<aside> šŸšØ

DotCom is now a Cloud instance. For operational handbook, please refer to https://cloud-ops.sgdev.org/dashboard/environments/prod/instances/src-f475db9158c1422460dd. This page will be either archived or rewritten shortly.

</aside>

This page documents how to update Sourcegraph.com site configuration.

Also refer to [Sourcegraph.com (dotcom) operational playbooks](https://sourcegraph.notion.site/Sourcegraph-com-dotcom-operational-playbooks-b3b6e85251f6437499a68b449dc782af) for more general playbooks.

<aside> ā“ Why canā€™t I edit the page through the site-admin page? Site configuration for Sourcegraph.com is split into two files. One contains non-sensitive configurations and the other production secrets such as GitHub OAuth credentials. The instance loads site configuration from these files, and they cannot be edited from the Sourcegraph.com user interface.

</aside>

Non-sensitive configuration

Non-sensitive configurations and env vars are stored in anĀ overlay. Other config files can be found in theĀ overlay folder. To update the non-sensitive configuration, follow these steps:

  1. After your PR is approved, merge it with the ā€œreleaseā€ branch.
  2. Wait until the BuildkiteĀ buildĀ is green, so your changes are successfully deployed.
  3. Your changes will be result in the frontend being redeployed with a unique hash for the configuration change. SeeĀ ConfigMapGeneration
  4. Go toĀ https://sourcegraph.com/site-admin/configurationĀ to confirm that the non-sensitive configuration changes are live.

Sensitive configuration

Our site configuration contains many secrets like OAuth credentials. It isĀ stored in GSMĀ in theĀ sourcegraph-devĀ project. The secrets are synced to the cluster usingĀ Terraform, and is managed in theĀ dotcom workspaceĀ on Terraform Cloud.

To update secrets in site config for our Dotcom deployment, follow these steps:

  1. Use this Entitle link to gain Secrets Admin access to the sourcegraph-dev project.
  2. Navigate to the projectā€™s Google Secret Manager (GSM) resources.
  3. In GSM, copy the contents of the latest version of the secret and make the necessary changes.
  4. Create a new GSM secret version with the updated site configuration. Disable all previous versions.