DigitalOcean app deployment improvements
I already blogged about my latest setup of deploying containerized apps on the DigitalOcean, you can read about it here: .NET web apps on DigitalOcean.
I wanted to follow up, and outline some of the little improvements that I added that have made the production release flow better.
At a high level, whenever I want to push a release to production, I tag it with a version tag, e.g. v2.0.73.
Pushing such a tag to github kicks off the release workflow, which:
- builds the app
- creates a docker image
- pushes the image to the DigitalOcean container registry
- pings DigitalOcean Apps endpoint to create a new version that’s based on the new image
- kicks off container registry garbage collection (GC)
Here is the workflow on github: https://github.com/laimis/stock-analysis/blob/main/.github/workflows/release.yml
One subtle and perhaps initially curious step is the last one: kicking off container registry’s garbage collection. Here is why I am doing that.
DigitalOcean’s container registry eventually runs out of space and needs to be cleaned up. That makes sense, you don’t want nor need really old images hanging around there for no reason taking up resources.
To automate the clean-up, I have created a release script in my repo that does the following:
- Creates a tag and pushes it to github to kick off the production release
- Looks for registry images that are not tagged with “latest,” and if one is found —the script deletes it
So now, the release workflow cleans up the deleted image when it kicks off the garbage collection.
The release script also initially checks if an active garbage collection is running. This allows us to wait for the current collection to finish automatically and kick off the new build. If we don’t wait, we will fail to push the new image to the registry, which gets put in read-only mode during the GC run.
Here is a link to the release script: https://github.com/laimis/stock-analysis/blob/main/release_digitalocean.ps1
I am really happy with how this setup has turned out. I don’t even think much about releases anymore. I run the script locally to apply the tag and then let it figure out if it’s safe to push. I can continue coding my next set of features while it’s doing its thing in the background.
