Deploy main to VMs automaticaly #54

New issue

Closed

opened 2025-04-12 14:05:39 +02:00 by fabianhauser · 1 comment

fabianhauser commented

2025-04-12 14:05:39 +02:00

Owner

To collect experience with automatic deployments, VMs should be updated directly form the main branch.

This may only happen after a successful build
In case of deployment failure, switching should be re-attempted (happens frequently with current deploy-rs deployment)

We'll do CI deployment with deploy-rs for now:

It has the required features
Implementation should be relatively low effort.

Tools

Push: `deploy-rs` ✅

Pros:

Currently implemented solution, no changes necessary
Simple to implement CI
Rollbacks on service failures or ssh access problems

Cons:

Push based
Deployment retries have to be scripted manually

Pull: system.autoUpgrade ❎

Pros:

Upstream
Auto-Reboots

Cons:

No signature verification
No cloning support of private git (sub)repos 🛑
No rollbacks or checks ⚠️
No checking of finished CI - needs a separate deploy branch for now ⚠️

Pull: comin ❎

Open:

Can it clone submodules? Probably not from what I can tell ⚠️
- Could be contributed

Pros:

Commit signature verification
Allows testing branches to deploy specific hosts

Cons:

No autoReboot
No rollbacks or checks ⚠️
No checking of finished CI - needs a separate deploy branch for now ⚠️
- might be something we can contribute - already gets a oauth token.

Notes:

Doesn't allow for remote to have history rewrites (only forward deployments, our main branch qualifies for that.

To collect experience with automatic deployments, VMs should be updated directly form the main branch. - This may only happen after a successful build - In case of deployment failure, switching should be re-attempted (happens frequently with current `deploy-rs` deployment) We'll do CI deployment with `deploy-rs` for now: * It has the required features * Implementation should be relatively low effort. ## Tools ### Push: `deploy-rs` ✅ Pros: + Currently implemented solution, no changes necessary + Simple to implement CI + Rollbacks on service failures or ssh access problems Cons: - Push based - Deployment retries have to be scripted manually ### Pull: [system.autoUpgrade](https://search.nixos.org/options?channel=unstable&show=system.autoUpgrade.allowReboot&from=0&size=50&sort=relevance&type=packages&query=system.autoUpgrade) ❎ Pros: + Upstream + Auto-Reboots Cons: - No signature verification - No cloning support of private git (sub)repos 🛑 - No rollbacks or checks ⚠️ - No checking of finished CI - needs a separate deploy branch for now ⚠️ ### Pull: [comin](https://github.com/nlewo/comin) ❎ Open: * Can it clone submodules? Probably not from what I can tell ⚠️ * Could be contributed Pros: + Commit signature verification + Allows testing branches to deploy specific hosts Cons: - No autoReboot - No rollbacks or checks ⚠️ - No checking of finished CI - needs a separate deploy branch for now ⚠️ * might be something we can contribute - already gets a oauth token. Notes: * Doesn't allow for remote to have history rewrites (only forward deployments, our `main` branch qualifies for that.