feat(deploy): webhook auto-deploy Forgejo → VPS Paris (TD-04)
Some checks are pending
CI / quality (push) Waiting to run
Some checks are pending
CI / quality (push) Waiting to run
This commit is contained in:
parent
85c760abee
commit
0ae2db3d8c
6 changed files with 333 additions and 37 deletions
34
deploy/expria-deploy.service
Normal file
34
deploy/expria-deploy.service
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
# Expria auto-deploy webhook listener — systemd unit (VPS Paris).
|
||||
#
|
||||
# DISTINCT from expria-backend.service: this runs the webhook listener, not the
|
||||
# API. Keeping them separate is required — a deploy restarts expria-backend, so
|
||||
# the listener must NOT be a child of it or the deploy would kill itself.
|
||||
#
|
||||
# Install (ops step, after CP1 validation):
|
||||
# sudo cp deploy/expria-deploy.service /etc/systemd/system/expria-deploy.service
|
||||
# sudo systemctl daemon-reload
|
||||
# sudo systemctl enable --now expria-deploy
|
||||
# Logs:
|
||||
# journalctl -u expria-deploy -f
|
||||
|
||||
[Unit]
|
||||
Description=Expria auto-deploy webhook listener (Forgejo push -> deploy)
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=deploy
|
||||
Group=deploy
|
||||
WorkingDirectory=/opt/expria/expria-backend/deploy
|
||||
EnvironmentFile=/etc/expria/webhook.env
|
||||
ExecStart=/usr/bin/node /opt/expria/expria-backend/deploy/webhook-listener.mjs
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
# NOTE: NoNewPrivileges MUST stay false (default) — deploy.sh relies on sudo for
|
||||
# the single restricted rule: systemctl restart expria-backend.service.
|
||||
# ProtectSystem=strict is intentionally NOT set: deploy.sh writes the checkout
|
||||
# under /opt/expria/expria-backend (git pull, npm ci, build).
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Add table
Add a link
Reference in a new issue