCHNAME}`. Example, if your branch is named `test`, you will have an artifact build committed to the `deploy-test` branch. #### docroot + This setting should be set to the folder where your Drupal installation resides. This should mirror the setting in `extra.drupal-scaffold.locations.web-root`. This is typically either `web` for Pantheon and `docroot` for Acquia, but can be any number of things like `public_html` for generic hosts. #### artifact_workspace + This setting moves where the built artifact should be. This is particularly helpful when you want to pick and choose items from the build versus just sending the whole artifact to your host. The `~/project` directory is always @@ -416,6 +474,7 @@ you to modify your config.yml directly if you wish to change them temporally or permanently. #### persisting_dirs + There are the directories that you want to be copied in full from the build portion of the workflow to the deploy portion of the workflow. You will sometimes want to include other root directories that aren't included like @@ -431,23 +490,23 @@ however, it hides some of the toggles you may be using. Per best practices, make sure any secret is configured in the CircleCI UI. We also include all mandatory environment variables in this way as well. -### Shared +### Shared Variables -* `GITHUB_TOKEN`: **Mandatory** A GitHub access token so the bot user can comment back on the +- `GITHUB_TOKEN`: **Mandatory** A GitHub access token so the bot user can comment back on the commit or PR, and remove unneeded multidevs. -* `SITE_NAME`: The Pantheon or Acquia site id used to run terminus/acli +- `SITE_NAME`: The Pantheon or Acquia site id used to run terminus/acli commands. Defaults to the GitHub repo name. -* `GIT_EMAIL`: An arbitrary email that will be used as the committer when +- `GIT_EMAIL`: An arbitrary email that will be used as the committer when building the artifact. Defaults to `bender@fourkitchens.com` -* `CANONICAL_ENV`: Environment to get canonical database and files from +- `CANONICAL_ENV`: Environment to get canonical database and files from Possible Values: - * Acquia: dev, test, prod - * Pantheon: dev, test, live + - Acquia: dev, test, prod + - Pantheon: dev, test, live Default: "prod" on Acquia. "live" on Pantheon -* `SANITIZE_SCRIPT`: Script used to sanitize databases. Only used when +- `SANITIZE_SCRIPT`: Script used to sanitize databases. Only used when `CANONICAL_ENV` is not dev. There is no default. -* `SYNC_CONFIG`: The ability to turn configuration sync on or off. By default, +- `SYNC_CONFIG`: The ability to turn configuration sync on or off. By default, Yes if Any directory in the ./config directory (inclusive) contains `system.site.yml`. Ex: YES if `./config/system.site.yml` or `./config/default/system.site.yml` or `./config/sync/system.site.yml` @@ -455,45 +514,50 @@ mandatory environment variables in this way as well. ### Pantheon Specific -* `TERMINUS_TOKEN`: **Mandatory** The Pantheon machine token. -* `CI_BUILD`: Build CI multidevs on every commit on Pantheon. This way you get +- `TERMINUS_TOKEN`: **Mandatory** The Pantheon machine token. +- `CI_BUILD`: Build CI multidevs on every commit on Pantheon. This way you get the ci-* environments. This may be useful for visual regression testing or workflows without PRs. Defaults to `NO`. Possible values are `YES` and `NO`. -* `MAIN_BRANCH`: Define the main branch releases are cut from. Defaults to +- `MAIN_BRANCH`: Define the main branch releases are cut from. Defaults to `main` if the branch exists, `master` otherwise. -* `DEVELOPMENT_BRANCH`: Define the development branch where active development +- `DEVELOPMENT_BRANCH`: Define the development branch where active development happens on GitHub. This branch is used most in gitflow development