The Managed Services Platform (MSP) integrates with GCP Cloud Deploy to provision a delivery and rollout pipeline for services. The pipeline can be composed of one or more stages. As such if your service is composed of staging and prod environments, new versions can be continuously delivered to staging and promoted to prod after verification. A staged deployment pipeline like this is a major requirement for SOC2 accreditation.
Once set up, when a new version of your service is built it is deployed to the first stage of the pipeline and can be promoted to the next stage(s). The promotion strategy default to Manual promotions , but Automated promotions can be configured as well.
<aside> 👋
If you have any questions or need assistance, please reach out to #discuss-core-services!
</aside>
Configuring rollouts requires making changes to the MSP specifiction for a service and to your CI pipeline which builds and publishes Docker images for your service. For any configuration help reach out in #discuss-core-services.
To configure rollouts for a service a top-level rollout object defines the stages (environments) and the order through which releases progress. Each environment included in the rollout must specify a deploy.type of "rollout".
Below is a simplified MSP service specification detailing the required configuration to use rollouts with Manual promotions :
# Rollout configures how releases should roll out through a set of environments.
rollout:
# Stages specifies the order and environments through which releases progress.
stages:
- environment: staging
- environment: prod
# ServiceAccount is the email address of the service account to provision IAM
# access to create releases. Can be used to give access to the Service Account
# used in your CI pipeline
serviceAccount: sourcegraph-sa@ci-project.iam.gserviceaccount.com
environments:
- id: staging
projectID: msp-example-staging-0000
category: test
deploy:
type: rollout
# ...
- id: prod
projectID: msp-example-prod-0000
category: external
deploy:
type: rollout
# ...
Stage-to-stage promotions default to Manual promotions. To configure automatic promotions, include a promotionStrategy for the stage you want to automatically promote from. For example:
rollout:
stages:
- environment: staging
promotionStrategy:
type: 'automatic'
automatic:
delaySeconds: 1 # nearly immediate
- environment: prod
In the above promotion strategy, release will be automatically promoted from staging to prod 1 second after a successful deployment to staging.
<aside> 👋
Note: The recommended CI configuration is subject to change as improvements are made to simplify the process. Any improvements should not break existing configurations.
</aside>
In the sourcegraph/sourcegraph monorepo using Buildkite & Bazel the msp_delivery Bazel rule can be used.
msp_delivery(
name = "msp_deploy",
gcp_project = "msp-example-prod-0000",
msp_service_id = "msp-example",
repository = "us.gcr.io/sourcegraph-dev/msp-example",
)