{"id":19095132,"url":"https://github.com/shopsys/deployment","last_synced_at":"2026-02-18T16:03:34.847Z","repository":{"id":177018402,"uuid":"659876920","full_name":"shopsys/deployment","owner":"shopsys","description":"Simplifies the deployment of the Shopsys Platform application in Kubernetes. It provides an intuitive set of tools and configurations, allowing you to seamlessly orchestrate and manage the deployment process.","archived":false,"fork":false,"pushed_at":"2026-02-04T08:24:39.000Z","size":432,"stargazers_count":0,"open_issues_count":3,"forks_count":2,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-02-04T14:04:27.217Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shopsys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-06-28T18:58:18.000Z","updated_at":"2026-02-04T02:48:50.000Z","dependencies_parsed_at":"2023-07-03T09:59:02.877Z","dependency_job_id":"5c2274f2-cc9e-4f2c-a629-43d512ae9c32","html_url":"https://github.com/shopsys/deployment","commit_stats":null,"previous_names":["shopsys/deployment"],"tags_count":49,"template":false,"template_full_name":null,"purl":"pkg:github/shopsys/deployment","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shopsys%2Fdeployment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shopsys%2Fdeployment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shopsys%2Fdeployment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shopsys%2Fdeployment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shopsys","download_url":"https://codeload.github.com/shopsys/deployment/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shopsys%2Fdeployment/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29585442,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T13:56:48.962Z","status":"ssl_error","status_checked_at":"2026-02-18T13:54:34.145Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T03:32:56.545Z","updated_at":"2026-02-18T16:03:34.836Z","avatar_url":"https://github.com/shopsys.png","language":"Shell","readme":"# Kubernetes Deployment\n\n## How to install\n\n1. Install package `composer require shopsys/deployment`\n\n2. Copy [deploy-project.sh](./docs/deploy-project.sh) into your project to `deploy/deploy-project.sh` \n\n3. Create or [copy](./docs/basicHttpAuth) htpasswd file with login credentials to `deploy/basicHttpAuth` \n \u003e Default login for basicHttpAuth is `username/password`\n For info about how change http auth credentials see [Change HTTP auth](#change-http-auth) \n\n4. Update your `gitlab-ci.yml`\n - create new stage with name deploy:\n ```diff\n stages:\n - build\n - test\n - review\n + - deploy\n - service\n ```\n - Add new deploy template:\n\n ```yaml\n .deploy: \u0026deploy\n image:\n name: shopsys/kubernetes-buildpack:2.0\n stage: deploy\n tags:\n - docker\n rules:\n - if: '$CI_PIPELINE_SOURCE == \"schedule\"'\n when: never\n script:\n - docker create -ti --name image ${TAG} bash\n - docker cp image:/var/www/html/var/ ./\n - mkdir -p /root/.kube/ \u0026\u0026 echo \"${KUBE_CONFIG}\" \u003e /root/.kube/config\n - chmod +x ./deploy/deploy-project.sh \u0026\u0026 ./deploy/deploy-project.sh deploy\n ```\n - Add new jobs for deploy devel and production:\n\n ```yaml\n deploy:production:\n \u003c\u003c: *deploy\n resource_group: deploy_production\n variables:\n KUBE_CONFIG: ${KUBE_CONFIG_PROD}\n needs:\n - build\n rules:\n - if: '$CI_PIPELINE_SOURCE == \"schedule\"'\n when: never\n - if: '$CI_COMMIT_BRANCH == \"master\" || $CI_COMMIT_BRANCH =~ /^master-.