Follow-up to #255. With the Docker packaging landed, set up the deployment-side machinery: a fresh-VPS install script, systemd unit, and a GitHub Actions workflow that publishes the image to GHCR on pushes to main.
Scope
deploy/
install.sh # idempotent VPS bring-up
README.md # operations runbook
.github/workflows/
build-image.yml # build + push to ghcr.io/yearn/monitoring
Plus a small edit to docker/docker-compose.yml to flip the default MONITOR_IMAGE to ghcr.io/yearn/monitoring:latest.
deploy/install.sh
Trimmed-down version of tapired/liquidity-monitoring's deploy/install.sh. Steps, all idempotent (re-running on an already-provisioned box is safe):
- Install Docker Engine + compose plugin from the official Docker apt repo
git clone https://github.com/yearn/monitoring.git /srv/yearn-monitoring (or git pull if already present)- Create
/etc/yearn-monitoring/ (mode 750, root-owned), touch /etc/yearn-monitoring/.env with mode 600 — operator pastes secrets in by hand or via scp
- Install
/etc/systemd/system/yearn-monitoring.service that runs docker compose -f /srv/yearn-monitoring/docker/docker-compose.yml up -d and enables it on boot — gives reboot recovery without depending on restart: unless-stopped alone
Tested on Debian 12 (Hetzner CX22 default image), should work unchanged on Ubuntu 22.04+.
deploy/README.md
Runbook covering: first-time bring-up (install.sh + paste secrets + systemctl start), updating to a new image (docker compose pull && docker compose up -d), log access (docker logs -f yearn-monitor), cache reset (docker volume rm yearn-monitor_monitor-cache), and rotating Telegram tokens.
.github/workflows/build-image.yml
- Triggers:
push to main, release tags v*, workflow_dispatch
- Uses
docker/build-push-action@v6 with Buildx for linux/amd64 (Hetzner CX22 is x86)
- Tags:
latest, sha-<shortsha>, the tag name if it's a release
- Auth via
GITHUB_TOKEN (default packages: write permission, no PAT needed)
Verification
bash deploy/install.sh on a fresh Debian box → /srv/yearn-monitoring exists, systemd unit enabled, /etc/yearn-monitoring/.env skeleton in place- Paste secrets into
/etc/yearn-monitoring/.env; systemctl start yearn-monitoring
docker logs yearn-monitor shows supercronic startup and waits for the next cron tickdocker exec yearn-monitor python -m automation run multisig — Telegram receives the multisig digest- Push a branch —
build-image.yml builds and pushes sha-<short> to GHCR
- On the VPS:
MONITOR_IMAGE=ghcr.io/yearn/monitoring:sha-<short> docker compose up -d pulls and runs the freshly-pushed image
Follow-up to #255. With the Docker packaging landed, set up the deployment-side machinery: a fresh-VPS install script, systemd unit, and a GitHub Actions workflow that publishes the image to GHCR on pushes to main.
Scope
Plus a small edit to
docker/docker-compose.ymlto flip the defaultMONITOR_IMAGEtoghcr.io/yearn/monitoring:latest.deploy/install.shTrimmed-down version of
tapired/liquidity-monitoring'sdeploy/install.sh. Steps, all idempotent (re-running on an already-provisioned box is safe):git clone https://github.com/yearn/monitoring.git /srv/yearn-monitoring(orgit pullif already present)/etc/yearn-monitoring/(mode 750, root-owned),touch /etc/yearn-monitoring/.envwith mode 600 — operator pastes secrets in by hand or viascp/etc/systemd/system/yearn-monitoring.servicethat runsdocker compose -f /srv/yearn-monitoring/docker/docker-compose.yml up -dand enables it on boot — gives reboot recovery without depending onrestart: unless-stoppedaloneTested on Debian 12 (Hetzner CX22 default image), should work unchanged on Ubuntu 22.04+.
deploy/README.mdRunbook covering: first-time bring-up (
install.sh+ paste secrets +systemctl start), updating to a new image (docker compose pull && docker compose up -d), log access (docker logs -f yearn-monitor), cache reset (docker volume rm yearn-monitor_monitor-cache), and rotating Telegram tokens..github/workflows/build-image.ymlpushtomain,releasetagsv*,workflow_dispatchdocker/build-push-action@v6with Buildx forlinux/amd64(Hetzner CX22 is x86)latest,sha-<shortsha>, the tag name if it's a releaseGITHUB_TOKEN(defaultpackages: writepermission, no PAT needed)Verification
bash deploy/install.shon a fresh Debian box →/srv/yearn-monitoringexists, systemd unit enabled,/etc/yearn-monitoring/.envskeleton in place/etc/yearn-monitoring/.env;systemctl start yearn-monitoringdocker logs yearn-monitorshows supercronic startup and waits for the next cron tickdocker exec yearn-monitor python -m automation run multisig— Telegram receives the multisig digestbuild-image.ymlbuilds and pushessha-<short>to GHCRMONITOR_IMAGE=ghcr.io/yearn/monitoring:sha-<short> docker compose up -dpulls and runs the freshly-pushed image