circle-info
Read on newly released AI assisted Insights
flxbl docsarrow-up-right
search
Learn CD Concepts using LabsslackGitHub

Update

hashtag
sfp server update

Update a tenant's services to the latest version

hashtag
sfp server update

Update the SFP server services for a specified tenant to the latest or a specific version.

USAGE
  $ sfp server update -t <value> [-j] [--skip-backup] [--base-dir <value>]
    [--supabase-working-dir <value>] [--passphrase <value> [--identity-file
    <value> --ssh-connection <value>]] [-r <value>] [--docker-tag <value>]
    [--restart] [--config-file <value>] [--infisical-token <value>
    --secrets-provider infisical|aws-secretsmanager|custom] [--aws-region
    <value>] [--aws-access-key-id <value>] [--aws-secret-access-key <value>]
    [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -t, --tenant=<value>              (required) Name of the tenant to update
  -j, --[no-]json                   Output in JSON format
  -r, --cadence=<value>             [default: latest] The default cadence to use for updates
  --docker-tag=<value>              Docker image tag to deploy (overrides cadence)
  --[no-]restart                    Restart services after update
  --skip-backup                     Skip backing up current configuration
  --base-dir=<value>                [default: ./sfp-server] Base Directory which contains the sfp-server
  --supabase-working-dir=<value>    Working directory which contains supabase configuration
  --config-file=<value>             Path to JSON config file containing server configuration values
  
  SSH OPTIONS
  --ssh-connection=<value>          SSH connection string in the format user@host[:port]
  --identity-file=<value>           Path to SSH private key file
  --passphrase=<value>              Passphrase for the SSH private key if required
  
  SECRETS MANAGEMENT
  --secrets-provider=<option>       [default: custom] Secret provider to use for managing secrets
                                    <options: infisical|aws-secretsmanager|custom>
  --infisical-token=<value>         Infisical API token (required when secrets-provider is "infisical")
  --aws-region=<value>              AWS region for Secrets Manager (required when secrets-provider is "aws-secretsmanager")
  --aws-access-key-id=<value>       AWS access key ID (optional, can use instance profile)
  --aws-secret-access-key=<value>   AWS secret access key (optional, can use instance profile)
  
  OTHER OPTIONS
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs
  --loglevel=<option>               [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

DESCRIPTION
  Update a tenant's services to the latest version

  This command performs:
  1. Backs up current configuration (unless --skip-backup is used)
  2. Pulls latest Docker images
  3. Updates configuration files
  4. Applies database migrations if needed
  5. Optionally restarts services

  Secrets Management:
  This command supports multiple options for secrets management:
  - infisical: Use Infisical as a dedicated secrets manager
  - aws-secretsmanager: Use AWS Secrets Manager
  - custom: Use environment variables (recommended when using tools like "infisical run" or AWS CLI)

EXAMPLES
  $ sfp server update --tenant my-tenant

  $ sfp server update --tenant my-tenant --skip-backup

  $ sfp server update --tenant my-tenant --docker-tag pr-123-dev

  $ sfp server update --tenant my-tenant --restart

  $ sfp server update --tenant my-tenant --ssh-connection user@remote-server --identity-file ~/.ssh/id_rsa

  $ infisical run -- sfp server update --tenant my-app --secrets-provider custom

hashtag
Update Strategies

hashtag
Latest Version (Default)

Update to the latest stable release:

hashtag
Specific Version

Update to a specific Docker tag:

hashtag
Preview/Development Version

Update to a preview build:

hashtag
Update Options

hashtag
With Automatic Restart

Update and restart services automatically:

hashtag
Skip Backup

Update without creating a backup (use with caution):

hashtag
Update Process

The update process follows these steps:

  1. Backup Creation (unless skipped)

    • Configuration files

    • Environment variables

    • Docker compose files

  2. Image Updates

    • Pull latest Docker images

    • Verify image integrity

  3. Configuration Updates

    • Update docker-compose.yml

    • Update Caddy configuration

    • Apply environment changes

  4. Database Migrations

    • Check for pending migrations

    • Apply migrations if needed

  5. Service Restart (if requested)

    • Gracefully stop services

    • Start with new configuration

hashtag
Remote Server Updates

Update a tenant on a remote server:

hashtag
Rollback Procedure

If an update fails, restore from backup:

hashtag
Best Practices

hashtag
Production Updates

  1. Always create a backup (default behavior)

  2. Test updates in staging first

  3. Schedule updates during maintenance windows

  4. Monitor services after update

hashtag
Zero-Downtime Updates

For minimal disruption:

hashtag
Output Format

hashtag
Standard Output

hashtag
JSON Output

Warning: Always ensure you have a recent backup before updating production servers.

Note: The --skip-backup flag should only be used when disk space is limited or when you have external backup procedures.

Last updated