Allow heading tags (h1-h6) in ContentSanitizer so news editor headings render
This commit is contained in:
@@ -44,6 +44,7 @@ healthcheck_url="${HEALTHCHECK_URL:-}"
|
||||
deploy_rollback="${DEPLOY_ROLLBACK:-1}"
|
||||
reload_php_fpm="${RELOAD_PHP_FPM:-0}"
|
||||
php_fpm_service="${PHP_FPM_SERVICE:-php8.4-fpm}"
|
||||
ssr_supervisor_program="${SSR_SUPERVISOR_PROGRAM:-skinbase-ssr}"
|
||||
require_clean_git="${REQUIRE_CLEAN_GIT:-0}"
|
||||
required_git_branch="${REQUIRED_GIT_BRANCH:-}"
|
||||
db_sync_remote_maintenance=0
|
||||
@@ -97,6 +98,7 @@ Environment overrides:
|
||||
PHP_BIN, COMPOSER_BIN, SSH_BIN, RSYNC_BIN, LOCAL_BUILD_COMMAND, LOCAL_TEST_COMMAND,
|
||||
DB_SYNC_CONFIRM_TARGET, DB_SYNC_CONFIRM_PHRASE, RELEASE_RETENTION, RELEASE_ID,
|
||||
REMOTE_SHARED_STORAGE_EXCLUDES, HEALTHCHECK_URL, DEPLOY_ROLLBACK,
|
||||
SSR_SUPERVISOR_PROGRAM,
|
||||
RELOAD_PHP_FPM, PHP_FPM_SERVICE, REQUIRE_CLEAN_GIT, REQUIRED_GIT_BRANCH,
|
||||
ALLOW_DEPLOY_FROM_DOT_DEPLOY, FULL_UPGRADE_PRE_HOOK, FULL_UPGRADE_POST_HOOK
|
||||
EOF_USAGE
|
||||
@@ -232,6 +234,7 @@ run_preflight_checks() {
|
||||
validate_boolean_flag "$deploy_rollback" "Deploy rollback"
|
||||
validate_boolean_flag "$reload_php_fpm" "PHP-FPM reload"
|
||||
validate_boolean_flag "$require_clean_git" "Require clean Git"
|
||||
[[ -n "$ssr_supervisor_program" ]] || die "SSR_SUPERVISOR_PROGRAM cannot be empty."
|
||||
determine_release_id
|
||||
validate_release_id "$release_id"
|
||||
guard_git_state
|
||||
@@ -315,6 +318,7 @@ build_rsync_args() {
|
||||
--exclude "public/sitemaps/"
|
||||
--exclude "node_modules"
|
||||
--exclude "public/files/"
|
||||
--exclude "public/storage"
|
||||
--exclude "resources/lang/"
|
||||
--exclude "storage/"
|
||||
--exclude ".git/"
|
||||
@@ -615,6 +619,9 @@ link_shared_paths() {
|
||||
|
||||
rm -rf "$target_release/var/php-sessions"
|
||||
ln -sfn "${REMOTE_SHARED_ROOT}/var/php-sessions" "$target_release/var/php-sessions"
|
||||
|
||||
rm -rf "$target_release/public/storage"
|
||||
ln -sfn "${REMOTE_SHARED_ROOT}/storage/app/public" "$target_release/public/storage"
|
||||
}
|
||||
|
||||
ensure_dir "${REMOTE_RELEASE_ROOT}/releases" "${REMOTE_RELEASE_ROOT}/deployments" "$REMOTE_SHARED_ROOT"
|
||||
@@ -925,6 +932,7 @@ log_step "Running remote Composer and release switch steps"
|
||||
RUN_REMOTE_MIGRATIONS="$run_remote_migrations" \
|
||||
SKIP_MAINTENANCE="$skip_maintenance" \
|
||||
SKIP_SSR_RESTART="$skip_ssr_restart" \
|
||||
SSR_SUPERVISOR_PROGRAM="$(printf '%q' "$ssr_supervisor_program")" \
|
||||
DEPLOY_MODE="$(printf '%q' "$deploy_mode")" \
|
||||
RUN_MEILISEARCH_SETUP="$run_meilisearch_setup" \
|
||||
FULL_UPGRADE_PRE_HOOK="$(printf '%q' "$full_upgrade_pre_hook")" \
|
||||
@@ -1100,6 +1108,9 @@ link_shared_paths() {
|
||||
|
||||
rm -rf "$target_release/var/php-sessions"
|
||||
ln -sfn "${REMOTE_SHARED_ROOT}/var/php-sessions" "$target_release/var/php-sessions"
|
||||
|
||||
rm -rf "$target_release/public/storage"
|
||||
ln -sfn "${REMOTE_SHARED_ROOT}/storage/app/public" "$target_release/public/storage"
|
||||
}
|
||||
|
||||
current_release_id() {
|
||||
@@ -1180,12 +1191,92 @@ run_health_check() {
|
||||
curl -fsS --max-time 15 --retry 3 --retry-delay 2 "$HEALTHCHECK_URL" >/dev/null
|
||||
}
|
||||
|
||||
repair_release_permissions_for_deletion() {
|
||||
