Fix CI/CD deploy for the new server#142
Merged
Merged
Conversation
The old VPS died; the new server uses a different layout, user, and path. Rework the deploy workflow to match it: - Build on the GitHub runner (npm ci && npm run build) instead of pulling and building on the server. No server-side Node/git needed. - rsync the built dist/ to /srv/apps/sovereinia/guia/ (nginx serves it live as static files, so no nginx restart). - Deploy as the new least-privilege `deploy` user (no sudo, owns only the guia serving dir) using a dedicated SSH deploy key (SSH_PRIVATE_KEY). - Add a post-deploy smoke test against https://sovereinia.org/guia/. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The old VPS died and the site moved to a new server with a different user, path, and deploy model. The existing
Deploy to VMworkflow targeted the old box (guiauser,/var/www/sovereinia/guia, server-sidegit pull+ build), so deploys would fail.What changed
Reworked
.github/workflows/deploy-to-vm.ymlto the new layout:npm ci && npm run build) instead of pulling/building on the server — no server-side Node or git checkout needed.dist/→/srv/apps/sovereinia/guia/, which nginx serves live as static files (Vitebase: '/guia/'). No nginx restart.deployuser (no sudo, owns only the guia serving dir) using a dedicated SSH deploy key stored in theSSH_PRIVATE_KEYsecret. If that key leaks it can only overwrite the guide files — not run root commands.https://sovereinia.org/guia/.Verification
Triggered via
workflow_dispatchon this branch — full run green (build → rsync → smoke test 200). Confirmed on the server the files were rewritten by thedeployuser with fresh content hashes. Run: https://github.com/Sovereinia/guia/actions/runs/27075223594Notes
deployuser, itsauthorized_keys, directory ownership, and the updatedSSH_PRIVATE_KEYsecret).SSH_PASSPHRASEsecret is now unused and can be deleted.mainwill trigger a real push-deploy.🤖 Generated with Claude Code