From 77f66b9bf2277ce8b6fdee8f130e0007be36f4e5 Mon Sep 17 00:00:00 2001
From: Thomas Wood <thomas.wood09@imperial.ac.uk>
Date: Thu, 25 Oct 2018 21:31:23 +0100
Subject: [PATCH] Website deployment via Philippa's account
---
.deploy.sh | 8 ++--
.gitlab-ci.yml | 92 +++++++++++++++++++++++--------------------
Gemfile.lock | 104 ++++++++++++++++++++++++++-----------------------
README.md | 6 ++-
Rakefile | 5 +++
5 files changed, 121 insertions(+), 94 deletions(-)
diff --git a/.deploy.sh b/.deploy.sh
index f33f133..a8d73c8 100755
--- a/.deploy.sh
+++ b/.deploy.sh
@@ -1,7 +1,9 @@
#!/bin/sh
+# Use rsync to transfer files to a server via ssh, ensuring that the files are transferred with the correct permissions,
+# user group. The command will also remove old files from the remote directory.
set -x
-USER=${DEPLOY_USER:+${DEPLOY_USER}@}
-SERVER=${DEPLOY_SERVER:-shell1.doc.ic.ac.uk}
-PTH=${DEPLOY_PATH:-/vol/rr/www}
+USER=${DOC_DEPLOY_USER:+${DOC_DEPLOY_USER}@}
+SERVER=${DOC_DEPLOY_SERVER:-shell1.doc.ic.ac.uk}
+PTH=${DOC_DEPLOY_PATH:-/vol/rr/www}
exec rsync --chmod=Dg+s,ug+rwX,o+rX --chown=:rr -igrp --delete _site/ "${USER}${SERVER}:${PTH}"
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 209e90e..440f6e0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,32 +3,21 @@ stages:
- build
- deploy
-update_publications:
- stage: update
- script:
- - git checkout -B ${CI_COMMIT_REF_NAME}
- - git submodule update --init --remote
- - git add publications
- - git commit -m "[AUTO] Updating publications submodule" || exit 0
- - git remote rm rw || true
- - git remote add rw git@gitlab.doc.ic.ac.uk:${CI_PROJECT_PATH}.git
- - eval `ssh-agent`
- - echo "$PUSH_KEY" | ssh-add -
- - git push rw ${CI_COMMIT_REF_NAME}
- variables:
- GIT_AUTHOR_NAME: Resource Reasoning Group Backup Bot
- GIT_COMMITTER_NAME: Resource Reasoning Group Backup Bot
- GIT_AUTHOR_EMAIL: rr-gitlab-bot@example.com
- EMAIL: rr-gitlab-bot@example.com
- image: ignoredambience/github-gitlab-sync
- tags:
- - docker
- only:
- - triggers
+image: "ruby:2"
+variables:
+ NOKOGIRI_USE_SYSTEM_LIBRARIES: "true"
build:
stage: build
- image: "ruby:2.4"
+ artifacts:
+ paths:
+ - _site/
+ expire_in: 1 day
+ cache:
+ paths:
+ - vendor/bundle/
+ except:
+ - triggers
tags:
- docker
before_script:
@@ -36,41 +25,60 @@ build:
- bundle exec rake init
script:
- bundle exec rake -s --suppress-backtrace . test
- artifacts:
- paths:
- - _site/
- expire_in: 1 day
- except:
- - triggers
deadlinks:
stage: deploy
- image: "ruby:2.4"
+ allow_failure: true
+ cache:
+ paths:
+ - vendor/bundle/
+ except:
+ - triggers
tags:
- docker
before_script:
- bundle install --deployment --without=development --with=test
script:
- bundle exec rake -s --suppress-backtrace . testlinks
- allow_failure: true
- except:
- - triggers
deploy:
stage: deploy
environment: production
- script:
- - "umask 0002 && rsync --chmod=Dg+s,ug+rwX,o+rX --chown=:rr -igrp --delete _site/ /vol/rr/www"
+ image: resourcereasoning/website-deploy