patterns. Defaults to `develop`. -* `REBUILD_MULTIDEV_ENV_EVERY_PUSH`: Re-sync content for multidevs every time a +- `REBUILD_MULTIDEV_ENV_EVERY_PUSH`: Re-sync content for multidevs every time a push is made to Pantheon. Defaults to `NO`. Possible values are `YES` and `NO`. -* `REBUILD_DEVELOPMENT_ENV_EVERY_PUSH`: Re-sync content for the GitHub +- `REBUILD_DEVELOPMENT_ENV_EVERY_PUSH`: Re-sync content for the GitHub development multidev on Pantheon every time a push is made to `DEVELOPMENT_BRANCH` branch. Defaults to `NO`. Possible values are `YES` and `NO`. -* `DEVELOPMENT_ENV`: Define the name of the multidev used for the GitHub +- `DEVELOPMENT_ENV`: Define the name of the multidev used for the GitHub development branch. Must follow the multidev naming conventions for Pantheon. Defaults to `github-dev`. ### Acquia Specific -* `ACQUIA_REPO`: **Mandatory** The address of the Acquia git repo. Example: +- `ACQUIA_REPO`: **Mandatory** The address of the Acquia git repo. Example: `sitename@svn-21939.prod.hosting.acquia.com:sitename.git`. -* `ACQUIA_REALM`: **Mandatory** The Acquia Cloud API Realm. +- `ACQUIA_REALM`: **Mandatory** The Acquia Cloud API Realm. Usually "prod" or "devcloud". See [documentation](https://docs.acquia.com/acquia-cloud/api#realm). Defaults to `prod`. +### Generic Hosting Specific + +- TODO + ## Helper Environment Variables + These environment variables are unconfigurable. They are set to help you with developing scripts on your own. Some contain the values of the pipeline parameters previously mentioned. -* `HOST_VARIANT`: Contains the value provided by the host-variant pipeline +- `HOST_VARIANT`: Contains the value provided by the host-variant pipeline parameter. -* `DATE_TIMEZONE`: Contains the value provided by the tz pipeline parameter. -* `DOCROOT`: Contains the value provided by the docroot pipeline parameter. -* `TERM`: "xterm" +- `DATE_TIMEZONE`: Contains the value provided by the tz pipeline parameter. +- `DOCROOT`: Contains the value provided by the docroot pipeline parameter. +- `TERM`: "xterm" ## Configure Composer.json @@ -501,10 +565,11 @@ There are 2 scripts that the default scripts require you to build so that it's reusable across the project. You must be able to run the following commands in your project. -``` +```bash composer run lint composer run code-sniff ``` + See the [Dependencies](https://github.com/fourkitchens/pots#dependencies) section for examples. ## Configure Scripts @@ -550,7 +615,7 @@ The scripts available for overload are as follows: production environment. By default, this provides backup services, the "deploy" services as well as a standard deploy. -## Automatic Security Updates. +## Automatic Security Updates POTS contains steps and scripts to automatically look for security updates and install them into the different contributed projects. @@ -561,7 +626,6 @@ To make it trigger recluntly we have a couple of options: - Evercurrent (Recommended) - CircleCi triggers interface - To make the Automatic security updates works for our project, we will require to follow the next steps: - Create a new set of SSH keys to be able to push the changes back to github (github deploy key) @@ -569,6 +633,7 @@ To make the Automatic security updates works for our project, we will require to - (Optional) Configure the the IA integration (Open IA) ### Steps to set the keys + When continuous integration is configured on a project, CircleCI generates a set of SSH keys and automatically adds the private key to CircleCI and the public key to GitHub. This way CircleCI will have access to the repository in GitHub, but this access is just read-only. Originally for POTS this access is enough since it only needs reading the repository on GitHub and writing on the platform where the website is