jdev - 2022-04-11

dss

can anybody give me a clue, what i need to google to find out how people deploy their webapps to production?

"how to become potato farmer"

as it seems "How to deploy to production" does yield a million articles not one of them going into detail how the code gets transfered to the server

The standard IT answer applies, "It Depends™"

like my ideas are - have cron job the does git pull every minute - triggering a webhook that does then trigger some script on the server

but i dont want to write that webhook myself so ..

Like, on what kind of stack it is. Stack html pages? Just copy over with some file transfer mechanism. More complex? More "it depends"

- sshing into the server and triggering a script there, comes also to mind

Oh, so you want a thing that makes a docker container in a docker container and triggers a docker container manager manger to docker the docker docker into production docker? Well then

Zash i need to execute a script on the server

i simply want my CI call something that triggers a script on the server

`@hourly cd /path/to/app; docker-compose up -d` in a cronjob?

yes as i said that one idea, but sounds not like a good idea

> does yield a million articles because there are probably more methods invented than there are IT people

ok Zash, lets start with how you do it with prosody website :)

I've been wanting to make a thing that runs things based on hooks (web- or xmpp-/pubsub-) but I've yet to NIH that

The prosody website doesn't involve CI

It's a hook in the repo that prods a port with netcat which starts a systemd job that runs `hg pull -u && make` in /var/www

so, `netcat localhost someport` -> systemd socket activation -> build the site.service, a one-off job that does that

Elsewhere I just a post-receive hook that runs `make` when you push to the repo

So many variants!

The socket activation thing enables running the build as a different user than the vcs repo user

So I guess architectually, that's pretty close to a webhook thing that runs commands

except without the web, which is nice

why netcat localhost and not socat UNIX:foobar, to avoid this being at the mercy of a iptables rule to protect from external abuse?

do I look like I want to figure out how to systemd socket activation UNIX sockets?

(also, unix sockets are *even less* web than bare TCP)

Zash, just use SocketStream=/path/to/somewhere instead of a port number?

It listens on ::1 anyway, good luck reaching it

ah, ListenStream= it is

> If the address starts with a slash ("/"), it is read as file system socket in the AF_UNIX socket family.

and then you get the added benefits of posix permission control

I've mentally categorized the whole thing under "it works, don't """fix""" it"

ok i think i write my own webhook thingy

seems to be a 30 line flask script

and now you have a million lines of python running with _what_ privileges?

the socket activation thing means only systemd, which is already there, is involved

sorry i dont know a single thing about all the things you have written

so your method is probably better, but im not inclined to read me into linux system socket systemd things

when i can write 30 lines of python

it's probably fewer lines of systemd unit files.

depends on what you value

but eh, you do you

I tried to minimize extra stuff running while sending signals across privilege barriers and arrived at that

its a web api, and it supports a single get request

I like the pages.sr.ht method, where the CI job uploads a tarball of the website somewhere with curl

if that is suddenly insecure, i think we have big problems :)

In the ENTERPRISE world it'll probably be webhooks triggering kubernetes something something I wanna live in the woods and grow potatoes between the firs

I love docker, it creates jobs out of nothing ;)