Skip to content

Switch to isle-site-template and overhaul CI/CD pipeline#43

Draft
joecorall wants to merge 13 commits intomainfrom
deploy-main
Draft

Switch to isle-site-template and overhaul CI/CD pipeline#43
joecorall wants to merge 13 commits intomainfrom
deploy-main

Conversation

@joecorall
Copy link
Contributor

@joecorall joecorall commented Mar 4, 2026
edited
Loading

Replace the custom docker-compose project with a direct clone of isle-site-template on first boot, making this repo a reference deployment of Islandora on DigitalOcean via Fedora CoreOS.

Deployment pipeline:

  • Deploy to test.islandora.ca on PR open/push. Runs a basic healthcheck on the service to ensure ISLE comes online with nodes, then delete the droplet to save costs. This is basically a smoke test before deploying to the live sandbox
  • Deploy to sandbox.islandora.ca on merge to main
  • Drop bake.yml — no custom images to build (and install buildx along like we already do with compose so we can build on the VM)

Snapshot workflow:

  • Auto-detect latest stable Fedora CoreOS DigitalOcean image
  • Add monthly schedule; prune old coreos-tagged snapshots

Droplet provisioning:

  • Install make via rpm-ostree --apply-live before setup
  • Clone isle-site-template, copy .env and secrets, run make init build demo-objects
  • Stage secrets (ACTIVEMQ_WEB_ADMIN_PASSWORD, DRUPAL_DEFAULT_ACCOUNT_PASSWORD) via ignition before any service starts (to retain the admin password we've always had)
  • Fallback through ordered size list when preferred slug unavailable in region (since we were getting 422 HTTP errors from Digital Ocean when requesting amd64 VMs)
  • Health check polls /node/1?_format=json up to 15 minutes post-deploy to ensure ISLE came online and demo objects were ingested

@joecorall joecorall marked this pull request as ready for review March 4, 2026 17:53
@joecorall
Switch to isle-site-template and overhaul CI/CD pipeline
ecc1f7c 
Replace the custom docker-compose project with a direct clone of
isle-site-template on first boot, making this repo a reference
deployment of Islandora on DigitalOcean via Fedora CoreOS.

Deployment pipeline:
  - Deploy to test.islandora.ca on PR open/push; destroy on merge
  - Deploy to sandbox.islandora.ca on merge to main
  - Drop bake.yml — no custom images to build

Snapshot workflow:
  - Auto-detect latest stable Fedora CoreOS DigitalOcean image
  - Add monthly schedule; prune old coreos-tagged snapshots

Droplet provisioning:
  - Install make via rpm-ostree --apply-live before setup
  - Clone isle-site-template, copy .env and secrets, run make init build demo-objects
  - Stage secrets (ACTIVEMQ_WEB_ADMIN_PASSWORD, DRUPAL_DEFAULT_ACCOUNT_PASSWORD)
    via ignition before any service starts
  - Fallback through ordered size list when preferred slug unavailable in region
  - Health check polls /node/1?_format=json up to 15 minutes post-deploy
@joecorall
try more sizes and regions
a4fa1b0 
And use the latest snapshot
@joecorall joecorall marked this pull request as draft March 4, 2026 18:14
@joecorall joecorall marked this pull request as ready for review March 4, 2026 21:26
@joecorall joecorall marked this pull request as draft March 4, 2026 22:27
@joecorall
Copy link
Contributor Author

joecorall commented Mar 4, 2026

I tripped LetsEncrypt's rate limit creating too many droplets while testing this out. The rate limit will reset March 6 and that will fix test.islandora.ca. The deploys to test will fail until then. But this should be safe to merge for sandbox.islandora.ca but can wait until the rate limit reset to be sure

traefik-1  | 2026-03-04T22:23:49Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [test.islandora.ca]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: too many certificates (5) already issued for this exact set of identifiers in the last 168h0m0s, retry after 2026-03-06 05:38:54 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-identifiers" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["test.islandora.ca"] providerName=letsencrypt.acme routerName=https-drupal@file rule=Host(`test.islandora.ca`)
traefik-1  | 2026-03-04T22:23:49Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [fcrepo.test.islandora.ca]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: too many certificates (5) already issued for this exact set of identifiers in the last 168h0m0s, retry after 2026-03-06 05:59:10 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-identifiers" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["fcrepo.test.islandora.ca"] providerName=letsencrypt.acme routerName=http-fcrepo@file rule=Host(`fcrepo.test.islandora.ca`)

@joecorall joecorall marked this pull request as ready for review March 4, 2026 22:50
@joecorall joecorall marked this pull request as draft March 6, 2026 08:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joecorall