Catapult defines a best-practice infrastructure and release management workflow, saving you thousands of engineering hours - it also aligns with Agile methodologies, like Scrum, to afford you everything you need to develop, deploy, and maintain a website with ease.
:boom: Catapult is a complete website and workflow management platform built from leading and affordable technologies.
:earth_americas: Our mission is to create a lean platform that orchestrates DevOps for website lifecycles with familiar technologies.
:rocket: Our vision is to afford organizations reduced risk and improved performance while lowering barriers to entry.
Do you need a website and workflow management platform? Here are a few triggers.
What makes Catapult different?
Go ahead, give Catapult a shot.
Security is very important to us. If you have any issue regarding security, please disclose the information responsibly by sending an email to security@devopsgroup.io and not by creating a GitHub issue.
Catapult orchestrates the following key components of DevOps to provide you with a full-featured infrastructure. Implementing both a Red Hat stack for PHP software and a Windows stack for .NET software.
Catapult intelligently manages the following website software that have been chosen from trending usage statistics from BuiltWith and aligns with the CentOS 7 and Software Collections trunks:
Software | Key | Minimum PHP Version | Running PHP Version | Released | End-of-Life |
---|---|---|---|---|---|
CodeIgniter 2 | codeigniter2 |
5.1.6 | 5.4 | January 28, 2011 | October 31, 2015 |
CodeIgniter 3 | codeigniter3 |
5.6 | 7.1 | March 30, 2015 | |
concrete5 8 | concrete58 |
5.5.9 | 7.1 | December 1, 2016 | |
Drupal 6 | drupal6 |
5.4 | 5.4 | February 13, 2008 | February 24, 2016 |
Drupal 7 | drupal7 |
5.2.5 | 7.1 | January 5, 2011 | |
Drupal 8 | drupal8 |
7.0.8 | 7.2 | November 19, 2015 | |
Elgg 1 | elgg1 |
5.4 | 5.4 | August 20, 2008 | |
Elgg 2 | elgg2 |
5.6 | 7.1 | December 14, 2015 | |
ExpressionEngine 3 | expressionengine3 |
5.3.10 | 5.4 | October 13, 2015 | December 14, 2018 |
Joomla 3 | joomla3 |
5.3.10 | 7.1 | September 27, 2012 | |
Laravel 5 | laravel5 |
7.0.0 | 7.1 | February 4, 2015 | |
MediaWiki 1 | mediawiki1 |
5.5.9 | 7.1 | December 8, 2003 | |
Moodle 3 | moodle3 |
5.6.5 | 7.1 | November 16, 2015 | |
SilverStripe 3 | silverstripe3 |
5.3.3 | 5.4 | June 29, 2012 | |
SuiteCRM 7 | suitecrm7 |
5.5 | 7.1 | October 21, 2013 | November 15, 2019 |
WordPress 4 | wordpress4 |
5.2 | 7.1 | September 4, 2014 | |
WordPress 5 | wordpress5 |
5.6 | 7.2 | December 6, 2018 | |
WordPress 6 | wordpress6 |
5.6 | 7.3 | May 24, 2022 | |
XenForo 1 | xenforo1 |
5.2.11 | 5.4 | March 8, 2011 | December 31, 2019 |
XenForo 2 | xenforo2 |
5.4.0 | 7.1 | November 28, 2017 | |
Zend Framework 2 | zendframework2 |
5.3.23 | 5.4 | September 5, 2012 |
If you do not see your website software listed, Catapult supports basic PHP projects that do not have a database requirement.
Catapult maintains a high level of integrity when it comes to PHP versions, through maintaining security, backwards compatibility, performance, and new features. Below is an overview of the PHP versions used in Catapult and when you can expect these versions to be End-of-Life (EOL). We will bump to the next highest version of PHP in the list when nearing the EOL - this provides ample time for support of the newer PHP version by the software. In cases where a software version is sunsetting, the CentOS Long-term Support (LTS) version of PHP is used.
PHP Version | End-of-Life | Maintainer | Updater |
---|---|---|---|
5.4 | June 30, 2024 | CentOS | Red Hat |
7.1 | December 1, 2019 | Software Collections | Red Hat |
7.2 | November 30, 2020 | Software Collections | Red Hat |
7.3 | June 30, 2024 | Jan Staněk | Red Hat |
Catapult tracks vendor announced EOL dates for website software and a red EOL date will be displayed during vagrant status
if one of your website's software is EOL. Currently Catapult has no plan to block Catapult supported software that is past its EOL date - it is up to you to move to the next major supported version.
Here, we compare similar platforms to shed light on where we are and we're headed. Catapult's approach is holistic, meaning, there are no optional features - the platform includes everything in its default state and its default state is the only state of the platform. Some platforms offer and support optional third-party features that need configured - these are excluded.
Platform Feature | Catapult | Pantheon | Acquia |
---|---|---|---|
Source | Open | Closed | Closed |
Subscription Feature Set | Bundled | Separated | Separated |
Traditional Tooling (VMs & Shell) | :white_check_mark: | :x: | :x: |
Multi-Platform (Linux & Windows) | :white_check_mark: | :x: | :x: |
Supported PHP Software | 20+ | 2 | 1 |
Supported .NET Software | TBA | :x: | :x: |
Minimum Bundled Monthly Cost |
$45 | $400 | $134 |
Websites per instance | Unlimited | 1 | 1 |
Managed Workflow | Git Flow (branch-based environments) | :x: | :x: |
Managed Software Workflow Model | Upstream or Downstream | :x: | :x: |
Agile Methodology Focus | Scrum | :x: | :x: |
Managed Continuous Integration | :white_check_mark: | :x: | :x: |
Environments | LocalDev, Test, QC, Production | Multidev, Dev, Test, Live | Dev Desktop, Dev, Stage, Prod |
Exacting Configuration | :white_check_mark: | :x:2 | :x:3 |
Approach | Virtual Machine | Container | Virtual Machine |
Data Center | DigitalOcean and AWS | Rackspace | AWS |
Scaling | Horizontal | Horizontal | Vertical |
Scaling Management | Manual | Automatic | Manual |
Development Environment | Unlimited Local | 5 Cloud | Unlimited Local |
Development Environment Approach | Exact | Exact | Similar |
Dashboard - Control | CLI | CLI & Web | CLI & Web |
Dashboard - Monitor | Web | Web | Web |
Managed Public Git Website Repository Support | GitHub & Bitbucket | :x: | :x: |
Managed DNS | CloudFlare | :x: | :x: |
Managed Free HTTPS Certificates | CloudFlare/Let's Encrypt | :x: | :x: |
Managed Server Monitoring | New Relic | :x: | Proprietary |
Managed Application Error Logs | New Relic | Proprietary | Proprietary |
Managed Application Performance Monitoring | New Relic | :x: | :x: |
Managed Browser Performance Monitoring | New Relic | :x: | :x: |
Managed Synthetic Monitoring | New Relic | :x: | :x: |
See an error or have a suggestion? Email competition@devopsgroup.io - we appreciate all feedback.
