spt/Website
spt/Website
2
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Website/items
History
shirito 4bb11f731c
All checks were successful
continuous-integration/drone/push Build is passing
Details
feat: Add passphrase capabilities for SSH key (#11) 
We can now use encrypted SSH keys in the pipeline.
The new secret is `deploy_ssh_key_passphrase`

The documentation has been updated accordingly

Co-authored-by: Ereshkigal <ereshkigal@noreply.dev.sp-tarkov.com>
Reviewed-on: SPT-AKI/Website#11
Co-authored-by: shirito <shirito@noreply.dev.sp-tarkov.com>
Co-committed-by: shirito <shirito@noreply.dev.sp-tarkov.com>
2021-11-04 01:21:44 +00:00
..
api
feat: Add items website code base + drone pipeline (#9)
2021-10-30 16:27:49 +00:00
docs
feat: Add passphrase capabilities for SSH key (#11)
2021-11-04 01:21:44 +00:00
frontend
fix: Fix errors raised by ShortName not being strings
2021-11-02 23:05:32 -04:00
README.md
feat: Add passphrase capabilities for SSH key (#11)
2021-11-04 01:21:44 +00:00

README.md

SPT Items

  • You can use either of the two drone pipeline types:
  • Some enhancement ideas can be found here

Required secrets

secret name description example
spt_items_hostname The remote server where spt-items-finder will be reachable
used for the frontend resolution		 spt-items.my.server.com
deploy_path The path to deploy to in the remote machine /var/www/html/aki/Website/items
deploy_hostname The remote server where to deploy
used by Ansible SSH		 my.server.com
deploy_username The default username to use on the remote server
used by Ansible SSH		 www-data
deploy_user_group The default user group to use on the remote server
used to set permission on the website folder		 www-data
deploy_ssh_key The content of the ssh private key used to connect to the remote server
The key needs to be in RSA in "RSA PRIVATE KEY" format
The ssh publick key needs to already be in the user used in the remote server ~/.ssh/authorized_keys		 -----BEGIN RSA PRIVATE KEY-----
The key
-----END RSA PRIVATE KEY-----
deploy_ssh_key_passphrase The passphrase to decrypt the SSH private key test

⚠ Important notes for the deployment ⚠

  • Add all required secrets in Drone
  • Server permissions:
    1. The server must be able to use apt package manager
    2. The deploy_usernam must exists, be part of the group deploy_user_group and be able to SSH into the server
    3. If the parent folder of deploy_path already exists, deploy_username must have read and write permissions on it
  • PHP:
    1. php8.0-fpm and all its dependencies must already be installed
    2. php8.0-fpm must be configured to use deploy_username (to ensure the cache created by Laravel can be deleted before every new deployment)
  • Nginx:
    1. Nginx must be using uses the user group deploy_user_group
    2. Nginx must be configured to use HTTPS
    3. Nginx must be configured to listen to spt_items_hostname and to point to the deploy_path

The pipeline summary

  1. Each push will:
    1. Builds the frontend
    2. Move the build frontend in the backend public folder
  2. IF Promoted to production, deploys to the server

The pipeline walkthrough

see Walkthrough.md

Some enhancement ideas

  • Store the build so that it is not rebuilt on any promote event
  • Use a volume or a cache for Yarn install