tags:
- - auth-rr
+ - docker
only:
- master
except:
- triggers
+ # DOC_DEPLOY_USER and DOC_DEPLOY_KEY should be defined as secret variables in the GitLab CI Settings panel
+ before_script:
+ - eval `ssh-agent`
+ - echo "$DOC_DEPLOY_KEY" | ssh-add -
+ script:
+ - ./.deploy.sh
-variables:
- NOKOGIRI_USE_SYSTEM_LIBRARIES: "true"
-
-cache:
- paths:
- - vendor/bundle/
+# Special target triggered when publications repository is updated:
+update_publications:
+ stage: update
+ variables:
+ GIT_AUTHOR_NAME: Resource Reasoning Group Backup Bot
+ GIT_COMMITTER_NAME: Resource Reasoning Group Backup Bot
+ GIT_AUTHOR_EMAIL: rr-gitlab-bot@example.com
+ EMAIL: rr-gitlab-bot@example.com
+ # PUSH_KEY should be defined as a secret variable in the GitLab UI
+ SSH_KEY: $PUSH_KEY
+ image: ignoredambience/github-gitlab-sync
+ only:
+ - triggers
+ before_script:
+ - eval `ssh-agent`
+ - echo "$SSH_KEY" | ssh-add -
+ script:
+ - git checkout -B ${CI_COMMIT_REF_NAME}
+ - git submodule update --init --remote
+ - git add publications
+ - git commit -m "[AUTO] Updating publications submodule" || exit 0
+ - git remote rm rw || true
+ - git remote add rw git@gitlab.doc.ic.ac.uk:${CI_PROJECT_PATH}.git
+ - git push rw ${CI_COMMIT_REF_NAME}
diff --git a/Gemfile.lock b/Gemfile.lock
index 6dcde82..ef13807 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,101 +1,109 @@
GEM
remote: https://rubygems.org/
specs:
- activesupport (5.1.4)
+ activesupport (5.2.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
- i18n (~> 0.7)
+ i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
addressable (2.5.2)
public_suffix (>= 2.0.2, < 4.0)
- bibtex-ruby (4.4.4)
+ bibtex-ruby (4.4.7)
latex-decode (~> 0.0)
- citeproc (1.0.5)
- namae (~> 0.8)
- citeproc-ruby (1.1.7)
- citeproc (>= 1.0.4, < 2.0)
- csl (~> 1.4)
+ citeproc (1.0.9)
+ namae (~> 1.0)
+ citeproc-ruby (1.1.10)
+ citeproc (~> 1.0, >= 1.0.9)
+ csl (~> 1.5)
colorator (1.1.0)
colorize (0.8.1)
- concurrent-ruby (1.0.5)
- csl (1.4.5)
- namae (~> 0.7)
- csl-styles (1.0.1.8)
+ concurrent-ruby (1.1.3)
+ csl (1.5.0)
+ namae (~> 1.0)
+ csl-styles (1.0.1.9)
csl (~> 1.0)
- ethon (0.10.1)
+ em-websocket (0.5.1)
+ eventmachine (>= 0.12.9)
+ http_parser.rb (~> 0.6.0)
+ ethon (0.11.0)
ffi (>= 1.3.0)
- ffi (1.9.18)
+ eventmachine (1.2.7)
+ ffi (1.9.25)
forwardable-extended (2.6.0)
- html-proofer (3.7.3)
+ html-proofer (3.9.2)
activesupport (>= 4.2, < 6.0)
addressable (~> 2.3)
colorize (~> 0.8)
mercenary (~> 0.3.2)
- nokogiri (~> 1.7)
+ nokogiri (~> 1.8.1)
parallel (~> 1.3)
- typhoeus (~> 0.7)
+ typhoeus (~> 1.3)
yell (~> 2.0)
- i18n (0.8.6)
- jekyll (3.6.0)
+ http_parser.rb (0.6.0)
+ i18n (0.9.5)
+ concurrent-ruby (~> 1.0)
+ jekyll (3.8.5)
addressable (~> 2.4)
colorator (~> 1.0)
+ em-websocket (~> 0.5)
+ i18n (~> 0.7)
jekyll-sass-converter (~> 1.0)
- jekyll-watch (~> 1.1)
+ jekyll-watch (~> 2.0)
kramdown (~> 1.14)
liquid (~> 4.0)
mercenary (~> 0.3.3)
pathutil (~> 0.9)
- rouge (>= 1.7, < 3)
