Pins all the build dependencies required by poetry, otherwise
poetry installs arbitrary versions of them, which leads to a wrong
version of cryptography being installed and the build failing.
Note that Cloud dependencies (pillar and the like) has to have their
build dependencies pinned in the same exact manner, for the same reason.
Pins all the runtime dependencies as well, because Cloud can only use
poetry==1.0 due to its source dependencies, so there's no
"poetry lock --no-update" and each "poetry lock" updates arbitrary packages.
Because pillar-python-sdk doesn't have a `production` branch, it was always
using `master`. Now it's only using `master` if `STAGING_BRANCH`=`production`.
Because we only pushed the final image to Docker Hub, it was impossible to
pull the base image someone else created and "quickly" build a new deploy
image.
Now the deploy scripts push (some) of the intermediate images as well,
making it possible to pull them later. I've added `build-pull.sh` and
`full-pull.sh` to perform this pull and built up from the pulled images.
"Staging" covers the meaning of what is actually happening better than
"deploy". I want to keep "deploy" for actually deploying onto a production
server.
This is necessary since in our gulp files we reference assets in
node_modules using relative paths. This makes the asset building
process much slower, and should be addressed in the future.
- Changed virtual host weight for the letsencrypt docker so that it is
higher than any other weight
- Copy the renewal script to the server (previously it was available
to the host at /data/git/blender-cloud/…, but no longer.
This radically changes the way we deploy to the production server, as a
Git checkout is no longer required there. All the necessary files are
now inside the docker image. As a result, /data/git should no longer be
mounted as a Docker volume.
- Renamed docker/build.sh → docker/full_rebuild.sh
This makes it clearer that it performs a full rebuild of the Docker images.
- Full rebuilds should be done on a regular basis to pull in Ubuntu
security updates.
- Removed rsync_ui.sh, we no longer need it. Other projects can also
remove their rsync_ui.sh.
- Moved deploy.sh → deploy/2docker.sh and added deploy/2server.sh