Catapult requires a Developer Setup, Instance Setup, and Services Setup as described in the following sections.
There are two roles when using Catapult, Catapult User and Catapult Admin.
The Catapult User only needs to complete the Developer Setup and the Catapult Admin completes the Instance Setup and Services Setup.
Please Note:
vagrant reload
to regain communication.Catapult uses Vagrant and the command line of a developer's workstation, below is a list of required software that will need to be installed.
~/.gnupg/gpg.conf
sudo apt-get install virtualbox
sudo yum install virtualbox
xcode-select --install
from the Terminalwget https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
sudo dpkg --install vagrant_2.2.9_x86_64.deb
sudo apt-get install nfs-kernel-server
wget https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.rpm
sudo yum install vagrant_2.2.9_x86_64.rpm
vagrant status
to verify the correct workstation software is installed and to generate your Catapult user files~/secrets/configuration-user.yml["settings"]["admin"]
to true
vagrant status
to verify the correct workstation software is installed and to generate your Catapult user files~/secrets/configuration-user.yml["settings"]["gpg_key"]
~/secrets/configuration-user.yml["settings"]["bamboo_username"]
to the username for this Bamboo user~/secrets/configuration-user.yml["settings"]["bamboo_password"]
to the password for this Bamboo userCatapult is quick to setup. You have the option of using GitHub (public) or Bitbucket (private) to store your Catapult instance. Your Catapult secrets are encrypted and safe, but please use your best judgment when choosing a destination for your Catapult instance.
vagrant status
to verify the correct workstation software is installed and to generate your Catapult user files~/secrets/configuration-user.yml["settings"]["admin"]
to true
~/secrets/configuration-user.yml["settings"]["gpg_edit"]
(false
by default) and is used to encrypt your Catapult configuration secrets using your GPG Passphrase:
~/secrets/id_rsa
as ~/secrets/id_rsa.gpg
~/secrets/id_rsa.pub
as ~/secrets/id_rsa.pub.gpg
~/secrets/configuration.yml
as ~/secrets/configuration.yml.gpg
develop
branch.vagrant status
) will encrypt your configuration, of which, will allow you to commit and push safely to your public Catapult fork.id_rsa
and id_rsa.pub
in the ~/secrets/
folder.~/secrets/configuration-user.yml["settings"]["gpg_key"]
Catapult is designed with a distributed services model, below are the required third-party services and their sign-up and configuration steps.
Service | Product | Use Case | Monthly Cost |
---|---|---|---|
†Cloud Hosting: Red Hat (PHP) | DigitalOcean Droplets | Web and Database Servers (6) | *$30+ |
†Cloud Hosting: Windows (.NET) | Amazon Web Services (AWS) EC2 | Web and Database Servers (6) | *$80+ |
Source Code Repositories | Atlassian Bitbucket | Private Repositories | Free |
Source Code Repositories | GitHub | Public Repositories | Free |
Automated Deployments / Continuous Integration | Atlassian Bamboo Server | Build Server | $15 |
DNS | CloudFlare | Cloud DNS | Free |
Monitoring | New Relic Application Performance Monitoring (APM), Browser, Server, and **Synthetics | Performance and Infrastructure Monitoring | Free |
Total | †$45+ |
† Only one platform (Red Hat or Windows) is required to have a full-featured infrastructure. Generally speaking, the industry-standard Red Hat platform will be used.
* Depending on load, resources may need to be increased, starting at an additional $5 per month per server.
** New Relic customers receive a trial "pro" period ranging from 14-days to 30-days, however, there is no free tier beyond the trial
~/secrets/configuration.yml["company"]["digitalocean_personal_access_token"]
id_rsa.pub
from ~/secrets/id_rsa.pub
key ~/secrets/configuration.yml["company"]["aws_access_key"]
~/secrets/configuration.yml["company"]["aws_secret_key"]
id_rsa.pub
from ~/secrets/id_rsa.pub
keyBitbucket provides free private repositories and GitHub provides free public repositories, you will need to sign up for both. If you already have Bitbucket and GitHub accounts you may use them, however, it's best to setup a machine user if you're using Catapult with your team.
~/secrets/configuration.yml["company"]["bitbucket_username"]
~/secrets/configuration.yml["company"]["bitbucket_password"]
id_rsa.pub
from ~/secrets/id_rsa.pub
key in https://bitbucket.org/account/user/`your-user-here`/ssh-keys/ named "Catapult"~/secrets/configuration.yml["company"]["github_username"]
~/secrets/configuration.yml["company"]["github_password"]
~/secrets/configuration.yml["company"]["github_personal_access_token"]
id_rsa.pub
from ~/secrets/id_rsa.pub
key in https://github.com/settings/ssh named "Catapult"Bamboo Server set-up
vagrant up ~/secrets/configuration.yml["company"]["name"]-build
up
will take some time, please be patient~/secrets/configuration.yml["company"]["bamboo_base_url"]
, the format should be http://[digitalocean-ip-here]/~/secrets/configuration.yml["company"]["name"]
~/secrets/configuration.yml["company"]["email"]
Bamboo Configuration
~/secrets/configuration.yml["company"]["bamboo_username"]
~/secrets/configuration.yml["company"]["bamboo_password"]
To avoid having to manually configure the Bamboo project, plans, stages, jobs, and tasks configuration, you may optionally install and purchase the "Bob Swift Atlassian Add-ons - Bamboo Command Line Interface (CLI)" Bamboo add-on. To install, click the settings gear top right, and click "Manage apps". Once the add-on is installed, by running a vagrant status
, Catapult will automatically detect its existence and automatically configure the settings required.
