staging as optional service in production compose · notplants.bsky.social/lichen-deploy@fc3b33c

+20 -8

ansible/override.yml

··· 20 20 vars: 21 21 lichen_deploy_dir: /srv/lichen 22 22 lichen_override_revert: false 23 + lichen_binary_dir: bin 23 24 pre_tasks: 24 25 - name: Require exactly one of lichen_binary_src or lichen_override_revert 25 26 assert: ··· 52 53 when: not compose_stat.stat.exists 53 54 54 55 tasks: 55 - - name: Ensure bin/ exists on the server 56 + - name: Ensure binary directory exists on the server 56 57 file: 57 - path: "{{ lichen_deploy_dir }}/bin" 58 + path: "{{ lichen_deploy_dir }}/{{ lichen_binary_dir }}" 58 59 state: directory 59 60 mode: "0755" 60 61 61 62 - name: Upload custom binary 62 63 copy: 63 64 src: "{{ lichen_binary_src }}" 64 - dest: "{{ lichen_deploy_dir }}/bin/lichen-server" 65 + dest: "{{ lichen_deploy_dir }}/{{ lichen_binary_dir }}/lichen-server" 65 66 mode: "0755" 66 67 when: not lichen_override_revert | bool 67 68 68 69 - name: Remove custom binary 69 70 file: 70 - path: "{{ lichen_deploy_dir }}/bin/lichen-server" 71 + path: "{{ lichen_deploy_dir }}/{{ lichen_binary_dir }}/lichen-server" 71 72 state: absent 72 73 when: lichen_override_revert | bool 73 74 74 - - name: Restart the app container to pick up the change 75 - command: docker compose restart app 75 + - name: Determine which container to restart 76 + set_fact: 77 + lichen_restart_service: "{{ 'staging' if lichen_binary_dir == 'staging-bin' else 'app' }}" 78 + 79 + - name: Determine compose command 80 + set_fact: 81 + lichen_compose_cmd: >- 82 + {{ 'docker compose -f docker-compose.yml -f docker-compose.staging.yml' 83 + if lichen_binary_dir == 'staging-bin' 84 + else 'docker compose' }} 85 + 86 + - name: Restart the container to pick up the change 87 + command: "{{ lichen_compose_cmd }} up -d {{ lichen_restart_service }}" 76 88 args: 77 89 chdir: "{{ lichen_deploy_dir }}" 78 90 changed_when: true 79 91 80 - - name: Wait for the app to report healthy 81 - command: docker compose ps --format '{{ "{{.Health}}" }}' app 92 + - name: Wait for the container to report healthy 93 + command: "{{ lichen_compose_cmd }} ps --format '{{ '{{.Health}}' }}' {{ lichen_restart_service }}" 82 94 args: 83 95 chdir: "{{ lichen_deploy_dir }}" 84 96 register: health

+7 -8

ansible/roles/lichen/tasks/main.yml

··· 11 11 state: directory 12 12 mode: "0755" 13 13 14 - - name: Sync compose stack files 14 + - name: Sync compose stack files from ../docker-compose 15 15 copy: 16 - src: "{{ playbook_dir }}/../{{ lichen_compose_src | default('docker-compose') }}/{{ item.name }}" 16 + src: "{{ playbook_dir }}/../docker-compose/{{ item.name }}" 17 17 dest: "{{ lichen_deploy_dir }}/{{ item.name }}" 18 18 mode: "{{ item.mode }}" 19 - loop: "{{ lichen_compose_files | default(default_compose_files) }}" 20 - vars: 21 - default_compose_files: 22 - - { name: docker-compose.yml, mode: "0644" } 23 - - { name: Caddyfile, mode: "0644" } 24 - - { name: entrypoint.sh, mode: "0755" } 19 + loop: 20 + - { name: docker-compose.yml, mode: "0644" } 21 + - { name: docker-compose.staging.yml, mode: "0644" } 22 + - { name: Caddyfile, mode: "0644" } 23 + - { name: entrypoint.sh, mode: "0755" } 25 24 26 25 - name: Render .env 27 26 template:

