Oliver/ppt-tool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ppt-tool/deploy.sh
Vadym Samoilenko 3077159da3 Fix redirect loop and login redirect for /ppt-tool deployment 
- Add basePath/assetPrefix to next.config.mjs (was only patched on server)
- Fix AuthGuard to use router.push('/login') instead of window.location.href
  (window.location ignores Next.js basePath, sent users to /login not /ppt-tool/login)
- Remove deploy.sh Step 10 deckforge.conf creation — DeckForge rules are now
  merged into optical-dev.oliver.solutions.conf alongside OliVAS config

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-19 21:57:45 +00:00

336 lines
16 KiB
Bash
Executable file
Raw Permalink Blame History

#!/usr/bin/env bash
# DeckForge Production Deploy Script
# Idempotent — safe to run multiple times
# Run as normal user; script uses sudo internally for privileged operations
set -euo pipefail
# ── Colours ──────────────────────────────────────────────────────────────────
RED='\033[0;31m'; YELLOW='\033[1;33m'; GREEN='\033[0;32m'; NC='\033[0m'
info() { echo -e "${GREEN}[deploy]${NC} $*"; }
warn() { echo -e "${YELLOW}[warn]${NC} $*"; }
error() { echo -e "${RED}[error]${NC} $*" >&2; }
# ── Sudo check (need it for apt/apache/ufw but NOT for git/docker) ────────────
if ! sudo -n true 2>/dev/null; then
warn "This script needs sudo for apt/apache/ufw — you may be prompted for your password."
fi
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# ── Default ports — read from .env first, then env, then hardcoded default ────
env_val() { local key=$1 def=$2; grep -E "^${key}=" .env 2>/dev/null | cut -d= -f2 | tr -d '"' | head -1 | grep -v '^$' || echo "$def"; }
API_PORT=${API_PORT:-$(env_val API_PORT 8000)}
WEB_PORT=${WEB_PORT:-$(env_val WEB_PORT 3000)}
PG_PORT=${PG_PORT:-$(env_val PG_PORT 5432)}
REDIS_PORT=${REDIS_PORT:-$(env_val REDIS_PORT 6379)}
# ─────────────────────────────────────────────────────────────────────────────
# STEP 1: Prerequisites — install missing packages
# ─────────────────────────────────────────────────────────────────────────────
info "Step 1: Checking prerequisites..."
install_if_missing() {
local cmd=$1; local pkg=${2:-$1}
if ! command -v "$cmd" &>/dev/null; then
info " Installing $pkg..."
sudo apt-get install -y "$pkg" -qq
else
info " $cmd: OK"
fi
}
sudo apt-get update -qq
install_if_missing docker docker.io
install_if_missing git git
install_if_missing curl curl
install_if_missing ss iproute2
install_if_missing ufw ufw
# Docker Compose plugin
if ! docker compose version &>/dev/null 2>&1; then
info " Installing docker-compose-plugin..."
sudo apt-get install -y docker-compose-plugin -qq
fi
# Apache2
if ! command -v apache2 &>/dev/null; then
info " Installing apache2..."
sudo apt-get install -y apache2 -qq
fi
# Enable required Apache modules
info " Enabling Apache modules..."
sudo a2enmod proxy proxy_http proxy_wstunnel headers rewrite -q
# ─────────────────────────────────────────────────────────────────────────────
# STEP 1.5: Port conflict check
# ─────────────────────────────────────────────────────────────────────────────
info "Step 1.5: Checking port availability..."