Otherwise, the manual setup configuration steps are outlined below:
~/secrets/configuration.yml["company"]["cloudflare_api_key"]
~/secrets/configuration.yml["company"]["cloudflare_email"]
~/secrets/configuration.yml["company"]["newrelic_api_key"]
~/secrets/configuration.yml["company"]["newrelic_admin_api_key"]
~/secrets/configuration.yml["company"]["newrelic_license_key"]
~/secrets/configuration.yml["company"]["sendgrid_api_key"]
~/secrets/configuration.yml["company"]["sendgrid_username"]
~/secrets/configuration.yml["company"]["sendgrid_password"]
vagrant status
. Catapult will confirm the connection to all of the Services and inform you of any problems.To start using Catapult you will need to Provision Environments and Configure Automated Deployments.
Environment | LocalDev | Test | QC | Production |
---|---|---|---|---|
Server Provider | Locally via VirtualBox and VMware Fusion | Hosted via DigitalOcean | Hosted via DigitalOcean | Hosted via DigitalOcean |
Server Provisioning | Manually via Vagrant | Manually via Vagrant | Manually via Vagrant | Manually via Vagrant |
For each Environment you will need to:
vagrant up ~/secrets/configuration.yml["company"]["name"]-dev-redhat
vagrant up ~/secrets/configuration.yml["company"]["name"]-test-redhat
vagrant up ~/secrets/configuration.yml["company"]["name"]-qc-redhat
vagrant up ~/secrets/configuration.yml["company"]["name"]-production-redhat
vagrant up ~/secrets/configuration.yml["company"]["name"]-dev-redhat-mysql
vagrant up ~/secrets/configuration.yml["company"]["name"]-test-redhat-mysql
vagrant up ~/secrets/configuration.yml["company"]["name"]-qc-redhat-mysql
vagrant up ~/secrets/configuration.yml["company"]["name"]-production-redhat-mysql
Once the Web and Database Servers are up and running, it's then time to configure your Bamboo Catapult project's TEST, QC, and PROD plans. To avoid having to manually configure the Bamboo project, plans, stages, jobs, and tasks configuration, you may optionally install and purchase the "Bob Swift Atlassian Add-ons - Bamboo CLI Connector" Bamboo add-on. Otherwise, the manual setup configuration steps are outlined below:
~/secrets/configuration.yml["company"]["bamboo_base_url"]
shell
Inline
bash /catapult/provisioners/redhat/provision.sh "build" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "bamboo"
~/secrets/configuration.yml["environments"]["test"]["servers"]["redhat"]["ip"]
root
Key without passphrase
~/secrets/id_rsa
bash /catapult/provisioners/redhat/provision.sh "test" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "apache"
~/secrets/configuration.yml["environments"]["test"]["servers"]["redhat_mysql"]["ip"]
root
Key without passphrase
~/secrets/id_rsa
bash /catapult/provisioners/redhat/provision.sh "test" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "mysql"
~/secrets/configuration.yml["environments"]["qc"]["servers"]["redhat"]["ip"]
root
Key without passphrase
~/secrets/id_rsa
bash /catapult/provisioners/redhat/provision.sh "qc" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "apache"
~/secrets/configuration.yml["environments"]["qc"]["servers"]["redhat_mysql"]["ip"]
root
Key without passphrase
~/secrets/id_rsa
bash /catapult/provisioners/redhat/provision.sh "qc" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "mysql"
~/secrets/configuration.yml["environments"]["production"]["servers"]["redhat"]["ip"]
root
Key without passphrase
~/secrets/id_rsa
bash /catapult/provisioners/redhat/provision.sh "production" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "apache"
~/secrets/configuration.yml["environments"]["production"]["servers"]["redhat_mysql"]["ip"]
root
Key without passphrase
~/secrets/id_rsa
bash /catapult/provisioners/redhat/provision.sh "production" "https://github.com/your-name-here/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "mysql"
shell
Inline
python /catapult/provisioners/windows/provision.py "~/secrets/configuration.yml["environments"]["test"]["servers"]["windows"]["ip"]" "Administrator" "~/secrets/configuration.yml["environments"]["test"]["servers"]["windows"]["admin_password"]" "test" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "iis"
shell
Inline
python /catapult/provisioners/windows/provision.py "~/secrets/configuration.yml["environments"]["test"]["servers"]["windows_mssql"]["ip"]" "Administrator" "~/secrets/configuration.yml["environments"]["test"]["servers"]["windows_mssql"]["admin_password"]" "test" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "mssql"
shell
Inline
python /catapult/provisioners/windows/provision.py "~/secrets/configuration.yml["environments"]["qc"]["servers"]["windows"]["ip"]" "Administrator" "~/secrets/configuration.yml["environments"]["qc"]["servers"]["windows"]["admin_password"]" "qc" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "iis"
shell
Inline
python /catapult/provisioners/windows/provision.py "~/secrets/configuration.yml["environments"]["qc"]["servers"]["windows_mssql"]["ip"]" "Administrator" "~/secrets/configuration.yml["environments"]["qc"]["servers"]["windows_mssql"]["admin_password"]" "qc" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "mssql"
shell
Inline
python /catapult/provisioners/windows/provision.py "~/secrets/configuration.yml["environments"]["production"]["servers"]["windows"]["ip"]" "Administrator" "~/secrets/configuration.yml["environments"]["production"]["servers"]["windows"]["admin_password"]" "production" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "iis"
shell
Inline
python /catapult/provisioners/windows/provision.py "~/secrets/configuration.yml["environments"]["production"]["servers"]["windows_mssql"]["ip"]" "Administrator" "~/secrets/configuration.yml["environments"]["production"]["servers"]["windows_mssql"]["admin_password"]" "production" "https://github.com/[your-name-here]/catapult" "~/secrets/configuration-user.yml["settings"]["gpg_key"]" "mssql"
Catapult follows Gitflow for its infrastructure configuration and website development model - each environment is branch-based and changesets are introduced into each environment by pull requests from one branch to the next.
LocalDev | Test | QC | Production | |
---|---|---|---|---|
Running Branch | develop | develop | release | master |
Automated Deployments | No, manually via vagrant provision |
Yes, triggered by new commits to develop | Yes, nightly or manually via Bamboo | Yes, nightly or manually via Bamboo |
Testing Activities | Component Test | Integration Test, System Test | Acceptance Test, Release Test | Operational Qualification |
Scrum Activity | Sprint Start: Development of User Stories | Daily Scrum | Sprint Review | Sprint End: Accepted Product Release |
Scrum Roles | Development Team | Scrum Master, Development Team, Product Owner (optional) | Scrum Master, Development Team, Product Owner | Product Owner |
Catapult enforces a unique solution to Release Management of a website, Software Workflow. Software Workflow offers two modes, downstream or upstream, creating a "golden environment".
