If a site is not deploying normally, it's still possible to deploy a
site by hand by downloading and extracting the artifacts using the
`static-gitlab-shim-pull` script.
For example, given the [Pipeline 13285](https://gitlab.torproject.org/tpo/tpa/status-site/-/pipelines/13285) has [job 38077](https://gitlab.torproject.org/tpo/tpa/status-site/-/jobs/38077), we can
tell the puller to deploy in debugging mode with this command:
The `--artifacts-url` is the `Download` link in the job page. This
will:
1. download the artifacts (which is a ZIP file)
2. extract them in a temporary directory
3.`rsync --checksum` them to the actual source directory (to avoid
spurious timestamp changes)
4. call `static-update-component` to deploy the site
Note that this script was part of the webhook implementation and might
eventually be retired if that implementation is completely
removed. This logic now lives in the [`static-shim-deploy.yml`
template][].
## Converting a job from Jenkins
NOTE: this shouldn't be necessary anymore, as Jenkins was retired at
...
...
@@ -420,6 +394,31 @@ only TPA is allowed to login over SSH, apart from the private keys
configured in the GitLab projects. And those are very restricted in
what they can do (i.e. only `rrsync` and `static-update-component`).
### Deploy artifacts manually
If a site is not deploying normally, it's still possible to deploy a
site by hand by downloading and extracting the artifacts using the
`static-gitlab-shim-pull` script.
For example, given the [Pipeline 13285](https://gitlab.torproject.org/tpo/tpa/status-site/-/pipelines/13285) has [job 38077](https://gitlab.torproject.org/tpo/tpa/status-site/-/jobs/38077), we can
tell the puller to deploy in debugging mode with this command:
