M_Kececi/bssapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source
This commit is contained in:
M_Kececi
2026-02-18 17:35:15 +03:00
parent de58ef1043
commit 7184a40dd3
1 changed files with 47 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
deploy/deploy.sh
View File

@@ -21,13 +21,16 @@ RUNTIME_PRESERVE_FILES=(
"svc/public" "svc/public"
) )
log_step() {
echo "== $1 =="
}
backup_runtime_files() { backup_runtime_files() {
RUNTIME_BACKUP_DIR="$(mktemp -d /tmp/bssapp-runtime.XXXXXX)" RUNTIME_BACKUP_DIR="$(mktemp -d /tmp/bssapp-runtime.XXXXXX)"
for rel in "${RUNTIME_PRESERVE_FILES[@]}"; do for rel in "${RUNTIME_PRESERVE_FILES[@]}"; do
src="$APP_DIR/$rel" src="$APP_DIR/$rel"
dst="$RUNTIME_BACKUP_DIR/$rel" dst="$RUNTIME_BACKUP_DIR/$rel"
if [[ -e "$src" ]]; then if [[ -e "$src" ]]; then
mkdir -p "$(dirname "$dst")" mkdir -p "$(dirname "$dst")"
cp -a "$src" "$dst" cp -a "$src" "$dst"
@@ -48,8 +51,6 @@ cleanup_runtime_backup() {
} }
ensure_runtime_env_files() { ensure_runtime_env_files() {
# Bazı unit dosyaları EnvironmentFile olarak bu path'leri bekliyor.
# Dosyalar yoksa systemd "Failed to load environment files" ile düşüyor.
[[ -f "$APP_DIR/.env" ]] || touch "$APP_DIR/.env" [[ -f "$APP_DIR/.env" ]] || touch "$APP_DIR/.env"
[[ -f "$APP_DIR/mail.env" ]] || touch "$APP_DIR/mail.env" [[ -f "$APP_DIR/mail.env" ]] || touch "$APP_DIR/mail.env"
[[ -f "$APP_DIR/svc/.env" ]] || touch "$APP_DIR/svc/.env" [[ -f "$APP_DIR/svc/.env" ]] || touch "$APP_DIR/svc/.env"
@@ -57,8 +58,8 @@ ensure_runtime_env_files() {
} }
ensure_pdf_fonts() { ensure_pdf_fonts() {
font_dir="$APP_DIR/svc/fonts" local font_dir="$APP_DIR/svc/fonts"
sys_font_dir="/usr/share/fonts/truetype/dejavu" local sys_font_dir="/usr/share/fonts/truetype/dejavu"
mkdir -p "$font_dir" mkdir -p "$font_dir"
@@ -70,34 +71,32 @@ ensure_pdf_fonts() {
fi fi
if [[ ! -f "$font_dir/DejaVuSans.ttf" || ! -f "$font_dir/DejaVuSans-Bold.ttf" ]]; then if [[ ! -f "$font_dir/DejaVuSans.ttf" || ! -f "$font_dir/DejaVuSans-Bold.ttf" ]]; then
echo "ERROR: Required PDF fonts missing in $font_dir (DejaVuSans.ttf / DejaVuSans-Bold.ttf)" echo "ERROR: Required PDF fonts missing in $font_dir"
return 1 return 1
fi fi
} }
ensure_ui_permissions() { ensure_ui_permissions() {
ui_root="$APP_DIR/ui/dist/spa" local ui_root="$APP_DIR/ui/dist/spa"
if [[ ! -d "$ui_root" ]]; then if [[ ! -d "$ui_root" ]]; then
echo "ERROR: UI build output not found at $ui_root" echo "ERROR: UI build output not found at $ui_root"
return 1 return 1
fi fi
# Nginx must be able to traverse parent directories and read built assets. chmod 755 /opt "$APP_DIR" "$APP_DIR/ui" "$APP_DIR/ui/dist" "$ui_root"
chmod 755 "$APP_DIR" "$APP_DIR/ui" "$APP_DIR/ui/dist" "$ui_root"
find "$ui_root" -type d -exec chmod 755 {} \; find "$ui_root" -type d -exec chmod 755 {} \;
find "$ui_root" -type f -exec chmod 644 {} \; find "$ui_root" -type f -exec chmod 644 {} \;
} }
ensure_ui_readable_by_nginx() { ensure_ui_readable_by_nginx() {
ui_index="$APP_DIR/ui/dist/spa/index.html" local ui_index="$APP_DIR/ui/dist/spa/index.html"
if [[ ! -f "$ui_index" ]]; then if [[ ! -f "$ui_index" ]]; then
echo "ERROR: UI index not found at $ui_index" echo "ERROR: UI index not found at $ui_index"