LocalDev | Test | QC | Production | |
---|---|---|---|---|
Downstream Software Workflow - Database | Restore from develop ~/_sql folder of website repo |
Restore from develop ~/_sql folder of website repo |
Restore from release ~/_sql folder of website repo |
Auto-commit one backup per day (up to 500MB or 1) to master ~/_sql folder of website repo |
Downstream Software Workflow - Untracked File Stores | rsync file stores from Production | rsync file stores from Production | rsync file stores from Production | |
Downstream Software Workflow - Tracked File Stores | Pull file stores from develop | Pull file stores from develop | Pull file stores from release | Auto-commit file stores (up to 750MB each) to master of website repo |
Note: Catapult will automatically pull the master branch into the develop branch of a website's repository when in the Downstream Software Workflow direction.
LocalDev | Test | QC | Production | |
---|---|---|---|---|
Upstream Software Workflow - Database | Restore from develop ~/_sql folder of website repo |
Auto-commit one backup per day (up to 500MB or 1) to develop ~/_sql folder of website repo |
Restore from release ~/_sql folder of website repo |
Restore from master ~/_sql folder of website repo |
Upstream Software Workflow - Untracked File Stores | rsync file stores from Test | rsync file stores from Test | rsync file stores from Test | |
Upstream Software Workflow - Tracked File Stores | Pull file stores from develop | Auto-commit file stores (up to 750MB each) to develop of website repo | Pull file stores from release | Pull file stores from master |
All Catapult configuration is stored in ~/secrets/configuration.yml
and encrypted as ~/secrets/configuration.yml.gpg
. There are three main sections - Company, Environments, and Websites.
The exclusive Company entry contains top-level company information and service credentials, configured during Setup Catapult.
name:
email:
timezone_redhat:
timezone_windows:
The remaining keys include credentials to services:
digitalocean_personal_access_token
bitbucket_username
bitbucket_password
github_username
github_password
github_personal_access_token
bamboo_base_url
bamboo_username
bamboo_password
aws_access_key
aws_secret_key
bamboo_password
cloudflare_api_key
cloudflare_email
newrelic_admin_api_key
newrelic_api_key
newrelic_license_key
sendgrid_api_key
sendgrid_username
sendgrid_password
The setup- and maintenance-free Environments entries contain environment configurations such as IP addresses and system credentials - all of which are automatically set during Setup Catapult and Setup Environments.
Adding websites to Catapult is driven by simple configuration. After establishing a repository at GitHub or Bitbucket, simply add entries to ~/secrets/configuration.yml
. The entries must be ordered alphabetically by domain name and all entries exist under the single websites:
key as reflected in this example:
websites:
apache:
- domain: devopsgroup.io
repo: git@github.com:devopsgroup-io/devopsgroup-io.git
- domain: example.com
repo: git@github.com:example-company/example.com.git
The following options are available:
domain:
domain: example.com
domain: subdomain.example.com
www.
www.
subdomain is created for yousubdomain.example.com
)dev.example.com
, test.example.com
, qc.example.com
, example.com
www.dev.example.com
, www.test.example.com
, www.qc.example.com
, www.example.com
domain_tld_override:
domain_tld_override: mycompany.com
.com
)
domain
and domain
.domain_tld_override
domain
, but want to have a quick option to point DNS to domain
if neededdomain
, you may remove the domain_tld_override
. please caution note belowdomain_tld_override
for Environments
dev.example.com.mycompany.com
, test.example.com.mycompany.com
, qc.example.com.mycompany.com
, example.com.mycompany.com
www.dev.example.com.mycompany.com
, www.test.example.com.mycompany.com
, www.qc.example.com.mycompany.com
, www.example.com.mycompany.com
software:
, you need to manually replace URLs in the database respective to the software_workflow:
option.
vagrant ssh mycompany.com-test-redhat-mysql
wp-cli --allow-root --path="/var/www/repositories/apache/example.com/(webroot if applicable)" search-replace ":\/\/(www\.)?(dev\.|test\.)?(example\.com\.mycompany\.com)" "://example.com" --regex
configure_email:
true
configure_email: false
force_auth:
force_auth: letmein
force_auth_exclude
)letmein
is both the username and passwordforce_auth_exclude:
force_auth:
force_auth_exclude: ["production"]
["dev","test","qc","production"]
to exclude from the force_auth
optionforce_https:
false
force_https: true
dev.
domains in LocalDev will have an unsigned certificate warningforce_ip:
force_ip: ["208.80.154.224"]
force_ip_exclude
is definedforce_auth
for when HTTP basic authentication cannot be used. e.g. Drupal 8 Basic Auth Moduleforce_auth
for added securityforce_ip_exclude:
force_ip:
force_ip_exclude: ["production"]
["dev","test","qc","production"]
to exclude from the force_ip
optionidle:
false
idle: true
repo:
repo: git@github.com:devopsgroup-io/devopsgroup-io.git
software:
software: codeigniter2
software: codeigniter3
software: concrete58
software: drupal6
software: drupal7
software: drupal8
software: elgg1
software: expressionengine3
software: joomla3
software: laravel5
software: mediawiki1
software: moodle3
software: silverstripe3
software: suitecrm7
software: wordpress4
software: wordpress5
software: wordpress6
software: xenforo1
software: xenforo2
software: zendframework2
software_auto_update:
false
software:
software_auto_update: true
software_workflow
environmentsoftware
is supported, see Software Auto Updatessoftware_dbprefix:
software:
software_dbprefix: wp_
wp_
, must be specified if desiredsoftware_dbtable_retain:
software:
software_workflow: upstream
software_dbtable_retain: ["comments","commentmeta"]
software_dbprefix:
, to retain from the Production environment when software_workflow:
is set to upstream
YYYYMMDD_software_dbtable_retain.sql
file to ~/_sql
software_workflow:
software:
software_workflow: downstream
master
branch as the source and automated save point for software files and databasemaster
branch is automatically merged into the develop
branch for conveniencesoftware_workflow: upstream
develop
branch as the source and automated save point for software files and databasemaster
branch - see Release Managementwebroot:
/
webroot: www/
Website development is done on the developer's workstation using the LocalDev environment for local and real-time software development in an environment that is exactly matching to upstream environments.
Once websites are added to your configuration and you have performed a provision of your LocalDev environment, repositories for websites are cloned into your Catapult instance at ~/repositories
and into the respective apache
or iis
folder, listed by the domain name. Website repository folders are linked between the developer's workstation (host) and the LocalDev environment (guest) for real-time development.
