Update deployment playbook to help set up staging deploymentsΒ #941
Description
This playbook is used to set up a staging server so that we can stage PRs on it:
https://github.com/openfoodfoundation/ofn-install/blob/d8be2a1d3cc05e93f0a91fdf0175ddbc1919f2c1/roles/semaphore_deployment/tasks/main.yml
But the last few actions don't make sense to me. I think it might have been useful in setting up the first staging server. Then the private key would have been copied and stored as the GitHub secret: DEPLOYMENT_KEY. Hmm probably it's still sitting on one of the staging servers.
The public key goes in authorized_keys on the staging server. It's public, so we could streamline the process with the playbook (rather than I having to spend ages trying various keys with trial and error to find out which one it is).
- Add the deployment public key to this repo and make the playbook automatically load it to
/home/ofn-deploy/.ssh/authorized_keys
Another setup task is to update the GitHub secret DEPLOYMENT_HOSTS to include the new staging server. I don't think we can automate that, but we could probably
- Add a task in the playbook to output the required line(s) for a
known_hostsfile, with notes on what to do with it.
We have the known_hosts stored in BitWarden at the moment, although it could be stored publicly as a file in the openfoodnetwork repo, because it only contains public keys.