local target_path="$1"
|
||||
local current_user
|
||||
local current_group
|
||||
|
||||
[[ -e "$target_path" ]] || return 0
|
||||
|
||||
current_user="$(id -un)"
|
||||
current_group="$(id -gn)"
|
||||
|
||||
find "$target_path" -mindepth 0 -user "$current_user" -exec chmod u+rwX {} + 2>/dev/null || true
|
||||
find "$target_path" -mindepth 0 -group "$current_group" -exec chmod g+rwX {} + 2>/dev/null || true
|
||||
chmod u+rwx "$target_path" >/dev/null 2>&1 || true
|
||||
chmod g+rwx "$target_path" >/dev/null 2>&1 || true
|
||||
}
|
||||
|
||||
find_release_delete_blocked_path() {
|
||||
local target_path="$1"
|
||||
local delete_output="$2"
|
||||
local blocked_path=""
|
||||
|
||||
blocked_path="$(printf '%s\n' "$delete_output" | sed -n "s/^rm: cannot [^']*'\([^']*\)': Permission denied$/\1/p" | head -n 1)"
|
||||
|
||||
if [[ -n "$blocked_path" && -e "$blocked_path" ]]; then
|
||||
printf '%s' "$blocked_path"
|
||||
return 0
|
||||
fi
|
||||
|
||||
blocked_path="$(find "$target_path" -mindepth 0 \( ! -writable -o ! -executable \) -print 2>/dev/null | head -n 1)"
|
||||
printf '%s' "$blocked_path"
|
||||
}
|
||||
|
||||
remove_release_with_retry() {
|
||||
local target_path="$1"
|
||||
local delete_output=""
|
||||
|
||||
if delete_output="$(rm -rf -- "$target_path" 2>&1)"; then
|
||||
RELEASE_DELETE_ERROR=""
|
||||
return 0
|
||||
fi
|
||||
|
||||
repair_release_permissions_for_deletion "$target_path"
|
||||
|
||||
if delete_output="$(rm -rf -- "$target_path" 2>&1)"; then
|
||||
RELEASE_DELETE_ERROR=""
|
||||
return 0
|
||||
fi
|
||||
|
||||
if command -v sudo >/dev/null 2>&1 && sudo -n true >/dev/null 2>&1; then
|
||||
if delete_output="$(sudo -n rm -rf -- "$target_path" 2>&1)"; then
|
||||
RELEASE_DELETE_ERROR=""
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
RELEASE_DELETE_ERROR="$delete_output"
|
||||
return 1
|
||||
}
|
||||
|
||||
resolve_ssr_supervisor_target() {
|
||||
local preferred_program="${SSR_SUPERVISOR_PROGRAM:-skinbase-ssr}"
|
||||
local detected_program=""
|
||||
|
||||
if supervisorctl status "$preferred_program" >/dev/null 2>&1; then
|
||||
printf '%s' "$preferred_program"
|
||||
return 0
|
||||
fi
|
||||
|
||||
detected_program="$(supervisorctl status 2>/dev/null | awk 'tolower($1) ~ /(ssr|inertia)/ { print $1; exit }')"
|
||||
|
||||
if [[ -n "$detected_program" ]]; then
|
||||
printf '%s' "$detected_program"
|
||||
return 0
|
||||
fi
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
prune_old_releases() {
|
||||
local -a releases=()
|
||||
local current_release
|
||||
local prune_count
|
||||
local release_name
|
||||
local blocked_path=""
|
||||
local blocked_details="details=unavailable"
|
||||
local delete_output=""
|
||||
|
||||
mapfile -t releases < <(find "${REMOTE_RELEASE_ROOT}/releases" -mindepth 1 -maxdepth 1 -type d -printf '%T@ %p\n' | sort -n | awk '{print $2}')
|
||||
current_release="$(current_release_id)"
|
||||
@@ -1196,16 +1287,18 @@ prune_old_releases() {
|
||||
|
||||
prune_count=$(( ${#releases[@]} - RELEASE_RETENTION ))
|
||||
for (( i=0; i<${#releases[@]} && prune_count>0; i++ )); do
|
||||
if [[ "$(basename "${releases[$i]}")" == "$current_release" ]]; then
|
||||
release_name="$(basename "${releases[$i]}")"
|
||||
|
||||
if [[ "$release_name" == "$current_release" ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
