ilia
0a937fd1b4
All checks were successful
CI / skip-ci-check (push) Successful in 1m23s
CI / lint-and-test (push) Successful in 1m27s
CI / ansible-validation (push) Successful in 2m59s
CI / secret-scanning (push) Successful in 1m24s
CI / dependency-scan (push) Successful in 1m29s
CI / sast-scan (push) Successful in 2m41s
CI / license-check (push) Successful in 1m27s
CI / vault-check (push) Successful in 2m29s
CI / playbook-test (push) Successful in 2m38s
CI / container-scan (push) Successful in 1m56s
CI / sonar-analysis (push) Successful in 2m33s
CI / workflow-summary (push) Successful in 1m21s
## Summary Improves deployment reliability for app projects and adds support for mirrormatch deployment with Prisma/Next.js requirements. ## Changes ### Core Improvements (affects all app projects) 1. **Deploy Script (`deploy_app.sh.j2`)** - Fixed clone logic to handle non-git directories gracefully - Preserves `.env.*` files during repository clone - Uses temporary directory for initial clone to avoid permission issues - Added `sudo` to systemctl restart commands (appuser needs sudo for service management) 2. **Environment Template (`env.j2`)** - Removed comment lines to prevent `xargs` errors when sourcing env files - Cleaner, more reliable env file format 3. **App Setup Role (`app_setup/tasks/main.yml`)** - Added initial deploy task to run deploy script during first configure - Ensures app is fully deployed before systemd service starts 4. **Configure Playbook (`configure_app.yml`)** - Fixed migrate command precedence: checks `env_def.backend_migrate_cmd` first - Allows per-environment override of migrate commands (e.g., `db:push` for dev/qa) ### Mirrormatch-Specific Configuration - Added `mirrormatch` project definition with dev/qa/prod environments - Configured `backend_migrate_cmd: "npm run db:push"` for dev/qa (no shadow DB needed) - Added `backend_seed_cmd` support for dev/qa environments - Configured NextAuth v5 environment variables (`AUTH_TRUST_HOST`) ### Documentation - Updated `docs/guides/app_stack_proxmox.md` with: - Project-specific configuration examples - Environment file naming notes - Command precedence documentation ## Impact Analysis ### ✅ Backward Compatible - **pote**: No impact (uses separate `pote` role) - **punimTagFE/BE**: Will benefit from improved deploy script, no breaking changes - **mirrormatch**: Uses new features, fully supported ### Project-Specific Configs (isolated) All mirrormatch-specific settings are in `app_projects.mirrormatch` and don't affect other projects: - `backend_migrate_cmd: "npm run db:push"` (per-environment) - `backend_seed_cmd: "npm run db:seed"` (per-environment) - `AUTH_TRUST_HOST: "true"` (in env_vars) ## Testing - ✅ Mirrormatch dev environment successfully deployed - ✅ Service starts correctly after deployment - ✅ Environment variables loaded properly - ✅ Database schema pushed and seeded ## Related Fixes deployment issues encountered during mirrormatch setup: - Non-git directory handling - Env file preservation during clone - Service restart permissions - Prisma migrate vs db:push workflow Reviewed-on: #5
101 lines