return 1 return 1
fi fi
# Verify nginx user can read index.html and traverse parent directories.
if id -u www-data >/dev/null 2>&1; then if id -u www-data >/dev/null 2>&1; then
if ! su -s /bin/sh -c "test -r '$ui_index'" www-data; then if ! su -s /bin/sh -c "test -r '$ui_index'" www-data; then
echo "ERROR: www-data cannot read $ui_index" echo "ERROR: www-data cannot read $ui_index"
@@ -109,7 +108,7 @@ ensure_ui_readable_by_nginx() {
build_api_binary() { build_api_binary() {
if ! command -v go >/dev/null 2>&1; then if ! command -v go >/dev/null 2>&1; then
echo "go command not found; cannot build backend binary." echo "ERROR: go command not found"
return 1 return 1
fi fi
@@ -123,6 +122,26 @@ build_api_binary() {
chmod +x "$APP_DIR/svc/bssapp" chmod +x "$APP_DIR/svc/bssapp"
} }
restart_services() {
systemctl daemon-reload || true
systemctl restart bssapp
if ! systemctl is-active --quiet bssapp; then
echo "ERROR: bssapp service failed to start"
return 1
fi
if systemctl cat nginx >/dev/null 2>&1; then
systemctl restart nginx
if ! systemctl is-active --quiet nginx; then
echo "ERROR: nginx service failed to start"
return 1
fi
else
echo "WARN: nginx service not found; frontend may be unreachable."
fi
}
run_deploy() { run_deploy() {
trap cleanup_runtime_backup EXIT trap cleanup_runtime_backup EXIT
@@ -138,7 +157,7 @@ run_deploy() {
cd "$APP_DIR" cd "$APP_DIR"
echo "== GIT SYNC ==" log_step "GIT SYNC"
backup_runtime_files backup_runtime_files
git fetch origin git fetch origin
git reset --hard origin/master git reset --hard origin/master
@@ -151,57 +170,43 @@ run_deploy() {
-e svc/public \ -e svc/public \
-e svc/bssapp -e svc/bssapp
restore_runtime_files restore_runtime_files
echo "DEPLOY COMMIT: $(git rev-parse --short HEAD)"
echo "== BUILD UI ==" log_step "BUILD UI"
cd "$APP_DIR/ui" cd "$APP_DIR/ui"
npm ci --no-audit --no-fund --include=optional npm ci --no-audit --no-fund --include=optional
# Linux'ta sass --embedded hatasını engellemek için
# deploy sırasında çalışan node_modules ağacına doğrudan yazıyoruz.
npm i -D --no-audit --no-fund sass-embedded@1.93.2 npm i -D --no-audit --no-fund sass-embedded@1.93.2
npm run build npm run build
echo "== ENSURE UI PERMISSIONS ==" log_step "ENSURE UI PERMISSIONS"
ensure_ui_permissions ensure_ui_permissions
ensure_ui_readable_by_nginx ensure_ui_readable_by_nginx
echo "== BUILD API ==" log_step "BUILD API"
build_api_binary build_api_binary
echo "== ENSURE ENV FILES ==" log_step "ENSURE ENV FILES"
ensure_runtime_env_files ensure_runtime_env_files
echo "== ENSURE PDF FONTS ==" log_step "ENSURE PDF FONTS"
ensure_pdf_fonts ensure_pdf_fonts
echo "== RESTART SERVICES ==" log_step "RESTART SERVICES"
systemctl restart bssapp restart_services
if systemctl cat nginx >/dev/null 2>&1; then
systemctl restart nginx
if ! systemctl is-active --quiet nginx; then
echo "ERROR: nginx service failed to start"
return 1
fi
else
echo "WARN: nginx service not found; frontend may be unreachable."
fi
if ! systemctl is-active --quiet bssapp; then
echo "ERROR: bssapp service failed to start"
return 1
fi
echo "[DEPLOY FINISHED] $(date '+%F %T')" echo "[DEPLOY FINISHED] $(date '+%F %T')"
} }
if [[ "${1:-}" == "--run" ]]; then if [[ "${1:-}" == "--run" ]]; then
mkdir -p "$(dirname "$LOG_FILE")" mkdir -p "$(dirname "$LOG_FILE")"
# Stream deploy output both to file and journald (tag: bssapp-deploy). if command -v logger >/dev/null 2>&1; then
run_deploy 2>&1 | tee -a "$LOG_FILE" >(logger -t bssapp-deploy -p user.info) run_deploy 2>&1 | tee -a "$LOG_FILE" >(logger -t bssapp-deploy -p user.info)
exit ${PIPESTATUS[0]} exit ${PIPESTATUS[0]}
else
run_deploy >>"$LOG_FILE" 2>&1
exit $?
fi
fi fi
# Fully detach webhook-triggered process to avoid EPIPE from closed request sockets.
nohup /bin/bash "$0" --run </dev/null >/dev/null 2>&1 & nohup /bin/bash "$0" --run </dev/null >/dev/null 2>&1 &
exit 0 exit 0