hosted (Acquia, Pantheon, Platform, etc). With the arrival of AutoSec to POTS, this set of SSH keys is no longer enough, because AutoSec requires reading the repository, executing the security updates, and sending the changes to GitHub, therefore starting with AutoSec it is necessary to have read/write keys. CircleCI cannot generate keys with write access, therefore it is necessary to externally create a set of SSH keys and manually add them to both CircleCI and GitHub. From a42e66f3765b1245860ef1c48b78349321a83513 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 11 Oct 2024 14:49:01 -0500 Subject: [PATCH 15/21] feat: allow use of alias file to store info --- scripts/general/deploy-to-live | 48 ++++++++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 11 deletions(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 7d74ce5..eb0b31b 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -10,15 +10,48 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" if [[ -z "$DOCROOT" ]]; then DOCROOT=web fi +if [[ -z "$DRUSH_CMD" ]]; then + DRUSH_CMD='./vendor/bin/drush' +fi +if [[ -z "$SYNC_CONFIG" ]]; then + SYNC_CONFIG="YES" +fi + +# Check for an SSH command. +if [[ -z "$SSH_COMMAND_LIVE" ]]; then + # Default to using `drush @self.$REMOTE_ENV_NAME` + if $DRUSH_CMD sa "@self.$REMOTE_ENV_NAME"; then + DRUSH_SITE_ALIAS=$REMOTE_ENV_NAME; + # Default to using `drush @self.live` + elif $DRUSH_CMD sa @self.live; then + DRUSH_SITE_ALIAS="live"; + REMOTE_ENV_NAME="live" + # Default to using `drush @self.prod` + elif $DRUSH_CMD sa @self.prod; then + DRUSH_SITE_ALIAS="prod"; + REMOTE_ENV_NAME="prod" + fi + SSH_COMMAND_LIVE="$DRUSH_CMD "@self.$DRUSH_SITE_ALIAS" ssh" + + # In some cases the webroot provided by drush is a symlink in a totally + # different folder, so lets not clobber what ever someone set. + if [[ -z "$REMOTE_PROJECT_ROOT" ]]; then + REMOTE_PROJECT_ROOT= $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --fields root | grep 'root:.*$' | sed "s/[[:space:]]*root\: \(.*\)\/$DOCROOT/\1/g" + fi + if [[ -z "$SSH_COMMAND_LIVE" ]]; then + echo "You must define \$SSH_COMMAND_LIVE as an environment variable or provide a drush site alias for @self.live with ssh information." + exit 1; + fi +fi if [[ -z "$REMOTE_PROJECT_ROOT" ]]; then - echo "You must define \$REMOTE_PROJECT_ROOT as an evnvironment variable." + echo "You must define \$REMOTE_PROJECT_ROOT as an environment variable or provide a drush site alias for @self.live with ssh information." exit 1; fi -if [[ -z "$SSH_COMMAND_LIVE" ]]; then - echo "You must define \$SSH_COMMAND_LIVE as an evnvironment variable." - exit 1; +if [[ -z "$REMOTE_ENV_NAME" ]]; then + REMOTE_ENV_NAME="live" fi + if [[ -z "$DEPLOY_BRANCH" ]]; then DEPLOY_BRANCH="$CI_BRANCH" fi @@ -32,13 +65,6 @@ fi if [[ -z "$REMOTE_BACKUP_DIRECTORY" ]]; then REMOTE_BACKUP_DIRECTORY="$REMOTE_PROJECT_ROOT/backups" fi -if [[ -z "$DRUSH_CMD" ]]; then - DRUSH_CMD='./vendor/bin/drush' -fi -if [[ -z "$SYNC_CONFIG" ]]; then - SYNC_CONFIG="YES" -fi -REMOTE_ENV_NAME="live" $SSH_COMMAND_LIVE "bash -s " < "$BACKUP_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$REMOTE_BACKUP_DIRECTORY" "$DRUSH_CMD"; $SSH_COMMAND_LIVE "bash -s " < "$DEPLOY_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$DEPLOY_BRANCH" "$DOCROOT" "$DRUSH_CMD" "$SYNC_CONFIG"; From 00aadc20d24045436f1d5f788642df2d4a16006a Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 11 Oct 2024 15:13:45 -0500 Subject: [PATCH 16/21] fix: assign value of drush to REMOTE_PROJECT_ROOT --- scripts/general/deploy-to-live | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index eb0b31b..9185841 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -37,7 +37,7 @@ if [[ -z "$SSH_COMMAND_LIVE" ]]; then # In some cases the webroot provided by drush is a symlink in a totally # different folder, so lets not clobber what ever someone set. if [[ -z "$REMOTE_PROJECT_ROOT" ]]; then - REMOTE_PROJECT_ROOT= $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --fields root | grep 'root:.