Webhook handler that can be used to deploy on push for example
Project description
Thin Deployer
=============
[](https://travis-ci.org/Wolnosciowiec/thin-deployer)
Securely runs your deployment commands triggered by a HTTP call.
Example case:
- POST an information to the /deploy/my-service
- Do the git pull && ./deploy.sh
Free software
-------------
Created for an anarchist portal, with aim to propagate the freedom and grass-roots social movements where the human and it's needs is on first place, not the capital and profit.
- https://wolnosciowiec.net
- http://iwa-ait.org
- http://zsp.net.pl
Configuration
-------------
Default configuration path is ~/.deployer.yml, but can be specified with a switch `--configuration={{ file path }}`
Example:
```
# service definition (and service name there)
phpdenyhosts:
# token used to authorize via "token" GET parameter, or "X-Auth-Token" header
token: some-token-goes-here-use-only-at-least-64-characters-long-tokens
# optional: support for notifying Slack and other messengers
# with wolnosciowiec-notification-client
use_notification: true
notification_group: "logs"
# working directory to be in to execute every command
pwd: /var/www/app
# could be empty, if not empty then the deploy will execute
# only if the INCOMING REQUEST BODY will match this regexp
# useful for example to deploy only from a proper branch
request_regexp: "\"branch\": \"([production|stage]+)\""
# commands to execute in order
commands:
- git pull
- composer install --no-dev
# (...) there could be more service definitions
```
Installing
----------
Best way is probably to install from PyPI with pip.
```bash
thin-deployer --configuration=/etc/thin-deployer/.deployer.yml
```
Running
-------
```
make install_dependencies
# simplest form wil all default params
make run
# or advanced with possibility to add commandline switches
python3 ./bin/deployer.py
```
##### Logging to file
Use `--log-file-prefix={{ path_to_log_file }}` switch to save logs to file.
#### Changing port number and bind address
- `--port={{ port_number }}` switch will change server listen port
- `--listen={{ ip_addres }}` makes server listen to given address, defaults to 0.0.0.0
Example request to trigger the deployment
-----------------------------------------
```
POST /deploy/phpdenyhosts HTTP/1.1
Host: localhost:8012
X-Auth-Token: some-token-goes-here-use-only-at-least-64-characters-long-tokens
```
Example response
----------------
```
{
"output": "Command \"ls -la /nonexisting\" failed, output: \"b''\""
}
```
Headers:
- X-Runs-As: UNIX username of a user on which privileges the server is working on
Dependencies
------------
- Python 3
- python-yaml
- Tornado Framework
- py-healthcheck
- [Wolnościowiec Notification server set up somewhere](https://github.com/Wolnosciowiec/wolnosciowiec-notification) (optionally - only for notifications)
- [Wolnościowiec Notification Shell Client](https://github.com/Wolnosciowiec/wolnosciowiec-notification-shell-client) (optionally - only for notifications)
Health checking
---------------
Service provides a simple monitoring endpoint at GET /technical/healthcheck
Authorization is done in two ways.
Its up to you to use a preferred one in a request to the endpoint.
- A header `X-Auth-Token` with a token as a value
- Basic authorization data, login can be any, as a password please type the token
Examples of headers:
- Authorization: YWFhOnRlc3Q=
- X-Auth-Token: test
#### Configuration
Health check endpoint is configurable via environment variables.
- `HC_TOKEN={{ token }}` health check access token
- `HC_MIN_TOKEN_LENGTH={{ min_length }}` minimum length of a token in every service
- `HC_MAX_DISK_USAGE={{ max_disk_usage_percentage }}` defaults to 90 (it's 90%), when disk usage is higher or equals to this value then an error will be reported
Integrations
------------
Integrates well with [Wolnościowiec Notification](https://github.com/Wolnosciowiec/wolnosciowiec-notification) using a [shell client](https://github.com/Wolnosciowiec/wolnosciowiec-notification-shell-client)
Good practices of securing the service
--------------------------------------
1. Its good to use long tokens
2. Hide the service behind a load balancer with a request rate per second limited (to avoid brute force attacks)
3. Optionally add a basic auth (this may impact usage of the service by external client applications)
4. Use SSL behind load balancer when service is called from the internet
=============
[](https://travis-ci.org/Wolnosciowiec/thin-deployer)
Securely runs your deployment commands triggered by a HTTP call.
Example case:
- POST an information to the /deploy/my-service
- Do the git pull && ./deploy.sh
Free software
-------------
Created for an anarchist portal, with aim to propagate the freedom and grass-roots social movements where the human and it's needs is on first place, not the capital and profit.
