From b38199dfbd591da5cc9a4465aa4b657a23c1c752 Mon Sep 17 00:00:00 2001 From: Ben Sturmfels Date: Wed, 13 Mar 2024 14:50:48 +1100 Subject: [PATCH] Remove conservancy-www-update timer-based deploy --- deploy/systemd/README.md | 17 -------- deploy/systemd/conservancy-www-update.service | 25 ----------- deploy/systemd/conservancy-www-update.sh | 43 ------------------- deploy/systemd/conservancy-www-update.timer | 8 ---- 4 files changed, 93 deletions(-) delete mode 100644 deploy/systemd/conservancy-www-update.service delete mode 100755 deploy/systemd/conservancy-www-update.sh delete mode 100644 deploy/systemd/conservancy-www-update.timer diff --git a/deploy/systemd/README.md b/deploy/systemd/README.md index cccfc01f..2c604974 100644 --- a/deploy/systemd/README.md +++ b/deploy/systemd/README.md @@ -7,28 +7,11 @@ Install all Systemd services with: cp systemd/conservancy-www-*.{service,timer} /etc/systemd/system systemctl enable conservancy-www-cleanup.service systemctl start conservancy-www-cleanup.service - systemctl enable conservancy-www-update.timer - systemctl start conservancy-www-update.timer systemctl enable conservancy-www-db.service systemctl enable conservancy-www-db.path systemctl start conservancy-www-db.path -## Website updates - -Monitor the website update service with: - - systemctl list-timers --all - journalctl --catalog --follow --unit conservancy-www-update.service - -Updates will fail unless `/var/www/website` has a git upstream, so set that with: - - git remote add upstream https://k.sfconservancy.org/website - git branch --set-upstream-to=upstream/master master - -Note that the update script does not run `migrate`. - - ## Fundraiser/sustainer database updates The `conservancy-www-db.service` applies SQL updates to the website database diff --git a/deploy/systemd/conservancy-www-update.service b/deploy/systemd/conservancy-www-update.service deleted file mode 100644 index 3374e353..00000000 --- a/deploy/systemd/conservancy-www-update.service +++ /dev/null @@ -1,25 +0,0 @@ -# Run the website update script (see also: conservancy-www-update.timer). - -[Unit] -Description=Update Conservancy website checkout - -[Service] -Type=oneshot -User=www-data -WorkingDirectory=/var/www/website -ExecStart=/var/www/website/deploy/systemd/conservancy-www-update.sh - -SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete -CapabilityBoundingSet= -NoNewPrivileges=true - -PrivateDevices=true -PrivateNetwork=false -PrivateTmp=true -PrivateUsers=false -ProtectControlGroups=true -ProtectHome=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectSystem=strict -ReadWritePaths=/var/www/website diff --git a/deploy/systemd/conservancy-www-update.sh b/deploy/systemd/conservancy-www-update.sh deleted file mode 100755 index d059a8d2..00000000 --- a/deploy/systemd/conservancy-www-update.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh - -# Pull in and apply Conservancy website updates from the git repository. -# -# This is intended to be run on a timer. Note that it does *not* restart the -# Django application or run the migrate and collectstatic commands. - -set -e -set -u -set -x - -PRODUCTION_BRANCH="${PRODUCTION_BRANCH:-master}" - -git_rev_name() { - git rev-parse --abbrev-ref --symbolic-full-name "$@" -} - -# If the checkout is not on the production branch, -# assume maintenance is happening and stop. -if [ "$(git_rev_name HEAD)" != "$PRODUCTION_BRANCH" ]; then - exit 0 -fi - -# Abort if the production branch isn't tracking a remote branch. -if ! git_upstream="$(git_rev_name '@{upstream}' 2>/dev/null)"; then - exit 3 -fi - -IFS=/ read git_remote git_refspec <