forked from GrapheneOS/AttestationServer
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy-static
executable file
·60 lines (47 loc) · 2.18 KB
/
deploy-static
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
set -o errexit -o nounset -o pipefail
shopt -s extglob
touch lock
exec {fd}< lock
if ! flock -n $fd; then
echo already processing/deploying static files >&2
exit 1
fi
./process-static $fd
remote=root@attestation.app
# use last modified timestamps from attestation.app
rsync -rptcv --chmod=D755,F644 --delete --fsync --preallocate $remote:/srv/attestation.app/ static-production
rsync -pcv --chmod=D755,F644 --fsync --preallocate static-production/sitemap.xml{,.gz,.br} static-tmp/
rsync -rpcv --chmod=D755,F644 --delete --fsync --preallocate static-tmp/ static-production
for f in static-production/**.*(br|gz); do
touch -r "${f%.*}" "$f"
done
changed="$(./generate-sitemap)"
xmllint --noblanks static-tmp/sitemap.xml --output static-tmp/sitemap.xml
brotli -f static-tmp/sitemap.xml
zopfli static-tmp/sitemap.xml
rsync -pcv --chmod=D755,F644 --fsync --preallocate static-tmp/sitemap.xml{,.gz,.br} static-production/
active=$(ssh $remote readlink /srv/attestation.app)
if [[ $active = /srv/attestation.app_a ]]; then
target=/srv/attestation.app_b
else
target=/srv/attestation.app_a
fi
echo active is $active
echo target is $target
echo
ssh $remote "rm -rf $target && cp -a $active $target"
rsync -rpcv --chmod=D755,F644 --delete --fsync --preallocate static-production/ $remote:$target
ssh $remote "ln -snf $target /srv/attestation.app && sync /srv/attestation.app"
echo "root $target;" > nginx-tmp/root_attestation.app.conf
rsync -rpcv --chmod=D755,F644 --delete --fsync --preallocate nginx-tmp/{nginx.conf,mime.types,root_attestation.app.conf,snippets} $remote:/etc/nginx/
ssh $remote nginx -s reload
echo
echo active is now $target
rsync -pcv --chmod=755 --fsync --preallocate remote-backup $remote:/usr/local/bin/
rsync -pcv --chmod=644 --fsync --preallocate systemd/system/remote-backup.timer $remote:/etc/systemd/system/remote-backup.timer
rsync -pcv --chmod=644 --fsync --preallocate systemd/system/remote-backup.service $remote:/etc/systemd/system/remote-backup.service
rsync -pcv --chmod=644 --chown attestation:attestation --fsync --preallocate backup-public-key.txt cloud-archive.sh $remote:/var/lib/attestation/
if [[ -n "$changed" ]]; then
./indexnow <<< "$changed"
fi