guardian / sbt-riffraff-artifact

SBT plugin for creating RiffRaff deployable artifacts

GitHub

SBT plugin for creating RiffRaff deployable artifacts

Build Status Download

Installation

Add

addSbtPlugin("com.gu" % "sbt-riffraff-artifact" % "1.0.0")

to your project/plugins.sbt

sbt-riffraff-artifact is cross-published for SBT 1.0.0 and SBT 0.13.16

Usage

If you want to bundle your app as a tgz using sbt-native-packager

enablePlugins(RiffRaffArtifact, UniversalPlugin)

riffRaffPackageType := (packageZipTarball in Universal).value
riffRaffUploadArtifactBucket := Option("riffraff-artifact")
riffRaffUploadManifestBucket := Option("riffraff-builds")

to your build.sbt, then run riffRaffUpload to build an artifact deployable by RiffRaff and upload it to the S3 bukets used by the Guardian's RiffRaff installation, along with JSON description of the build.

In order to have the plugin upload to S3, you will also need to have credentials that can upload to those buckets resolvable by the DefaultAWSCredentialsProviderChain. Commonly this would be via AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables. Travis has instructions on how to encrypt these variables.

Continuous integration

You can configure your continuous integration system (Teamcity and alike) by running the following task:

sbt clean riffRaffUpload

The riffRaffUpload task will execute the tests in your project, and then upload the artifacts and manifest.

Customisation

If you follow the above steps the riffRaffArtifact command will produce an archive called artifacts.zip in the target/riffraff directory. This will contain a deploy.json from the resourceDirectory (conf for a Play app) in the root and a packages directory with a sub-directory, named using the project name, containing a tgz archive and the file with either the extension .service (Systemd) or .conf (Upstart) and the name of the project found in the projects base directory. e.g. for a project with the name example

deploy.json
packages/example/example.tgz
packages/example/example.service

If you want a deb rather than a tgz built, instead add

enablePlugins(RiffRaffArtifact, JDebPackaging)

import com.typesafe.sbt.packager.archetypes.ServerLoader.Systemd
serverLoading in Debian := Systemd
debianPackageDependencies := Seq("openjdk-8-jre-headless")
maintainer := "The Maintainer <the.maintainer@company.com>"
packageSummary := "Brief description"
packageDescription := """Slightly longer description"""

riffRaffPackageType := (packageBin in Debian).value

riffRaffUploadArtifactBucket := Option("riffraff-artifact")
riffRaffUploadManifestBucket := Option("riffraff-builds")

to your build.sbt. If you prefer bundling your app as an uber-jar, instead include the sbt-assembly plugin and add

enablePlugins(RiffRaffArtifact)

riffRaffPackageType := assembly.value

riffRaffUploadArtifactBucket := Option("riffraff-artifact")
riffRaffUploadManifestBucket := Option("riffraff-builds")

AWS Configuration

In order to upload artifacts and manifest files to the Guardian's RiffRaff buckets, you will need to give your build the appropriate permissions.

  1. Make sure your AWS account is in the list of accounts with permission to grant access to those buckets. If it is not, make a PR or ask @philwills to add it for you.

  2. Create an IAM user in your AWS account for your build. Give it a policy that looks something like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1428934825002",
            "Effect": "Allow",
            "Action": [
                "s3:Put*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3::*:riffraff-artifact",
                "arn:aws:s3::*:riffraff-artifact/*",
                "arn:aws:s3::*:riffraff-builds",
                "arn:aws:s3::*:riffraff-builds/*"
            ]
        }
    ]
}
  1. Pass the AWS access key and secret key to your build, e.g. as environment variables.

Releasing

This project uses sbt-release and bintray-sbt to release to Bintray. You'll need a Bintray account that's been added to the guardian organisation and your Bintray API key. We also PGP sign our artifacts, so you'll need a PGP key set up for sbt-pgp to read.

Once you've got all that, releasing is just:

$ sbt release