infra/staging/deploy_staging.sh

@@ -17,6 +17,7 @@ RELEASES_DIR=/opt/wpp-staging/releases
 CANDIDATE_DIR="${RELEASES_DIR}/src"
 APP_DIR=/opt/wpp-staging/app
 
+install -d -m 0755 -o wpp -g wpp "${RELEASES_DIR}" "${APP_DIR}"
 mkdir -p "${CANDIDATE_DIR}"
 cd "${RELEASES_DIR}"
 curl -fsSL "${ARCHIVE_URL}" -o app.tar.gz
@@ -58,9 +59,11 @@ runuser -u wpp -- .venv/bin/python manage.py shell -c "from django.conf import s
 runuser -u wpp -- .venv/bin/python manage.py migrate --noinput
 
 # Promote candidate only after migrations succeed (issue #130): avoid code/schema drift after failed deploy.
-rm -rf "${APP_DIR}"/*
+# Use find instead of rm "${APP_DIR}"/* to reliably remove dotfiles between deploys.
+find "${APP_DIR}" -mindepth 1 -maxdepth 1 -exec rm -rf -- {} +
 cp -a "${CANDIDATE_DIR}"/. "${APP_DIR}/"
 chown -R wpp:wpp "${APP_DIR}"
+runuser -u wpp -- test -w "${APP_DIR}"
 
 systemctl restart wpp-staging.service
 curl -fsS http://127.0.0.1:8000/healthz