jdev - 2022-04-11


  1. dcsc

    dss

  2. lovetox

    can anybody give me a clue, what i need to google to find out how people deploy their webapps to production?

  3. Zash

    "how to become potato farmer"

  4. lovetox

    as it seems "How to deploy to production" does yield a million articles not one of them going into detail how the code gets transfered to the server

  5. Zash

    The standard IT answer applies, "It Depends™"

  6. lovetox

    like my ideas are - have cron job the does git pull every minute - triggering a webhook that does then trigger some script on the server

  7. lovetox

    but i dont want to write that webhook myself so ..

  8. Zash

    Like, on what kind of stack it is. Stack html pages? Just copy over with some file transfer mechanism. More complex? More "it depends"

  9. lovetox

    - sshing into the server and triggering a script there, comes also to mind

  10. Zash

    Oh, so you want a thing that makes a docker container in a docker container and triggers a docker container manager manger to docker the docker docker into production docker? Well then

  11. lovetox

    Zash i need to execute a script on the server

  12. lovetox

    i simply want my CI call something that triggers a script on the server

  13. Zash

    `@hourly cd /path/to/app; docker-compose up -d` in a cronjob?

  14. lovetox

    yes as i said that one idea, but sounds not like a good idea

  15. Zash

    > does yield a million articles because there are probably more methods invented than there are IT people

  16. lovetox

    ok Zash, lets start with how you do it with prosody website :)

  17. Zash

    I've been wanting to make a thing that runs things based on hooks (web- or xmpp-/pubsub-) but I've yet to NIH that

  18. Zash

    The prosody website doesn't involve CI

  19. Zash

    It's a hook in the repo that prods a port with netcat which starts a systemd job that runs `hg pull -u && make` in /var/www

  20. Zash

    so, `netcat localhost someport` -> systemd socket activation -> build the site.service, a one-off job that does that

  21. Zash

    Elsewhere I just a post-receive hook that runs `make` when you push to the repo

  22. Zash

    So many variants!

  23. Zash

    The socket activation thing enables running the build as a different user than the vcs repo user

  24. Zash

    So I guess architectually, that's pretty close to a webhook thing that runs commands

  25. Zash

    except without the web, which is nice

  26. jonas’

    why netcat localhost and not socat UNIX:foobar, to avoid this being at the mercy of a iptables rule to protect from external abuse?

  27. Zash

    do I look like I want to figure out how to systemd socket activation UNIX sockets?

  28. jonas’

    (also, unix sockets are *even less* web than bare TCP)

  29. jonas’

    Zash, just use SocketStream=/path/to/somewhere instead of a port number?

  30. Zash

    It listens on ::1 anyway, good luck reaching it

  31. jonas’

    ah, ListenStream= it is

  32. jonas’

    > If the address starts with a slash ("/"), it is read as file system socket in the AF_UNIX socket family.

  33. jonas’

    and then you get the added benefits of posix permission control

  34. Zash

    I've mentally categorized the whole thing under "it works, don't """fix""" it"

  35. lovetox

    ok i think i write my own webhook thingy

  36. lovetox

    seems to be a 30 line flask script

  37. Zash

    and now you have a million lines of python running with _what_ privileges?

  38. Zash

    the socket activation thing means only systemd, which is already there, is involved

  39. lovetox

    sorry i dont know a single thing about all the things you have written

  40. lovetox

    so your method is probably better, but im not inclined to read me into linux system socket systemd things

  41. lovetox

    when i can write 30 lines of python

  42. jonas’

    it's probably fewer lines of systemd unit files.

  43. Zash

    depends on what you value

  44. jonas’

    but eh, you do you

  45. Zash

    I tried to minimize extra stuff running while sending signals across privilege barriers and arrived at that

  46. lovetox

    its a web api, and it supports a single get request

  47. Zash

    I like the pages.sr.ht method, where the CI job uploads a tarball of the website somewhere with curl

  48. lovetox

    if that is suddenly insecure, i think we have big problems :)

  49. Zash

    In the ENTERPRISE world it'll probably be webhooks triggering kubernetes something something I wanna live in the woods and grow potatoes between the firs

  50. nephele

    I love docker, it creates jobs out of nothing ;)