Remove conservancy-www-update timer-based deploy

deploy/systemd/README.md

@@ -7,28 +7,11 @@ Install all Systemd services with:
     cp systemd/conservancy-www-*.{service,timer} /etc/systemd/system
     systemctl enable conservancy-www-cleanup.service
     systemctl start conservancy-www-cleanup.service
-    systemctl enable conservancy-www-update.timer
-    systemctl start conservancy-www-update.timer
     systemctl enable conservancy-www-db.service
     systemctl enable conservancy-www-db.path
     systemctl start conservancy-www-db.path
 
 
-##  Website updates
-
-Monitor the website update service with:
-
-    systemctl list-timers --all
-    journalctl --catalog --follow --unit conservancy-www-update.service
-
-Updates will fail unless `/var/www/website` has a git upstream, so set that with:
-
-    git remote add upstream https://k.sfconservancy.org/website
-    git branch --set-upstream-to=upstream/master master
-    
-Note that the update script does not run `migrate`.
-
-
 ## Fundraiser/sustainer database updates
 
 The `conservancy-www-db.service` applies SQL updates to the website database

deploy/systemd/conservancy-www-update.service

@@ -1,25 +0,0 @@
-# Run the website update script (see also: conservancy-www-update.timer).
-
-[Unit]
-Description=Update Conservancy website checkout
-
-[Service]
-Type=oneshot
-User=www-data
-WorkingDirectory=/var/www/website
-ExecStart=/var/www/website/deploy/systemd/conservancy-www-update.sh
-
-SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
-CapabilityBoundingSet=
-NoNewPrivileges=true
-
-PrivateDevices=true
-PrivateNetwork=false
-PrivateTmp=true
-PrivateUsers=false
-ProtectControlGroups=true
-ProtectHome=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectSystem=strict
-ReadWritePaths=/var/www/website

deploy/systemd/conservancy-www-update.sh

@@ -1,43 +0,0 @@
-#!/bin/sh
-
-# Pull in and apply Conservancy website updates from the git repository.
-#
-# This is intended to be run on a timer. Note that it does *not* restart the
-# Django application or run the migrate and collectstatic commands.
-
-set -e
-set -u
-set -x
-
-PRODUCTION_BRANCH="${PRODUCTION_BRANCH:-master}"
-
-git_rev_name() {
-    git rev-parse --abbrev-ref --symbolic-full-name "$@"
-}
-
-# If the checkout is not on the production branch,
-# assume maintenance is happening and stop.
-if [ "$(git_rev_name HEAD)" != "$PRODUCTION_BRANCH" ]; then
-    exit 0
-fi
-
-# Abort if the production branch isn't tracking a remote branch.
-if ! git_upstream="$(git_rev_name '@{upstream}' 2>/dev/null)"; then
-    exit 3
-fi
-
-IFS=/ read git_remote git_refspec <<EOF
-$git_upstream
-EOF
-git fetch --quiet --no-tags "$git_remote" "$git_refspec"
-if [ "$(git rev-parse "$PRODUCTION_BRANCH")" = "$(git rev-parse "$git_upstream")" ]; then
-    exit 0
-fi
-
-exitcode=0
-git merge --quiet --ff-only "${git_remote}/${git_refspec}"
-python3 -m compileall -q -x - conservancy || exitcode=$?
-chgrp -R www-data conservancy || exitcode=$?
-chmod -R g+rX-w,o+X-w conservancy || exitcode=$?
-chmod -R o+r conservancy/static || exitcode=$?
-exit "$exitcode"

deploy/systemd/conservancy-www-update.timer

@@ -1,8 +0,0 @@
-[Unit]
-Description=Update Conservancy website checkout
-
-[Timer]
-OnCalendar=*:0/5
-
-[Install]
-WantedBy=timers.target