Added deploy scripts for master/production

.github/workflows/deploy_production.yaml

@@ -0,0 +1,55 @@
+name: Deploy Staging to Server
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24.x'
+
+      - name: Install Templ
+        run: go install github.com/a-h/templ/cmd/templ@latest
+
+      - name: Install tailwindcsscli
+        run: |
+          curl -fsSL -o tailwindcss https://github.com/tailwindlabs/tailwindcss/releases/latest/download/tailwindcss-linux-x64
+          chmod +x tailwindcss
+          sudo mv tailwindcss /usr/local/bin/
+
+      - name: Run tests
+        run: make test
+
+      - name: Build the binary
+        run: make build SUFFIX=-production-$GITHUB_SHA
+
+      - name: Deploy to Server
+        env:
+          USER: deploy
+          HOST: projectreshoot.com
+          DIR: /home/deploy/releases/production
+          DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$DEPLOY_SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+
+          echo "Host *" > ~/.ssh/config
+          echo "  StrictHostKeyChecking no" >> ~/.ssh/config
+          echo "  UserKnownHostsFile /dev/null" >> ~/.ssh/config
+
+          ssh -i ~/.ssh/id_ed25519 $USER@$HOST mkdir -p $DIR
+
+          scp -i ~/.ssh/id_ed25519 projectreshoot-production-${GITHUB_SHA} $USER@$HOST:$DIR
+
+          ssh -i ~/.ssh/id_ed25519 $USER@$HOST 'bash -s' < ./deploy/deploy_production.sh $GITHUB_SHA

deploy/caddy/Caddyfile

@@ -0,0 +1,12 @@
+projectreshoot.com {
+    reverse_proxy localhost:3000 localhost:3001 localhost:3002 {
+        health_uri /healthz
+            fail_duration 30s
+    }
+}
+staging.projectreshoot.com {
+    reverse_proxy localhost:3005 localhost:3006 localhost:3007 {
+        health_uri /healthz
+            fail_duration 30s
+    }
+}

deploy/deploy_production.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# Exit on error
+set -e
+
+# Check if commit hash is passed as an argument
+if [ -z "$1" ]; then
+  echo "Usage: $0 <commit-hash>"
+  exit 1
+fi
+
+COMMIT_HASH=$1
+RELEASES_DIR="/home/deploy/releases/production"
+DEPLOY_BIN="/home/deploy/production/projectreshoot"
+SERVICE_NAME="projectreshoot"
+BINARY_NAME="projectreshoot-production-${COMMIT_HASH}"
+declare -a PORTS=("3000" "3001" "3002")
+
+# Check if the binary exists
+if [ ! -f "${RELEASES_DIR}/${BINARY_NAME}" ]; then
+  echo "Binary ${BINARY_NAME} not found in ${RELEASES_DIR}"
+  exit 1
+fi
+
+# Keep a reference to the previous binary from the symlink
+if [ -L "${DEPLOY_BIN}" ]; then
+  PREVIOUS=$(readlink -f $DEPLOY_BIN)
+  echo "Current binary is ${PREVIOUS}, saved for rollback."
+else
+  echo "No symbolic link found, no previous binary to backup."
+  PREVIOUS=""
+fi
+
+rollback_deployment() {
+  if [ -n "$PREVIOUS" ]; then
+    echo "Rolling back to previous binary: ${PREVIOUS}"
+    ln -sfn "${PREVIOUS}" "${DEPLOY_BIN}"
+  else
+    echo "No previous binary to roll back to."
+  fi
+
+  # wait to restart the services
+  sleep 10
+
+  # Restart all services with the previous binary
+  for port in "${PORTS[@]}"; do
+    SERVICE="${SERVICE_NAME}@${port}.service"
+    echo "Restarting $SERVICE..."
+    sudo systemctl restart $SERVICE
+  done
+
+  echo "Rollback completed."
+}
+
+# Copy the binary to the deployment directory
+echo "Promoting ${BINARY_NAME} to ${DEPLOY_BIN}..."
+ln -sf "${RELEASES_DIR}/${BINARY_NAME}" "${DEPLOY_BIN}"
+
+WAIT_TIME=5
+restart_service() {
+  local port=$1
+  local SERVICE="${SERVICE_NAME}@${port}.service"
+  echo "Restarting ${SERVICE}..."
+
+  # Restart the service
+  if ! sudo systemctl restart "$SERVICE"; then
+    echo "Error: Failed to restart ${SERVICE}. Rolling back deployment."
+
+    # Call the rollback function
+    rollback_deployment
+    exit 1
+  fi
+
+  # Wait a few seconds to allow the service to fully start
+  echo "Waiting for ${SERVICE} to fully start..."
+  sleep $WAIT_TIME
+
+  # Check the status of the service
+  if ! systemctl is-active --quiet "${SERVICE}"; then
+    echo "Error: ${SERVICE} failed to start correctly. Rolling back deployment."
+
+    # Call the rollback function
+    rollback_deployment
+    exit 1
+  fi
+
+  echo "${SERVICE}.service restarted successfully."
+}
+
+for port in "${PORTS[@]}"; do
+  restart_service $port
+done
+
+echo "Deployment completed successfully."

deploy/systemd/production.service

@@ -1,29 +0,0 @@
-[Unit]
-Description=Project Reshoot
-After=network.target
-
-[Service]
-ExecStart=/home/deploy/production/projectreshoot
-WorkingDirectory=/home/deploy/production
-User=deploy
-Group=deploy
-EnvironmentFile=/etc/env/projectreshoot.env
-Environment="HOST=127.0.0.1"
-Environment="PORT=3000"
-Environment="TRUSTED_HOST=projectreshoot.com"
-Environment="SSL=true"
-Environment="GZIP=true"
-Environment="LOG_LEVEL=info"
-Environment="LOG_OUTPUT=file"
-Environment="LOG_DIR=/home/deploy/production/logs"
-LimitNOFILE=65536
-Restart=on-failure
-TimeoutSec=30
-PrivateTmp=true
-NoNewPrivilages=true
-AmbientCapabilites=CAP_NET_BIND_SERVICE
-StandardOutput=journal
-StandardError=journal
-
-[Install]
-WantedBy=multi-user.target

deploy/systemd/production@.service

@@ -20,8 +20,6 @@ LimitNOFILE=65536
 Restart=on-failure
 TimeoutSec=30
 PrivateTmp=true
-NoNewPrivilages=true
-AmbientCapabilites=CAP_NET_BIND_SERVICE
 StandardOutput=journal
 StandardError=journal
 

deploy/systemd/staging.service

@@ -1,29 +0,0 @@
-[Unit]
-Description=Project Reshoot Staging
-After=network.target
-
-[Service]
-ExecStart=/home/deploy/staging/projectreshoot
-WorkingDirectory=/home/deploy/staging
-User=deploy
-Group=deploy
-EnvironmentFile=/etc/env/staging.projectreshoot.env
-Environment="HOST=127.0.0.1"
-Environment="PORT=3005"
-Environment="TRUSTED_HOST=staging.projectreshoot.com"
-Environment="SSL=true"
-Environment="GZIP=true"
-Environment="LOG_LEVEL=debug"
-Environment="LOG_OUTPUT=both"
-Environment="LOG_DIR=/home/deploy/staging/logs"
-LimitNOFILE=65536
-Restart=on-failure
-TimeoutSec=30
-PrivateTmp=true
-NoNewPrivilages=true
-AmbientCapabilites=CAP_NET_BIND_SERVICE
-StandardOutput=journal
-StandardError=journal
-
-[Install]
-WantedBy=multi-user.target