# Check if a port is in use by a NON-deckforge process
port_taken_by_other() {
local port=$1
# Check if anything is listening on this port
ss -tlnp 2>/dev/null | grep -qw ":${port}" || return 1
# Check if it belongs to OUR docker-compose project
local our_ids
our_ids=$(docker compose -f docker-compose.yml -f docker-compose.prod.yml ps -q 2>/dev/null || true)
if [[ -n "$our_ids" ]]; then
# shellcheck disable=SC2086
if docker inspect $our_ids 2>/dev/null | grep -q "\"HostPort\": \"${port}\""; then
return 1 # It's ours — will be replaced on restart
fi
fi
return 0 # Taken by someone else
}
# Find next free port starting from given port
find_free_port() {
local port=$1
while port_taken_by_other "$port"; do
port=$((port + 1))
done
echo "$port"
}
# Write or update a key in .env
set_env_port() {
local key=$1 val=$2
if grep -qE "^${key}=" .env 2>/dev/null; then
sed -i "s|^${key}=.*|${key}=${val}|" .env
else
echo "${key}=${val}" >> .env
fi
}
check_port() {
local port=$1
local varname=$2
local service=$3
if ! port_taken_by_other "$port"; then
info " Port $port ($service): OK"
return
fi
local new_port
new_port=$(find_free_port "$((port + 1))")
warn " Port $port ($service) is taken by another process — using $new_port instead"
eval "$varname=$new_port"
set_env_port "$varname" "$new_port"
info " Saved ${varname}=${new_port} to .env"
}
check_port "$API_PORT" API_PORT "api"
check_port "$WEB_PORT" WEB_PORT "web"
check_port "$PG_PORT" PG_PORT "postgres"
check_port "$REDIS_PORT" REDIS_PORT "redis"
export API_PORT WEB_PORT PG_PORT REDIS_PORT
# ─────────────────────────────────────────────────────────────────────────────
# STEP 2: Pull latest code
# ─────────────────────────────────────────────────────────────────────────────
info "Step 2: Pulling latest code..."
git pull origin main
# ─────────────────────────────────────────────────────────────────────────────
# STEP 3: Environment file
# ─────────────────────────────────────────────────────────────────────────────
info "Step 3: Checking .env..."
if [[ ! -f .env ]]; then
if [[ -f .env.example ]]; then
cp .env.example .env
warn ".env was missing — copied from .env.example"
warn "Edit .env with real secrets before continuing (Ctrl-C to abort)"
read -rp "Press Enter to continue or Ctrl-C to abort..."
else
error ".env and .env.example both missing. Cannot continue."
exit 1
fi
fi
# Ensure ALLOWED_ORIGINS contains the production domain
if ! grep -q "optical-dev.oliver.solutions" .env; then
warn "ALLOWED_ORIGINS may not include https://optical-dev.oliver.solutions — please verify"
fi
# Warn on default secrets
check_default() {
local key=$1; local default=$2
local val
val=$(grep -E "^${key}=" .env | cut -d= -f2- | tr -d '"' || true)
if [[ "$val" == "$default" || -z "$val" ]]; then
warn "${key} appears to be unset or default ('${default}') — change it!"
fi
}
check_default JWT_SECRET_KEY "changeme"
check_default DEV_AUTH_PASSWORD "changeme"
# ─────────────────────────────────────────────────────────────────────────────
# STEP 4: Patch next.config.mjs with basePath (build-time config)
# ─────────────────────────────────────────────────────────────────────────────
info "Step 4: Patching frontend/next.config.mjs with basePath..."
NEXT_CONFIG="frontend/next.config.mjs"
if grep -q 'basePath' "$NEXT_CONFIG"; then
info " basePath already present — skipping"
else
# Insert basePath + assetPrefix after "const nextConfig = {"
sed -i 's/const nextConfig = {/const nextConfig = {\n basePath: "\/ppt-tool",\n assetPrefix: "\/ppt-tool",/' "$NEXT_CONFIG"
info " Injected basePath and assetPrefix into $NEXT_CONFIG"
fi
# ─────────────────────────────────────────────────────────────────────────────
# STEP 5: Generate docker-compose.prod.yml with resolved ports
# ─────────────────────────────────────────────────────────────────────────────
info "Step 5: Writing docker-compose.prod.yml..."
# The file is already in the repo; just export port vars so Docker Compose
# variable substitution picks them up (already done via export above).
# Re-state for clarity:
info " API_PORT=$API_PORT WEB_PORT=$WEB_PORT PG_PORT=$PG_PORT REDIS_PORT=$REDIS_PORT"
# ─────────────────────────────────────────────────────────────────────────────
# STEP 6: Build Docker images
# ─────────────────────────────────────────────────────────────────────────────
info "Step 6: Building Docker images..."
docker compose -f docker-compose.yml -f docker-compose.prod.yml build
# ─────────────────────────────────────────────────────────────────────────────
# STEP 7: Start services (except nginx — Apache replaces it)
# ─────────────────────────────────────────────────────────────────────────────
info "Step 7: Starting services..."
docker compose -f docker-compose.yml -f docker-compose.prod.yml \
up -d postgres redis api worker web
# ─────────────────────────────────────────────────────────────────────────────
# STEP 8: Wait for Postgres to be ready
# ─────────────────────────────────────────────────────────────────────────────
info "Step 8: Waiting for Postgres..."
