geeks4change/geeky-deploy

There is no license information available for the latest version (7.x-dev) of this package.

Maintainers

Details

gitlab.com/geeks4change/packages/geeky-deploy

Source

Installs: 320

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Forks: 0

pkg:composer/geeks4change/geeky-deploy

7.x-dev 2025-11-26 19:09 UTC

Requires

Requires (Dev)

Unknown License 29c05509cc5d065a3ddb512c01a707f689f19152

  • Merlin <merlin.woop@geeks4change.net>

This package is auto-updated.

Last update: 2025-11-26 18:11:30 UTC

README

To use:

  • (If not on your $PATH, use vendor/bin/gky for gky)
  • gky init adds a new deploy/targets.php to customize.
  • gky deploy-local --install
  • After pull, gky dl (for deploy-local)
  • For remote, gky deploy-remote --install and gky dr
  • If not unique, add the target name, like gky dr live2

Have fun!

How does it work?

gky deploy-local

  • composer install
  • build settings.php and friends for local
  • (backup database if configured)
  • drush deploy = updb / cim
  • (post-deploy if configured, like drush tim)

gky deploy-local --install

  • composer install
  • build settings.php and friends for local
  • (backup database if configured)
  • drush install --existing-config
  • (post-deploy if configured, like drush tim)

gky deploy-remote

  • Copy site to sandbox
  • composer install
  • build settings.php and friends for live
  • Copy build to live, continue on live
  • (backup database if configured)
  • Set maintenance mode
  • drush deploy = updb / cim
  • (post-deploy if configured, like drush tim)
  • Drop maintenance mode
  • (warm-caches if configured)

gky deploy-remote --install

  • Copy site to sandbox
  • composer install
  • build settings.php and friends for live
  • Copy build to live, continue on live
  • (backup database if configured)
  • Set maintenance mode
  • drush install --existing-config
  • (post-deploy if configured, like drush tim)
  • Drop maintenance mode
  • (warm-caches if configured)

Secrets management

Geeky-deploy has simple and opinionated secrets management:

  • Secrets live in (say) deploy/generated/secrets/foo.ext (gitignored!)
  • ...and developer / server keys in (say) deploy/secrets/public-keys/devN.pub.
  • gky encrypt-all-secrets encrypts them into deploy/secrets/encrypted/foo.ext.age.
  • gky deploy-remote live decrypts them again into deploy/generated//secrets/foo.ext

Decryption

  • Decryption in deploy only works when a private keys for one of the public keys is available
  • ...either on the current machine in ~/.ssh/
  • ...or (for deployment via gitlab) in env variable GEEKY_SECRETS_PRIVATE_KEY

Target-specific secrets

  • To have secrets only plaintext on (say) live,
  • put them into deploy/generated/secrets/live/foo.ext
  • gky update-secrets encrypts them into deploy/secrets/encrypted/live/foo.ext.age.
  • gky deploy-remote live decrypts ONLY the secrets for live again into deploy/generated/secrets/live/foo.ext
  • ...AND symlinks deploy/generated/secrets/foo.ext to deploy/generated/secrets/live/foo.ext

Updating secrets

  • Run gky decrypt-all-secrets
  • Change files in deploy/generated/secrets and deploy/generated/secrets/TARGET directory as needed.
  • Run gky encrypt-all-secrets

File layout

Generated files

  • deploy/
    • generated/
      • build-info.env
      • secrets/
        • secret1.env
        • secret2.php
  • drush/
    • drush.yml
    • sites/
      • self.site.yml
  • web/
    • sites/
      • default/
        • settings.php
        • services.custom.php

          Secrets files

  • deploy/
    • secrets/
      • public-keys/
        • developer1.id_rsa.pub
        • developer2.id_ecdsa.pub
        • gitlab.id_rsa.pub
      • encrypted
        • secret1.env.age
        • secret2.php.age