The configuration for the jenkins server is to poll the master branch every 5 minutes, and upon commits being pushed to head, commence testing. Jenkins then runs a shell script to:
- Create a new python virtual environment, and build it using requirements.txt.
- Run django tests which takes care of building the test database, migrations etc
Once tests have passed, Jenkins runs my deploy yaml script to log in to the servers via ssh, and simultaniously:
- remove any precompiled files (pyc)
- pulls the master branch locally
- build the python virtual environment
- collect static files
- run migrations
- reload the application using circus
- get the last commit message and hash
- post the last commit message and hash to Slack so I can track
By default Jenkins has a folder icon that allows the logged in user to download the repository code stored on Jenkins. This is behind a login, but nevertheless is a security issue in my view. As a result I firewall my Jenkins servers only to be available on a local area network.