Catapult enforces software configuration best practices for software fresh installs. A typical software fresh install workflow would be to fork the software project on GitHub and add then add a new website entry to your ~/configuration.yml
file. Given the broad spectrum of software requirements there are minor configuration caveats worth noting:
Software | Install Approach | Install Notes |
---|---|---|
codeigniter2 |
Follow the Installation Instructions. | |
codeigniter3 |
Follow the Installation Instructions. | |
concrete58 |
Download | Download concrete5. |
drupal6 |
Drush | drush pm-download drupal-6 |
drupal7 |
Drush | drush pm-download drupal-7 |
drupal8 |
Drush | drush pm-download drupal-8 |
elgg1 |
Fork | Follow the installation Overview. Catapult requires the dataroot directory to be within the webroot, it's pertinent to create a .gitignore to ignore and .htaccess to deny access to this directory. |
elgg2 |
Fork | Follow the installation Overview. Catapult requires the dataroot directory to be within the webroot, it's pertinent to create a .gitignore to ignore and .htaccess to deny access to this directory. |
expressionengine3 |
Download | |
joomla3 |
Fork | |
laravel5 |
Composer | Follow the Composer Create-Project documentation. |
mediawiki1 |
Fork | |
moodle3 |
Fork | Catapult requires the moodledata directory to be within the webroot, it's pertinent to create a .gitignore to ignore and .htaccess to deny access to this directory. |
silverstripe3 |
Composer | Follow the Installing and Upgrading with Composer. During a fresh install, the database config file mysite/_config.php will need to be given 0777 permissions. |
suitecrm7 |
Fork | |
wordpress4 |
Fork | |
wordpress5 |
Fork | |
wordpress6 |
Fork | |
xenforo1 |
Download | |
xenforo2 |
Download | |
zendframework2 |
Fork | Your best bet is to start from the zendframework/ZendSkeletonApplication GitHub project. Catapult assumes Zend Framework is at the root of your repo and writes a database config file at config/autoload/global.php , you will also need to set webroot: public/ in your Catapult configuration. |
The below table outlines what software is supported for the software_auto_update
website option. When this option is set to true
, Catapult manages software core and pluggable component (plugins, modules, etc.) updates to the latest compatible versions using the software's CLI tool or similar method.
Software | software_auto_update Support |
---|---|
codeigniter2 |
:white_check_mark: |
codeigniter3 |
:white_check_mark: |
concrete58 |
:white_check_mark: |
drupal6 |
:white_check_mark: |
drupal7 |
:white_check_mark: |
drupal8 |
:white_check_mark: |
elgg1 |
:x: |
elgg2 |
:x: |
expressionengine3 |
:x: |
joomla3 |
:x: |
laravel5 |
:x: |
mediawiki1 |
:x: |
moodle3 |
:white_check_mark: |
silverstripe3 |
:x: |
suitecrm7 |
:x: |
wordpress4 |
:white_check_mark: |
wordpress5 |
:white_check_mark: |
wordpress6 |
:white_check_mark: |
xenforo1 |
:x: |
xenforo2 |
:white_check_mark: |
zendframework2 |
:white_check_mark: |
In the scenario where an update may overwrite customizations to a file that is expected to be able to be customized (e.g. .htaccess
, .gitignore
, or robots.txt
), you may create an _append
directory within the repository root of the website with files containing your customizations.
~/_append/
will be appended to files in ~/{webroot}/
# THIS IS A COMMENT
) are supported.webroot
are supported.Catapult manages free Domain Validation (DV) certificates compliments of Cloudflare and Let's Encrypt automatically for all of your websites and optionally manages purchased certificates.
It's important to note that certificates are not dependent on protocols. Many vendors tend to use the phrase "SSL/TLS certificate", it may be more accurate to call them "certificates for use with SSL and TLS" since the protocols are determined by your server configuration, not the certificates themselves. It's likely you will continue to see certificates referred to as SSL certificates because at this point that’s the term more people are familiar with, however, we're just calling them "certificates".
Browser Compatibility
Catapult tracks Mozilla's Operations Security (OpSec) team Security/Server Side TLS recommendations document and the "Intermediate" recommended configuration and is our objective to maintain at least an A rating with Qualys Labs. An important note is that Catapult does not support old browsers that do not support Server Name Indication (SNI). Here is Catapult's list of oldest compatible browsers:
Purchased Certificates
Depending on your compliance needs you may need to purchase custom certificates unique to your organization. Below is a table of the three different types of certificates that should be taken into account when auditing your compliance needs.
Feature | Domain Validation (DV certificates) | Organization Validation (OV certificates) | Extended Validation (EV certificates) |
---|---|---|---|
Single Domain Certificate | :white_check_mark: | :white_check_mark: | :white_check_mark: |
Wildcard Certificate | :white_check_mark: | :white_check_mark: | :x: |
Multiple Domain Certificate | :white_check_mark: | :white_check_mark: | :white_check_mark: |
Cost | $ | $$ | $$$ |
Issuing Process | Automatic | Application vetted by Certificate Authority | Application vetted by Certificate Authority |
Issuing Criteria: Domain Name(s) Ownership | :white_check_mark: | :white_check_mark: | :white_check_mark: |
Issuing Criteria: Organization Existence | :x: | :white_check_mark: | :white_check_mark: |
Issuing Criteria: Organization Legal Existence | :x: | :x: | :white_check_mark: |
Industry Accepted Issuing Standard | :x: | :x: | CAB EV SSL Certificate Guidelines |
Standard Browser Padlock | :white_check_mark: | :white_check_mark: | :x: |
Greenbar Browser Padlock | :x: | :x: | :white_check_mark: |
Browser Compatibility | Google Chrome 1+, Mozilla Firefox 1+, Internet Explorer 5+ | Google Chrome 1+, Mozilla Firefox 1+, Internet Explorer 5+ | Google Chrome 1+, Mozilla Firefox 3+, Internet Explorer 7+ |
Catapult optionally manages custom certificates purchased and issued by a Certificate Authority. The following files are required for Catapult to detect and use the custom certificate:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> example_com.ca-bundle
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Here is an example of a certificate implementation for example.com:
reporoot/_cert/example_com/example_com.ca-bundle
reporoot/_cert/example_com/example_com.crt
reporoot/_cert/example_com/server.csr
reporoot/_cert/example_com/server.key
Here is an example of a certificate implementation for dev.example.com:
reporoot/_cert/dev_example_com/dev_example_com.ca-bundle
reporoot/_cert/dev_example_com/dev_example_com.crt
reporoot/_cert/dev_example_com/server.csr
reporoot/_cert/dev_example_com/server.key
Note: If you have a wildcard certificate, duplicate each environment directory and use the same set of files
Forcing www is generally software-specific, unlike forcing the HTTPS protocol, which is environment-specific and driven by the force_https
option. To force www (why force www?), please follow the respective guides per software
below.
