chore: seperate staging deployments from production

README.md

@@ -46,7 +46,7 @@ server to become Sticky's production server.
 The code in this repository depends on the following software:
 
 - [nix]
-- A Discord webhook, which should be put in `ansible/.discord-webhook`
+- Two Discord webhooks, which should be put in `ansible/.env`
 
 Furthermore, the Ansible playbooks assume a **vanilla Ubuntu 20.04 host** to be
 deployed on.
@@ -157,16 +157,14 @@ performed, which are explained in detail in [this guide][deployment-new-producti
 ##### On your local terminal:
 1. Install the Nix package manager via the steps on this page: https://nixos.org/download.html
 
-1. Download the repository and enter the folder.
+2. Download the repository and enter the folder.
 `$ git clone https://github.com/svsticky/sadserver`
 `$ cd sadserver/ansible`
 
-1. Create a file `.discord-webhook` containing the webhook to be used for Discord notifications. Put the value of the
-[`slack_notifications_webhook_url` secret]
-(https://vault.bitwarden.com/#/vault?search=slack&itemId=c02392e6-728e-4bce-ae4e-ae900153afc9&cipherId=c02392e6-728e-4bce-ae4e-ae900153afc9)
-in that file. You will need to login to bitwarden as `[email protected]` to read this secret.
-Yes, the secret is still called `slack_notifications_webhook_url` because of legacy reasons, but you
-should not just change the name because it is used in the ansible code.
+3. Copy `sample.env` to `.env` and fill in the missing discord webhooks.
+You will need to login to bitwarden as `[email protected]` to read this secret.
+(If you find the `slack_notifications_webhook_url`, do _not_ change the name of
+the secret for legacy reasons. Ansible's code is dependent on the name.)
 
 To install all required dependencies, run the following command to enter a nix shell.
 `$ nix-shell`
@@ -209,9 +207,6 @@ Godspeed!
   [ansible/group_vars/all/websites.yml]:ansible/group_vars_example/all/websites.yml
   [Ansible Vault]:http://docs.ansible.com/ansible/playbooks_vault.html
   [inventory]:https://docs.ansible.com/ansible/intro_inventory.html
-  [slacktee]:https://github.com/course-hero/slacktee
-  [ansible]:https://github.com/ansible/ansible
-  [Bitwarden CLI]:https://help.bitwarden.com/article/cli/#download--install
   [deployment-new-production]:docs/deployment-new-production.md
   [IT Crowd]:mailto:[email protected]
   [deployment-guide]:#setting-up-the-staging-and-production-environment

ansible/.gitignore

@@ -24,3 +24,5 @@ tramp
 #-- SublimeText
 *.sublime-workspace
 #*.sublime-project
+
+.env

ansible/deploy.py

@@ -13,6 +13,9 @@
 
 import scripts.bitwarden as bitwarden
 
+# Import .env file
+discord_webhook_staging_deployments = os.getenv("DISCORD_WEBHOOK_STAGING_DEPLOYMENTS")
+discord_webhook_production_deployments = os.getenv("DISCORD_WEBHOOK_STAGING_DEPLOYMENTS")
 
 @click.command()
 @click.option(
@@ -121,20 +124,26 @@ def deploy(
 
     arguments.append(playbook)
 
+    discord_deployment_webhook = (
+        discord_webhook_production_deployments
+        if host == "production"
+        else discord_webhook_staging_deployments
+    )
+
     if not check:
-        notify_deploy_start(playbook, host, user, branch, revision, roles)
+        notify_deploy_start(playbook, host, user, branch, revision, roles, discord_deployment_webhook)
 
     print("Running the following playbook:")
     print(" ".join(arguments))
 
     try:
         subprocess.run(arguments, check=True, env=env)
         if not check:
-            notify_deploy_succes(playbook, host, branch, revision)
+            notify_deploy_succes(playbook, host, branch, revision, discord_deployment_webhook)
 
     except subprocess.CalledProcessError:
         if not check:
-            notify_deploy_failure(playbook, host, branch, revision)
+            notify_deploy_failure(playbook, host, branch, revision, discord_deployment_webhook)
 
 
 def current_branch_name() -> str:
@@ -148,7 +157,13 @@ def current_git_revision() -> str:
 
 
 def notify_deploy_start(
-    playbook: str, host: str, user: str, git_branch: str, git_revision: str, roles: [str]
+    playbook: str,
+    host: str,
+    user: str,
+    git_branch: str,
+    git_revision: str,
+    roles: [str],
+    discord_webhook: str
 ) -> None:
     roles_str = ', '.join(roles)
     discord_notify(
@@ -157,34 +172,43 @@ def notify_deploy_start(
         + f'_Roles: {roles_str}',
         ":construction:",
         "#46c4ff",
+        discord_webhook
     )
 
 
 def notify_deploy_succes(
-    playbook: str, host: str, git_branch: str, git_revision: str
+    playbook: str,
+    host: str,
+    git_branch: str,
+    git_revision: str,
+    discord_webhook: str
 ) -> None:
     discord_notify(
         f"*Deployment of playbook {playbook} in {host} environment succesfully completed*\n"
         + f'_(branch: {git_branch} - revision "{git_revision}")_',
         ":construction:",
         "good",
+        discord_webhook
     )
 
 
 def notify_deploy_failure(
-    playbook: str, host: str, git_branch: str, git_revision: str
+    playbook: str,
+    host: str,
+    git_branch: str,
+    git_revision: str,
+    discord_webhook: str
 ) -> None:
     discord_notify(
         f"*Deployment of playbook {playbook} in {host} environment FAILED!*\n"
         + f'_(branch: {git_branch} - revision "{git_revision}")_',
         ":exclamation:",
         "danger",
+        discord_webhook
     )
 
 
-def discord_notify(message: str, icon: str, color: str) -> None:
-    url = get_discord_webhook().strip()
-
+def discord_notify(message: str, icon: str, color: str, webhook_url: str) -> None:
     data = {
         "username": "Ansible",
         "attachments": [
@@ -201,7 +225,7 @@ def discord_notify(message: str, icon: str, color: str) -> None:
     }
 
     r = requests.post(
-        url,
+        webhook_url,
         json=data,
     )
 
@@ -234,18 +258,5 @@ def verify_on_latest_master(host: str) -> None:
         click.ClickException("There is uncommited in your working tree or staging area")
 
 
-def get_discord_webhook() -> str:
-    webhook_filename = ".discord-webhook"
-
-    if not os.path.exists(webhook_filename):
-        raise click.ClickException(
-            "Please create .discord-webhook with a webhook URL for deploy notifications"
-        )
-    else:
-        # maybe should be a try-catch block here
-        with open(webhook_filename) as f:
-            return f.read()
-
-
 if __name__ == "__main__":
     deploy()

ansible/sample.env

@@ -0,0 +1,4 @@
+# These secrets can be found in our bitwarden under "Discord webhooks for sadserver deploy":
+# https://vault.bitwarden.com/#/vault?search=slack&itemId=d6309cd5-2004-415d-931f-aae90107e62d
+DISCORD_WEBHOOK_PRODUCTION_DEPLOYMENTS=
+DISCORD_WEBHOOK_STAGING_DEPLOYMENTS=