From 7184a40dd3cffdc1bde2db76d386c5fbc0759b25 Mon Sep 17 00:00:00 2001 From: M_Kececi Date: Wed, 18 Feb 2026 17:35:15 +0300 Subject: [PATCH] Merge remote-tracking branch 'origin/master' --- deploy/deploy.sh | 89 +++++++++++++++++++++++++----------------------- 1 file changed, 47 insertions(+), 42 deletions(-) diff --git a/deploy/deploy.sh b/deploy/deploy.sh index a64c912..53b0d66 100644 --- a/deploy/deploy.sh +++ b/deploy/deploy.sh @@ -21,13 +21,16 @@ RUNTIME_PRESERVE_FILES=( "svc/public" ) +log_step() { + echo "== $1 ==" +} + backup_runtime_files() { RUNTIME_BACKUP_DIR="$(mktemp -d /tmp/bssapp-runtime.XXXXXX)" for rel in "${RUNTIME_PRESERVE_FILES[@]}"; do src="$APP_DIR/$rel" dst="$RUNTIME_BACKUP_DIR/$rel" - if [[ -e "$src" ]]; then mkdir -p "$(dirname "$dst")" cp -a "$src" "$dst" @@ -48,8 +51,6 @@ cleanup_runtime_backup() { } ensure_runtime_env_files() { - # Bazı unit dosyaları EnvironmentFile olarak bu path'leri bekliyor. - # Dosyalar yoksa systemd "Failed to load environment files" ile düşüyor. [[ -f "$APP_DIR/.env" ]] || touch "$APP_DIR/.env" [[ -f "$APP_DIR/mail.env" ]] || touch "$APP_DIR/mail.env" [[ -f "$APP_DIR/svc/.env" ]] || touch "$APP_DIR/svc/.env" @@ -57,8 +58,8 @@ ensure_runtime_env_files() { } ensure_pdf_fonts() { - font_dir="$APP_DIR/svc/fonts" - sys_font_dir="/usr/share/fonts/truetype/dejavu" + local font_dir="$APP_DIR/svc/fonts" + local sys_font_dir="/usr/share/fonts/truetype/dejavu" mkdir -p "$font_dir" @@ -70,34 +71,32 @@ ensure_pdf_fonts() { fi if [[ ! -f "$font_dir/DejaVuSans.ttf" || ! -f "$font_dir/DejaVuSans-Bold.ttf" ]]; then - echo "ERROR: Required PDF fonts missing in $font_dir (DejaVuSans.ttf / DejaVuSans-Bold.ttf)" + echo "ERROR: Required PDF fonts missing in $font_dir" return 1 fi } ensure_ui_permissions() { - ui_root="$APP_DIR/ui/dist/spa" + local ui_root="$APP_DIR/ui/dist/spa" if [[ ! -d "$ui_root" ]]; then echo "ERROR: UI build output not found at $ui_root" return 1 fi - # Nginx must be able to traverse parent directories and read built assets. - chmod 755 "$APP_DIR" "$APP_DIR/ui" "$APP_DIR/ui/dist" "$ui_root" + chmod 755 /opt "$APP_DIR" "$APP_DIR/ui" "$APP_DIR/ui/dist" "$ui_root" find "$ui_root" -type d -exec chmod 755 {} \; find "$ui_root" -type f -exec chmod 644 {} \; } ensure_ui_readable_by_nginx() { - ui_index="$APP_DIR/ui/dist/spa/index.html" + local ui_index="$APP_DIR/ui/dist/spa/index.html" if [[ ! -f "$ui_index" ]]; then echo "ERROR: UI index not found at $ui_index" return 1 fi - # Verify nginx user can read index.html and traverse parent directories. if id -u www-data >/dev/null 2>&1; then if ! su -s /bin/sh -c "test -r '$ui_index'" www-data; then echo "ERROR: www-data cannot read $ui_index" @@ -109,7 +108,7 @@ ensure_ui_readable_by_nginx() { build_api_binary() { if ! command -v go >/dev/null 2>&1; then - echo "go command not found; cannot build backend binary." + echo "ERROR: go command not found" return 1 fi @@ -123,6 +122,26 @@ build_api_binary() { chmod +x "$APP_DIR/svc/bssapp" } +restart_services() { + systemctl daemon-reload || true + + systemctl restart bssapp + if ! systemctl is-active --quiet bssapp; then + echo "ERROR: bssapp service failed to start" + return 1 + fi + + if systemctl cat nginx >/dev/null 2>&1; then + systemctl restart nginx + if ! systemctl is-active --quiet nginx; then + echo "ERROR: nginx service failed to start" + return 1 + fi + else + echo "WARN: nginx service not found; frontend may be unreachable." + fi +} + run_deploy() { trap cleanup_runtime_backup EXIT @@ -138,7 +157,7 @@ run_deploy() { cd "$APP_DIR" - echo "== GIT SYNC ==" + log_step "GIT SYNC" backup_runtime_files git fetch origin git reset --hard origin/master @@ -151,57 +170,43 @@ run_deploy() { -e svc/public \ -e svc/bssapp restore_runtime_files + echo "DEPLOY COMMIT: $(git rev-parse --short HEAD)" - echo "== BUILD UI ==" + log_step "BUILD UI" cd "$APP_DIR/ui" npm ci --no-audit --no-fund --include=optional - - # Linux'ta sass --embedded hatasını engellemek için - # deploy sırasında çalışan node_modules ağacına doğrudan yazıyoruz. npm i -D --no-audit --no-fund sass-embedded@1.93.2 - npm run build - echo "== ENSURE UI PERMISSIONS ==" + log_step "ENSURE UI PERMISSIONS" ensure_ui_permissions ensure_ui_readable_by_nginx - echo "== BUILD API ==" + log_step "BUILD API" build_api_binary - echo "== ENSURE ENV FILES ==" + log_step "ENSURE ENV FILES" ensure_runtime_env_files - echo "== ENSURE PDF FONTS ==" + log_step "ENSURE PDF FONTS" ensure_pdf_fonts - echo "== RESTART SERVICES ==" - systemctl restart bssapp - if systemctl cat nginx >/dev/null 2>&1; then - systemctl restart nginx - if ! systemctl is-active --quiet nginx; then - echo "ERROR: nginx service failed to start" - return 1 - fi - else - echo "WARN: nginx service not found; frontend may be unreachable." - fi - - if ! systemctl is-active --quiet bssapp; then - echo "ERROR: bssapp service failed to start" - return 1 - fi + log_step "RESTART SERVICES" + restart_services echo "[DEPLOY FINISHED] $(date '+%F %T')" } if [[ "${1:-}" == "--run" ]]; then mkdir -p "$(dirname "$LOG_FILE")" - # Stream deploy output both to file and journald (tag: bssapp-deploy). - run_deploy 2>&1 | tee -a "$LOG_FILE" >(logger -t bssapp-deploy -p user.info) - exit ${PIPESTATUS[0]} + if command -v logger >/dev/null 2>&1; then + run_deploy 2>&1 | tee -a "$LOG_FILE" >(logger -t bssapp-deploy -p user.info) + exit ${PIPESTATUS[0]} + else + run_deploy >>"$LOG_FILE" 2>&1 + exit $? + fi fi -# Fully detach webhook-triggered process to avoid EPIPE from closed request sockets. nohup /bin/bash "$0" --run /dev/null 2>&1 & exit 0