diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index a077d4ce8..7716e9d29 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -1,5 +1,11 @@ name: Build and deploy +# This workflow runs on pushes to main (typically, +# a merged pull request) and on pushes of tagged commits. + +# Pushes to main will deploy to Unstable; tagged commits +# will deploy to Staging + on: push: branches: diff --git a/docs/architecture/decisions/0007-python-buildpack.md b/docs/architecture/decisions/0007-python-buildpack.md index 8f422c052..275833c67 100644 --- a/docs/architecture/decisions/0007-python-buildpack.md +++ b/docs/architecture/decisions/0007-python-buildpack.md @@ -12,6 +12,8 @@ We had previously drafted ADRs to use Docker to build images for containerized d Cloud.gov uses Cloud Foundry which provides several “buildpacks”. These are automated environments which will take a code repository of a certain language and do the usual setup steps to prepare a deployment of that code. In the case of Python, this means automated detection of Pipfile and installation of packages. +We do not anticipate needing a custom buildpack, because our current use case falls completely within the Python buildpack's purview. + ## Decision To use Cloud Foundry’s Python buildpack. diff --git a/docs/ops/README.md b/docs/ops/README.md new file mode 100644 index 000000000..85d3996e2 --- /dev/null +++ b/docs/ops/README.md @@ -0,0 +1,59 @@ +# Operations +======================== + +## Authenticating + +You'll need the [Cloud Foundry CLI](https://docs.cloud.gov/getting-started/setup/). + +We use the V7 Cloud Foundry CLI. + +```shell +cf login -a api.fr.cloud.gov --sso +``` + +After authenticating, make sure you are targeting the correct org and space! + +```bash +cf spaces +cf target -o -s +``` + +## Rotating Environment Secrets + +Secrets were originally created with: + +```sh +cf cups getgov-credentials -p credentials-.json +``` + +Where `credentials-.json` looks like: + +```json +{ + "DJANGO_SECRET_KEY": "EXAMPLE", + ... +} +``` + +You can see the current environment with `cf env `, for example `cf env getgov-dev`. + +The command `cups` stands for [create user provided service](https://docs.cloudfoundry.org/devguide/services/user-provided.html). User provided services are the way currently recommended by Cloud.gov for deploying secrets. The user provided service is bound to the application in `manifest-.json`. + +To rotate secrets, create a new `credentials-.json` file, upload it, then restage the app. + +Example: + +```bash +cf uups getgov-credentials -p credentials-unstable.json +cf restage getgov-dev --strategy rolling +``` + +Non-secret environment variables can be declared in `manifest-.json` directly. + +## Database + +In sandbox, created with `cf create-service aws-rds micro-psql getgov-database`. + +Binding the database in `manifest-.json` automatically inserts the connection string into the environment as `DATABASE_URL`. + +[Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/). \ No newline at end of file diff --git a/ops/README.md b/ops/README.md index c41718d4c..db0e235fd 100644 --- a/ops/README.md +++ b/ops/README.md @@ -3,59 +3,4 @@ This directory contains files related to deploying or running the application(s). -## Authenticating - -You'll need the [Cloud Foundry CLI](https://docs.cloud.gov/getting-started/setup/). - -We use the V7 Cloud Foundry CLI. - -```shell -cf login -a api.fr.cloud.gov --sso -``` - -After authenticating, make sure you are targeting the correct org and space! - -```bash -cf spaces -cf target -o -s -``` - -## Rotating Secrets - -Secrets were originally created with: - -```sh -cf cups getgov-credentials -p credentials-.json -``` - -Where `credentials-.json` looks like: - -```json -{ - "DJANGO_SECRET_KEY": "EXAMPLE", - ... -} -``` - -You can see the current environment with `cf env `, for example `cf env getgov-dev`. - -The command `cups` stands for [create user provided service](https://docs.cloudfoundry.org/devguide/services/user-provided.html). User provided services are the way currently recommended by Cloud.gov for deploying secrets. The user provided service is bound to the application in `manifest-.json`. - -To rotate secrets, create a new `credentials-.json` file, upload it, then restage the app. - -Example: - -```bash -cf uups getgov-credentials -p credentials-dev.json -cf restage getgov-dev --strategy rolling -``` - -Non-secret environment variables can be declared in `manifest-.json` directly. - -## Database - -In sandbox, created with `cf create-service aws-rds micro-psql getgov-database`. - -Binding the database in `manifest-.json` automatically inserts the connection string into the environment as `DATABASE_URL`. - -[Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/). \ No newline at end of file +Documentation is in [docs/ops](../docs/ops). \ No newline at end of file