For software
that does not have specific documentation, please follow this generic .htaccess
approach http://stackoverflow.com/a/4958847/4838803
Software | Approach | Documentation |
---|---|---|
codeigniter2 |
.htaccess |
|
codeigniter3 |
.htaccess |
|
concrete58 |
.htaccess |
|
drupal6 |
.htaccess |
|
drupal7 |
.htaccess |
|
drupal8 |
.htaccess |
|
elgg1 |
||
expressionengine3 |
||
joomla3 |
||
laravel5 |
||
mediawiki1 |
||
moodle3 |
||
silverstripe3 |
mysite/_config.php |
http://api.silverstripe.org/3.1/class-Director.html -> http://stackoverflow.com/a/26865882 |
suitecrm7 |
||
wordpress4 |
Database | http://codex.wordpress.org/Changing_The_Site_URL |
wordpress5 |
Database | http://codex.wordpress.org/Changing_The_Site_URL |
wordpress6 |
Database | http://codex.wordpress.org/Changing_The_Site_URL |
xenforo1 |
||
xenforo2 |
||
zendframework2 |
Debug output, unlike logging, is a configuration that outputs exceptions on-screen of your website while you're developing in LocalDev for convenience. It also aligns with the testing activies as defined in Release Management. Debug output is configured at two levels; PHP and software-specific, the below chart provides a breakdown.
LocalDev | Test | QC | Production |
---|---|---|---|
Verbose | Verbose | Hidden | Hidden |
Caching plays a very important role in the performance of your website and enforces and recommends many performance optimizations. Catapult generally enforces caching of files to 1 year, because of this, to ensure that a new website release is reflected in a user's browser you should consider semantic versioning of website resource files. Here's an example of query string cache busting:
<link rel="stylesheet" href="https://github.com/devopsgroup-io/catapult/blob/master/css/style.min.css?v=3.4.1">
Ready to deploy a new release? Update the version number and the cache will be "busted":
<link rel="stylesheet" href="https://github.com/devopsgroup-io/catapult/blob/master/css/style.min.css?v=3.4.2">
A more complicated, yet effective method of cache-busting is by using versioned folders. Resources with a "?" in the URL are not cached by some proxy caching servers. Here is an example of URL path cache busting:
<link rel="stylesheet" href="https://github.com/devopsgroup-io/catapult/blob/master/css/3.4.1/style.min.css">
Ready to deploy a new release? Update the version number and the cache will be "busted":
<link rel="stylesheet" href="https://github.com/devopsgroup-io/catapult/blob/master/css/3.4.2/style.min.css">
Each software type will vary as to the standard convention of website resource file versioning, here is a Wordpress example to get you started.
Progressive Web App (PWA), in general, is a term used to denote web apps that use the latest web technologies. Catapult allows a manifest.json
file to be placed in your webroot
. Note that this will be accessible regardless of whether or not you are using the force_auth
option, which is necessary because manifest.json
is sometimes accessed outside of the session under which you authenticated. Don't forget to include the link
tag <link rel="manifest" href="https://github.com/devopsgroup-io/catapult/blob/master/manifest.json">
to notify the browser of your manifest. More information regarding PWAs can be found at Google's Web App Manifest and Progressive Web App Checklist.
SMTP: SendGrid
Email delivery is an art, there are many considerations when trying to get an email into someone's inbox. Some considerations include message encryption, authentication, IP reputation, bounce management, analytics visibility, and more. For that reason, Catapult requires the setup of the managed SMTP relay provider, SendGrid. To configure SendGrid with your website's software, please set the SMTP configuration to the following:
smtp.sendgrid.net
587
TLS
yes
~/secrets/configuration.yml["company"]["sendgrid_username"]
~/secrets/configuration.yml["company"]["sendgrid_password"]
An example implementation would be the WP Mail SMTP WordPress plugin.
SMTP: Default
If you do not use SendGrid as your SMTP relay provider in your website software SMTP configuration, then the following default configurations will apply to assist with email deliverability:
Bounce Management
~/secrets/configuration.yml["company"]["email"]
to clear hard bounces every 5 days and soft bounces every 3 days.~/secrets/configuration.yml["company"]["email"]
daily.The following HTTP request limits are defined for all websites:
HTTP (ModSecurity) Limits
SecRequestBodyNoFilesLimit
): 1 MB
application/x-www-form-urlencoded
Content-TypeSecRequestBodyLimit
): 64 MB
multi-part
Content-TypePHP Limits
upload_max_filesize
): 16 MB
post_max_size
): 64 MB
Troubleshooting
If you are experiencing 401
or 413
HTTP response codes it may be due to the HTTP client not supporting the HTTP 1.1 Expect
header. This header essentially says "I've got a huge payload, but before I send it please let me know if you can handle it". This gives the endpoints time to renegotiate the client certificate before the payload is sent. The SSLRenegBufferSize
is set to 128 KB
for security reasons, so if your payload exceeds this size it will fail if the client does not support the HTTP 1.1 Expect
header. Read more here.
The best way to handle changes to the software's database schema is through a migrations system. Database migrations are software-specific and are invoked via Catapult for you, here we outline the specifics:
~/_sql
folder and restored, dependent on the environment and software_workflow
setting per website - see Release Management for details.software_workflow
) to trigger a database refresh. From the develop branch, commit a deletion of today's database backup lock file from the ~/_sql
folder.Oracle SQL Developer is the recommended tool, to connect to and work with databases. It is free, commercially supported, cross-platform, and supports multiple database types.
~/catapult/installers/mysql-connector-java-5.0.8-bin.jar
~/catapult/installers/jtds-1.3.1.jar
~/secrets/configuration.yml
.~/secrets/id_rsa
.
~/secrets/configuration.yml
.
