till/seepuls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
seepuls/deploy.sh
Till JS c5346458fe
Some checks failed
CI / validate (push) Has been cancelled
Details
chore(deploy): Build-Retry + up --wait, echte Fehler-Propagation 
Build bei transienten Registry-/Netz-Timeouts bis 3x wiederholen; build und
up getrennt (up erst nach erfolgreichem Build, ohne --build); up -d --wait
--wait-timeout 150 gated auf Container-Bereitschaft statt stillem "fertig";
fail()/ERR-Trap. Compose-Flags/Services/--no-deps unveraendert.
Muster aus audioguide/deploy.sh.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 21:28:05 +02:00

50 lines
2.4 KiB
Bash
Executable file
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
# Server-seitiges Deploy von Seepuls (API + Web) auf dem Mac Mini.
#
# Voller Flow:
# lokal: git push
# Server: ssh mana-server-remote 'zsh -lc "cd ~/projects/seepuls && git pull --ff-only && ./deploy.sh"'
#
# Entschlüsselt die Secrets (SOPS/age) nach infrastructure/.env.production und
# baut/recreatet seepuls-api + seepuls-web. infrastructure/secrets.enc.env ist
# die SOT (verschlüsselt, committed); .env.production ist gitignored.
# age-Privat-Key: ~/.config/sops/age/keys.txt. Doku: mana/docs/SECRETS_MANAGEMENT.md.
#
# Fallen (siehe Deploy-Memory): -p seepuls Pflicht (sonst landet api auf
# infrastructure_default statt seepuls_default → DB-ECONNREFUSED). KEIN
# --no-deps (das löste die Falsches-Netz-Falle aus); -p seepuls + up respektiert
# depends_on und fasst postgres nicht an.
set -euo pipefail
fail() { echo "✗ Deploy fehlgeschlagen: $*" >&2; exit 1; }
trap 'fail "unerwarteter Fehler in Zeile $LINENO"' ERR
cd "$(dirname "$0")"
export PATH="/opt/homebrew/bin:/Applications/Docker.app/Contents/Resources/bin:$PATH"
export SOPS_AGE_KEY_FILE="$HOME/.config/sops/age/keys.txt"
if [ ! -f "$SOPS_AGE_KEY_FILE" ]; then
echo "FEHLER: age-Key $SOPS_AGE_KEY_FILE fehlt — siehe SECRETS_MANAGEMENT.md" >&2
exit 1
fi
echo "→ Secrets entschlüsseln (sops)…"
sops -d --input-type dotenv --output-type dotenv infrastructure/secrets.enc.env > infrastructure/.env.production.tmp
mv infrastructure/.env.production.tmp infrastructure/.env.production
chmod 600 infrastructure/.env.production
echo "→ Build (≤ 3× Retry bei transienten Pull-Timeouts)…"
__ok=0
for __i in 1 2 3; do
if docker compose -p seepuls -f infrastructure/docker-compose.production.yml --env-file infrastructure/.env.production build seepuls-api seepuls-web; then __ok=1; break; fi
echo " ⚠ Build-Versuch $__i fehlgeschlagen — neuer Anlauf in 5s…" >&2
sleep 5
done
[ "$__ok" = 1 ] || fail "Build nach 3 Versuchen"
echo "→ Hochfahren + auf Bereitschaft warten…"
docker compose -p seepuls -f infrastructure/docker-compose.production.yml --env-file infrastructure/.env.production up -d --wait --wait-timeout 150 seepuls-api seepuls-web || {
docker compose -p seepuls -f infrastructure/docker-compose.production.yml --env-file infrastructure/.env.production logs --tail 40 seepuls-api seepuls-web >&2
fail "Container nicht bereit (up --wait)"
}
echo "✓ Deploy fertig."
Reference in a new issue View git blame Copy permalink