joh/project-bifrost-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
project-bifrost-platform/scripts/deploy.sh
Arlind 6f656b7121 chore(deploy): align deploy artifacts to the target server's conventions 
Recon of the live box (Ubuntu 24.04 x86_64, nginx 1.24, certbot 2.9)
showed established conventions from the existing fenja / bifrost-customer
services. Match them so the portal looks like a first-class citizen:

- service runs as the existing `fenja` user, journald logging + full
  hardening block (ProtectKernelModules, LockPersonality), ExecStart on
  /usr/bin/node (box upgraded globally to Node 22)
- code in /opt/bifrost-portal, in-dir .env (EnvironmentFile), data under
  the shared /opt/fenja/data/bifrost-portal (ReadWritePaths)
- nginx: 1.24 `listen ... ssl http2` syntax, certbot options-ssl-nginx +
  dhparam includes, server_tokens off, sites-available/bifrost-portal (no
  .conf) symlinked; 12m body size for photo uploads; port 4322 (free)
- deploy.sh / backup.sh point at the new paths
- DEPLOY.md rewritten as a server-specific runbook incl. the global Node 22
  upgrade + retest of the existing apps, and pnpm via corepack

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 13:16:57 +02:00

48 lines
1.4 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
#
# Server-side deploy for the Bifrost portal. Run ON THE VPS, as the `bifrost`
# service user, from inside the checkout (/opt/bifrost-portal).
#
# cd /opt/bifrost-portal && ./scripts/deploy.sh
#
# Pulls latest, installs deps (rebuilding the native better-sqlite3 for this
# box's arch), builds, migrates, and restarts the service. Idempotent and
# safe to re-run. Does NOT touch the database file or uploads — those live in
# /var/lib/bifrost-portal and persist across deploys.
set -euo pipefail
APP_DIR="${APP_DIR:-/opt/bifrost-portal}"
SERVICE="${SERVICE:-bifrost-portal}"
BRANCH="${BRANCH:-master}"
ENV_FILE="${ENV_FILE:-/opt/bifrost-portal/.env}"
cd "$APP_DIR"
echo "==> Loading $ENV_FILE for migrate (BIFROST_DB_PATH)"
set -a; # shellcheck disable=SC1090
source "$ENV_FILE"; set +a
echo "==> Fetching origin/$BRANCH"
git fetch --prune origin
git checkout "$BRANCH"
git reset --hard "origin/$BRANCH"
echo "==> Installing dependencies (frozen lockfile)"
# pnpm rebuilds better-sqlite3 for this machine's arch via onlyBuiltDependencies.
pnpm install --frozen-lockfile
echo "==> Building"
pnpm build
echo "==> Applying database migrations -> $BIFROST_DB_PATH"
node scripts/migrate.js
echo "==> Restarting $SERVICE"
sudo systemctl restart "$SERVICE"
echo "==> Waiting for health"
sleep 2
sudo systemctl --no-pager --lines=0 status "$SERVICE"
echo "==> Deploy complete: $(git rev-parse --short HEAD)"
Reference in a new issue View git blame Copy permalink