*$/'\n when: manual\n allow_failure: false\n environment:\n name: production\n url: https://${DOMAIN_HOSTNAME_1}\n \n deploy:devel:\n \u003c\u003c: *deploy\n resource_group: deploy_devel\n variables:\n KUBE_CONFIG: ${KUBE_CONFIG_DEVEL}\n needs:\n - build\n - test:standards\n - test:functional\n - test:acceptance\n rules:\n - if: '$CI_PIPELINE_SOURCE == \"schedule\"'\n when: never\n - if: '$CI_COMMIT_BRANCH == \"devel\" || $CI_COMMIT_BRANCH =~ /^devel-.*$/'\n environment:\n name: devel\n url: https://${DOMAIN_HOSTNAME_1}\n ```\n\n5. Set Environment variables to in Gitlab (Settings -\u003e CI/CD -\u003e Variables)\n\n6. Push changes and have fun\n\n## Environment Variables\n\nEnvironment variables can be set in Gitlab (Settings -\u003e CI/CD -\u003e Variables)\n\nIf you want to define your custom variables see [Define custom variables](#define-custom-variables) section\n\n| Name | Example | Description | Scope |\n|:-----------------------------|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------|-----------------:|\n| DEPLOY_REGISTER_USER | deploy | Credentials for downloading docker images *1) | All |\n| DEPLOY_REGISTER_PASSWORD | ******* | Credentials for downloading docker images *1) | All |\n| DISPLAY_FINAL_CONFIGURATION | _1_ OR _0_ | Display configurations after kubernetes scripts are prepared | All |\n| RUNNING_PRODUCTION | _1_ OR _0_ | Enable/disable HTTP auth and mailer whitelist | production/devel |\n| FIRST_DEPLOY | _1_ OR _0_ | Set to 1 if you are deploying project instance first time | production/devel |\n| DOMAIN_HOSTNAME_* | example.com | Variable contains URL address for accessing website. See [Add more or less domains](#add-more-or-less-domains) | production/devel |\n| ELASTICSEARCH_URL | username:password@elasticsearch | Elasticsearch login URL | All |\n| POSTGRES_DATABASE_IP_ADDRESS | 127.0.0.1 | Postgres host IP address | production/devel |\n| POSTGRES_DATABASE_PORT | 5432 | Postgres port | All |\n| POSTGRES_DATABASE_PASSWORD | ******* | Postgres login password | production/devel |\n| PROJECT_NAME | project-prod | Name of project (Used for namespace, prefixes and S3 bucket) - must be distinct for production/devel with prod/devel suffix | production/devel |\n| S3_API_HOST | https://s3.vshosting.cloud | S3 API Host | All |\n| S3_API_USERNAME | s3user | S3 API username | All |\n| S3_API_PASSWORD | ******* | S3 API password | All |\n| APP_SECRET | ******* | Used to add more entropy to security related operations | All |\n| RABBITMQ_DEFAULT_USER | rabbitadmin | Default user used for RabbitMQ and the management service | All |\n| RABBITMQ_DEFAULT_PASS | ******* | Password for the default RabbitMQ user | All |\n| RABBITMQ_IP_WHITELIST | 123.456.123.422, 423.534.223.234 | IP Addresses (separated by comma) for which is the RabbitMQ Management accessible | All |\n| USING_CLOUDFLARE | _1_ OR _0_ | Set to 1 if your site is using Cloudflare (enables IP whitelisting) | production/devel |\n\n*1) Credentials can be generated in Gitlab (Settings -\u003e Repository -\u003e Deploy Tokens) with `read_registry` scope only \n\nYou can add your custom variables. *Do not forget to edit [deploy-project.sh](./docs/deploy-project.sh)*\n\n## Customize deployment\n\nYou can override kubernetes manifests by place your custom manifest into `orchestration/kubernetes/` path in your project\n\n*You need to mirror folders to be able to override manifests*\n\n### Create new cron instance\n\n1. Create new Phing target that will run your cron:\n ```xml\n \u003ctarget name=\"cron-customers\" description=\"....