shithub Public

Watch 1 Fork 0 Star 0

Bash · 1795 bytes Raw Blame History

  
        1
        #!/usr/bin/env bash
      
        2
        # SPDX-License-Identifier: AGPL-3.0-or-later
      
        3
        #
      
        4
        # Atomic in-place upgrade of shithubd on the app droplet. Invoked by
      
        5
        # .github/workflows/deploy.yml after the runner has scp'd a freshly
      
        6
        # built binary to /tmp/shithubd-new. Safe to run by hand if you've
      
        7
        # manually placed a binary at that path.
      
        8
        #
      
        9
        # We build on the runner, not here — go.mod's toolchain version is
      
        10
        # usually newer than the droplet's apt-shipped Go, and shipping a
      
        11
        # pre-built binary keeps the droplet image lean.
      
        12
        #
      
        13
        # Steps:
      
        14
        #   1. fast-forward the source tree so deploy/ artifacts (this script,
      
        15
        #      systemd units, env templates) match the binary that just landed
      
        16
        #   2. atomically swap /usr/local/bin/shithubd
      
        17
        #   3. apply pending migrations BEFORE restart (forward-compat only)
      
        18
        #   4. restart web + worker, assert is-active
      
        19
        
        20
        set -euo pipefail
      
        21
        
        22
        REPO="${SHITHUB_REPO_DIR:-/root/src/shithub}"
      
        23
        BIN="${SHITHUB_BIN:-/usr/local/bin/shithubd}"
      
        24
        NEW="${SHITHUB_NEW_BIN:-/tmp/shithubd-new}"
      
        25
        
        26
        if [[ ! -x "$NEW" ]]; then
      
        27
                echo "fatal: no executable at $NEW — did the runner scp it?" >&2
      
        28
                exit 2
      
        29
        fi
      
        30
        
        31
        cd "$REPO"
      
        32
        git fetch --quiet origin trunk
      
        33
        git reset --hard origin/trunk
      
        34
        
        35
        # Same filesystem as $BIN so mv is atomic; chmod first because the
      
        36
        # scp'd file might land 0644.
      
        37
        chmod 0755 "$NEW"
      
        38
        mv -f "$NEW" "$BIN"
      
        39
        
        40
        # Migrations are usually invoked by the web unit's ExecStartPre, which
      
        41
        # pulls env from /etc/shithub/web.env. Replicate that here so we apply
      
        42
        # the schema before the restart instead of mid-startup race.
      
        43
        set -a
      
        44
        # shellcheck disable=SC1091
      
        45
        . /etc/shithub/web.env
      
        46
        set +a
      
        47
        "$BIN" migrate up
      
        48
        
        49
        systemctl restart shithubd-web
      
        50
        systemctl restart shithubd-worker
      
        51
        
        52
        sleep 2
      
        53
        systemctl is-active --quiet shithubd-web
      
        54
        systemctl is-active --quiet shithubd-worker
      
        55
        
        56
        echo "redeployed $(git rev-parse --short HEAD)"

1	#!/usr/bin/env bash
2	# SPDX-License-Identifier: AGPL-3.0-or-later
3	#
4	# Atomic in-place upgrade of shithubd on the app droplet. Invoked by
5	# .github/workflows/deploy.yml after the runner has scp'd a freshly
6	# built binary to /tmp/shithubd-new. Safe to run by hand if you've
7	# manually placed a binary at that path.
8	#
9	# We build on the runner, not here — go.mod's toolchain version is
10	# usually newer than the droplet's apt-shipped Go, and shipping a
11	# pre-built binary keeps the droplet image lean.
12	#
13	# Steps:
14	# 1. fast-forward the source tree so deploy/ artifacts (this script,
15	# systemd units, env templates) match the binary that just landed
16	# 2. atomically swap /usr/local/bin/shithubd
17	# 3. apply pending migrations BEFORE restart (forward-compat only)
18	# 4. restart web + worker, assert is-active
19
20	set -euo pipefail
21
22	REPO="${SHITHUB_REPO_DIR:-/root/src/shithub}"
23	BIN="${SHITHUB_BIN:-/usr/local/bin/shithubd}"
24	NEW="${SHITHUB_NEW_BIN:-/tmp/shithubd-new}"
25
26	if [[ ! -x "$NEW" ]]; then
27	echo "fatal: no executable at $NEW — did the runner scp it?" >&2
28	exit 2
29	fi
30
31	cd "$REPO"
32	git fetch --quiet origin trunk
33	git reset --hard origin/trunk
34
35	# Same filesystem as $BIN so mv is atomic; chmod first because the
36	# scp'd file might land 0644.
37	chmod 0755 "$NEW"
38	mv -f "$NEW" "$BIN"
39
40	# Migrations are usually invoked by the web unit's ExecStartPre, which
41	# pulls env from /etc/shithub/web.env. Replicate that here so we apply
42	# the schema before the restart instead of mid-startup race.
43	set -a
44	# shellcheck disable=SC1091
45	. /etc/shithub/web.env
46	set +a
47	"$BIN" migrate up
48
49	systemctl restart shithubd-web
50	systemctl restart shithubd-worker
51
52	sleep 2
53	systemctl is-active --quiet shithubd-web
54	systemctl is-active --quiet shithubd-worker
55
56	echo "redeployed $(git rev-parse --short HEAD)"