Always weigh the risk of not performing a production hotfix versus performing it, as production hotfixes require going outside of the normal development and testing workflow. Below is an example of how you can determine severity:
Ask key stakeholders the following questions and assign a 1 or 0 for the answer, then add up the total:
The total will determine the level of severity, typically a 4 would be considered a candidate for a production hotfix:
Performing a production hotfix varies depending on the website's software
type, software_workflow
direction, and type of change (code or database).
software_workflow: downstream
~/configuration.yml
, temporarily set the environments -> dev -> branch key to branch: master
, and do not commit the changemaster
branchmaster
branch into the develop
branchbranch: develop
software
should not be taken out as a production hotfix)software_workflow: upstream
~/configuration.yml
, temporarily set the environments -> dev -> branch key to branch: master
, and do not commit the changemaster
branchmaster
branch into the develop
branchbranch: develop
software
and safely making the change, should not be taken out as a production hotfix)develop
branch of the website's repository, commit a deletion of today's (if exists) SQL dump file from within the ~/sql
folder
develop
branch for when this branch is merged upstream)master
branch of the website's repository, make your change in the most recent SQL dump file from within the ~/sql
folder
The automated deployment cycle releases changesets merged into respective environment branches for websites and your Catapult configuration, in addition to running server updates.
Environment | Scheduled |
---|---|
LocalDev | n/a, requires provision |
Test | 12:00 AM |
QC | 1:00 AM |
Production | 2:00 AM |
A maintenance cycle is scheduled for defined times within the timezone that is defined within ~/secrets/configuration.yml
at the timezone_redhat
and timezone_windows
values of the Company entry. This ensures system and website software are patched and other security controls are run within your infrastructure to automatically mitigate security vulnerabilities.
Daily maintenance occurs:
Daily maintenance includes:
Weekly maintenance occurs:
Weekly maintenance includes:
Servers will be rebooted when:
Being able to react to disasters immediately and consistently is crucial - Catapult affords you fast rebuilding and rollbacks.
vagrant destroy
and then vagrant up
for the respective virtual machine.vagrant rebuild
for the respective virtual machine - this is necessary (rather than a destroy and up) to retain the IP addresses of the machine.Production Website Rollbacks:
software_workflow: upstream
~/_sql
folder.software_workflow: downstream
~/_sql
folder.Catapult enforces many security best practices that are important for you to be aware of and understand. These controls avoid, detect, counteract, or minimize security risks to the platform and visitors. The Lynis security auditing tool is used to evaluate and harden the configuration of the system.
Edge
Server
Application
Software
* This security feature only takes effect when the website's nameservers are set to CloudFlare
Catapult introduces many best practice data protection measures, however, the security of personal data is ultimately your responsibility. Generally speaking, if personal information is compromised, you are required by law to notify the party. Laws vary country-by-country and state-by-state and can be enforceable in the state or country where the individual is physically located when the data is collected. This means that, even if your website is hosted within the U.S., you could potentially be subject to another country's data protection laws. The main principles of data protection include:
Personally identifiable information (PII), in the U.S., is generally classified as an individual's first and last name in combination with a Social Security number, driver's license number, or financial account number. For more information, please see this list of data breach laws by U.S. states compiled by IT Governance.
The General Data Protection Regulation (GDPR) is a regulation in E.U. law on data protection and privacy for all individuals within the European Union that becomes enforceable starting May 25, 2018. Article 4(1) of the GDPR defines "personal data" as any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For more information, please see the GDPR.
There are many complex compliance and audit standards that are your responsibility to understand and execute. Each Catapult instance is independent to you - including the required services that you signed up for during Services Setup.
Security of the cloud. This is the responsibility of the cloud service.
Service | Catapult Context | SOC 1 | SOC 2 | SOC 3 |
---|---|---|---|---|
AWS EC2 US EAST | Windows server hosting | :white_check_mark: | :white_check_mark: | :white_check_mark: |
BitBucket | Repository hosting | :white_check_mark: | ||
DigitalOcean NYC3 | Red Hat and Bamboo server hosting | :white_check_mark: | :white_check_mark: | |
GitHub | Repository hosting | |||
New Relic | Server communication, log files | :white_check_mark: |
Security in the cloud. This is your responsibility, however, the underlying service must have basic support for the compliance scenario.
Service | Catapult Context | HIPAA BAA | PCI DSS Level 1 |
---|---|---|---|
AWS EC2 US EAST | Windows server hosting | :white_check_mark: | :white_check_mark: |
CloudFlare (Pro) | Web application firewall | :white_check_mark: | |
BitBucket | Repository hosting | :x: | |
DigitalOcean NYC3 | Red Hat and Bamboo server hosting | :question: | :question: |
GitHub | Repository hosting | :question: |
See an error or have a suggestion? Email security@devopsgroup.io if confidential or submit a pull request - we appreciate all feedback.
Your website's performance is maximized with bandwidth, caching, and geographic optimizations. Catapult enforces these throughout every layer of your website, all in an effort to improve page loading times. Below is an example of the great performance gain of when page caching and CSS/JS aggregation are enabled for a Drupal website - all of which is managed by Catapult.
Please note: Any performance optimization that would impact development or component testing in LocalDev is disabled; this workflow aligns with the testing activites described in the Release Management section.
Bandwidth optimizations are made to lower the total bytes downloaded and decrease the amount of requests made by the browser.
Caching is enabled for many layers of your website including storing pre-interpreted PHP in memory, storing page caches for certain software types, and storing files on visitor's local disk.
Shortening the physical distance between the server and the visitor can trim priceless milliseconds from page loading time. (One might use this as an argument as to why browser caching and your overall caching strategy is so important.)
Catapult as a platform can only reach so far into the configuration of your website's software. Here are a few recommended development practices that will improve the performance of your website:
<script>
tags asynchronously
<script>
tags after the document has been parsed with defer
</body>
tagrel="prefetch"
target="_blank"
links, use rel="noopener"
Google's PageSpeed Insights and Lighthouse are good tools to test for performance optimizations.
Your website's capacity potential is defined by two key elements; 1) your website's average resource requirement per request and 2) server resources available. We recommend to first Performance optimize your website and then consider your website's capacity potential through Performance and Capacity Testing.
Catapult defines horizontal scaling by adding additional servers, this affords you increased capacity. Currently, only the Red Hat stack supports horizontal scaling and only one (1) additional server is supported. Each Red Hat environment (LocalDev, Test, QC, and Production) supports horizontal scaling independently. To spin up the additional server per environment, please run the following command:
* `vagrant up ~/secrets/configuration.yml["company"]["name"]-dev-redhat1`
* `vagrant up ~/secrets/configuration.yml["company"]["name"]-test-redhat1`
* `vagrant up ~/secrets/configuration.yml["company"]["name"]-qc-redhat1`
* `vagrant up ~/secrets/configuration.yml["company"]["name"]-production-redhat1`
HAProxy is used to facilitate capacity management by means of a layer 7 load balancer. The HAProxy status dashboard is made available to you for each environment by visiting port 32700 at the respective environment's -redhat
server ip
address as defined in ~/secrets/configuration.yml
. As example, 42.67.232.56:32700
. The username to log in is admin
and the password is the password as defined at the respective environment's ["software"]["admin_password"]
entry.
