Sha256: e337088503c9db6b9324536fc6f496758404001f06f46fa8ebf924fcdb27fa6a
Contents?: true
Size: 1.56 KB
Versions: 1
Compression:
Stored size: 1.56 KB
Contents
namespace :deploy do
task :ensure_tag do
tagname = `git describe --exact-match HEAD`.chomp
if $? == 0
puts "Code is tagged as `#{tagname}`, proceeding with deployment"
else
abort "You need to tag the source before you can deploy production"
end
end
task :create_tag do
now = Time.now
tagname = "#{fetch(:stage)}-#{now.strftime('%Y-%m-%d-%H%M')}"
me = `whoami`.chomp
%x(git tag -a #{tagname} -m "Automated deploy tag by #{me}" && git push origin #{tagname})
end
task :backup_database do
if fetch(:skip_deploy_backups)
puts "Skipping database backup because :skip_deploy_backups is set"
else
invoke "db:backup"
end
end
task :scan_gems do
require 'bundler/audit/scanner'
require 'bundler/audit/database'
Bundler::Audit::Database.update!
scanner = Bundler::Audit::Scanner.new
vulnerable = false
scanner.scan do |result|
vulnerable = true
case result
when Bundler::Audit::Scanner::InsecureSource
print_warning "Insecure Source URI found: #{result.source}"
when Bundler::Audit::Scanner::UnpatchedGem
puts "#{result.gem} is not secure!"
end
end
if vulnerable && ENV["I_KNOW_GEMS_ARE_INSECURE"] == nil
abort """
Your Gemfile.lock contains unpatched gems -- refusing to deploy
Run `bundle-audit check --update` for full information
You can set 'I_KNOW_GEMS_ARE_INSECURE' if you really want to do this anyway
"""
end
end
end
before 'deploy:migrate', 'deploy:backup_database'
before 'deploy', 'deploy:scan_gems'
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| jefferies_tube-0.1.2 | lib/jefferies_tube/capistrano/deploy.rb |