if rm -rf "${releases[$i]}" 2>/dev/null; then
|
||||
rm -f "${REMOTE_RELEASE_ROOT}/deployments/$(basename "${releases[$i]}").json"
|
||||
if remove_release_with_retry "${releases[$i]}"; then
|
||||
rm -f "${REMOTE_RELEASE_ROOT}/deployments/${release_name}.json"
|
||||
else
|
||||
rm -rf "${releases[$i]}" 2>&1 | grep -v 'Permission denied' || true
|
||||
rm -f "${REMOTE_RELEASE_ROOT}/deployments/$(basename "${releases[$i]}").json" 2>/dev/null || true
|
||||
blocked_path="$(find "${releases[$i]}" -mindepth 0 \( ! -user "$(id -un)" -o ! -group "$(id -gn)" \) -print 2>/dev/null | head -n 1)"
|
||||
delete_output="${RELEASE_DELETE_ERROR:-}"
|
||||
printf '%s\n' "$delete_output" | grep -v 'Permission denied' || true
|
||||
blocked_path="$(find_release_delete_blocked_path "${releases[$i]}" "$delete_output")"
|
||||
|
||||
if [[ -n "$blocked_path" ]]; then
|
||||
if command -v stat >/dev/null 2>&1; then
|
||||
@@ -1215,7 +1308,7 @@ prune_old_releases() {
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "WARNING: Could not fully remove old release ${releases[$i]} (permission denied on some files). ${blocked_details}. Manual cleanup may be needed." >&2
|
||||
echo "WARNING: Could not fully remove old release ${releases[$i]} after retry. ${blocked_details}. Manual cleanup may be needed." >&2
|
||||
fi
|
||||
prune_count=$(( prune_count - 1 ))
|
||||
done
|
||||
@@ -1267,6 +1360,9 @@ log_step "Refreshing caches"
|
||||
"$PHP_BIN" artisan optimize
|
||||
"$PHP_BIN" artisan view:cache
|
||||
|
||||
log_step "Ensuring public/storage symlink"
|
||||
"$PHP_BIN" artisan storage:link --force || true
|
||||
|
||||
if [[ "$SKIP_MAINTENANCE" -eq 0 ]]; then
|
||||
log_step "Bringing application back online"
|
||||
"$PHP_BIN" artisan up
|
||||
@@ -1299,13 +1395,19 @@ if [[ "${SKIP_SSR_RESTART:-0}" -eq 0 ]]; then
|
||||
}
|
||||
|
||||
if command -v supervisorctl >/dev/null 2>&1; then
|
||||
if supervisorctl status skinbase-ssr >/dev/null 2>&1; then
|
||||
supervisorctl restart skinbase-ssr || {
|
||||
log_warn "supervisorctl restart skinbase-ssr failed — falling back to artisan SSR restart."
|
||||
ssr_supervisor_target="$(resolve_ssr_supervisor_target || true)"
|
||||
|
||||
if [[ -n "$ssr_supervisor_target" ]]; then
|
||||
if [[ "$ssr_supervisor_target" != "${SSR_SUPERVISOR_PROGRAM:-skinbase-ssr}" ]]; then
|
||||
printf ' -> Using detected Supervisor program: %s\n' "$ssr_supervisor_target"
|
||||
fi
|
||||
|
||||
supervisorctl restart "$ssr_supervisor_target" || {
|
||||
log_warn "supervisorctl restart ${ssr_supervisor_target} failed — falling back to artisan SSR restart."
|
||||
restart_ssr_with_artisan || log_warn "artisan SSR restart failed — SSR server may need a manual restart."
|
||||
}
|
||||
else
|
||||
log_warn "Supervisor program 'skinbase-ssr' not found — falling back to artisan SSR restart."
|
||||
log_warn "Supervisor program '${SSR_SUPERVISOR_PROGRAM:-skinbase-ssr}' not found — falling back to artisan SSR restart. Set SSR_SUPERVISOR_PROGRAM if the server uses a different name."
|
||||
restart_ssr_with_artisan || log_warn "artisan SSR restart failed — add deploy/supervisor/skinbase-ssr.conf to /etc/supervisor/conf.d/ and run 'supervisorctl reread && supervisorctl update'."
|
||||
fi
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user