From 3069a72763897147cd87f73d80866ed1590504ce 2024-03-13 03:50:48 From: Ben Sturmfels Date: 2024-03-13 03:50:48 Subject: [PATCH] Remove conservancy-www-update timer-based deploy --- diff --git a/deploy/systemd/README.md b/deploy/systemd/README.md index cccfc01f09287ebc1758cdd20b350a2e7594d515..2c60497449af4b565fd059117cc5d77f0ea65bf7 100644 --- a/deploy/systemd/README.md +++ b/deploy/systemd/README.md @@ -7,28 +7,11 @@ Install all Systemd services with: cp systemd/conservancy-www-*.{service,timer} /etc/systemd/system systemctl enable conservancy-www-cleanup.service systemctl start conservancy-www-cleanup.service - systemctl enable conservancy-www-update.timer - systemctl start conservancy-www-update.timer systemctl enable conservancy-www-db.service systemctl enable conservancy-www-db.path systemctl start conservancy-www-db.path -## Website updates - -Monitor the website update service with: - - systemctl list-timers --all - journalctl --catalog --follow --unit conservancy-www-update.service - -Updates will fail unless `/var/www/website` has a git upstream, so set that with: - - git remote add upstream https://k.sfconservancy.org/website - git branch --set-upstream-to=upstream/master master - -Note that the update script does not run `migrate`. - - ## Fundraiser/sustainer database updates The `conservancy-www-db.service` applies SQL updates to the website database diff --git a/deploy/systemd/conservancy-www-update.service b/deploy/systemd/conservancy-www-update.service deleted file mode 100644 index 3374e35381f399e12cd9ec02852dc7605ece80ab..0000000000000000000000000000000000000000 --- a/deploy/systemd/conservancy-www-update.service +++ /dev/null @@ -1,25 +0,0 @@ -# Run the website update script (see also: conservancy-www-update.timer). - -[Unit] -Description=Update Conservancy website checkout - -[Service] -Type=oneshot -User=www-data -WorkingDirectory=/var/www/website -ExecStart=/var/www/website/deploy/systemd/conservancy-www-update.sh - -SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete -CapabilityBoundingSet= -NoNewPrivileges=true - -PrivateDevices=true -PrivateNetwork=false -PrivateTmp=true -PrivateUsers=false -ProtectControlGroups=true -ProtectHome=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectSystem=strict -ReadWritePaths=/var/www/website diff --git a/deploy/systemd/conservancy-www-update.sh b/deploy/systemd/conservancy-www-update.sh deleted file mode 100755 index d059a8d281f55ea724adc68c59c95688e7f6822f..0000000000000000000000000000000000000000 --- a/deploy/systemd/conservancy-www-update.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh - -# Pull in and apply Conservancy website updates from the git repository. -# -# This is intended to be run on a timer. Note that it does *not* restart the -# Django application or run the migrate and collectstatic commands. - -set -e -set -u -set -x - -PRODUCTION_BRANCH="${PRODUCTION_BRANCH:-master}" - -git_rev_name() { - git rev-parse --abbrev-ref --symbolic-full-name "$@" -} - -# If the checkout is not on the production branch, -# assume maintenance is happening and stop. -if [ "$(git_rev_name HEAD)" != "$PRODUCTION_BRANCH" ]; then - exit 0 -fi - -# Abort if the production branch isn't tracking a remote branch. -if ! git_upstream="$(git_rev_name '@{upstream}' 2>/dev/null)"; then - exit 3 -fi - -IFS=/ read git_remote git_refspec <