Get deploy token#

Before performing any deployment task, run the Setup tasks below. Once done, run the Cleanup tasks below. If you haven’t already, please follow the Get started guide.


1. Update deploy repositories#

Ensure the deploy, pillar/private, salt/private and salt/maintenance repositories are on the default branch and are up-to-date. You can run this convenience script to run the appropriate git commands:


Check the output in case there are any issues switching to the default branch or any conflicts pulling from GitHub.

2. Update requirements#

Ensure you have the correct versions of dependencies. Activate your virtual environment, then run:


3. Check if Kingfisher is busy#


Skip this step unless you’re working on Kingfisher.

  1. Access Scrapyd’s web interface, click Jobs and look under Running. If any spiders are running, don’t deploy without the consent of data support managers.

  2. Connect to the Kingfisher server as the root user:

    curl --silent --connect-timeout 1 || true
  3. Check if any long-running tasks are running, by attaching to each session in tmux to see which commands are running. If any commands would be interrupted by the deployment, don’t deploy without the consent of the data support managers, who should be identified by the session names.

    To list all sessions:

    for i in root ocdskfp; do echo $i; su $i -c "tmux ls"; done
  4. If the postgres service would be restarted by the deployment (for example, due to a configuration change or a package upgrade), check if any long-running queries are running. If there are queries with a state of active and a time greater than an hour, don’t deploy without the consent of the data support managers, who should be identified by the usename, client_addr or comment at the start of query.

If you must deploy while spiders are running, see how to deploy Kingfisher Process without losing Scrapy requests.

4. Get deploy token#

Only one person should be making changes to a server at once. To implement this rule, the Deploy token document indicates who “holds the deploy token.” Whoever holds the deploy token is the only person who can make changes to any server, until the deploy token is released. If the document has “Held by: <NAME>”, that person holds the token. If it has “Held by: Nobody”, then the token is released. To hold the token:

  1. Go to the Deploy token document

    • If “Held by” is followed by a person’s name, wait until the deploy token is released

  2. Replace “Nobody” with your name


1. Release deploy token#

  1. Go to the Deploy token document

  2. Replace your name with “Nobody”

  3. Append an entry to the Deploy history spreadsheet