Skip to content
This repository was archived by the owner on Nov 22, 2025. It is now read-only.

Comments

feat: add deployment script and systemd service#5

Merged
Pertempto merged 11 commits intomainfrom
0-deployment-script
Nov 21, 2025
Merged

feat: add deployment script and systemd service#5
Pertempto merged 11 commits intomainfrom
0-deployment-script

Conversation

@Pertempto
Copy link
Contributor

@Pertempto Pertempto commented Nov 21, 2025

Summary

  • Add systemd service file for running the backend as a proper service
  • Create deployment script with backup, verification, and rollback capabilities
  • Add deploy recipe to justfile that builds and deploys in one command
  • Add .env.production to .gitignore for security

Changes

Systemd Service (deploy/aptora-extensions.service)

  • Runs as root user (required for port 80)
  • Loads environment from /opt/aptora-extensions/.env
  • Auto-restart on failure with 5-second delay
  • Starts automatically on boot

Deployment Script (deploy/deploy.sh)

  • Takes hostname as command line argument
  • Creates backup of existing binary before deployment
  • Copies binary, environment file, and systemd service to server
  • Sets proper permissions (binary=755, .env=600, owner=root:root)
  • Enables and starts systemd service
  • Verifies deployment with health check
  • Provides rollback instructions if deployment fails

Justfile Integration

  • Added deploy HOST recipe with dependency on build-backend
  • Usage: just deploy <hostname>

Security

  • Added .env.production to .gitignore to prevent committing sensitive credentials

Usage

# Deploy to production server
just deploy aptora-prod.example.com

# Or run script directly
./deploy/deploy.sh aptora-prod.example.com

@Pertempto
docs: improve spec
b76e690
@Pertempto
feat: add deployment script and systemd service
d4f65f4
@Pertempto
feat: add rollback script and improve backup strategy
4d3cf57 
- Create rollback script for easy restoration of previous deployment
- Add rollback recipe to justfile
- Update deployment script to backup entire directory (not just binary)
- Simplify rollback instructions to use justfile command
@github-actions
Copy link

github-actions bot commented Nov 21, 2025
edited
Loading

Changes Requested

  • Run the systemd service as a dedicated unprivileged user and reduce privileges (use User=aptora, Group=aptora, AmbientCapabilities=CAP_NET_BIND_SERVICE, NoNewPrivileges=yes, and add hardening like PrivateTmp=yes). Update deploy/aptora-extensions.service and deploy/deploy.sh to chown files to that user.
  • Harden deploy/deploy.sh: validate local artifacts before uploading, verify remote sudo early, make the file move atomic (use .new + mv), avoid recursive backups of the full directory (use tar or just back up binary + .env), and make health check not assume curl is present (fallback or document requirement).

Summary of Changes

  • Added deploy/aptora-extensions.service systemd unit (runs as root currently).
  • Added deploy/deploy.sh script to copy binary, environment, and unit file to server and start the service.
  • Added deploy/rollback.sh script to restore /opt/aptora-extensions from a backup.
  • Added deploy and rollback recipes to justfile, and build rules for frontend/backend.
  • Added .env.production to .gitignore.

Overall Feedback

  • Negative: The current deployment runs the service as root and performs privileged operations as root on the remote host. This increases risk unnecessarily. The deploy script also assumes local artifacts and remote prerequisites (sudo, curl) exist and uses a full-directory recursive backup which may be heavy or unexpectedly include sensitive data.

  • Positive: The scripts are well structured, use set -euo pipefail, include a clear rollback path and helpful messages, and the justfile integration makes the workflow easy to run. These are solid foundations — with privilege hardening and a few robustness improvements this will be production-ready.

Please address the requested changes and re-request review.

@Pertempto
docs: add note of proxmox helper script
3edeb78
@Pertempto
docs: more info
65cd1bf
@Pertempto
fix: deployment script sudo permissions and scp directory issue
c5afbae 
- Add sudo to all systemctl and file operations commands
- Copy files to /tmp first, then move with sudo to final location
- Fixes 'Interactive authentication required' error
- Fixes 'Is a directory' scp error when directory doesn't exist
@Pertempto
fix: remove old backup before creating new one
8d8bf27 
- Clear existing backup directory before copying
- Prevents 'cannot overwrite non-directory' error on subsequent deployments
@Pertempto
feat: add logs recipe
ba5e40e
@Pertempto
feat: reduce deployment downtime by copying files before stopping ser…
b438355 
…vice

- Copy files to /tmp while service is still running
- Stop service only when ready to swap files
- Reduces downtime from 10-30s to ~1-2s
- Add logs recipe to justfile for easy log viewing
@github-actions
Copy link

github-actions bot commented Nov 21, 2025

deploy/aptora-extensions.service: Do not run the service as root.

  • Change to a dedicated, unprivileged user (e.g. User=aptora) and create that user on the host.
  • Add minimal capabilities instead of full root: AmbientCapabilities=CAP_NET_BIND_SERVICE and NoNewPrivileges=yes.
  • Hardening suggestions: PrivateTmp=yes, ProtectSystem=full (optional but recommended).
  • Update the deploy script to chown files to the dedicated user instead of root:root, or document a strong justification for keeping User=root.

Please update the unit file and deployment steps accordingly. @Pertempto

@kwila-cloud kwila-cloud deleted a comment from github-actions bot Nov 21, 2025
@kwila-cloud kwila-cloud deleted a comment from github-actions bot Nov 21, 2025
@kwila-cloud kwila-cloud deleted a comment from github-actions bot Nov 21, 2025
@kwila-cloud kwila-cloud deleted a comment from github-actions bot Nov 21, 2025
@kwila-cloud kwila-cloud deleted a comment from github-actions bot Nov 21, 2025
@github-actions
Copy link

github-actions bot commented Nov 21, 2025

deploy/deploy.sh: verification/health-check: handle missing curl and make remote check more robust.

Actionable changes:

  • Run a small remote script via SSH that:
    • Runs sudo systemctl is-active aptora-extensions and prints status
    • If active, check for curl and run curl --fail --silent against the configurable health endpoint
    • If curl is missing, fall back to ss -ltnp (or netstat) to confirm a process is listening on :80 and print journalctl -u aptora-extensions -n 50 --no-pager for diagnostics
  • Make health endpoint configurable (not hardcoded to /health) and document default in README or script

This avoids false failures when curl isn't present and provides clearer diagnostics on failure. @Pertempto

@github-actions
Copy link

github-actions bot commented Nov 21, 2025

deploy/deploy.sh and deploy/rollback.sh: Local artifact checks and early remote sudo validation

Please add these checks before starting SSH/scp operations:

  • Verify local ./aptora-extensions binary exists and is executable. Exit with clear error if missing.
  • Verify local ./.env.production exists. Exit with clear error if missing.
  • Early check that remote sudo works: ssh "$HOST" "sudo -n true" and provide a helpful error instructing the operator to enable passwordless sudo or run the script with a user that can sudo.

These prevent mid-deploy surprises and make failures easier to diagnose. @Pertempto

@Pertempto Pertempto merged commit dd2e469 into main Nov 21, 2025
3 checks passed
@Pertempto Pertempto deleted the 0-deployment-script branch November 21, 2025 19:49
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Pertempto