2.6 KiB
Django/Jinja
101 lines
2.6 KiB
Django/Jinja
#!/usr/bin/env bash
|
|
# Ansible-managed deploy script
|
|
set -euo pipefail
|
|
|
|
REPO_URL="{{ app_repo_url }}"
|
|
BRANCH="{{ app_repo_branch }}"
|
|
APP_ROOT="{{ app_repo_dest }}"
|
|
BACKEND_DIR="{{ app_backend_dir }}"
|
|
FRONTEND_DIR="{{ app_frontend_dir }}"
|
|
ENV_FILE="{{ app_root }}/.env.{{ app_env }}"
|
|
|
|
echo "[deploy] repo=${REPO_URL} branch=${BRANCH} root=${APP_ROOT}"
|
|
|
|
# Load env for build/migrate steps (needed for Prisma/Next build)
|
|
if [[ -f "${ENV_FILE}" ]]; then
|
|
set -a
|
|
# shellcheck disable=SC1090
|
|
source "${ENV_FILE}"
|
|
set +a
|
|
fi
|
|
|
|
if [[ ! -d "${APP_ROOT}/.git" ]]; then
|
|
echo "[deploy] cloning repo"
|
|
|
|
# Preserve existing env files
|
|
env_tmp="$(mktemp -d)"
|
|
shopt -s nullglob dotglob
|
|
for f in "${APP_ROOT}"/.env.*; do
|
|
[[ -f "$f" ]] && cp "$f" "${env_tmp}/" || true
|
|
done
|
|
shopt -u nullglob dotglob
|
|
|
|
# Clone to temp location
|
|
clone_tmp="$(mktemp -d)"
|
|
git clone --branch "${BRANCH}" --single-branch "${REPO_URL}" "${clone_tmp}/repo"
|
|
|
|
# Clean app root (keep directory and .env files)
|
|
find "${APP_ROOT}" -mindepth 1 -maxdepth 1 ! -name '.env.*' -exec rm -rf {} + 2>/dev/null || true
|
|
|
|
# Move cloned repo contents to app root (including hidden files)
|
|
shopt -s dotglob
|
|
mv "${clone_tmp}/repo"/* "${APP_ROOT}"/ 2>/dev/null || true
|
|
shopt -u dotglob
|
|
rm -rf "${clone_tmp}"
|
|
|
|
# Restore env files
|
|
shopt -s nullglob
|
|
for f in "${env_tmp}"/.env.*; do
|
|
[[ -f "$f" ]] && cp "$f" "${APP_ROOT}/" || true
|
|
done
|
|
shopt -u nullglob
|
|
rm -rf "${env_tmp}"
|
|
fi
|
|
|
|
echo "[deploy] syncing branch"
|
|
git -C "${APP_ROOT}" fetch origin --prune
|
|
if ! git -C "${APP_ROOT}" rev-parse --verify --quiet "refs/remotes/origin/${BRANCH}" >/dev/null; then
|
|
echo "[deploy] ERROR: branch '${BRANCH}' not found on origin"
|
|
exit 2
|
|
fi
|
|
git -C "${APP_ROOT}" checkout -B "${BRANCH}" "origin/${BRANCH}"
|
|
git -C "${APP_ROOT}" pull --ff-only origin "${BRANCH}"
|
|
|
|
if [[ "{{ app_enable_backend | bool }}" == "True" ]]; then
|
|
echo "[deploy] backend install"
|
|
cd "${BACKEND_DIR}"
|
|
{{ app_backend_install_cmd }}
|
|
|
|
echo "[deploy] backend build"
|
|
{{ app_backend_build_cmd }}
|
|
|
|
echo "[deploy] backend migrations"
|
|
{{ app_backend_migrate_cmd }}
|
|
|
|
{% if app_backend_seed_cmd | default('') | length > 0 %}
|
|
echo "[deploy] backend seed"
|
|
{{ app_backend_seed_cmd }}
|
|
{% endif %}
|
|
fi
|
|
|
|
if [[ "{{ app_enable_frontend | bool }}" == "True" ]]; then
|
|
echo "[deploy] frontend install"
|
|
cd "${FRONTEND_DIR}"
|
|
{{ app_frontend_install_cmd }}
|
|
|
|
echo "[deploy] frontend build"
|
|
{{ app_frontend_build_cmd }}
|
|
fi
|
|
|
|
echo "[deploy] restarting services"
|
|
{% if app_enable_backend | bool %}
|
|
sudo systemctl restart app-backend.service
|
|
{% endif %}
|
|
{% if app_enable_frontend | bool %}
|
|
sudo systemctl restart app-frontend.service
|
|
{% endif %}
|
|
|
|
echo "[deploy] done"
|
|
|
|
|