Files
matrix/deploy/lxc106-cinny.sh
T
jared c13549f3da
Lint / Python (ruff) (push) Successful in 21s
Lint / Python deps (pip-audit) (push) Successful in 50s
Lint / Secret scan (gitleaks) (push) Successful in 7s
Lint / Shell (shellcheck) (push) Failing after 14s
Lint / JS (eslint) (push) Successful in 24s
cinny: harden + version-control the webhook web-deploy (lotus_deploy.sh)
The live /usr/local/bin/lotus_deploy.sh (the `lotus-deploy` webhook target) was
never under version control and had rotted into two deploy-killing bugs that
froze chat.lotusguild.org on an old build:

1. CI gate: it waited on the WHOLE workflow run with a 15-min cap. Web CI shares
   the single act_runner with the slow Tauri desktop builds, so a web run could
   sit queued >15 min -> "result: timeout" -> deploy aborted. Now it gates only
   on the "Build & Quality Checks" commit-status context (build + unit tests),
   decoupled from "Trigger Desktop Build", and waits up to 45 min.

2. Dead element-call copy: `cp node_modules/@element-hq/element-call-embedded/...`
   under `set -e` aborted every deploy after the widget was forked to
   @lotusguild/element-call-embedded. The build already emits dist/public/
   element-call; replaced the copy with a presence check.

Also: rsync now excludes config.json so the app deploy stops clobbering the
production runtime config (homeserver list / allowCustomHomeservers) that the
matrix repo owns. lxc106-cinny.sh now installs this script (syntax-checked).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 18:10:10 -04:00

101 lines
3.9 KiB
Bash

#!/bin/bash
# Auto-deploy script for LXC 106 (cinny)
# Handles: cinny/config.json, cinny/nginx.conf, cinny/upstream-check.sh,
# cinny/lotus-build.sh, cinny/lotus_deploy.sh,
# deploy/hooks-lxc106.json, systemd/cinny-upstream-check.cron
# Triggered by: Gitea webhook on push to main
set -euo pipefail
REPO_DIR="/opt/matrix-config"
LOG="/var/log/matrix-deploy.log"
CLONE_URL="https://code.lotusguild.org/LotusGuild/matrix.git"
exec >> "$LOG" 2>&1
echo "=== $(date) === LXC106 deploy triggered ==="
if [ ! -d "$REPO_DIR/.git" ]; then
git clone "$CLONE_URL" "$REPO_DIR"
CHANGED="cinny/config.json cinny/nginx.conf cinny/upstream-check.sh cinny/lotus-build.sh cinny/lotus_deploy.sh deploy/hooks-lxc106.json systemd/cinny-upstream-check.cron"
else
cd "$REPO_DIR"
git fetch --all
PREV=$(git rev-parse HEAD)
git reset --hard origin/main
NEW=$(git rev-parse HEAD)
CHANGED=$(git diff --name-only "$PREV" "$NEW")
echo "Changed files: $CHANGED"
fi
if echo "$CHANGED" | grep -q '^cinny/config.json'; then
echo "Deploying cinny config.json..."
cp "$REPO_DIR/cinny/config.json" /var/www/html/config.json
echo "✓ config.json deployed"
fi
if echo "$CHANGED" | grep -q '^cinny/nginx.conf'; then
echo "Deploying cinny nginx site config..."
# Back up the live config, swap in the repo copy, and validate before
# reloading. If `nginx -t` fails, restore the backup and skip the reload so
# a bad config can never take the site down.
BACKUP="/etc/nginx/sites-available/cinny.bak-$(date +%Y%m%d%H%M%S)"
cp /etc/nginx/sites-available/cinny "$BACKUP"
cp "$REPO_DIR/cinny/nginx.conf" /etc/nginx/sites-available/cinny
if nginx -t; then
systemctl reload nginx
echo "✓ nginx site config deployed + reloaded"
else
echo "✗ nginx -t FAILED — restoring previous config, skipping reload"
cp "$BACKUP" /etc/nginx/sites-available/cinny
fi
fi
if echo "$CHANGED" | grep -q '^cinny/upstream-check.sh'; then
echo "Deploying upstream-check.sh..."
cp "$REPO_DIR/cinny/upstream-check.sh" /usr/local/bin/cinny-upstream-check.sh
chmod +x /usr/local/bin/cinny-upstream-check.sh
echo "✓ upstream-check.sh deployed"
fi
if echo "$CHANGED" | grep -q '^cinny/lotus-build.sh'; then
echo "Deploying lotus-build.sh..."
cp "$REPO_DIR/cinny/lotus-build.sh" /usr/local/bin/cinny-build.sh
chmod +x /usr/local/bin/cinny-build.sh
echo "✓ lotus-build.sh deployed"
fi
if echo "$CHANGED" | grep -q '^cinny/lotus-deploy.sh'; then
echo "Deploying lotus-deploy.sh..."
cp "$REPO_DIR/cinny/lotus-deploy.sh" /usr/local/bin/cinny-deploy.sh
chmod +x /usr/local/bin/cinny-deploy.sh
echo "✓ lotus-deploy.sh deployed"
fi
if echo "$CHANGED" | grep -q '^cinny/lotus_deploy.sh'; then
echo "Deploying lotus_deploy.sh (webhook CI-gated web deploy)..."
# The `lotus-deploy` webhook hook executes /usr/local/bin/lotus_deploy.sh.
# Validate syntax before swapping so a broken script can never wedge deploys.
if bash -n "$REPO_DIR/cinny/lotus_deploy.sh"; then
cp "$REPO_DIR/cinny/lotus_deploy.sh" /usr/local/bin/lotus_deploy.sh
chmod +x /usr/local/bin/lotus_deploy.sh
echo "✓ lotus_deploy.sh deployed"
else
echo "✗ bash -n FAILED on lotus_deploy.sh — skipping install"
fi
fi
if echo "$CHANGED" | grep -q '^deploy/hooks-lxc106.json'; then
echo "Deploying hooks-lxc106.json..."
cp "$REPO_DIR/deploy/hooks-lxc106.json" /etc/webhook/hooks.json
systemctl restart webhook
echo "✓ hooks.json deployed, webhook restarted"
fi
if echo "$CHANGED" | grep -q '^systemd/cinny-upstream-check.cron'; then
echo "Deploying cinny-upstream-check.cron..."
cp "$REPO_DIR/systemd/cinny-upstream-check.cron" /etc/cron.d/cinny-upstream-check
chmod 644 /etc/cron.d/cinny-upstream-check
echo "✓ cron deployed"
fi
echo "=== $(date) === LXC106 deploy complete ==="