Deploy Wordpress using Trellis & Circle CI

Overview

The following assumes the use of Trellis and Circle CI being deployed to a Digital Ocean droplet. This will focus on Circle CI and not about setting up Trellis or Digital Ocean.

  • Generate a GitHub repo deploy key with Circle CI
  • Add local SSH private key to Circle CI
  • Add Ansible vault password as an environment variable
  • Add tags to deploy tasks so they can be ignored
  • Configure Circle CI machines with circle.yml file

Generate a GitHub repo deploy key with Circle CI

Circle CI can create a deploy key automatically under Project Settings → Checkout SSH Keys If there are multiple private repositories needed as dependencies then it's best to either create a machine user or authenticate and give Circle CI user level access.

Add local SSH private key to Circle CI

When deploying or provisioning to a server from a local machine with Trellis, the local private key is matched to the public key in the authorized_keys file on the server. Since the Circle CI build machine is now taking the place of the local machine, it needs to have the same local private key. It might be best to generate a new key specifically for this purpose but SSH permissions between both servers & GitHub can be overly complex.

Add Ansible vault password as an environment variable

Ansible Vault needs a password to decrypt files but the .vault_pass is kept outside of version control. In this case one needs to be created at build time by adding a custom environment variable and echoing it to a file once Circle CI has spun up.

echo "${ANSIBLE_VAULT_PASSWORD}" > . vault_pass

This is done in the circle.yml file below after changing into the Trellis directory.

Add tags to deploy hooks so they can be ignored

There is some duplication that goes on during this configuration. Before tests are run, the build is compiled using Gulp + NPM. There's no sense in compiling, running tests, then compiling again when trying to deploy. But at the same time it's necessary to have all the tasks in place to be able to compile locally.

Adding tags to the tasks in the before-build.yml playbook overcomes this by simply telling Ansible to skip tasks with the tag that's passed in when calling the deploy playbook.

below is an exmaple of a build-before.yml playbook using Gulp to build the site.

Some of the tasks now have the tag skip-using-ci. When the deploy playbook is called, --skip-tags "skip-using-ci" can be passed in to, well, skip them.

Configure Circle CI machines

The environment under which everything will run can be configured using the circle.yml file that can be checked into version control. There are also override options within the Circle CI interface.

It will probably work with Travis as well, not too sure about Jenkins. You can read about the challenges in a little more details over on Roots Discourse