*$' | sed "s/[[:space:]]*root\: \(.*\)\/$DOCROOT/\1/g" + REMOTE_PROJECT_ROOT="$( $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --fields root | grep 'root:.*$' | sed "s/[[:space:]]*root\: \(.*\)\/$DOCROOT/\1/g" )" fi if [[ -z "$SSH_COMMAND_LIVE" ]]; then echo "You must define \$SSH_COMMAND_LIVE as an environment variable or provide a drush site alias for @self.live with ssh information." From 3b03078a7823d66134e445b3ae477cb77a4cfda4 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Fri, 11 Oct 2024 15:43:12 -0500 Subject: [PATCH 17/21] fix: various quoting issues and script updates --- scripts/general/deploy-to-live | 72 ++++++++++++++++++++++++++++------ 1 file changed, 60 insertions(+), 12 deletions(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 9185841..47bd587 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -1,6 +1,6 @@ #!/bin/bash -set -eo pipefail +set -xeo pipefail # Allow CircleCI to forward any SSH Keys so the remote server can pull from git. mkdir -p ~/.ssh @@ -17,10 +17,10 @@ if [[ -z "$SYNC_CONFIG" ]]; then SYNC_CONFIG="YES" fi -# Check for an SSH command. +# Check for an SSH command to see if we need to scavange for a aliases file. if [[ -z "$SSH_COMMAND_LIVE" ]]; then # Default to using `drush @self.$REMOTE_ENV_NAME` - if $DRUSH_CMD sa "@self.$REMOTE_ENV_NAME"; then + if [ -n "$REMOTE_ENV_NAME" ] && $DRUSH_CMD sa "@self.$REMOTE_ENV_NAME"; then DRUSH_SITE_ALIAS=$REMOTE_ENV_NAME; # Default to using `drush @self.live` elif $DRUSH_CMD sa @self.live; then @@ -31,18 +31,63 @@ if [[ -z "$SSH_COMMAND_LIVE" ]]; then DRUSH_SITE_ALIAS="prod"; REMOTE_ENV_NAME="prod" fi + # Install JQ so we can parse json from drush to get information about the + # alias. + if ! command -v jq &> /dev/null; then + sudo apt-get update -y + sudo apt-get install jq + fi + # Rebuilds the SSH command and gets reasonable defaults from the drush alias. + DRUSH_SSH_OPTIONS="$( $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --format=json | jq -r ".[\"@self.$DRUSH_SITE_ALIAS\"].ssh.options" )" + if [[ "$DRUSH_SSH_OPTIONS" == "null" ]]; then + DRUSH_SSH_OPTIONS="-o 'StrictHostKeyChecking no'" + fi + + # The SSH User in the alias file. + DRUSH_USER="$( $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --format=json | jq -r ".[\"@self.$DRUSH_SITE_ALIAS\"].user" )" + if [[ "$DRUSH_USER" == "null" ]]; then + echo "You must specify a user in your site alias yaml or set \$SSH_COMMAND_LIVE" + exit 1 + fi - SSH_COMMAND_LIVE="$DRUSH_CMD "@self.$DRUSH_SITE_ALIAS" ssh" + # The Host we need to connect to from the alias file. + DRUSH_HOST="$( $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --format=json | jq -r ".[\"@self.$DRUSH_SITE_ALIAS\"].host" )" + if [[ "$DRUSH_HOST" == "null" ]]; then + echo "You must specify a host in your site alias yaml or set \$SSH_COMMAND_LIVE" + exit 1 + fi + + # Lets grab the remote drush command if it's specified. If it's not, this + # falls through and makes the remote drush path `./vendor/bin/drush` down + # at the bottom of this script. + if [[ -z "$REMOTE_DRUSH_CMD" ]]; then + REMOTE_DRUSH_CMD="$( $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --format=json | jq -r ".[\"@self.$DRUSH_SITE_ALIAS\"].paths.