An official website of the United States government US flag signifying that this is a United States Federal Government website

Continuous deployment

Continuous deployment

Setting up continuous deployment allows you to automatically upload your changes to your desired environment.

Get ready

Before setting up continuous deployment:

  1. Go through the production-ready guide to ensure your application uses the core best practices and zero-downtime deployment. This will help you use continuous deployment with reduced risk of errors and outages.
    • The essential requirements: your code needs to be in version control, and it needs to include a manifest.yml file that captures the intended deployment configuration for your application.
  2. Set up continuous integration. This will protect you from deploying a broken application. You can use the same service for continuous integration and continuous deployment — see the list of continuous integration services below for suggestions.

Provision deployment credentials

Continuous deployment systems require credentials for use in pushing new versions of your application code to cloud.gov. You should use a restricted set of credentials that can only access a particular target space, rather than credentials tied to a user who has more access, or who may lose access when leaving your team or project. This “least privilege” approach minimizes the harm that is possible if the credentials are compromised in any way.

To provision a deployer account with permission to deploy to a single space, set up an instance of a cloud.gov service account.

Configure your service

cloud.gov does not yet provide a CI/CD (continuous integration/continuous deployment) service, but you can use any CI/CD service of your choice.

You can configure your code repositories, spaces, and CI/CD service together to enable automated or semi-automated deployments to your environments (such as development, staging, and production environments). For deployments in each environment, you can configure access control and testing requirements according to your project’s needs.

Here are examples of how to set up two cloud-based services that have free tiers for open source projects, Travis and CircleCI. (You can also find and adapt instructions for using other CI/CD services with other Cloud Foundry deployments, such as this explanation of how to use Jenkins.)

Travis

See the Travis documentation.

Use api: https://api.fr.cloud.gov

You must encrypt the password, and you must escape any symbol characters in the password, to prevent possible situations where Travis could dump an error message that contains passwords or environment variables.

For more information about configuring Travis, see Customizing the Build.

Using Conditional Deployments with Travis

A common pattern for team workflows is to use separate development and master branches, along with using a staging or QA deployment with the development branch, and a production deployment with the master branch. This can be achieved in Travis with on: to specify a branch, and using unique manifests for each deployment.

deploy:
- manifest: manifest-staging.yml
  # ...
  on:
    branch: develop
- manifest: manifest.yml
  # ...
  on:
    branch: master

Each manifest should at the very least define an unique name, but can also define an unique host. Also, it may be necessary to define unique services for each application to use. See Cloning Applications for more information.

Jekyll with Travis

To deploy a Jekyll site, add the following to your .travis.yml:

language: ruby
rvm:
- 2.1
script: jekyll build ./_site
deploy:
  skip_cleanup: true
  # ...

For details, see Jekyll’s Continuous Integration guide.

CircleCI

See Getting Started with CircleCI – you’ll need to set up a CircleCI account and give it access to your code repository.

In your code repository, use the following template to set up your circle.yml file. This uses CircleCI 1.0 syntax.

dependencies:
  pre:
    - curl -v -L -o cf-cli_amd64.deb 'https://cli.run.pivotal.io/stable?release=debian64&source=github'
    - sudo dpkg -i cf-cli_amd64.deb
    - cf -v

test:
  post:
    - cf login -a https://api.fr.cloud.gov -u DEPLOYER_SERVICE_ACCOUNT_USERNAME -p $CF_PASS -o ORG -s SPACE

deployment:
  production:
    branch: master
    commands:
      - cf push

Replace DEPLOYER_SERVICE_ACCOUNT_USERNAME, ORG, and SPACE with your information. Do not replace $CF_PASS with your deployer service account password – instead, export the CF_PASS environment variable in the CircleCI interface and put the deployer password there.

You can also review their sample circle.yml file for more configuration options.

Note: If your manifest.yml describes more than one app, you might want to specify which app to push in the cf push line.