- https://wolnosciowiec.net
- http://iwa-ait.org
- http://zsp.net.pl
Configuration
-------------
Default configuration path is ~/.deployer.yml, but can be specified with a switch `--configuration={{ file path }}`
Example:
```
# service definition (and service name there)
phpdenyhosts:
# token used to authorize via "token" GET parameter, or "X-Auth-Token" header
token: some-token-goes-here-use-only-at-least-64-characters-long-tokens
# optional: support for notifying Slack and other messengers
# with wolnosciowiec-notification-client
use_notification: true
notification_group: "logs"
# working directory to be in to execute every command
pwd: /var/www/app
# could be empty, if not empty then the deploy will execute
# only if the INCOMING REQUEST BODY will match this regexp
# useful for example to deploy only from a proper branch
request_regexp: "\"branch\": \"([production|stage]+)\""
# commands to execute in order
commands:
- git pull
- composer install --no-dev
# (...) there could be more service definitions
```
Installing
----------
Best way is probably to install from PyPI with pip.
```bash
thin-deployer --configuration=/etc/thin-deployer/.deployer.yml
```
Running
-------
```
make install_dependencies
# simplest form wil all default params
make run
# or advanced with possibility to add commandline switches
python3 ./bin/deployer.py
```
##### Logging to file
Use `--log-file-prefix={{ path_to_log_file }}` switch to save logs to file.
#### Changing port number and bind address
- `--port={{ port_number }}` switch will change server listen port
- `--listen={{ ip_addres }}` makes server listen to given address, defaults to 0.0.0.0
Example request to trigger the deployment
-----------------------------------------
```
POST /deploy/phpdenyhosts HTTP/1.1
Host: localhost:8012
X-Auth-Token: some-token-goes-here-use-only-at-least-64-characters-long-tokens
```
Example response
----------------
```
{
"output": "Command \"ls -la /nonexisting\" failed, output: \"b''\""
}
```
Headers:
- X-Runs-As: UNIX username of a user on which privileges the server is working on
Dependencies
------------
- Python 3
- python-yaml
- Tornado Framework
- py-healthcheck
- [Wolnościowiec Notification server set up somewhere](https://github.com/Wolnosciowiec/wolnosciowiec-notification) (optionally - only for notifications)
- [Wolnościowiec Notification Shell Client](https://github.com/Wolnosciowiec/wolnosciowiec-notification-shell-client) (optionally - only for notifications)
Health checking
---------------
Service provides a simple monitoring endpoint at GET /technical/healthcheck
Authorization is done in two ways.
Its up to you to use a preferred one in a request to the endpoint.
- A header `X-Auth-Token` with a token as a value
- Basic authorization data, login can be any, as a password please type the token
Examples of headers:
- Authorization: YWFhOnRlc3Q=
- X-Auth-Token: test
#### Configuration
Health check endpoint is configurable via environment variables.
- `HC_TOKEN={{ token }}` health check access token
- `HC_MIN_TOKEN_LENGTH={{ min_length }}` minimum length of a token in every service
- `HC_MAX_DISK_USAGE={{ max_disk_usage_percentage }}` defaults to 90 (it's 90%), when disk usage is higher or equals to this value then an error will be reported
Integrations
------------
Integrates well with [Wolnościowiec Notification](https://github.com/Wolnosciowiec/wolnosciowiec-notification) using a [shell client](https://github.com/Wolnosciowiec/wolnosciowiec-notification-shell-client)
Good practices of securing the service
--------------------------------------
1. Its good to use long tokens
2. Hide the service behind a load balancer with a request rate per second limited (to avoid brute force attacks)
3. Optionally add a basic auth (this may impact usage of the service by external client applications)
4. Use SSL behind load balancer when service is called from the internet
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Thin-Deployer-1.0.0.tar.gz
(15.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file Thin-Deployer-1.0.0.tar.gz.
File metadata
- Download URL: Thin-Deployer-1.0.0.tar.gz
- Upload date:
- Size: 15.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.20.0 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.27.0 CPython/3.5.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
47d2149c50a0f3a7e1a980ffc1498eedbf602531e2bbf653665e22c7468253f2
|
|
| MD5 |
129ef72941a9d501e3f0b57533538528
|
|
| BLAKE2b-256 |
dcce6fa4fa36078104bedfd643f8249f11276c0b2e6df9c3ce70f1665823af4c
|
File details
Details for the file Thin_Deployer-1.0.0-py3-none-any.whl.
File metadata
- Download URL: Thin_Deployer-1.0.0-py3-none-any.whl
- Upload date:
- Size: 13.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.20.0 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.27.0 CPython/3.5.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1c9cfda2bd85218b431b0e9ea66baca548508169844346710bf59f6c725d2ab6
|
|
| MD5 |
ff7bcb94079a6dfcb759d0bcef6d248d
|
|
| BLAKE2b-256 |
9a253f975b5056978fc3c5dd02bd0e71fadb3f5ea286a32c4837ed1b457e48ca
|