+ rouge (>= 1.7, < 4)
safe_yaml (~> 1.0)
- jekyll-feed (0.9.2)
+ jekyll-feed (0.11.0)
jekyll (~> 3.3)
- jekyll-redirect-from (0.12.1)
+ jekyll-redirect-from (0.14.0)
jekyll (~> 3.3)
- jekyll-sass-converter (1.5.0)
+ jekyll-sass-converter (1.5.2)
sass (~> 3.4)
- jekyll-scholar (5.10.2)
+ jekyll-scholar (5.14.0)
bibtex-ruby (~> 4.0, >= 4.0.13)
citeproc-ruby (~> 1.0)
csl-styles (~> 1.0)
jekyll (~> 3.0)
- jekyll-sitemap (1.1.1)
+ jekyll-sitemap (1.2.0)
jekyll (~> 3.3)
- jekyll-watch (1.5.0)
- listen (~> 3.0, < 3.1)
- kramdown (1.15.0)
- latex-decode (0.2.2)
- unicode (~> 0.4)
- liquid (4.0.0)
- listen (3.0.8)
+ jekyll-watch (2.1.2)
+ listen (~> 3.0)
+ kramdown (1.17.0)
+ latex-decode (0.3.1)
+ liquid (4.0.1)
+ listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
+ ruby_dep (~> 1.2)
mercenary (0.3.6)
mini_portile2 (2.3.0)
- minitest (5.10.3)
- namae (0.11.3)
- nokogiri (1.8.1)
+ minitest (5.11.3)
+ namae (1.0.1)
+ nokogiri (1.8.5)
mini_portile2 (~> 2.3.0)
- parallel (1.12.0)
- pathutil (0.16.0)
+ parallel (1.12.1)
+ pathutil (0.16.2)
forwardable-extended (~> 2.6)
- public_suffix (3.0.0)
- rake (12.1.0)
- rb-fsevent (0.10.2)
+ public_suffix (3.0.3)
+ rake (12.3.1)
+ rb-fsevent (0.10.3)
rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2)
- rouge (2.2.1)
+ rouge (3.3.0)
+ ruby_dep (1.5.0)
safe_yaml (1.0.4)
- sass (3.5.2)
+ sass (3.7.2)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
thread_safe (0.3.6)
- typhoeus (0.8.0)
- ethon (>= 0.8.0)
- tzinfo (1.2.3)
+ typhoeus (1.3.1)
+ ethon (>= 0.9.0)
+ tzinfo (1.2.5)
thread_safe (~> 0.1)
- unicode (0.4.4.4)
yell (2.0.7)
PLATFORMS
@@ -111,4 +119,4 @@ DEPENDENCIES
rake
BUNDLED WITH
- 1.15.4
+ 1.16.6
diff --git a/README.md b/README.md
index 94b4f5f..bbcad90 100644
--- a/README.md
+++ b/README.md
@@ -93,7 +93,11 @@ are consistent.
An additional check that external links are still live is also run, but this test is permitted to fail without blocking
the deployment.
-The site is deployed to `/vol/rr/www` automatically on successful build.
+The site is deployed to `/vol/rr/www` automatically on successful build using the .deploy.sh script. This script uses
+rsync to transfer the files to the server via ssh. The contents of the `DOC_DEPLOY_KEY` CI environment variable are used
+as the private key to transfer the files via. This key is currently configured to give locked-down rsync access to the
+`/vol/rr/www` using Philippa's user account. For further details for how this is achieved, [see this
+howto](https://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/).
Locally Building and Testing
----------------------------
diff --git a/Rakefile b/Rakefile
index 69bbedc..634e9fa 100644
--- a/Rakefile
+++ b/Rakefile
@@ -35,3 +35,8 @@ desc "Build the site, rebuild when files are edited, and serve via a local http
task :serve do
sh "bundle exec jekyll serve"
end
+
+desc "Deploy the website to the webserver"
+task :deploy do
+ sh ".deploy.sh"
+end
--
GitLab