Often disregarded, performance and capacity testing are crucial components of quality assurance. The risks of neglecting performance and capacity testing include downtime, SEO impacts, gaps in analytics, poor user experience, and unknown ability to scale.
With Catapult's exactly duplicated configuration, even the Test environment can accurately represent the performance and capacity potential of the Production environment. ApacheBench is a powerful tool to test request performance and concurrency - macOS includes ApacheBench out of the box, while this StackOverflow post details how to get up and running on Windows.
ApacheBench enables us to perform both performance and capacity testing. Each website has its own unique resource requirements and knowing these requirements are paramount to the performance, capacity, and uptime of your website.
Performance testing
Capacity testing
Using a website with historical Google Analytics data, access the Audience Overview and find the busiest Pageview day from the past 30 days, and then drill into that date. Find the hour with the most page views, and then the accompanying Avg. Session Duration. Using the following formula, we are able to find the Concurrency Maxiumum.
(Pageviews x Avg. Session Duration in seconds) / 3,600 seconds = Concurrency Maximum
365,000 pageviews per month
Take a website with an average of 500 pageviews per hour, or 365,000 pageviews per month, which has a busiest hour of 1,000 pageviews.
Pageviews | Avg. Session Duration | Total Session Seconds | Concurrency Maximum |
---|---|---|---|
1,000 | 60 minutes (3,600 seconds) | 3,600,000 | 1,000 |
1,000 | 10 minutes (600 seconds) | 600,000 | 166 |
1,000 | 5 minutes (300 seconds) | 300,000 | 88 |
1,000 | 1 minute (60 seconds) | 60,000 | 16 |
100 concurrent requests performed 10 times
ab -l -r -n 1000 -c 100 -H "Accept-Encoding: gzip, deflate" http://test.drupal7.devopsgroup.io/
14,600 pageviews per month
Take a website with an average of 20 pageviews per hour, or 14,600 pageviews per month, which has a busiest hour of 100 pageviews.
Pageviews | Avg. Session Duration | Total Session Seconds | Concurrency Maximum |
---|---|---|---|
100 | 60 minutes (3,600 seconds) | 36,000 | 1,000 |
100 | 10 minutes (600 seconds) | 60,000 | 16 |
100 | 5 minutes (300 seconds) | 30,000 | 8 |
100 | 1 minute (60 seconds) | 6,000 | 1.6 |
10 concurrent requests performed 10 times
ab -l -r -n 100 -c 10 -H "Accept-Encoding: gzip, deflate" http://test.drupal7.devopsgroup.io/
Using a satisfied Apdex of 7 seconds, we can see that 98% of users would be satisfied.
Percentage of the requests served within a certain time (ms)
50% 19
66% 21
75% 24
80% 27
90% 34
95% 3968
98% 6127
99% 7227
100% 7325 (longest request)
This section outlines Catapult usage and maintenance.
In the LocalDev environment, convenience commands are provided for use with Vagrant. These allow you to execute reload
, provision
, or up
against both dev environment VMs with a single command. Simply use dev
as the machine name; e.g. vagrant reload dev
or vagrant provision dev
.
As your team members change, there may be a need to rotate Catapult secrets. The following is the recommended method and order to do so.
~/secrets/configuration-user.yml["settings"]["gpg_key"]
~secrets/configuration.yml
with the new GPG passphrase: gpg --verbose --batch --yes --passphrase "[insert newly generated passphrase here]" --output secrets/configuration.yml.gpg --armor --cipher-algo AES256 --symmetric secrets/configuration.yml
~secrets/id_rsa
with the new GPG passphrase: gpg --verbose --batch --yes --passphrase "[insert newly generated passphrase here]" --output secrets/id_rsa.gpg --armor --cipher-algo AES256 --symmetric secrets/id_rsa
~secrets/secrets/id_rsa.pub
with the new GPG passphrase: gpg --verbose --batch --yes --passphrase "[insert newly generated passphrase here]" --output secrets/id_rsa.pub.gpg --armor --cipher-algo AES256 --symmetric secrets/id_rsa.pub
develop
branch, then ensure the TEST Bamboo build plan's jobs have the updated GPG passphrase, and run the build for confirmation.develop
into the release
branch, then ensure the QC Bamboo build plan's jobs have the updated GPG passphrase, and run the build for confirmation.release
into the master
branch, then ensure the PROD Bamboo build plan's jobs have the updated GPG passphrase, and run the build for confirmation. ~/secrets/configuration.yml
with the new credential and commit~/secrets/configuration.yml
with the new credential and commit~/secrets/configuration.yml
with the new credential and commit~/secrets/configuration.yml
with the new credential and commitBelow is a log of service-related troubleshooting. If you're having issues related to Catapult, submit a GitHub Issue.
Apple Silicon (M1 and M2 chips)
~/secrets/configuration-user.yml["settings"]["provider_dev"]
to vmware_fusion
Vagrant
sudo rm -Rf ~/.vagrant.d/gems/ && sudo rm ~/.vagrant.d/plugins.json
vagrant plugin install faraday --plugin-version=2.7.4
vagrant plugin install nokogiri --plugin-version=1.14.3
Here are some ways in which we welcome you to contribute to Catapult:
When you first set Catapult, a develop-catapult
branch is created for you under your forked repository with the git remote upstream set to https://github.com/devopsgroup-io/catapult.git
so that you can easily create a pull request. Also keep in mind when closing issues to submit a pull request that includes GitHub's: Closing issues via commit messages.
Releases are driven by the devopsgroup.io team and occur when accepting new pull requests from contributors like you. Releases follow Semantic Versioning 2.0.0. Given a version number MAJOR.MINOR.PATCH, increment the:
In addition, the release version number will be prefaced with a v
(v1.0.0) to conform to standard practice.
As part of a new release, the version number in ~/VERSION.yml
will be incremented and git tagged with the same version number along with a GitHub Release.
The Catapult team values partnerships and continuous improvement.
Catapult is making the conference tour! We plan to attend the following conferences, with more to come. Get a chance to see Catapult in action, presented by it's core developers.
Catapult will also be seen throughout local meetups in the Philadelphia and Greater Philadelphia area! Get a chance to meet the team and engage at a personal level.