-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMakefile
65 lines (52 loc) · 2.64 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
include .env
REMOTE=root@deployment-host.comp-soc.com
# .SILENT:
# Get the latest logs in real time, without any previous logs (i.e. only newer ones)
tail:
ssh ${REMOTE} 'docker logs -f --tail 0 service-${SERVICE_NAME}'
# Get all logs
logs:
ssh ${REMOTE} 'docker logs service-${SERVICE_NAME}'
# Synchronise Discord bot tokens
sync-secrets: sync-secrets-confirm
rsync -r ./.secrets/ ${REMOTE}:/secrets/service-${SERVICE_NAME}
sync-secrets-confirm:
@echo "!!! Confirm that you want to execute this sync operation to copy local secrets to production."
@echo "!!! This wil overwrite any credentials that are currently actively deployed. [y/N]"
@read ans && [ $${ans:-N} = y ]
# After cloning this repo locally, you can run this to set up the .secrets
# directory both locally and remotely. Harmless even if run multiple times.
initialise: initialise-confirm generate-port
rsync -r ${REMOTE}:/secrets/service-${SERVICE_NAME}/ ./.secrets/
generate-port:
ssh ${REMOTE} 'ruby -e "require \"socket\"; puts Addrinfo.tcp(\"\", 0).bind {|s| s.local_address.ip_port }"' | tr -d '[:space:]' > .open-port
PORT = $(shell cat .open-port)
initialise-confirm:
mkdir -p .secrets
ssh ${REMOTE} "mkdir -p /secrets/service-${SERVICE_NAME}"
@rsync --dry-run -v -r ${REMOTE}:/secrets/service-${SERVICE_NAME}/ ./.secrets/
@echo "!!! Confirm that you want to execute this sync operation to copy production secrets to local."
@echo "!!! This will overwrite any testing/debugging credentials you may already have. [y/N]"
@read ans && [ $${ans:-N} = y ]
# Start the Docker container on the remote. This is needed to refresh secret
# .env files after a sync-secrets -- for this reason, it's recommended to use
# the restart target instead, which covers it.
start:
ssh ${REMOTE} 'docker run -d --name service-${SERVICE_NAME} \
--network traefik-net \
--label "traefik.enable=true" \
-p ${PORT}:8080 \
--volume /deployment/service-${SERVICE_NAME}:/etc/${SERVICE_NAME} \
--label "com.centurylinklabs.watchtower.enable=true" \
--label "traefik.http.routers.service-${SERVICE_NAME}.rule=Host(\`${SUBDOMAIN}.dev.comp-soc.com\`)" \
ghcr.io/compsoc-edinburgh/service-${SERVICE_NAME}'
# Most used command, restarts the service after syncing secrets (i.e. new
# Discord bot tokens). Can be run even if this is the first time you're
# deploying the service.
restart: teardown sync-secrets start
# Stop and remove the Docker container on the remote. The || true is to ignore
# errors if the container doesn't exist, without supressing SSH errors or
# exiting the make command.
teardown:
ssh ${REMOTE} 'docker stop service-${SERVICE_NAME} || true'
ssh ${REMOTE} 'docker rm service-${SERVICE_NAME} || true'