diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 45d086b..55b55a5 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -74,4 +74,4 @@ jobs: -o ConnectTimeout=10 \ -p "$SSH_PORT" \ "$SSH_USER@$SSH_HOST" \ - "/usr/local/bin/actualize-singlechat.sh" + "sudo /usr/local/bin/actualize-singlechat.sh" diff --git a/scripts/actualize-singlechat.sh b/scripts/actualize-singlechat.sh index 2c1516c..90bde9d 100755 --- a/scripts/actualize-singlechat.sh +++ b/scripts/actualize-singlechat.sh @@ -8,6 +8,8 @@ BRANCH="${BRANCH:-main}" SERVICE_NAME="${SERVICE_NAME:-ypchat}" RUN_USER="${RUN_USER:-www-data}" RUN_GROUP="${RUN_GROUP:-www-data}" +DEPLOY_USER="${DEPLOY_USER:-${SUDO_USER:-$(id -un)}}" +DEPLOY_GROUP="${DEPLOY_GROUP:-$(id -gn "$DEPLOY_USER")}" LOCK_FILE="${LOCK_FILE:-/tmp/actualize-singlechat.lock}" NPM_CACHE_DIR="${NPM_CACHE_DIR:-$APP_DIR/.npm-cache}" @@ -15,9 +17,9 @@ log() { printf '[%s] %s\n' "$(date '+%Y-%m-%d %H:%M:%S')" "$*" } -run_as_app_user() { +run_as_deploy_user() { if [ "$(id -u)" -eq 0 ]; then - sudo -u "$RUN_USER" env HOME="$APP_DIR" npm_config_cache="$NPM_CACHE_DIR" "$@" + sudo -u "$DEPLOY_USER" env HOME="$(getent passwd "$DEPLOY_USER" | cut -d: -f6)" npm_config_cache="$NPM_CACHE_DIR" "$@" else env HOME="$APP_DIR" npm_config_cache="$NPM_CACHE_DIR" "$@" fi @@ -51,16 +53,31 @@ log "APP_DIR=$APP_DIR" log "REPO_URL=$REPO_URL" log "BRANCH=$BRANCH" log "SERVICE_NAME=$SERVICE_NAME" +log "DEPLOY_USER=$DEPLOY_USER" mkdir -p "$APP_DIR" "$NPM_CACHE_DIR" +if [ "$(id -u)" -eq 0 ]; then + chown -R "$DEPLOY_USER:$DEPLOY_GROUP" "$APP_DIR" "$NPM_CACHE_DIR" +fi if [ ! -d "$APP_DIR/.git" ]; then log "Erstelle initialen Git-Checkout fuer $APP_DIR" - tmp_checkout="$(mktemp -d)" - git clone --branch "$BRANCH" --single-branch "$REPO_URL" "$tmp_checkout" + if [ "$(id -u)" -eq 0 ]; then + tmp_checkout="$(sudo -u "$DEPLOY_USER" mktemp -d)" + else + tmp_checkout="$(mktemp -d)" + fi + run_as_deploy_user git clone --branch "$BRANCH" --single-branch "$REPO_URL" "$tmp_checkout" rsync -a --delete \ + --no-owner \ + --no-group \ + --omit-dir-times \ --exclude '.env' \ --exclude '.npm-cache/' \ + --exclude 'node_modules/' \ + --exclude 'client/node_modules/' \ + --exclude 'client/dist/' \ + --exclude 'docroot/dist/' \ --exclude 'logs/' \ --exclude 'tmp/' \ "$tmp_checkout/" "$APP_DIR/" @@ -68,40 +85,43 @@ if [ ! -d "$APP_DIR/.git" ]; then fi if [ "$(id -u)" -eq 0 ]; then - chown -R "$RUN_USER:$RUN_GROUP" "$APP_DIR" "$NPM_CACHE_DIR" + chown -R "$DEPLOY_USER:$DEPLOY_GROUP" "$APP_DIR" "$NPM_CACHE_DIR" fi cd "$APP_DIR" -if ! git remote get-url origin >/dev/null 2>&1; then - git remote add origin "$REPO_URL" +if ! run_as_deploy_user git remote get-url origin >/dev/null 2>&1; then + run_as_deploy_user git remote add origin "$REPO_URL" fi -current_origin="$(git remote get-url origin)" +current_origin="$(run_as_deploy_user git remote get-url origin)" if [ "$current_origin" != "$REPO_URL" ]; then log "Setze Git-Origin von $current_origin auf $REPO_URL" - git remote set-url origin "$REPO_URL" + run_as_deploy_user git remote set-url origin "$REPO_URL" fi log "Hole neuesten Stand" -git fetch --prune origin "$BRANCH" -git reset --hard "origin/$BRANCH" -git clean -fd \ +run_as_deploy_user git fetch --prune origin "$BRANCH" +run_as_deploy_user git reset --hard "origin/$BRANCH" +run_as_deploy_user git clean -fd \ -e .env \ -e .npm-cache/ \ + -e node_modules/ \ + -e client/node_modules/ \ + -e client/dist/ \ -e logs/ \ -e tmp/ \ -e docroot/dist/ if [ "$(id -u)" -eq 0 ]; then - chown -R "$RUN_USER:$RUN_GROUP" "$APP_DIR" "$NPM_CACHE_DIR" + chown -R "$DEPLOY_USER:$DEPLOY_GROUP" "$APP_DIR" "$NPM_CACHE_DIR" fi log "Installiere Root-Dependencies" -run_as_app_user npm ci +run_as_deploy_user npm ci log "Installiere Client-Dependencies" -run_as_app_user npm --prefix client ci +run_as_deploy_user npm --prefix client ci if [ ! -f "$APP_DIR/.env" ]; then log "Erstelle .env" @@ -118,7 +138,7 @@ if [ "$(id -u)" -eq 0 ]; then fi log "Baue Client" -run_as_app_user npm run build +run_as_deploy_user npm run build log "Aktualisiere docroot/dist" rm -rf "$APP_DIR/docroot/dist"