Advent 2023: A deploy script

For the fourth day of 2023 advent blogging, I'm sharing a tool I've used to simplify deployment.

I've tried a lot of things for easing deployment over the years, ranging from Zend Server to AWS Code Deploy, to Deployer, and a whole lot of scripts I've rolled out on my own over the years.

I'm finding that as time goes by, simpler is better.

To that end, I've been using the following script,, to deploy a number of websites the last couple years.

It has minimal requirements:

  • It requires the GITHUB_TOKEN and GITHUB_USERNAME ENV variables; this is so it can pull repositories as needed. I set these on my server.
  • It accepts two arguments:
    • The GitHub repository it will be deploying
    • A commit SHA from that repo to deploy

From there, it does the following:

  • It checks out the given repo at the given commit within a deployment tree.
  • If there is an env-version file, it pulls that from a local configuration store, and inserts it as .env in the checkout. I have a script that will push a named env file with a revision into object storage, which is then mapped into the server; it copies from there based on the env-version.
  • If the checkout has a .deploy/ script, it uses that to build the application; otherwise, it runs docker compose build.
  • It identifies the running application, if any, from the current/ symlink in the deployment directory, and stops it. If that version has a .deploy/ script, it will run that; otherwise it runs docker compose down.
  • If the new release checkout has a .deploy/ script, it runs that; otherwise, it runs docker compose up -d.
  • It symlinks that previously running application directory to previous/.
  • It symlinks the new release to current/.
  • If there are more than 5 releases present, it removes the oldest ones.

This gives me the flexibility to write just about anything I need for a given application, while keeping a very generic process otherwise (using docker compose).

On the github side of things, I register secrets for the SSH host, user, and key, and have a github action that uses those to SSH to the machine and execute that script..

The full script:


set -e

deploy() {
    local release_path="$1"

    cd "${release_path}"
    if [ -f "${release_path}/.deploy/" ]; then
        /bin/bash .deploy/
        echo "Starting deployment in ${release_path}"
        docker compose up -d

stop() {
    local release_path="$1"

    cd "${release_path}"
    if [ -f "${release_path}/.deploy/" ]; then
        /bin/bash .deploy/
        echo "Stopping deployment in ${release_path}"
        docker compose down

cleanup() {
    local base_dir="$1"
    local current_release="$2"
    local release
    local listing=()
    local releases=()

    cd "${base_dir}"

    # Get listing of directories, sorted chronologically, newest first
    mapfile -t listing < <(ls -t -d -- */)

    # Filter out symlinks for current and previous, and what was just released
    for release in "${listing[@]}"; do
        case "${release}" in
                releases+=( "${release}" )

    # Keep only the most recent 5 releases
    if [[ ${#releases[@]} -gt 5 ]]; then
        echo "Removing old releases"
        for release in "${releases[@]:5}"; do
            echo "- Removing ${release}"
            rm -rf "${base_dir:?}/${release}"

if [ "${GITHUB_TOKEN}" == "" ] || [ "${GITHUB_USERNAME}" == "" ];then
    echo "Missing github login information"
    exit 1;

if [ $# -lt 2 ];then
    echo "Missing required arguments"
    echo ""
    echo "Usage:"
    echo "  ${0} <repo> <sha>"
    echo ""
    echo "where <repo> is a repository under${GITHUB_USERNAME}, and"
    echo "<sha> is the commit to deploy."
    exit 1;

# Get just the repo name
# This directory must exist; usually it will be a mount to S3-compatible
# object storage

# Prepare deployment directory, if it does not exist
if [ ! -d "${BASEDIR}" ];then
    echo "Creating deployment directory ${BASEDIR}"
    mkdir -p "${BASEDIR}"

# Memoize "current" directory as PREVIOUS, if it exists
if [ -d "${BASEDIR}/current" ];then
    PREVIOUS=$(realpath "${BASEDIR}/current")

# Prepare new release
echo "Preparing release directory based on commit ${SHA}"
git clone --depth=1 --recurse-submodules "https://${GITHUB_USERNAME}:${GITHUB_TOKEN}${GITHUB_USERNAME}/${REPO}.git" "${DEPLOY_DIR}"
cd "${DEPLOY_DIR}"
git checkout "${SHA}"

# Get env file
if [ -f "${DEPLOY_DIR}/env-version" ];then
    echo "Found env-version file; fetching production env"
    ENV_FILE="${SITE_CONFIG_DIR}/$(cat "${DEPLOY_DIR}/env-version")"

    if [ ! -f "${ENV_FILE}" ];then
        echo "FAILED - site config file specified in env-version not found"
        exit 1;

    cp "${ENV_FILE}" "${DEPLOY_DIR}/.env"

# Build
cd "${DEPLOY_DIR}"

if [ -f "${DEPLOY_DIR}/.deploy/" ]; then
    /bin/bash .deploy/
    if [ -f "${DEPLOY_DIR}/.deploy/" ];then
        # This can be used to do things like create volumes
        echo "Building containers"
        echo "- Executing pre-build step"
        /bin/bash .deploy/
    docker compose build


# Stop previous
if [ "${PREVIOUS}" != "" ];then
    stop "${PREVIOUS}"

# Start new
echo "Starting deployment"

set +e
if ! deploy "${DEPLOY_DIR}"; then
    echo "FAILED deploying ${SHA}; rolling back"
    echo "- Stopping deployment"
    stop "${DEPLOY_DIR}"

    if [ "${PREVIOUS}" != "" ];then
        echo "- Restarting previous deployment"
        deploy "${PREVIOUS}"
    exit 1
set -e

cd "${BASEDIR}"
if [ "${PREVIOUS}" != "" ];then
    ln -fsn "$(basename "${PREVIOUS}")" previous
ln -fsn "${SHA}" current
echo "SUCCESS deploying ${SHA}"

cleanup "${BASEDIR}" "${SHA}"