+6 -5

docker-compose-staging/docker-compose.yml docker-compose/docker-compose.staging.yml

··· 1 1 services: 2 - app: 2 + staging: 3 3 image: notplants/lichen-full:latest 4 4 entrypoint: ["/bin/sh", "/entrypoint.sh"] 5 - network_mode: host 5 + networks: 6 + - internal 6 7 environment: 7 8 - LM_SERVER_PORT=9001 8 - - LM_DASHBOARD_DOMAIN=${DOMAIN} 9 + - LM_DASHBOARD_DOMAIN=${STAGING_DOMAIN:-staging.lichen.page} 9 10 - LM_USE_AUTH=true 10 11 - LM_ROOT_DIR=/data 11 - - LM_PUBLIC_URL=https://${DOMAIN} 12 + - LM_PUBLIC_URL=https://${STAGING_DOMAIN:-staging.lichen.page} 12 13 - AUTH_PROVIDERS=${AUTH_PROVIDERS:-file,atproto} 13 14 - ADMIN_USER=${ADMIN_USER:-admin} 14 15 - ADMIN_PASSWORD=${ADMIN_PASSWORD} ··· 17 18 volumes: 18 19 - staging_data:/data 19 20 - ./entrypoint.sh:/entrypoint.sh:ro 20 - - ./bin:/opt/lichen-bin:ro 21 + - ./staging-bin:/opt/lichen-bin:ro 21 22 healthcheck: 22 23 test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:9001/tls-check"] 23 24 interval: 30s

-42

docker-compose-staging/entrypoint.sh

··· 1 - #!/bin/sh 2 - set -e 3 - 4 - # disable bubblewrap sandbox — not supported inside Docker 5 - rm -f /usr/bin/bwrap 6 - 7 - # install bash (shell feature) and git-daemon (provides git-http-backend for clone/push) 8 - apk add --no-cache bash git-daemon > /dev/null 2>&1 || true 9 - 10 - # set git identity for auto-commit 11 - if command -v git > /dev/null 2>&1; then 12 - git config --global user.email "lichen@${LM_DASHBOARD_DOMAIN:-localhost}" 13 - git config --global user.name "lichen" 14 - fi 15 - 16 - # write lichen.toml if it doesn't exist yet 17 - if [ ! -f /data/lichen.toml ]; then 18 - TOML_PROVIDERS=$(echo "${AUTH_PROVIDERS:-file,atproto}" | sed 's/[^,][^,]*/\"&\"/g') 19 - echo "auth_providers = [$TOML_PROVIDERS]" > /data/lichen.toml 20 - if [ -n "$DEFAULT_STORAGE_LIMIT" ]; then 21 - echo "default_storage_limit = \"$DEFAULT_STORAGE_LIMIT\"" >> /data/lichen.toml 22 - fi 23 - fi 24 - 25 - # create or update admin user on every startup 26 - if [ -n "$ADMIN_PASSWORD" ]; then 27 - if [ -f "/data/users/${ADMIN_USER:-admin}.toml" ]; then 28 - lichen-server --multi user set-password "${ADMIN_USER:-admin}" \ 29 - --password "$ADMIN_PASSWORD" --root-dir /data 30 - else 31 - lichen-server --multi user add "${ADMIN_USER:-admin}" \ 32 - --password "$ADMIN_PASSWORD" --root-dir /data 33 - fi 34 - fi 35 - 36 - # use custom binary if present, otherwise use the image's built-in binary 37 - if [ -x /opt/lichen-bin/lichen-server ]; then 38 - echo "++ using custom binary from /opt/lichen-bin/lichen-server" 39 - exec /opt/lichen-bin/lichen-server --multi serve 40 - else 41 - exec lichen-server --multi serve 42 - fi

+1 -1

docker-compose/Caddyfile

··· 10 10 tls { 11 11 on_demand 12 12 } 13 - reverse_proxy localhost:9001 13 + reverse_proxy staging:9001 14 14 } 15 15 16 16 :443 {

Configure Feed

Configure Feed