\"drush-script\"" )" + if [[ "$REMOTE_DRUSH_CMD" == "null" ]]; then + unset REMOTE_DRUSH_CMD; + else + # If we find the path, we need to make sure it's an absolute path so we + # know where it is because otherwise, it comes from a directory relative + # to what ever the root for the ssh user is set to. + case $REMOTE_DRUSH_CMD in + /*) echo "absolute path" ;; + *) echo "The remote drush script is realitive in the site alias. This likely means it's from the home directory. I have no idea how to convert that to be from the project directory. Use an absolute path."; exit 1 ;; + esac + fi + fi # In some cases the webroot provided by drush is a symlink in a totally # different folder, so lets not clobber what ever someone set. - if [[ -z "$REMOTE_PROJECT_ROOT" ]]; then - REMOTE_PROJECT_ROOT="$( $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --fields root | grep 'root:.*$' | sed "s/[[:space:]]*root\: \(.*\)\/$DOCROOT/\1/g" )" - fi - if [[ -z "$SSH_COMMAND_LIVE" ]]; then - echo "You must define \$SSH_COMMAND_LIVE as an environment variable or provide a drush site alias for @self.live with ssh information." - exit 1; + if [ -n "$DRUSH_SITE_ALIAS" ] && [ -z "$REMOTE_PROJECT_ROOT" ]; then + REMOTE_PROJECT_ROOT="$( $DRUSH_CMD sa "@self.$DRUSH_SITE_ALIAS" --fields root | grep "root:.*\$" | sed "s/[[:space:]]*root\: \(.*\)\/$DOCROOT/\1/g" )" + echo "REMOTE_PROJECT_ROOT set to $REMOTE_PROJECT_ROOT" fi + + # We have to break this out instead of using `drush ssh` because drush ssh + # won't let us inject a local script remotely. like we do at the bottom of + # this script. This may not be an exact replica of how Drush gets their + # ssh command. 🛑 There be 🐉 here. + SSH_COMMAND_LIVE="ssh -t $DRUSH_SSH_OPTIONS $DRUSH_USER@$DRUSH_HOST" + fi if [[ -z "$REMOTE_PROJECT_ROOT" ]]; then echo "You must define \$REMOTE_PROJECT_ROOT as an environment variable or provide a drush site alias for @self.live with ssh information." @@ -65,6 +110,9 @@ fi if [[ -z "$REMOTE_BACKUP_DIRECTORY" ]]; then REMOTE_BACKUP_DIRECTORY="$REMOTE_PROJECT_ROOT/backups" fi +if [[ -z "$REMOTE_DRUSH_CMD" ]]; then + REMOTE_DRUSH_CMD="./vendor/bin/drush" +fi -$SSH_COMMAND_LIVE "bash -s " < "$BACKUP_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$REMOTE_BACKUP_DIRECTORY" "$DRUSH_CMD"; -$SSH_COMMAND_LIVE "bash -s " < "$DEPLOY_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$DEPLOY_BRANCH" "$DOCROOT" "$DRUSH_CMD" "$SYNC_CONFIG"; +$SSH_COMMAND_LIVE "bash -s " < "$BACKUP_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$REMOTE_BACKUP_DIRECTORY" "$REMOTE_DRUSH_CMD"; +$SSH_COMMAND_LIVE "bash -s " < "$DEPLOY_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$DEPLOY_BRANCH" "$DOCROOT" "$REMOTE_DRUSH_CMD" "$SYNC_CONFIG"; From f837105fef7f043657cf1160b6db05ff3954243e Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Wed, 16 Oct 2024 14:21:59 -0500 Subject: [PATCH 18/21] fix: forcing strict hostkeychecking off --- scripts/general/deploy-to-live | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 47bd587..108829f 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -4,7 +4,7 @@ set -xeo pipefail # Allow CircleCI to forward any SSH Keys so the remote server can pull from git. mkdir -p ~/.ssh -printf "Host *\nForwardAgent yes" >> ~/.ssh/config +printf "Host *\nForwardAgent yes\nStrictHostKeyChecking no" >> ~/.ssh/config SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" if [[ -z "$DOCROOT" ]]; then From a50637841e3204637a9fff7305b36fcf16d21dfc Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Wed, 16 Oct 2024 16:19:26 -0500 Subject: [PATCH 19/21] fix: fix deploy branch reference --- scripts/general/deploy-to-live | 2 +- scripts/general/remote/remote_deploy | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 108829f..0ab9300 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -98,7 +98,7 @@ if [[ -z "$REMOTE_ENV_NAME" ]]; then fi if [[ -z "$DEPLOY_BRANCH" ]]; then - DEPLOY_BRANCH="$CI_BRANCH" + DEPLOY_BRANCH="$CIRCLE_BRANCH" fi if [[ -z "$BACKUP_SCRIPT_PATH" ]]; then diff --git a/scripts/general/remote/remote_deploy b/scripts/general/remote/remote_deploy index b664325..4a2b933 100644 --- a/scripts/general/remote/remote_deploy +++ b/scripts/general/remote/remote_deploy @@ -1,6 +1,6 @@ #!