Ben Sturmfels
55ee5b53b6
Currently updates are published by the "conservancy-www-update.sh" that does a "pull" deploy with a 5-minutely job that runs on the web server. This doesn't run `migrate`, `collectstatic` or restart the application, so certain types of changes don't take effect, and even template changes often don't due to caching template loader. This script allows you to deploy more significant updates on-demand, but requires SSH access.
25 lines
613 B
Desktop File
25 lines
613 B
Desktop File
# Run the website update script (see also: conservancy-www-update.timer).
|
|
|
|
[Unit]
|
|
Description=Update Conservancy website checkout
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
User=www-data
|
|
WorkingDirectory=/var/www/website
|
|
ExecStart=/var/www/website/deploy/systemd/conservancy-www-update.sh
|
|
|
|
SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
|
|
CapabilityBoundingSet=
|
|
NoNewPrivileges=true
|
|
|
|
PrivateDevices=true
|
|
PrivateNetwork=false
|
|
PrivateTmp=true
|
|
PrivateUsers=false
|
|
ProtectControlGroups=true
|
|
ProtectHome=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/var/www/website
|