\"\u003e\n \u003cexec executable=\"${path.php.executable}\" passthru=\"true\" checkreturn=\"true\"\u003e\n \u003carg value=\"${path.bin-console}\" /\u003e\n \u003carg value=\"shopsys:cron\" /\u003e\n \u003carg value=\"--instance-name=customers\" /\u003e\n \u003c/exec\u003e\n \u003c/target\u003e\n ```\n2. Declare new cron to your deploy configuration file [deploy-project.sh](./docs/deploy-project.sh):\n \n As a key there is used phing target that you created in step 1. and value represents [crontab timer](https://crontab.guru/#*/5_*_*_*_*)\n ```diff\n ...\n declare -A CRON_INSTANCES=(\n [\"cron\"]='*/5 * * * *'\n + [\"cron-customers\"]='*/5 * * * *'\n )\n ...\n ```\n\n### Add more or less domains\n\n\u003e This example will work with 3 domains\n\n1. Create environment variable for every domain:\n\n | Name | Value |\n |:------------------------------|------------------------------------|\n | DOMAIN_HOSTNAME_1 | mydomain.prod.shopsys.cloud |\n | DOMAIN_HOSTNAME_2 | sk.mydomain.prod.shopsys.cloud |\n | DOMAIN_HOSTNAME_3 | en.mydomain.prod.shopsys.cloud |\n\n2. Edit [deploy-project.sh](./docs/deploy-project.sh)\n ```diff\n ...\n function deploy() {\n DOMAINS=(\n DOMAIN_HOSTNAME_1\n DOMAIN_HOSTNAME_2\n + DOMAIN_HOSTNAME_3\n )\n ...\n ```\n\n### Define custom variables\n\n1. Create Environment variable\n2. Edit [deploy-project.sh](./docs/deploy-project.sh)\n ```diff\n ...\n declare -A ENVIRONMENT_VARIABLES=(\n [\"DATABASE_HOST\"]=${POSTGRES_DATABASE_IP_ADDRESS}\n [\"DATABASE_NAME\"]=${PROJECT_NAME}\n [\"DATABASE_PORT\"]=${POSTGRES_DATABASE_PORT}\n )\n ...\n ```\n Left part is name of variable in application and right part is name of variable Gitlab.\n\n### Set custom Redis version \n\nAdd new variable to `deploy/deploy-project.sh` and specify your redis version\n\n```diff\n ...\n BASIC_AUTH_PATH=\"${BASE_PATH}/deploy/basicHttpAuth\"\n DEPLOY_TARGET_PATH=\"${BASE_PATH}/var/deployment/deploy\"\n+ REDIS_VERSION='redis:4.0-alpine'\n\n function deploy() {\n ...\n```\n\n### Enable Horizontal pod autoscaling\n\nAdd new variables to `deploy/deploy-project.sh` to enable pod autoscaling:\n\n- Enable this functionality:\n ```diff\n ...\n function deploy() {\n DOMAINS=(\n DOMAIN_HOSTNAME_1\n ...\n )\n \n + ENABLE_AUTOSCALING=true\n ...\n ```\n- If you need more replicas, then you can adjust those variables (default values are set to 2):\n - `MIN_PHP_FPM_REPLICAS`\n - `MAX_PHP_FPM_REPLICAS`\n - `MIN_STOREFRONT_REPLICAS`\n - `MAX_STOREFRONT_REPLICAS`\n\n### How to launch only some domains\n Add to `deploy/deploy-project.sh` new array `FORCE_HTTP_AUTH_IN_PRODUCTION` with domains which should be not accessible without HTTP auth:\n \n ```diff\n ...\n )\n \n + # This setting has no effect when `RUNNING_PRODUCTION` is set to `0`\n + FORCE_HTTP_AUTH_IN_PRODUCTION=(\n + DOMAIN_HOSTNAME_2\n + )\n \n declare -A ENVIRONMENT_VARIABLES=(\n ...\n ```\n\n### Change HTTP auth\n\n1. Generate new HTTP auth string (for example [here](https://www.web2generators.com/apache-tools/htpasswd-generator)), or by command `htpasswd -nb username password`\n2. Replace or add new HTTP auth string to `deploy/basicHttpAuth`\n3. Set new credentials to variable in `deploy/deploy-project.sh`\n ```diff\n ...\n function deploy() {\n DOMAINS=(\n DOMAIN_HOSTNAME_1\n ...\n )\n \n + HTTP_AUTH_CREDENTIALS=\"username:password\"\n ...\n ```\n\n### Whitelist IP addresses\n\nThere are two ways to set whitelisted IP addresses.