Idea is to create it with a wonderful python tool called cookiecutter
if ! ( virtualenv 2>&1 >/dev/null );then echo "ERROR: install venv, on debian/ubuntu: apt install -y virtualenv,fi";fi
virtualenv --python=python3 ~/tools/cookiecutter
~/tools/cookiecutter/bin/pip install cookiecutterInstall gnu-sed with brew install gsed and use it as default with export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH" for the focllowing commands.
-
create on gitlab your project (empty)
-
then locally generate the base files (replace with your values)
# If you already played with cookiecutter you have this directory with the # old project templates. You may need to refresh it. # ignore this step on first exec (you do not have it yet) cd ~/.cookiecutters/cookiecutter-drupal \ && git fetch origin && git reset --hard origin/master \ && cd - # activate cookiecutter env . ~/tools/cookiecutter/bin/activate # And launch the new 'foobar' project generation! # check most variables in cookiecutter.json file cookiecutter --no-input -f -o ~/out_dir \ https://github.com/corpusops/cookiecutter-drupal.git \ name=foobar \ tld_domain=zorg.com \ git_server=gitlab.makina-corpus.net \ docker_registry= registry.makina-corpus.net \ git_ns=zorg \ local_http_port=8009 \ maintenance_no_503="y" \ dev_port=40001 staging_port=40003 qa_host="" prod_port=40010 cd ~/out_dir # review before commit # for relative checkout to work, we need remote objects locally git commit local -m "Add deploy"
-
Read cookiecutter.json for all options
-
notable options behaviors:
use_submodule_for_deploy_code=: copy deploy submodule inside project for a standalone deployment (no common deploy)local_http_port=NNNN: local port use by devs to access the project after /etc/hosts edition to map 127.0.0.1 to thelocal_domainvariable (something like http://project_name.local:local_http_port)php_ver=X.Y: php version to useremove_cron=y: will remove cron image and related configurationenable_cron=: will soft disable (comment crontab) without removing cron.(qa|staging)_host=: will disable generation for this envtests_(staging|tests)=: will disable those specific tests in CIregistry_is_gitlab_registry=y: act that registry is gitlab based and use token to register image against and autofillregister_userandregistry_password.db_mode=<mode>: one ofpostgres|postgis|mysqlhaproxy=y: generate haproxy related jobs
-
Push the generated files (here on
~/out_dir) to your new project
We provide a basic app/composer.json file. NNo doubt that you may have to
complement it.
If you need access to one or more private git repositories for composer, you may
also need to add some private ssh keys in keys/ directory and build a
./sys/sbin/pre-composer.sh script (it should look almost like the other
sys/sbin/composer scripts, but at the end you can add some ssh-keyscan and ssh
specifc configurations like this:)
(
# && $GOSU_CMD ssh-keyscan 37.58.212.66 >> /home/$APP_USER/.ssh/known_hosts \
$GOSU_CMD ssh-keyscan foo.example.com >> /home/$APP_USER/.ssh/known_hosts \
&& chown $APP_USER:$APP_USER /home/$APP_USER/.ssh/known_hosts \
&& $GOSU_CMD printf 'Host foo.example.com\n Preferredauthentications publickey\n IdentityFile ...\n' > /home/$APP_USER/.ssh/config \
&& chown $APP_USER:$APP_USER /home/$APP_USER/.ssh/config
)Check also the drupal updb commands or anything needed in the created database.
./control.sh init # init conf files
./control.sh build drupal
./control.sh build # will be faster as many images are based on drupalNote that you can also read the generated README.md of the generated project for details on how to deploy the project locally (like docker dependencies, debugging problems, etc).
If you launch a up action on dev local environement the application is not yet installed. Shared directories with your local installation, containing things like the vendors, are empty, and the database may also be empty. A first test may needs commands like these ones :
./control.sh up
./control.sh userexec bin/composerinstall
./control.sh console doctrine:migrations:migrate --allow-no-migrationcd local
ssh-keygen -t rsa -b 2048 -N '' -C deploy -f deploy
export CORPUSOPS_VAULT_PASSWORD=SuperVerySecretPassword
.ansible/scripts/setup_vaults.sh- Also add that variable
CORPUSOPS_VAULT_PASSWORDin the gitlab CI/CD variables - You would certainly also add
REGISTRY_USER®ISTRY_PASSWORD.
For each file which needs to be encrypted
# to find them
find .ansible/inventory/group_vars/|grep encryptAlso open and read both your project top README.md and the .ansible/README.md
You need to
-
open in a editor:
$EDITOR .ansible/inventory/group_vars/dev/default.movemetoencryptedvault.yml -
In another window/shell, use Ansible vault to create/edit that file without the "encrypted" in the filename and copy/paste/adapt the content
.ansible/scripts/edit_vault.sh .ansible/inventory/group_vars/dev/default.yml
-
Delete the original file
rm -f .ansible/inventory/group_vars/dev/default.movemetoencryptedvault.yml
- Wash, rince, repeat for each needing-to-be-encrypted vault.
⚠️ Please note⚠️ : that you will need to put the previously generated ssh deploy key inall/default.yml
- Push to gitlab and run the dev job until it succeeds
- Trigger the dev image release job until it succeeds
-
Deploy manually one time to see everything is in place
Remember:- Your local copy is synced as the working directory on target env (with exclusions, see playbooks)
- The
cops_drupal_docker_tagcontrols which docker image is deployed.
.ansible/scripts/call_ansible.sh .ansible/playbooks/deploy_key_setup.yml .ansible/scripts/call_ansible.sh -vvv .ansible/playbooks/ping.yml -l dev # or staging .ansible/scripts/call_ansible.sh -vvv .ansible/playbooks/app.yml \ -e "{cops_drupal_docker_tag: dev}" -l dev # or staging
You can regenerate at a later time the project
local/regen.sh # and verify new files and updates