From 30c22d2f0ce21a9c8e5f030faff979d57a8f9434 Mon Sep 17 00:00:00 2001
From: DEV-bot <dev-no-reply@weircon.dk>
Date: Sat, 28 Feb 2026 16:06:58 +0000
Subject: [PATCH] fix(staging): enforce writable app ownership during deploy

---
 infra/staging/deploy_staging.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/infra/staging/deploy_staging.sh b/infra/staging/deploy_staging.sh
index fcc142a..daca091 100755
--- a/infra/staging/deploy_staging.sh
+++ b/infra/staging/deploy_staging.sh
@@ -17,6 +17,7 @@ RELEASES_DIR=/opt/wpp-staging/releases
 CANDIDATE_DIR="${RELEASES_DIR}/src"
 APP_DIR=/opt/wpp-staging/app
 
+install -d -m 0755 -o wpp -g wpp "${RELEASES_DIR}" "${APP_DIR}"
 mkdir -p "${CANDIDATE_DIR}"
 cd "${RELEASES_DIR}"
 curl -fsSL "${ARCHIVE_URL}" -o app.tar.gz
@@ -58,9 +59,11 @@ runuser -u wpp -- .venv/bin/python manage.py shell -c "from django.conf import s
 runuser -u wpp -- .venv/bin/python manage.py migrate --noinput
 
 # Promote candidate only after migrations succeed (issue #130): avoid code/schema drift after failed deploy.
-rm -rf "${APP_DIR}"/*
+# Use find instead of rm "${APP_DIR}"/* to reliably remove dotfiles between deploys.
+find "${APP_DIR}" -mindepth 1 -maxdepth 1 -exec rm -rf -- {} +
 cp -a "${CANDIDATE_DIR}"/. "${APP_DIR}/"
 chown -R wpp:wpp "${APP_DIR}"
+runuser -u wpp -- test -w "${APP_DIR}"
 
 systemctl restart wpp-staging.service
 curl -fsS http://127.0.0.1:8000/healthz
-- 
2.39.5