\n\n#### `WHITELIST_IPS` env variable on CI\n\nYou can set sensitive whitelisted IPs in your env variable like this:\n\n```shell\nWHITELIST_IPS=\"8.8.8.8, 217.23.44.23, 93.111.234.111\"\n```\n\n#### `DEFAULT_WHITELIST_IPS` env variable in `deploy/deploy-project.sh`\n\nFor non-sensitive IPs, that you want to share between all environments you can use `DEFAULT_WHITELIST_IPS` in `deploy/deploy-project.sh` like this:\n\n```shell\n# Some IP Another IP Some service\nDEFAULT_WHITELIST_IPS=\"8.8.8.8, 217.23.44.23, 93.111.234.111\"\n```\n\nValues from both variables (`WHITELIST_IPS` and `DEFAULT_WHITELIST_IPS`) will be merged and used in the final configuration.\n\n### Configure Cloudflare\n\nIf your site is using Cloudflare, you can restrict direct access and allow traffic only through Cloudflare:\n\n1. Enable Cloudflare protection by setting the environment variable `USING_CLOUDFLARE=1`.\n2. By default, ALL domains will be protected. If you need to exclude specific domains from Cloudflare protection (e.g., for direct access or testing), add them to the `CLOUDFLARE_EXCLUDED_DOMAINS` array:\n ```diff\n ...\n + CLOUDFLARE_EXCLUDED_DOMAINS=(\n + DOMAIN_HOSTNAME_2 # This domain will not have Cloudflare IP restrictions\n + )\n ...\n ```\n\nThis prevents users from bypassing Cloudflare by accessing your origin server directly.\n\n### Notify about deployment on Slack\n\nYou can enable automatic notification of your deployment directly into Slack channel. It has some features:\n\n1. Notify about starting of deployment with a preview of features\n\n![Notify about starting of deployment with preview of features](./docs/images/slack-deploy-start.png)\n\n\u003e [!TIP]\n\u003e If you are using Jira and you use `[ABC-123]` in the commit message, it will automatically create a link to the URL that is specified by `JIRA_URL` environment variable\n\n\u003e [!TIP]\n\u003e Script will exclude commits that contain `!ignore` keyword\n\n2. Notify about the end of deployment. There are two possible alerts - Success and Error\n\n![Notify about end of deployment](./docs/images/slack-deploy-end.png)\n\nThis script works only with Gitlab and Slack, but you can override `deploy/slack-notification.py` if you want to change behavior. For Slack, you have to create some Slack App with permissions (`chat:write`, `chat:write.public`).\n\nThere has to be set some environment variables list in the table bellow:\n\n| ENVIRONMENT VARIABLE | Additional information |\n| ------------- | ------------- |\n| `CI_API_V4_URL` | Automatic by Gitlab |\n| `CI_PROJECT_ID` | Automatic by Gitlab |\n| `CI_JOB_URL` | Automatic by Gitlab |\n| `CI_COMMIT_SHA` | Automatic by Gitlab |\n| `API_TOKEN` | Token for Gitlab API that has access to read deployments |\n| `JIRA_URL` | Set URL for link Jira ID to Jira. |\n| `SLACK_TOKEN` | Slack Bot User OAuth Token |\n| `SLACK_CHANNEL` | Channel ID to post messages into. This variable should be set only for production Environment |\n| `SLACK_DISABLE_CHANGES` | If set to `true`, no message with changes will be posted |\n\n### Run background jobs only on selected nodes\n\nBackend pods such as RabbitMQ, Cron and Consumers can be run only on selected nodes. Those pods have already configured tolerations, so you can use taints to select nodes where those pods will be run.\n\nAdd taint to nodes where you want to run those pods\n ```shell\n kubectl label nodes \u003cnode-name\u003e workload=background\n kubectl taint nodes \u003cnode-name\u003e workload=background:NoSchedule\n ```\n\nOther pods will run on other nodes without this taint.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshopsys%2Fdeployment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshopsys%2Fdeployment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshopsys%2Fdeployment/lists"}