#!/bin/bash ## ## SAFE Full Project Deployment Script ## Uses .rsyncignore to exclude sensitive files ## ## WARNING: Only use this for initial deployment or major updates ## For regular deployments, use deploy-frontend.sh instead ## set -e # Colors GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m' DEPLOY_KEY="/home/theflow/.ssh/tractatus_deploy" REMOTE_USER="ubuntu" REMOTE_HOST="vps-93a693da.vps.ovh.net" REMOTE_PATH="/var/www/tractatus" PROJECT_ROOT="/home/theflow/projects/tractatus" echo -e "${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}" echo -e "${YELLOW} TRACTATUS FULL PROJECT DEPLOYMENT (SAFE MODE)${NC}" echo -e "${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}" echo "" echo -e "${GREEN}[1/4] PRE-DEPLOYMENT CHECKS${NC}" echo "" # Check if .rsyncignore exists if [ ! -f "$PROJECT_ROOT/.rsyncignore" ]; then echo -e "${RED}✗ ERROR: .rsyncignore not found!${NC}" echo "This file is required to prevent sensitive data deployment." echo "Expected location: $PROJECT_ROOT/.rsyncignore" exit 1 fi echo -e "${GREEN}✓ .rsyncignore found${NC}" # Check if local server is running (for testing verification) if ! lsof -i :9000 >/dev/null 2>&1; then echo -e "${RED}✗ WARNING: Local server not running on port 9000${NC}" echo "It's recommended to test changes locally before deployment." read -p "Continue anyway? (yes/NO): " continue_no_server if [ "$continue_no_server" != "yes" ]; then echo "Deployment cancelled. Start local server with: npm start" exit 1 fi else echo -e "${GREEN}✓ Local server running on port 9000${NC}" fi # Check for version parameter updates in HTML files echo "" echo "Checking version parameters in HTML files..." VERSION_FILES=$(grep -l "\.js?v=" public/*.html public/**/*.html 2>/dev/null || true) if [ -z "$VERSION_FILES" ]; then echo -e "${YELLOW}⚠ No version parameters found in HTML files${NC}" echo "Consider adding version parameters for cache busting (e.g., script.js?v=timestamp)" else echo -e "${GREEN}✓ Version parameters found in HTML files${NC}" OLDEST_VERSION=$(grep -oP 'v=\K\d+' public/*.html public/**/*.html 2>/dev/null | sort -n | head -1) NEWEST_VERSION=$(grep -oP 'v=\K\d+' public/*.html public/**/*.html 2>/dev/null | sort -n | tail -1) CURRENT_TIME=$(date +%s) if [ ! -z "$NEWEST_VERSION" ] && [ "$NEWEST_VERSION" -lt $(($CURRENT_TIME - 3600)) ]; then echo -e "${YELLOW}⚠ Newest version parameter is >1 hour old${NC}" echo " Newest: $NEWEST_VERSION" echo " Current time: $CURRENT_TIME" echo " Consider updating version parameters for new deployments" fi fi # Show excluded patterns echo "" echo -e "${GREEN}[2/4] SECURITY CHECK${NC}" echo "Excluded patterns from .rsyncignore:" head -20 "$PROJECT_ROOT/.rsyncignore" | grep -v "^#" | grep -v "^$" | sed 's/^/ - /' echo " ... (see .rsyncignore for full list)" echo "" # Confirm deployment echo -e "${GREEN}[3/4] DEPLOYMENT CONFIRMATION${NC}" echo -e "${YELLOW}WARNING: This will sync the ENTIRE project directory${NC}" echo "Source: $PROJECT_ROOT" echo "Destination: $REMOTE_USER@$REMOTE_HOST:$REMOTE_PATH" echo "" read -p "Continue? (yes/NO): " confirm if [ "$confirm" != "yes" ]; then echo "Deployment cancelled." exit 0 fi echo "" echo -e "${GREEN}Starting deployment...${NC}" echo "" # Dry run first echo -e "${YELLOW}Dry-run preview...${NC}" rsync -avzn --delete \ -e "ssh -i $DEPLOY_KEY" \ --exclude-from="$PROJECT_ROOT/.rsyncignore" \ "$PROJECT_ROOT/" \ "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_PATH}/" \ | tail -20 echo "" read -p "Dry-run complete. Proceed with actual deployment? (yes/NO): " confirm2 if [ "$confirm2" != "yes" ]; then echo "Deployment cancelled after dry-run." exit 0 fi # Actual deployment echo "" echo -e "${GREEN}[4/4] DEPLOYING TO PRODUCTION${NC}" rsync -avz --delete \ -e "ssh -i $DEPLOY_KEY" \ --exclude-from="$PROJECT_ROOT/.rsyncignore" \ "$PROJECT_ROOT/" \ "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_PATH}/" echo "" echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}" echo -e "${GREEN} DEPLOYMENT COMPLETE${NC}" echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}" echo "" echo "Next steps:" echo "1. Verify sensitive files NOT deployed:" echo " ssh -i $DEPLOY_KEY $REMOTE_USER@$REMOTE_HOST 'ls -la /var/www/tractatus/CLAUDE.md 2>/dev/null || echo NOT FOUND (good)'" echo "" echo "2. Restart server if needed:" echo " ssh -i $DEPLOY_KEY $REMOTE_USER@$REMOTE_HOST 'sudo systemctl restart tractatus'" echo "" echo "3. Test site: https://agenticgovernance.digital" echo ""