At SnowCamp I migrated Front Desk-related repositories to Salsa gitlab and worked on setting up Continuous Integration for the web applications I maintain in Debian.
The result is a reusable Django app that integrates with gitlab's webhooks
It is currently working for https://contributors.debian.org and I'll soon reuse it for https://nm.debian.org and https://debtags.debian.org.
The only setup needed on DSA side is to enable systemd linger on the deploy user.
The CI/deploy workflow is this:
- gitlab runs tests in the CI
- gitlab notifies pipeline status changes via a webhook
- when a selected pipeline changes status to
success, the application queues a deploy for that shasum by creating ashasum.deployfile in a queue directory - a systemd
.pathunit running as the deploy user triggers when the new file is created and runsmanage.py deployas the deploy user
And manage.py deploy does this:
- git fetch
- abort of the shasum of the head of the deploy branch does not match one of
the
.deployfiles in the queue directory - abort if the head of the deploy branch is not signed by a gpg key present in a deploy keyring
- abort if the head of the deploy branch is not a successor of the currently deployed commit
- update the working copy
- run a deploy script
- remove all
.deployfiles seen when the script was called - send an email to the site admins with a log of the whole deploy process, whether it succeeded or it was aborted
For more details, see the app's README.md
I find it wonderful that we got to a stage where we can have this in Debian, and I am very grateful to all the work that has been done and is being done in setting up and maintaining Salsa.