/bin/bash -set -eo pipefail +set -xeo pipefail SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" HOSTING_ENV=$1 From a9374a4326a349daa2f3ab3a0c797e43861f5a8f Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Wed, 16 Oct 2024 16:30:34 -0500 Subject: [PATCH 20/21] chore: remove debugging --- scripts/general/deploy-to-live | 2 +- scripts/general/remote/remote_deploy | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 0ab9300..829b21f 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -1,6 +1,6 @@ #!/bin/bash -set -xeo pipefail +set -eo pipefail # Allow CircleCI to forward any SSH Keys so the remote server can pull from git. mkdir -p ~/.ssh diff --git a/scripts/general/remote/remote_deploy b/scripts/general/remote/remote_deploy index 4a2b933..b664325 100644 --- a/scripts/general/remote/remote_deploy +++ b/scripts/general/remote/remote_deploy @@ -1,6 +1,6 @@ #!/bin/bash -set -xeo pipefail +set -eo pipefail SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" HOSTING_ENV=$1 From 043f303e38385677628765f46c91f549070aba80 Mon Sep 17 00:00:00 2001 From: Allan Chappell Date: Wed, 16 Oct 2024 17:18:37 -0500 Subject: [PATCH 21/21] doc: added some docs --- README.MD | 65 ++++++++++++++++++++++++++-------- scripts/general/deploy-to-live | 13 ++++++- 2 files changed, 63 insertions(+), 15 deletions(-) diff --git a/README.MD b/README.MD index d8673d8..170a8cb 100644 --- a/README.MD +++ b/README.MD @@ -47,6 +47,7 @@ a hosted site on something like Acquia. - [Pantheon Specific](#pantheon-specific) - [Acquia Specific](#acquia-specific) - [Generic Hosting Specific](#generic-hosting-specific) + - [Must be defined if SITE ALIASES is not defined](#must-be-defined-if-site-aliases-is-not-defined) - [Helper Environment Variables](#helper-environment-variables) - [Configure Composer.json](#configure-composerjson) - [Configure Scripts](#configure-scripts) @@ -329,18 +330,6 @@ the instructions from Acquia to [Add a public key to an Acquia profile](https:// **TODO:** FLESH THIS OUT MORE WITH HELP ON HOW TO GET IT 13. Click "Add Environment Variable" to accept the changes. 14. Click "Add Environment Variable". -15. Type "ZD_REQUESTER_ID" in the name. -16. Type Client requester id into "Value". The user ID can be obtained from the - user's url. e.g. https://advomatic.zendesk.com/agent/users/378771022972/requested_tickets -17. Click "Add Environment Variable" to accept the changes. -18. Click "Add Environment Variable". -19. Type "ZD_TOKEN" in the name. -20. Type Zendesk token value id into "Value". This token is stored into 1password. -21. Click "Add Environment Variable" to accept the changes. -22. Click "Add Environment Variable". -23. Type "ZD_LEAD_EMAIL" in the name. -24. Type Project lead email value id into "Value". The projects lead email. -25. Click "Add Environment Variable" to accept the changes. ### Generic Hosting @@ -360,6 +349,37 @@ bot user can push the code live and run backups. #### Configure More CircleCi Environment Variables to work with Generic Hosting +1. Create a file, self.site.yml that looks a bit like this example: + + ```yaml + # Edit or remove this file as needed. + # Docs at https://github.com/drush-ops/drush/blob/master/examples/example.site.yml + + prod: + host: 123.4.5.678 + user: deploy-bot + root: /var/www/html/web + uri: https://example.com + paths: + drush-script: /var/www/html/web/vendor/bin/drush + ssh: + options: -p 65002 + ``` + +2. run `base64 -w 0 self.site.yml`. The output will look something like: + + ```text + IyBFZGl0IG9yIHJlbW92ZSB0aGlzIGZpbGUgYXMgbmVlZGVkLgojIERvY3MgYXQgaHR0cHM6Ly9naXRodWIuY29tL2RydXNoLW9wcy9kcnVzaC9ibG9iL21hc3Rlci9leGFtcGxlcy9leGFtcGxlLnNpdGUueW1sCgpwcm9kOgpob3N0OiAxMjMuNC41LjY3OAp1c2VyOiBkZXBsb3ktYm90CnJvb3Q6IC92YXIvd3d3L2h0bWwvd2ViCnVyaTogaHR0cHM6Ly9leGFtcGxlLmNvbQpwYXRoczoKICAgIGRydXNoLXNjcmlwdDogL3Zhci93d3cvaHRtbC93ZWIvdmVuZG9yL2Jpbi9kcnVzaApzc2g6CiAgICBvcHRpb25zOiAtcCA2NTAwMgo= + ``` + +3. Copy the output +4. Navigate back to your CircleCI -> Project Settings -> Environment Variables + browser instance. +5. Click "Add Environment Variable". +6. Type "SITE_ALIASES" in the name. +7. Paste your output from above into "Value". +8. Click "Add Environment Variable" to accept the changes. +9. Click "Add Environment Variable". ## Configure CircleCI config.yml @@ -503,7 +523,7 @@ mandatory environment variables in this way as well. - Acquia: dev, test, prod - Pantheon: dev, test, live - Default: "prod" on Acquia. "live" on Pantheon + Default: "prod" on Acquia. "live" on Pantheon and generic. - `SANITIZE_SCRIPT`: Script used to sanitize databases. Only used when `CANONICAL_ENV` is not dev. There is no default. - `SYNC_CONFIG`: The ability to turn configuration sync on or off. By default, @@ -545,7 +565,24 @@ mandatory environment variables in this way as well. ### Generic Hosting Specific -- TODO +- `DRUSH_CMD`: alternative location for drush on CircleCI +- `BACKUP_SCRIPT_PATH`: Absolute path on the CircleCI environment used to define + a custom backup script to be injected to the remote environment. +- `DEPLOY_SCRIPT_PATH`: Absolute path on the CircleCI environment used to define + a custom DEPLOY script to be injected to the remote environment. +- `REMOTE_BACKUP_DIRECTORY`: The directory to store backups of production. + Defaults to `$REMOTE_PROJECT_ROOT/backups` +- `SITE_ALIASES`: A base64 encoded site's alias file using a command like + `base64 -w 0 self.site.yml` + +#### Must be defined if SITE ALIASES is not defined + +- `SSH_COMMAND_LIVE`: alternative to using the `SITE_ALIASES` variable. a + straight ssh command like `ssh -p 1234 user@example.com -i /path/to/key` +- `REMOTE_PROJECT_ROOT`: the remote path in which the root of the drupal project + lives. Not the docroot. +- `REMOTE_DRUSH_CMD`: specify if you don't in the `SITE_ALIASES` variable or use + `SSH_COMMAND_LIVE`. defaults to `$REMOTE_PROJECT_ROOT/vendor/bin/drush` ## Helper Environment Variables diff --git a/scripts/general/deploy-to-live b/scripts/general/deploy-to-live index 829b21f..71bcf84 100755 --- a/scripts/general/deploy-to-live +++ b/scripts/general/deploy-to-live @@ -16,6 +16,9 @@ fi if [[ -z "$SYNC_CONFIG" ]]; then SYNC_CONFIG="YES" fi +if [[ -z "$CANONICAL_ENV" ]]; then + CANONICAL_ENV=live +fi # Check for an SSH command to see if we need to scavange for a aliases file. if [[ -z "$SSH_COMMAND_LIVE" ]]; then @@ -114,5 +117,13 @@ if [[ -z "$REMOTE_DRUSH_CMD" ]]; then REMOTE_DRUSH_CMD="./vendor/bin/drush" fi -$SSH_COMMAND_LIVE "bash -s " < "$BACKUP_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$REMOTE_BACKUP_DIRECTORY" "$REMOTE_DRUSH_CMD"; +if [[ $REMOTE_ENV_NAME == "prod" ]] || [[ $REMOTE_ENV_NAME == "live" ]]; then + $SSH_COMMAND_LIVE "bash -s " < "$BACKUP_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$REMOTE_BACKUP_DIRECTORY" "$REMOTE_DRUSH_CMD"; +else + #TODO Add ELSE logic here to pull backup from production to another enviornment + echo "Creating a backup from $CANONICAL_ENV to import into $REMOTE_ENV_NAME." + #Might be able to do s a drush-sync here. consider that the other env may not be on the same server. + #ssh $SSH_COMMAND_DEV "bash -s " < "$BACKUP_SCRIPT_PATH" "$CANONICAL_ENV" "$CANONICAL_REMOTE_PROJECT_ROOT" "$REMOTE_BACKUP_DIRECTORY" "$REMOTE_DRUSH_CMD";; + echo "Importing a backup from the canonical environment to $REMOTE_ENV_NAME" +fi $SSH_COMMAND_LIVE "bash -s " < "$DEPLOY_SCRIPT_PATH" "$REMOTE_ENV_NAME" "$REMOTE_PROJECT_ROOT" "$DEPLOY_BRANCH" "$DOCROOT" "$REMOTE_DRUSH_CMD" "$SYNC_CONFIG";