MAX_WAIT=30
for i in $(seq 1 $MAX_WAIT); do
if docker compose -f docker-compose.yml -f docker-compose.prod.yml \
exec -T postgres pg_isready -U deckforge &>/dev/null; then
info " Postgres ready (${i}s)"
break
fi
if [[ $i -eq $MAX_WAIT ]]; then
error "Postgres did not become ready within ${MAX_WAIT}s"
exit 1
fi
sleep 1
done
# ─────────────────────────────────────────────────────────────────────────────
# STEP 9: Database migrations + seed
# ─────────────────────────────────────────────────────────────────────────────
info "Step 9: Running Alembic migrations..."
docker compose -f docker-compose.yml -f docker-compose.prod.yml \
exec -T api alembic upgrade head
info " Running seed script (idempotent)..."
docker compose -f docker-compose.yml -f docker-compose.prod.yml \
exec -T api python -m scripts.seed || warn "Seed script failed or already seeded — continuing"
# ─────────────────────────────────────────────────────────────────────────────
# STEP 10: Apache configuration
# ─────────────────────────────────────────────────────────────────────────────
info "Step 10: Configuring Apache..."
# DeckForge rules are merged into optical-dev.oliver.solutions.conf (managed by OliVAS team).
# We only need to ensure deckforge.conf is disabled (if it still exists from a prior deploy)
# and reload Apache.
if [[ -L /etc/apache2/sites-enabled/deckforge.conf ]]; then
sudo a2dissite deckforge.conf -q || true
info " Disabled legacy deckforge.conf"
fi
# Disable default site if present
if [[ -L /etc/apache2/sites-enabled/000-default.conf ]]; then
sudo a2dissite 000-default.conf -q || true
info " Disabled 000-default.conf"
fi
# Health check page — Google LB requires GET / to return 200
sudo mkdir -p /var/www/html
sudo tee /var/www/html/index.html > /dev/null << 'EOF'
<!DOCTYPE html>
<html><head><meta http-equiv="refresh" content="0;url=/ppt-tool/"></head>
<body><a href="/ppt-tool/">DeckForge</a></body></html>
EOF
info " Health check page written to /var/www/html/index.html"
# Test Apache config before reloading
if sudo apache2ctl configtest 2>&1 | grep -q "Syntax OK"; then
sudo systemctl reload apache2
info " Apache reloaded"
else
error "Apache config test failed"
sudo apache2ctl configtest
exit 1
fi
# ─────────────────────────────────────────────────────────────────────────────
# STEP 11: UFW Firewall
# ─────────────────────────────────────────────────────────────────────────────
info "Step 11: Configuring UFW firewall..."
sudo ufw default deny incoming -y 2>/dev/null || true
sudo ufw default allow outgoing -y 2>/dev/null || true
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw --force enable
info " UFW enabled (22/tcp, 80/tcp allowed)"
# ─────────────────────────────────────────────────────────────────────────────
# STEP 12: Verification
# ─────────────────────────────────────────────────────────────────────────────
info "Step 12: Verifying deployment..."
FAIL=0
info " Waiting for API to be ready..."
API_OK=0
for i in $(seq 1 24); do
if curl -sf "http://127.0.0.1:${API_PORT}/docs" > /dev/null 2>&1; then
API_OK=1; break
fi
sleep 5
done
if [ "$API_OK" -eq 1 ]; then
info " API (port ${API_PORT}): OK"
else
warn " API (port ${API_PORT}): not responding — check 'docker compose logs api'"
FAIL=1
fi
info " Waiting for frontend to be ready (Next.js takes ~30-60s to start)..."
WEB_OK=0
for i in $(seq 1 24); do
if curl -sf "http://127.0.0.1:${WEB_PORT}/ppt-tool/" > /dev/null 2>&1; then
WEB_OK=1; break
fi
sleep 5
done
if [ "$WEB_OK" -eq 1 ]; then
info " Frontend (port ${WEB_PORT}): OK"
else
warn " Frontend (port ${WEB_PORT}): not responding — check 'docker compose logs web'"
FAIL=1
fi
echo ""
docker compose -f docker-compose.yml -f docker-compose.prod.yml ps
echo ""
if [[ $FAIL -eq 0 ]]; then
info "Deploy complete. Visit https://optical-dev.oliver.solutions/ppt-tool/"
else
warn "Deploy finished with warnings. Review above messages."
fi
Reference in a new issue View git blame Copy permalink