-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdeploy.sh
executable file
·130 lines (108 loc) · 2.86 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/bin/bash
set -e
dir_name='osTicket'
ssh_key_path="${SSH_KEY_PATH:-"$HOME/.ssh/id_ecdsa"}"
# Read optional parameters
while [[ $# -gt 0 ]]; do
case $1 in
--verbose)
verbose=true
shift
;;
--configure-firewall)
configure_firewall=true
shift
;;
--delete-setup-directory)
delete_setup_directory=true
shift
;;
--renew-certificates)
renew_certificates=true
shift
;;
--staging)
# This is the default, but permit this flag for completeness.
deploy_to_production=false
shift
;;
--production)
deploy_to_production=true
shift
;;
--insecure)
insecure=true
shift
;;
-*)
echo "Unknown option $1"
exit 1
;;
*)
shift
;;
esac
done
if [ "$deploy_to_production" = true ]; then
hostname='helpdesk.unibuc.ro'
env_vars_suffix='production'
else
hostname='staging.helpdesk.unibuc.ro'
env_vars_suffix='staging'
fi
# Test the connection
ssh -T "root@$hostname" true
# Read the environment variables from an env file
echo "Reading machine env vars"
env_file=".env.$env_vars_suffix"
env_vars=$(xargs < $env_file)
env_vars="SERVER_NAME='$hostname' $env_vars"
# If requested, configure firewall
if [[ "$configure_firewall" = true ]]
then
ssh "root@$hostname" "\
ufw allow ssh && \
ufw allow http && \
ufw allow https && \
ufw allow 6556/tcp && \
ufw allow 161/udp && \
ufw allow out 587/tcp && \
ufw allow out 465/tcp && \
ufw allow out 465/udp && \
ufw show added"
read -p 'Is firewall config good? (y/N)' -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
echo "Rules confirmed, enabling firewall"
ssh "root@$hostname" "ufw enable"
fi
exit
fi
if [[ "$renew_certificates" = true ]]
then
echo 'Running certbot to renew certificates...'
source $env_file
ssh "root@$hostname" "\
cd $dir_name && \
docker compose -f compose-production.yaml exec -T osticket \
certbot --non-interactive --apache --agree-tos --email $LETS_ENCRYPT_EMAIL_ADDRESS --domains $hostname"
echo 'Done'
exit
fi
if [[ "$delete_setup_directory" = true ]]
then
echo 'Deleting setup directory...'
ssh "root@$hostname" "\
cd $dir_name && \
docker compose -f compose-production.yaml exec -T osticket rm -r /var/www/html/setup/"
echo 'Done'
exit
fi
echo "Deploying as root to $hostname"
# Upload the modified code
git ftp push --auto-init -u root --key "$ssh_key_path" "sftp://$hostname" --remote-root "/root/$dir_name" ${verbose+'-vv'} ${insecure+'--insecure'}
# Rebuild and restart the containers
ssh root@$hostname "\
cd $dir_name && \
$env_vars docker compose -f compose-production.yaml up --build -d"