Continuous deployment (CD) using Travis

March 30, 2023 ยท View on GitHub

  • Every commit triggers Travis CI tests.
  • Once Travis finishes tests, it fires webhook as defined in .travis.yml.
  • By default it makes HTTP POST to the following addresses: https://teststats.cncf.io:2982/hook and https://devstats.cncf.io:2982/hook
  • There is a tool cmd/webhook/webhook that listens to those webhook events.
  • By default we use https protocol. To do so we need Apache server to proxy https requests on 2982 port, into http requests to localhost:1982 (webhook tool only understands http).
  • To configure Apache we use those config files ports.conf and 000-default-le-ssl.conf.
  • You can change webhook's port via GHA2DB_WHPORT environment variable (default is 1982), webhook's root via GHA2DB_WHROOT (default is hook) and webhook's host via GHA2DB_WHHOST (default is 127.0.0.1).
  • Please see Usage for details.
  • By default webhook tool verifies payloads to determine if they are original Travis CI payloads.
  • To enable testing locally you can start tool via GOPATH=/path GHA2DB_PROJECT_ROOT=/path/to/repo PG_PASS=... GHA2DB_SKIP_VERIFY_PAYLOAD=1 webhook or use ready script webhook.sh and then use ./test_webhook.sh script for testing.
  • You need to set both GOPATH and GHA2DB_PROJECT_ROOT because cron job environment have no environment variables set at all, you also have to set PG_PASS (this is to allow webhook to log into database in addition to /tmp/gha2db_* files).
  • Webook must be run via cron job (it can be called every 5 minutes because every next instance will either start or do nothing due to port being used by previous instance).
  • See crontab.entry for details, you need to tweak it a little and install via crontab -e.
  • You can set GHA2DB_DEPLOY_BRANCHES, default "master", comma separated list, uto set which branches should be deployed.
  • You can set GHA2DB_DEPLOY_STATUSES, default "Passed,Fixed", comma separated list, to set which branches should be deployed.
  • You can set GHA2DB_DEPLOY_RESULTS, default "0", comma separated list, to set which Travis CI results should be deployed.
  • You can set GHA2DB_DEPLOY_TYPES, default "push", comma separated list, to set which event types should be deployed.
  • You MUST set GHA2DB_PROJECT_ROOT=/path/to/repo for webhook tool, this is needed to decide where to run make install on successful build.
  • You should list only production branch via GHA2DB_DEPLOY_BRANCHES=production for production server, and you can list any number of branches for test servers: devstats.cncf.io is a production server, while teststats.cncf.io is a test server.
  • If you changed webhook tool and deploy was successful - you need to kill old running instance via killall webhook then wait for cron to fire it again, to se if it works use ps -aux | grep webhook.
  • If you add [ci skip] to the commit message, Travis CI build will be skipped, so webhook tool won't be called at all (this skips tests).
  • If you add [no deploy] or [wip] to the commit message, Travis CI build will run, but webhook tool will not deploy this build.
  • If you add [deploy] to the commit message, webhook will attempt to run full deploy script ./devel/deploy_all.sh:
    • This script will deploy all missing projects (it creates databases, grafanas, certificates, basical creates any missing project from scratch).
    • You can use GHA2DB_SKIP_FULL_DEPLOY=1 to disable this, this is a good idea on the test server, where you usually add all stuff manually, and even if not - you can manually call ./devel/deploy_all.sh to see results.
    • To make full deploy work, you may want to configure additional environment variables.
    • Use GET=1 to allow deploy script to fetch Postgres database from the test server instead of generating it locally (also orders of magnitude faster than generating locally).
    • This fetches datbase dump which is available via WWW, so no additional password variables are needed.
    • You can deploy from webhook on the test server, but it would have to generate all data from scratch, so it will take a very long time and will be harder to debug becaus eit runs from the cron job.
    • Finally take a look at the example crontab file, it has comments about what to put in the test environment and what in the production.
  • To check webhook tool locally use PG_PASS=pwd GET=1 ./webhook.sh and then ./test_webhook.sh from another terminal.