Website build on commit

[rvagg]

cc @iojs/website

Currently we are using github-webhook with the following configuration on the server:

{
  "port": 9999,
  "path": "/webhook",
  "secret": "orly?",
  "log": "/home/iojs/github-webhook.log",
  "rules": [{
    "event": "push",
    "match": "ref == \"refs/heads/master\" && repository.full_name == \"iojs/website\"",
    "exec": "cd /home/iojs/website.github/ && git reset --hard && git clean -fdx && git fetch origin && git checkout origin/master && rsync -avz --delete --exclude .git /home/iojs/website.github/public/ /home/iojs/www/"
  }]
}

i.e. the "build" process is:

1. in the existing clone of iojs/website, do a reset and clean
2. fetch from origin
3. checkout origin/master
4. rsync the ./public/ directory of the repo into the live site directory

What I want to suggest we add is a build step in between 3 and 4 here, but it needs to be done inside a container so we don't give free reign for code in the website repo to run on the server.

Something like this:

docker pull iojs:latest && \
docker run \
  --rm \
  -v /home/iojs/website.github/:/website/ \
  -v /home/iojs/.npm:/npm/ \
  iojs:latest \
  bash -c " \
    adduser iojs --gecos iojs --disabled-password && \
    su iojs -c ' \
      npm config set loglevel http && \
      npm config set cache /npm/ && \
      cd /website/ && \
      npm install && \
      node_modules/.bin/gulp build \
    ' \
  "

I've just run this and it seems to work fine and I could enable it right now if that's suitable to the website team.

Note for build team (@kenperkins in particular) our Ansible script for the website needs an initial git clone of iojs/website to /home/iojs/website.github/, I don't think we are doing that currently. The above command will also need /home/iojs/.npm/ to be made and owned by iojs.

[kenperkins]

@rvagg I believe we do at https://github.com/iojs/build/blob/master/setup/www/ansible-playbook.yaml#L73-73

Command comes from https://github.com/iojs/build/blob/master/setup/www/host_vars/iojs-www.tmpl#L3-3

[Fishrock123]

Would we have access to the releases.json from inside the gulp build with this? (I assume not.) We might need to have it sync the json into the build container before build.

[rvagg]

Yep, can do, how about we copy it in to the root of the project directory and name it releases.json, would that do? Of course you could just pull it from the website during build too and that way the build is portable.

[therebelrobot]

+1 to that @rvagg. That would make it simplistic to pull into gulp build. @Fishrock123 so long as the releases.json is up to date, that would work for dynamic linking to the latest, shouldn't it?

[snostorm]

+1 to just pulling it down via HTTP (with a local fallback, perhaps), although if we do "inject it" I'd prefer to overwrite it at source/releases.json before the build runs.

This way this publish script can also be triggered when new versions hit the web.

How long would this take to switch over? I'm all for the change happening any time.

[rvagg]

What I might do is put the above script into a stand-alone file so it can be run by the webhook and also as a result of an update to index.json, so the site gets rebuilt when you push new stuff and when there's new stuff available to it.

How about I set up a test version of this so you can play with it first and then we can go live later. Will try and do it this weekend.

[snostorm]

I'll try to prep a proof-of-concept of using https://iojs.org/dist/index.json for version numbers, download links, etc. when I get a chance. I have an unrelated PR in queue which should make this pretty easy to switch over.

Tracking on nodejs/iojs.org#284

[rvagg]

let's use a test branch on iojs/website, maybe actually call it "test" and we can webhook/pull from that instead of master for testing purposes

[snostorm]

Sure. Should we wait for the "new stuff" or just test randomly as-is without the new .json hooks?

Edit: I guess we can do "both". Start with the current master, then push the new stuff when ready, and see if it all works as expected :)