From c0724a62c5e5742469339ec7aef4d0f509e10559 Mon Sep 17 00:00:00 2001 From: Tyler Hoang Date: Sat, 30 May 2026 00:26:08 -0700 Subject: fix: align deploy flow with post-receive checkout (no .git in /var/www) The working tree at /var/www/prism-v2 is populated by a post-receive hook that does `git --work-tree=... checkout -f`, so it has no .git directory. Drop git operations from deploy.sh and add scripts/post-receive.sample plus README setup for the bare repo + hook + sudoers wiring. Co-Authored-By: Claude Opus 4.7 --- scripts/deploy.sh | 52 +++++++++++++++++++--------------------------------- 1 file changed, 19 insertions(+), 33 deletions(-) (limited to 'scripts/deploy.sh') diff --git a/scripts/deploy.sh b/scripts/deploy.sh index f192e72..5eae840 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -2,12 +2,12 @@ # # Production deploy script for Prism v2. # -# Runs on the production server (in /var/www/prism-v2). Idempotent — handles -# both first-time install and redeploys. +# Runs on the production server, AFTER the working tree has been updated +# (typically by a git post-receive hook that does `git checkout -f` into +# /var/www/prism-v2). This script does NOT pull — it only builds + restarts. # # Usage: -# sudo ./scripts/deploy.sh # full deploy (pull + build + restart) -# sudo ./scripts/deploy.sh --no-pull # build + restart only (skip git pull) +# sudo ./scripts/deploy.sh # build + restart + smoke-check # sudo ./scripts/deploy.sh --install # also install systemd units + nginx site # sudo ./scripts/deploy.sh --help @@ -20,17 +20,15 @@ DOMAIN="${DOMAIN:-prism.tylerhoang.xyz}" BACKEND_SVC="prismv2-backend.service" FRONTEND_SVC="prismv2-frontend.service" -DO_PULL=1 DO_INSTALL=0 usage() { - sed -n '2,12p' "$0" | sed 's/^# \{0,1\}//' + sed -n '2,14p' "$0" | sed 's/^# \{0,1\}//' exit 0 } for arg in "$@"; do case "$arg" in - --no-pull) DO_PULL=0 ;; --install) DO_INSTALL=1 ;; -h|--help) usage ;; *) echo "Unknown arg: $arg" >&2; exit 2 ;; @@ -39,26 +37,13 @@ done log() { printf '\n=== %s ===\n' "$*"; } -require_root() { - if [[ $EUID -ne 0 ]]; then - echo "deploy.sh must be run as root (use sudo)" >&2 - exit 1 - fi -} - -run_as_app() { - # Run a command as APP_USER with HOME + NPM_CONFIG_CACHE set so npm/git work. - sudo -u "$APP_USER" \ - env HOME="$APP_DIR/frontend" \ - NPM_CONFIG_CACHE="$APP_DIR/frontend/.npm" \ - "$@" -} - -require_root +if [[ $EUID -ne 0 ]]; then + echo "deploy.sh must be run as root (use sudo)" >&2 + exit 1 +fi -if [[ ! -d "$APP_DIR/.git" ]]; then - echo "Not a checkout: $APP_DIR (expected $APP_DIR/.git)" >&2 - echo "Clone the repo to $APP_DIR first." >&2 +if [[ ! -d "$APP_DIR/backend" || ! -d "$APP_DIR/frontend" ]]; then + echo "Expected working tree at $APP_DIR (backend/ + frontend/ not found)" >&2 exit 1 fi @@ -66,13 +51,15 @@ cd "$APP_DIR" log "Ensuring ownership of $APP_DIR" chown -R "$APP_USER:$APP_GROUP" "$APP_DIR" -mkdir -p "$APP_DIR/frontend/.npm" -chown -R "$APP_USER:$APP_GROUP" "$APP_DIR/frontend/.npm" +install -d -o "$APP_USER" -g "$APP_GROUP" "$APP_DIR/frontend/.npm" +install -d -o "$APP_USER" -g "$APP_GROUP" "$APP_DIR/backend/data" -if [[ $DO_PULL -eq 1 ]]; then - log "git pull origin master" - sudo -u "$APP_USER" git -C "$APP_DIR" pull --ff-only origin master -fi +run_as_app() { + sudo -u "$APP_USER" \ + env HOME="$APP_DIR/frontend" \ + NPM_CONFIG_CACHE="$APP_DIR/frontend/.npm" \ + "$@" +} log "Backend: venv + dependencies" if [[ ! -x "$APP_DIR/backend/.venv/bin/pip" ]]; then @@ -108,7 +95,6 @@ if curl -fsS http://127.0.0.1:8001/health >/dev/null; then echo " backend /health OK" else echo " backend /health FAILED" >&2 - echo " journalctl -u $BACKEND_SVC -n 50 --no-pager:" >&2 journalctl -u "$BACKEND_SVC" -n 50 --no-pager >&2 || true exit 1 fi -- cgit v1.3-2-g0d8e