#!/usr/bin/env bash set -euo pipefail cd "$(dirname "$0")/.." ENV_SOURCE="/opt/job-tracker/shared/.env" ENV_TARGET=".env" if [ ! -f "$ENV_SOURCE" ]; then echo "Missing shared env file at $ENV_SOURCE" exit 1 fi # Keep runtime secrets outside the repo checkout so workflow uploads cannot wipe them. ln -snf "$ENV_SOURCE" "$ENV_TARGET" if [ ! -L "$ENV_TARGET" ] && [ ! -f "$ENV_TARGET" ]; then echo "Failed to link deployment env file into $(pwd)/$ENV_TARGET" exit 1 fi export APP_VERSION="${APP_VERSION:-0.0.0}" export APP_COMMIT_SHA="${APP_COMMIT_SHA:-unknown}" export APP_BUILD_STAMP="${APP_BUILD_STAMP:-unknown}" export DEPLOY_BUILD_AI_SERVICE="${DEPLOY_BUILD_AI_SERVICE:-false}" compose() { docker compose "$@" } build_core_with_recovery() { if compose build backend frontend; then return 0 fi echo "docker compose build for core services failed. Attempting one cleanup + retry because layer extraction can fail on constrained hosts." docker builder prune -af >/dev/null 2>&1 || true docker system prune -f >/dev/null 2>&1 || true compose build --no-cache backend frontend } build_ai_with_recovery() { if compose build ai-service; then return 0 fi echo "docker compose build for ai-service failed. Attempting one cleanup + retry because layer extraction can fail on constrained hosts." docker image rm -f app-ai-service:latest 2>/dev/null || true docker builder prune -af >/dev/null 2>&1 || true docker system prune -f >/dev/null 2>&1 || true compose build --no-cache ai-service } compose pull || true build_core_with_recovery if [ "$DEPLOY_BUILD_AI_SERVICE" = "true" ]; then build_ai_with_recovery else echo "Skipping ai-service rebuild during deploy (set DEPLOY_BUILD_AI_SERVICE=true to rebuild it)." fi # Force recreation so updated port mappings, env vars, and container config always apply on deploy. compose up -d --force-recreate --remove-orphans backend frontend if [ "$DEPLOY_BUILD_AI_SERVICE" = "true" ]; then compose up -d --force-recreate ai-service ollama fi if [ -n "${OLLAMA_MODEL:-}" ]; then echo "Post-deploy Ollama warmup enabled for model: ${OLLAMA_MODEL}" ./scripts/start-ollama-cv.sh fi sleep 5 compose ps backend_status="$(compose ps backend --format '{{.State}}' 2>/dev/null | head -n 1 | tr '[:upper:]' '[:lower:]')" if [ "$backend_status" != "running" ]; then echo "Backend service is not healthy after deploy (state: ${backend_status:-unknown})." compose logs --tail=200 backend || true exit 1 fi ai_status="$(compose ps ai-service --format '{{.State}}' 2>/dev/null | head -n 1 | tr '[:upper:]' '[:lower:]')" if [ "$ai_status" != "running" ]; then echo "AI service is not healthy after deploy (state: ${ai_status:-unknown}). Continuing because AI is not a deploy gate for the core app." compose logs --tail=200 ai-service || true fi if [ -n "${APP_PUBLIC_BASE_URL:-}" ]; then public_base="${APP_PUBLIC_BASE_URL%/}" auth_config_body_file="$(mktemp)" auth_config_headers_file="$(mktemp)" cleanup_public_check() { rm -f "$auth_config_body_file" "$auth_config_headers_file" } trap cleanup_public_check EXIT echo "Running public smoke check against ${public_base}" if ! curl -fsS "${public_base}/" >/dev/null; then echo "Public frontend check failed for ${public_base}/" exit 1 fi if ! curl -fsS -D "$auth_config_headers_file" -o "$auth_config_body_file" "${public_base}/api/auth/config"; then echo "Public API smoke check failed for ${public_base}/api/auth/config" exit 1 fi content_type="$(awk 'BEGIN{IGNORECASE=1} /^content-type:/ {print $2}' "$auth_config_headers_file" | tr -d '\r' | tail -n 1)" if [[ "$content_type" != application/json* ]]; then echo "Public API smoke check returned unexpected content type: ${content_type:-missing}" echo "First bytes of response:" head -c 200 "$auth_config_body_file" || true exit 1 fi if ! grep -q 'requireAuth' "$auth_config_body_file"; then echo "Public API smoke check returned JSON without requireAuth." cat "$auth_config_body_file" exit 1 fi trap - EXIT cleanup_public_check fi # Clean up old legacy container name if it still exists from pre-rename deployments. docker rm -f app-summarizer-1 2>/dev/null || true echo "Deployment complete: ${APP_VERSION} ${APP_COMMIT_SHA}"