wpp/weirsoe-party-protocol
8
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(staging): enforce writable app ownership during deploy
All checks were successful
CI / test-and-quality (push) Successful in 1m37s
Details
CI / test-and-quality (pull_request) Successful in 1m38s
Details

Browse Source
This commit is contained in:
DEV-bot
2026-02-28 16:06:58 +00:00
parent 30e3f1c77f
commit 30c22d2f0c
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
infra/staging/deploy_staging.sh
View File

@@ -17,6 +17,7 @@ RELEASES_DIR=/opt/wpp-staging/releases
CANDIDATE_DIR="${RELEASES_DIR}/src"
APP_DIR=/opt/wpp-staging/app
install -d -m 0755 -o wpp -g wpp "${RELEASES_DIR}" "${APP_DIR}"
mkdir -p "${CANDIDATE_DIR}"
cd "${RELEASES_DIR}"
curl -fsSL "${ARCHIVE_URL}" -o app.tar.gz
@@ -58,9 +59,11 @@ runuser -u wpp -- .venv/bin/python manage.py shell -c "from django.conf import s
runuser -u wpp -- .venv/bin/python manage.py migrate --noinput
# Promote candidate only after migrations succeed (issue #130): avoid code/schema drift after failed deploy.
rm -rf "${APP_DIR}"/*
# Use find instead of rm "${APP_DIR}"/* to reliably remove dotfiles between deploys.
find "${APP_DIR}" -mindepth 1 -maxdepth 1 -exec rm -rf -- {} +
cp -a "${CANDIDATE_DIR}"/. "${APP_DIR}/"
chown -R wpp:wpp "${APP_DIR}"
runuser -u wpp -- test -w "${APP_DIR}"
systemctl restart wpp-staging.service
curl -fsS http://127.0.0.1:8000/healthz