| 1 | #!/usr/bin/env bash |
| 2 | # SPDX-License-Identifier: AGPL-3.0-or-later |
| 3 | # |
| 4 | # Atomic in-place upgrade of shithubd on the app droplet. Invoked by |
| 5 | # .github/workflows/deploy.yml after the runner has scp'd a freshly |
| 6 | # built binary to /tmp/shithubd-new. Safe to run by hand if you've |
| 7 | # manually placed a binary at that path. |
| 8 | # |
| 9 | # We build on the runner, not here — go.mod's toolchain version is |
| 10 | # usually newer than the droplet's apt-shipped Go, and shipping a |
| 11 | # pre-built binary keeps the droplet image lean. |
| 12 | # |
| 13 | # Steps: |
| 14 | # 1. fast-forward the source tree so deploy/ artifacts (this script, |
| 15 | # systemd units, env templates) match the binary that just landed |
| 16 | # 2. atomically swap /usr/local/bin/shithubd |
| 17 | # 3. install app systemd unit templates and daemon-reload |
| 18 | # 4. apply pending migrations BEFORE restart (forward-compat only) |
| 19 | # 5. restart web + worker, assert is-active |
| 20 | |
| 21 | set -euo pipefail |
| 22 | |
| 23 | REPO="${SHITHUB_REPO_DIR:-/root/src/shithub}" |
| 24 | BIN="${SHITHUB_BIN:-/usr/local/bin/shithubd}" |
| 25 | NEW="${SHITHUB_NEW_BIN:-/tmp/shithubd-new}" |
| 26 | |
| 27 | if [[ ! -x "$NEW" ]]; then |
| 28 | echo "fatal: no executable at $NEW — did the runner scp it?" >&2 |
| 29 | exit 2 |
| 30 | fi |
| 31 | |
| 32 | cd "$REPO" |
| 33 | git fetch --quiet origin trunk |
| 34 | git reset --hard origin/trunk |
| 35 | |
| 36 | # Same filesystem as $BIN so mv is atomic; chmod first because the |
| 37 | # scp'd file might land 0644. |
| 38 | chmod 0755 "$NEW" |
| 39 | mv -f "$NEW" "$BIN" |
| 40 | |
| 41 | install -m 0644 deploy/systemd/shithubd-web.service /etc/systemd/system/shithubd-web.service |
| 42 | install -m 0644 deploy/systemd/shithubd-worker.service /etc/systemd/system/shithubd-worker.service |
| 43 | install -m 0644 deploy/systemd/shithubd-cron.service /etc/systemd/system/shithubd-cron.service |
| 44 | install -m 0644 deploy/systemd/shithubd-cron.timer /etc/systemd/system/shithubd-cron.timer |
| 45 | systemctl daemon-reload |
| 46 | |
| 47 | # Migrations are usually invoked by the web unit's ExecStartPre, which |
| 48 | # pulls env from /etc/shithub/web.env. Replicate that here so we apply |
| 49 | # the schema before the restart instead of mid-startup race. |
| 50 | set -a |
| 51 | # shellcheck disable=SC1091 |
| 52 | . /etc/shithub/web.env |
| 53 | set +a |
| 54 | "$BIN" migrate up |
| 55 | "$BIN" storage check |
| 56 | |
| 57 | systemctl restart shithubd-web |
| 58 | systemctl restart shithubd-worker |
| 59 | |
| 60 | sleep 2 |
| 61 | systemctl is-active --quiet shithubd-web |
| 62 | systemctl is-active --quiet shithubd-worker |
| 63 | |
| 64 | echo "redeployed $(git rev-parse --short HEAD)" |