Deployment at Rosti.cz
-
Register at Rosti.cz, create an app with SSH access.
-
Clear default contents:
$ rm -rf /srv/app
-
Clone the repository:
$ git clone https://github.com/pyvec/python.cz /srv/app
-
Install:
$ cd /srv/app $ pip install -r requirements.txt
-
Set
GITHUB_TOKEN
environment value. Get GitHub Personal Access Token (with no scopes) and edit/srv/conf/supervisor.d/python.conf
:[program:app] command=... environment=GITHUB_TOKEN="123a123dc..." ...
-
Restart Supervisor:
$ supervisorctl restart app
The
app.py
file in the root of the project is used as WSGI endpoint. -
The app should be up and running (e.g. pythoncz-0375.rostiapp.cz).
Continuous deployment means your app gets automatically deployed if continuous integration (CI) build was successful. When turned on only for the master
branch, the app gets deployed every time someone pushes to master
, including merged GitHub Pull Requests.
Travis CI supports continuous deployment out of the box for various PaaS services. Rosti.cz is not among them, but it's possible to setup also your own deployment using the script
keyword.
-
Create an SSH key which is going to be used for deployment. Make sure it is without passphrase as you, obviously, won't be able to interactively type in the password at the end of your TravisCI builds.
$ ssh-keygen -t rsa -b 4096 -C "[email protected]" ... $ ssh-add ~/.ssh/id_rsa_pyvec_deployment
-
Upload the public key to the production server. First, you need to prepare the server so it has
authorized_keys
available - follow instructions from the Rosti.cz documentation. Then upload the public key:$ ssh-copy-id -i ~/.ssh/id_rsa_pyvec_deployment.pub [email protected] -p 10365 # see Rosti.cz administration for username, host, port...
-
Encrypt the private key. See documentation for encrypting files. Please be aware that the encryption is repository-specific. Even if using the same private key for multiple projects, it needs to be re-encrypted individually for each of them.
$ gem install travis $ travis login --auto $ travis encrypt-file id_rsa_pyvec_deployment
Follow instructions of the
travis encrypt-file
output. You need to add decrypting command to your build. This repository has it in thedeployment/deploy.sh
script. -
Make sure the deploy is going to happen. Update
.travis.yml
with custom deployment settings:deploy: provider: "script" script: "deployment/deploy.sh" on: branch: "master" python: "3.4" repo: "pyvec/python.cz"
This triggers
deploy.sh
script only formaster
branch with Python 3.4. -
The
deploy.sh
script, executed within the TravisCI build, does three things:- Decrypts the private key (see above).
- Connects to the production machine via SSH and executes the
update.sh
script. - Deletes the decrypted private key.
-
The
update.sh
script, executed on the production machine, does four things:- Deletes all source code of the current app.
- Uses
git
to get the latest source code in themaster
branch. - Installs dependencies (plain simple
pip install -r requirements.txt
). - Restarts the app (specific to Rosti.cz).