Thin-Deployer

Release 1.1.0

Webhook handler that can be used to deploy on push for example

Homepage PyPI Python

Keywords
anarchism, anarchist, automated-deployment, automation, deployer, deployment, mattermost, microservice, python, python3, riotkit, slack, thin-deployer, tornado, tornado-framework, tornado-web
License
LGPL-3.0
Install
pip install Thin-Deployer==1.1.0

Documentation

Thin Deployer

Build Status Docker Build Status GitHub release PyPI PyPI - Python Version PyPI - Wheel codecov

Securely runs your deployment commands triggered by a HTTP call.

Example case:

  • POST an information to the /deploy/my-service
  • Do the git pull && ./deploy.sh

PIP: https://pypi.org/project/Thin-Deployer/ Travis: https://travis-ci.org/riotkit-org/thin-deployer Docker: https://hub.docker.com/r/wolnosciowiec/thin-deployer/

Free software

Created for an anarchist portal, with aim to propagate the freedom and grass-roots social movements where the human and it's needs is on first place, not the capital and profit.

Configuration

Default configuration path is ~/.deployer.yml, but can be specified with a switch --configuration={{ file path }}

Example:


# service definition (and service name there)
phpdenyhosts:
    # token used to authorize via "token" GET parameter, or "X-Auth-Token" header
    token: some-token-goes-here-use-only-at-least-64-characters-long-tokens

    # optional: support for notifying Slack and other messengers
    # with wolnosciowiec-notification-client
    use_notification: true
    notification_group: "logs"

    # working directory to be in to execute every command
    pwd: /var/www/app

    # could be empty, if not empty then the deploy will execute
    # only if the INCOMING REQUEST BODY will match this regexp
    # useful for example to deploy only from a proper branch
    request_regexp: "\"branch\": \"([production|stage]+)\""

    # commands to execute in order
    commands:
        - git pull
        - composer install --no-dev

# (...) there could be more service definitions

Installing via PIP

One of the ways, a traditional one is to install as a Python package on the host machine.

pip install Thin-Deployer
thin-deployer --configuration=/etc/thin-deployer/.deployer.yml

Installing via Docker

Modern and more secure way is to use a docker image to run the thin-deployer inside of an isolated container.

sudo docker run -p 8012:8012 -v ./deployer.yml:/root/.deployer.yml --rm --name thin-deployer wolnosciowiec/thin-deployer

Running dev environment

make install_dependencies

# simplest form with all default params
make run

# or advanced with possibility to add commandline switches
python3 ./bin/deployer.py
Logging to file

Use --log-file-prefix={{ path_to_log_file }} switch to save logs to file.

Changing port number and bind address

  • --port={{ port_number }} switch will change server listen port
  • --listen={{ ip_addres }} makes server listen to given address, defaults to 0.0.0.0

Example request to trigger the deployment

POST /deploy/phpdenyhosts HTTP/1.1
Host: localhost:8012
X-Auth-Token: some-token-goes-here-use-only-at-least-64-characters-long-tokens

Example response

{
  "output": "Command \"ls -la /nonexisting\" failed, output: \"b''\""
}

Headers:

  • X-Runs-As: UNIX username of a user on which privileges the server is working on

Dependencies

Health checking

Service provides a simple monitoring endpoint at GET /technical/healthcheck

Authorization is done in two ways. Its up to you to use a preferred one in a request to the endpoint.

  • A header X-Auth-Token with a token as a value
  • Basic authorization data, login can be any, as a password please type the token

Examples of headers:

  • Authorization: YWFhOnRlc3Q=
  • X-Auth-Token: test

Configuration

Health check endpoint is configurable via environment variables.

  • HC_TOKEN={{ token }} health check access token
  • HC_MIN_TOKEN_LENGTH={{ min_length }} minimum length of a token in every service
  • HC_MAX_DISK_USAGE={{ max_disk_usage_percentage }} defaults to 90 (it's 90%), when disk usage is higher or equals to this value then an error will be reported

Alternatives

Notifications

Each deployment can produce a notification with output, supported notification format is Slack/Mattermost (webhook url required)

Good practices of securing the service

  1. Its good to use long tokens
  2. Hide the service behind a load balancer with a request rate per second limited (to avoid brute force attacks)
  3. Optionally add a basic auth (this may impact usage of the service by external client applications)
  4. Use SSL behind load balancer when service is called from the internet

Stats

Dependencies
5
Dependent packages
0
Dependent repositories
0
Total releases
7
Latest release
First release
Stars
3
Forks
0
Watchers
3
Contributors
1
Repository size
52.7 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.1.0
1.0.1.dev13
1.0.1.dev12
1.0.1.dev11
0.0.1.dev54
1.0.0
0.0.1.dev49

Contributors

Andrew Johnson


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-22 16:35:51 UTC

Login to resync this project