Update deployment script to ensure persistent data management, enhance backup and restore processes, and improve error handling. Modify .gitignore to exclude sensitive production data and update deployment documentation to reflect changes. Add environment variable loading for production secrets in configuration files.

2026-01-07 17:42:04 +01:00
parent 371fef25d7
commit 225e930e4c
6 changed files with 127 additions and 33 deletions
--- a/deploy-production.sh
+++ b/deploy-production.sh
@@ -1,10 +1,55 @@
 #!/bin/bash
+set -euo pipefail
+
+# Immer im Repo-Verzeichnis arbeiten (wichtig für Backup/Restore mit relativen Pfaden)
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR"

 # Deployment Script für Harheimer TC Website
 # Sichert Produktivdaten vor dem Build und stellt sie danach wieder her

 echo "=== Harheimer TC Deployment ==="
 echo ""
+echo "Working directory: $(pwd)"
+echo ""
+
+if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+  echo "ERROR: Dieses Script muss im Git-Repository ausgeführt werden (kein .git gefunden)."
+  exit 1
+fi
+
+# Optional (empfohlen): Persistente Daten außerhalb des Git-Repos halten und per Symlink einbinden.
+# Das verhindert zuverlässig, dass Git jemals Produktivdaten überschreibt.
+DATA_ROOT="${DATA_ROOT:-/var/lib/harheimertc}"
+mkdir -p "$DATA_ROOT"
+
+ensure_symlink_dir() {
+  local src="$1"      # z.B. server/data
+  local target="$2"   # z.B. /var/lib/harheimertc/server-data
+
+  mkdir -p "$(dirname "$src")"
+  mkdir -p "$target"
+
+  if [ -L "$src" ]; then
+    return 0
+  fi
+
+  if [ -d "$src" ]; then
+    echo "   Moving $src -> $target (first-time migration)"
+    # Merge existing content into target
+    cp -a "$src/." "$target/" || true
+    rm -rf "$src"
+  fi
+
+  ln -s "$target" "$src"
+  echo "   Linked $src -> $target"
+}
+
+echo "0. Ensuring persistent data directories (recommended)..."
+ensure_symlink_dir "server/data" "$DATA_ROOT/server-data"
+ensure_symlink_dir "public/data" "$DATA_ROOT/public-data"
+ensure_symlink_dir "public/uploads" "$DATA_ROOT/public-uploads"
+echo ""

 # 1. BACKUP: Laufende Produktivdaten VOR allen Git-Operationen sichern
 echo "1. Backing up current production data (pre-git)..."
@@ -14,9 +59,21 @@ rm -rf .backup
 mkdir -p .backup

 # Backup server data (JSON) und CSVs immer vom Dateisystem, nicht aus 'stash'
-cp -a server/data .backup/data_backup 2>/dev/null || echo "   No server/data to backup"
+if [ -d server/data ]; then
+  cp -a server/data .backup/data_backup
+  echo "   Backed up server/data -> .backup/data_backup"
+else
+  echo "ERROR: server/data existiert nicht. Abbruch, damit wir keine Repo-Defaults ausrollen."
+  exit 1
+fi
+
 mkdir -p .backup/public_data
-cp -a public/data/*.csv .backup/public_data/ 2>/dev/null || echo "   No public CSVs to backup"
+if ls public/data/*.csv >/dev/null 2>&1; then
+  cp -a public/data/*.csv .backup/public_data/
+  echo "   Backed up public/data/*.csv -> .backup/public_data/"
+else
+  echo "   No public CSVs to backup (public/data/*.csv not found)"
+fi

 # 2. Handle local changes and Git Pull
 echo "2. Handling local changes and pulling latest from git..."
@@ -29,15 +86,11 @@ fi

 # Stash any local changes (including production data)
 echo "   Stashing local changes..."
-git stash push -m "Production deployment stash $(date)"
+git stash push -m "Production deployment stash $(date)" || true

 # Pull latest changes
 echo "   Pulling latest changes..."
 git pull
-if [ $? -ne 0 ]; then
-  echo "ERROR: Git pull failed!"
-  exit 1
-fi

 # Reset any accidental changes from stash restore (should be none now)
 git reset --hard HEAD >/dev/null 2>&1
@@ -46,10 +99,6 @@ git reset --hard HEAD >/dev/null 2>&1
 echo ""
 echo "3. Installing dependencies..."
 npm install
-if [ $? -ne 0 ]; then
-  echo "ERROR: npm install failed!"
-  exit 1
-fi

 # 4. Remove old build (but keep data!)
 echo ""
@@ -60,31 +109,36 @@ rm -rf .output
 echo ""
 echo "5. Building application..."
 npm run build
-if [ $? -ne 0 ]; then
-  echo "ERROR: Build failed!"
-  exit 1
-fi

 # 6. Restore Production Data (überschreibe Repo-Defaults mit Backup)
 echo ""
 echo "6. Restoring production data..."

 # Stelle server/data vollständig wieder her (inkl. config.json, users.json, news.json, sessions.json, members.json, membership-applications)
-if [ -d .backup/data_backup ]; then
-  mkdir -p server/data
-  cp -a .backup/data_backup/. server/data/
-else
-  echo "No server/data to restore"
+if [ ! -d .backup/data_backup ]; then
+  echo "ERROR: Backup-Verzeichnis .backup/data_backup fehlt. Abbruch."
+  exit 1
 fi

+mkdir -p server/data
+cp -a .backup/data_backup/. server/data/
+echo "   Restored server/data from backup."
+
 # Stelle alle CSVs wieder her
 if ls .backup/public_data/*.csv >/dev/null 2>&1; then
  mkdir -p public/data
  cp -a .backup/public_data/*.csv public/data/
+  echo "   Restored public/data/*.csv from backup."
 else
  echo "No public CSVs to restore"
 fi

+# Sanity Check: users.json muss existieren und darf nicht leer sein
+if [ ! -s server/data/users.json ]; then
+  echo "ERROR: server/data/users.json fehlt oder ist leer nach Restore. Abbruch."
+  exit 1
+fi
+
 # 7. Cleanup backup and stash
 echo ""
 echo "7. Cleaning up backup and stash..."