d3dfa74cf8
apps/admin/: - Nuxt 4.1.3 + @nuxt/ui 4 + @nuxtjs/supabase, port 3017 staging - 7 pages: index (59 LOC dashboard), login (72 LOC), auth/confirm, plus stubs für domains/users/stats/moderation (14-17 LOC each, content für separate Phase 2 Session) - composables/useAdminAuth.ts: Supabase login + verifyAdminRole hook - middleware/admin-auth.ts: route guard (Phase 3 backend-check ready) - layouts/default.vue, app.vue, README.md - nuxt.config.ts: SSR=true, port 3017, dark-mode preference, Supabase pkce-flow, runtimeConfig.adminSecret für Phase 3 backend-binding Deploy-Infrastructure: - .github/workflows/deploy-admin-staging.yml: build admin auf push to main mit path-filter apps/admin/**, scp tar zu Server, atomic-mv + pm2 restart - scripts/deploy-admin-from-artifact.sh: Server-side deploy (extract, atomic mv, pm2 reload). Kein prisma-migrate (admin hat kein eigenes DB-Schema). - apps/admin/start-admin-staging.sh: pm2 start-script mit Infisical-wrapper, port 3017, mappt Infisical SUPABASE_URL/KEY auf NUXT_PUBLIC_* - ecosystem.config.js: rebreak-admin-staging Eintrag (port 3017, max_memory_restart 400M) - ops/nginx/admin-staging.rebreak.org.conf: HTTP→HTTPS redirect, SSL paths, proxy auf 127.0.0.1:3017, noindex header Pending User-Actions für go-live: 1. DNS-A-Record admin.staging.rebreak.org → 49.13.55.22 2. SSL-cert via certbot (oder bestehender wildcard *.staging.rebreak.org) 3. nginx-config auf Server aktivieren (sudo cp + ln + reload) 4. pm2 initial start: pm2 start ecosystem.config.js --only rebreak-admin-staging 5. Infisical-secret ADMIN_SECRET (server-only, Phase 3 binding) GH-Actions: keine neuen Secrets (nutzt bestehende HETZNER_SSH_KEY/HOST/USER) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
59 lines
2.0 KiB
Bash
59 lines
2.0 KiB
Bash
#!/bin/bash
|
|
# deploy-admin-from-artifact.sh -- Server-side Deploy fuer rebreak-admin-staging.
|
|
#
|
|
# Wird via SSH von .github/workflows/deploy-admin-staging.yml aufgerufen.
|
|
# Erwartet: /srv/rebreak/apps/admin/.output-incoming.tar.gz (via scp vom GA-Runner).
|
|
#
|
|
# Kein Build-Schritt (laeuft auf GA-Runner), kein prisma-migrate (admin hat kein DB-Schema).
|
|
# Atomic mv Pattern identisch zu deploy-from-artifact.sh.
|
|
|
|
set -euo pipefail
|
|
|
|
REPO_ROOT="/srv/rebreak"
|
|
ADMIN_DIR="${REPO_ROOT}/apps/admin"
|
|
ARTIFACT="${ADMIN_DIR}/.output-incoming.tar.gz"
|
|
PM2_BIN="/root/.nvm/versions/node/v24.11.1/bin/pm2"
|
|
|
|
log() { echo "[deploy-admin] $(date '+%H:%M:%S') $*"; }
|
|
log_err() { echo "[deploy-admin:err] $(date '+%H:%M:%S') $*" >&2; }
|
|
|
|
log "=== Rebreak Admin Deploy-from-Artifact gestartet ==="
|
|
|
|
export PATH="/root/.nvm/versions/node/v24.11.1/bin:$PATH"
|
|
|
|
# 0. Sanity-Check: Artifact muss da sein
|
|
[[ -f "$ARTIFACT" ]] || { log_err "Artifact $ARTIFACT fehlt -- abort"; exit 1; }
|
|
|
|
# 1. Ziel-Verzeichnis sicherstellen
|
|
mkdir -p "${ADMIN_DIR}"
|
|
|
|
# 2. Artifact extrahieren -- atomisches mv
|
|
log "Step 1: Artifact extrahieren..."
|
|
rm -rf "${ADMIN_DIR}/.output-staging-new"
|
|
mkdir -p "${ADMIN_DIR}/.output-staging-new"
|
|
tar xzf "$ARTIFACT" -C "${ADMIN_DIR}/.output-staging-new"
|
|
|
|
# Sanity-Check: Nuxt-SSR-Server muss vorhanden sein
|
|
[[ -f "${ADMIN_DIR}/.output-staging-new/server/index.mjs" ]] || {
|
|
log_err "Ungueltiges Artifact -- server/index.mjs fehlt"
|
|
rm -rf "${ADMIN_DIR}/.output-staging-new"
|
|
exit 1
|
|
}
|
|
|
|
rm -rf "${ADMIN_DIR}/.output-staging"
|
|
mv "${ADMIN_DIR}/.output-staging-new" "${ADMIN_DIR}/.output-staging"
|
|
rm -f "$ARTIFACT"
|
|
log ".output-staging aktualisiert"
|
|
|
|
# 3. pm2 restart (oder erstmaliger Start via ecosystem)
|
|
log "Step 2: pm2 restart rebreak-admin-staging..."
|
|
"${PM2_BIN}" restart rebreak-admin-staging --update-env 2>/dev/null || \
|
|
"${PM2_BIN}" start "${REPO_ROOT}/ecosystem.config.js" --only rebreak-admin-staging
|
|
|
|
log "rebreak-admin-staging restarted"
|
|
|
|
# 4. pm2 save
|
|
"${PM2_BIN}" save 2>/dev/null || true
|
|
|
|
log "=== Admin Deploy erfolgreich ==="
|