Compare commits
1 Commits
review/pr-
...
fix/stagin
| Author | SHA1 | Date | |
|---|---|---|---|
| 173df0fd6f |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -22,7 +22,6 @@ media/
|
||||
.env
|
||||
.env.*
|
||||
!.env.test.example
|
||||
!.env.staging.example
|
||||
!.env.prod.example
|
||||
|
||||
# Editors/OS
|
||||
|
||||
12
infra/env/.env.staging.example
vendored
12
infra/env/.env.staging.example
vendored
@@ -1,12 +0,0 @@
|
||||
DJANGO_SECRET_KEY=change-me-staging
|
||||
DJANGO_DEBUG=false
|
||||
DJANGO_ALLOWED_HOSTS=staging.party.weircon.dk
|
||||
DB_ENGINE=django.db.backends.mysql
|
||||
DB_NAME=wpp_staging
|
||||
DB_USER=wpp_staging
|
||||
DB_PASSWORD=change-me
|
||||
DB_HOST=127.0.0.1
|
||||
DB_PORT=3306
|
||||
TEST_DB_NAME=
|
||||
CHANNEL_REDIS_HOST=127.0.0.1
|
||||
CHANNEL_REDIS_PORT=6379
|
||||
@@ -4,18 +4,15 @@
|
||||
|
||||
## Databaser
|
||||
- `wpp_test`
|
||||
- `wpp_staging`
|
||||
- `wpp_prod`
|
||||
|
||||
## Brugere
|
||||
- `wpp_test_user` (least privilege på `wpp_test`)
|
||||
- `wpp_staging_user` (least privilege på `wpp_staging`)
|
||||
- `wpp_prod_user` (least privilege på `wpp_prod`)
|
||||
|
||||
## Secrets placering
|
||||
I Secrets-repo:
|
||||
- `wpp/wpp_test.env`
|
||||
- `wpp/wpp_staging.env`
|
||||
- `wpp/wpp_prod.env`
|
||||
|
||||
Forventede felter:
|
||||
|
||||
@@ -8,7 +8,6 @@ Staging-miljø for WPP i Proxmox LXC, så release-klar kode kan deployes og smok
|
||||
- App path: /opt/wpp-staging/app
|
||||
- Service: wpp-staging.service
|
||||
- Health endpoint: GET /healthz
|
||||
- Database: MySQL (staging må ikke bruge SQLite, issue #133)
|
||||
|
||||
## Verifikation
|
||||
Kør fra devops-shell med Proxmox-adgang:
|
||||
@@ -22,8 +21,6 @@ Forventet:
|
||||
- service er active
|
||||
- healthz returnerer JSON med ok=true
|
||||
|
||||
Efter deploy vil scriptet også verificere at `DB_ENGINE` ikke er `django.db.backends.sqlite3` før migrations køres.
|
||||
|
||||
## Deploy (canonical execution context)
|
||||
Deploy skal altid køres via Proxmox host over SSH (ikke fra lokal coder-shell med direkte sudo pct).
|
||||
|
||||
|
||||
@@ -17,32 +17,15 @@ rm -rf src && mkdir src
|
||||
tar -xzf app.tar.gz -C src --strip-components=1
|
||||
rm -rf /opt/wpp-staging/app/*
|
||||
cp -a src/. /opt/wpp-staging/app/
|
||||
# Ensure deploy artifact copied as root does not leave app tree non-writable for wpp.
|
||||
# Ensure deploy artifact copied as root does not leave SQLite/app tree non-writable for wpp.
|
||||
chown -R wpp:wpp /opt/wpp-staging/app
|
||||
# Staging must not run on SQLite (issue #133). Remove bundled sqlite artifact.
|
||||
rm -f /opt/wpp-staging/app/db.sqlite3
|
||||
if [ -f /opt/wpp-staging/app/db.sqlite3 ]; then
|
||||
chmod 664 /opt/wpp-staging/app/db.sqlite3
|
||||
fi
|
||||
cd /opt/wpp-staging/app
|
||||
runuser -u wpp -- python3 -m venv .venv
|
||||
runuser -u wpp -- .venv/bin/pip install -U pip >/dev/null
|
||||
runuser -u wpp -- .venv/bin/pip install -r requirements.txt >/dev/null
|
||||
STAGING_ENV_FILE=\"\"
|
||||
for candidate in \
|
||||
/opt/wpp-staging/app/infra/staging/.env.staging \
|
||||
/opt/wpp-staging/app/infra/env/.env.staging \
|
||||
/opt/wpp-staging/.env.staging; do
|
||||
if [ -f \"\$candidate\" ]; then
|
||||
STAGING_ENV_FILE=\"\$candidate\"
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ -z \"\$STAGING_ENV_FILE\" ]; then
|
||||
echo \"[deploy] ERROR: staging env file not found (.env.staging)\" >&2
|
||||
exit 1
|
||||
fi
|
||||
set -a
|
||||
. \"\$STAGING_ENV_FILE\"
|
||||
set +a
|
||||
runuser -u wpp -- .venv/bin/python manage.py shell -c \"from django.conf import settings; import sys; engine = settings.DATABASES['default']['ENGINE']; print(f'DB_ENGINE={engine}'); sys.exit(0 if engine != 'django.db.backends.sqlite3' else 1)\"
|
||||
runuser -u wpp -- .venv/bin/python manage.py migrate --noinput
|
||||
systemctl restart wpp-staging.service
|
||||
curl -fsS http://127.0.0.1:8000/healthz\""
|
||||
|
||||
Reference in New Issue
Block a user