feat(deploy): webhook auto-deploy Forgejo → VPS Paris (TD-04)
Some checks are pending
CI / quality (push) Waiting to run

This commit is contained in:
Hermann_Kitio 2026-07-01 12:34:39 +03:00
parent 85c760abee
commit 0ae2db3d8c
6 changed files with 333 additions and 37 deletions

View file

@ -0,0 +1,34 @@
# Expria auto-deploy webhook listener — systemd unit (VPS Paris).
#
# DISTINCT from expria-backend.service: this runs the webhook listener, not the
# API. Keeping them separate is required — a deploy restarts expria-backend, so
# the listener must NOT be a child of it or the deploy would kill itself.
#
# Install (ops step, after CP1 validation):
# sudo cp deploy/expria-deploy.service /etc/systemd/system/expria-deploy.service
# sudo systemctl daemon-reload
# sudo systemctl enable --now expria-deploy
# Logs:
# journalctl -u expria-deploy -f
[Unit]
Description=Expria auto-deploy webhook listener (Forgejo push -> deploy)
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=deploy
Group=deploy
WorkingDirectory=/opt/expria/expria-backend/deploy
EnvironmentFile=/etc/expria/webhook.env
ExecStart=/usr/bin/node /opt/expria/expria-backend/deploy/webhook-listener.mjs
Restart=always
RestartSec=5
# NOTE: NoNewPrivileges MUST stay false (default) — deploy.sh relies on sudo for
# the single restricted rule: systemctl restart expria-backend.service.
# ProtectSystem=strict is intentionally NOT set: deploy.sh writes the checkout
# under /opt/expria/expria-backend (git pull, npm ci, build).
[Install]
WantedBy=multi-user.target