klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
18cea8b0f05df0a756748a4f6ebef21435143620
SkinbaseNova/docs/deployment.md

203 lines
7.8 KiB
Markdown
Raw Blame History

# Deployment
This repository uses a Bash-based production deploy flow.
## Normal deploy
Run the existing entrypoint:
```bash
bash sync.sh
```
If you launch `bash sync.sh` from WSL against this Windows checkout, the script will automatically run the frontend build with `npm.cmd` on Windows so Rollup/Vite use the correct optional native package set.
This will:
- build frontend assets locally with `npm run build`
- stage the new code into a versioned release directory on the production server
- run `composer install --no-dev` inside that staged release before switching traffic
- keep the fixed production app path pointed at the active release through a server-side `current` symlink
- bring the app down only for the short critical section that switches the active release and runs `php artisan migrate --force`, `php artisan optimize:clear`, and `php artisan optimize`
- bring the app back up immediately after that critical section finishes
- warm the guest homepage cache with `php artisan homepage:warm-guest-cache`
- warm the post trending cache with `php artisan posts:warm-trending`
- restart queue workers with `php artisan queue:restart`
This is now the low-downtime default path for normal code and feature deploys.
Each deploy generates a release ID automatically from UTC time and the local Git revision. Releases are retained under `REMOTE_RELEASE_ROOT/releases/<release-id>`, and production switches between them on the server by updating `REMOTE_RELEASE_ROOT/current`. The public/runtime path stays fixed at `REMOTE_FOLDER`, which is now treated as a stable symlink to the active release.
On the first deploy with this layout, the existing live folder is adopted into the release archive automatically and `REMOTE_FOLDER` is converted into that stable symlink path. After that, switching back to an older release does not require any local re-upload.
## Full upgrade
Use a full upgrade when the release also needs broad Meilisearch work or non-code service operations.
```bash
bash sync.sh --full-upgrade
```
Full-upgrade mode:
- keeps the normal deploy steps
- forces a full Meilisearch import for all searchable models unless you explicitly pass `--skip-meilisearch`
- allows optional remote upgrade hooks for service-level work
Example with service hooks:
```bash
bash sync.sh --full-upgrade \
--upgrade-pre-hook='sudo systemctl stop reverb' \
--upgrade-post-hook='sudo systemctl restart reverb meilisearch'
```
You can also provide those hooks through environment variables instead of CLI flags:
```bash
FULL_UPGRADE_PRE_HOOK='sudo systemctl stop reverb' \
FULL_UPGRADE_POST_HOOK='sudo systemctl restart reverb meilisearch' \
bash sync.sh --full-upgrade
```
## Deploy options
```bash
bash sync.sh --skip-build
bash sync.sh --skip-migrate
bash sync.sh --no-maintenance
bash sync.sh --mode=full-upgrade
bash sync.sh --keep-releases=8
bash sync.sh --release-id=release-2026-04-25
```
Environment overrides:
```bash
REMOTE_SERVER=user@example.com REMOTE_FOLDER=/var/www/app bash sync.sh
REMOTE_RELEASE_ROOT=/var/www/app.releases RELEASE_RETENTION=8 bash sync.sh
```
You can also override the local build command explicitly:
```bash
LOCAL_BUILD_COMMAND='npm run build' bash sync.sh
LOCAL_BUILD_COMMAND='pnpm build' bash sync.sh
```
Upgrade hooks can also be supplied via environment variables:
```bash
FULL_UPGRADE_PRE_HOOK='sudo systemctl stop reverb' bash sync.sh --full-upgrade
FULL_UPGRADE_POST_HOOK='sudo systemctl restart reverb meilisearch' bash sync.sh --full-upgrade
```
## Rollback and release history
List retained releases on production:
```bash
bash scripts/rollback-production.sh --list
```
Switch production to the previous retained release:
```bash
bash scripts/rollback-production.sh --previous
```
Switch production to a specific retained release:
```bash
bash scripts/rollback-production.sh --release-id=20260425-132455-a1b2c3d
```
Preview a release switch without changing the server:
```bash
bash scripts/rollback-production.sh --previous --dry-run
```
Operational notes:
- Rollback now means switching the active server release, not re-syncing files from local.
- Each retained release already contains its own code and vendor tree, so rollback is primarily a symlink switch plus cache refresh and `queue:restart`.
- Rollback does not reverse database migrations. If a release includes incompatible schema changes, handle the database separately.
- Release retention defaults to 5 releases and can be changed with `--keep-releases` or `RELEASE_RETENTION`.
- Release data lives outside the active app path by default at `REMOTE_FOLDER.releases`, so switching releases happens entirely on the production server.
## Replace production database from local
This is intentionally separate from a normal deploy because it overwrites production data.
```bash
bash scripts/push-db-to-prod.sh --force
```
Or combine it with deploy:
```bash
bash sync.sh --with-db-from=local
```
When run interactively, the deploy script will ask you to confirm the exact remote server and type a confirmation phrase before replacing production data.
For non-interactive use, pass both confirmations explicitly:
```bash
bash sync.sh --with-db-from=local \
--confirm-db-sync-target=klevze@server3.klevze.si \
--confirm-db-sync-phrase='replace production db from local'
```
Legacy compatibility still exists for:
```bash
bash sync.sh --with-db --force-db-sync
```
But the safer `--with-db-from=local` flow should be preferred.
The database sync script will:
- read local DB credentials from the local `.env`
- create a local `mysqldump` export
- upload the dump to the production server
- create a backup of the current production database under `storage/app/deploy-backups`
- import the local dump into the production database
- run `php artisan migrate --force` unless `--skip-migrate` is passed
If you run the deploy from WSL while your local MySQL server is running on Windows with `DB_HOST=127.0.0.1` or `localhost`, the DB sync script will automatically use Windows `mysqldump.exe` so it can still reach the local database.
You can override the dump command explicitly if needed:
```bash
LOCAL_MYSQLDUMP_COMMAND='mysqldump --host=10.0.0.5 --port=3306 --user=app dbname' bash scripts/push-db-to-prod.sh --force
```
## Safety notes
- Normal deployments should use `bash sync.sh` without `--with-db`.
- Use `bash sync.sh --full-upgrade` only when the release also includes Meilisearch-wide refreshes or remote service changes.
- Use database replacement only for first-time bootstrap, staging, or an intentional full production reset.
- Use `bash scripts/rollback-production.sh --previous` for a fast server-side release switch when the last deploy needs to be reverted.
- Route caching now runs through `php artisan optimize` in deploy automation; if that starts failing again, fix the route definitions instead of dropping route caching from deploy.
## Nginx upstream error pages
Laravel now owns the Nova-style HTML error pages for normal application responses, but true upstream failures such as `502 Bad Gateway` and `504 Gateway Timeout` still have to be handled by nginx because PHP/FPM is unavailable in that state.
The repo includes a ready-to-include snippet at `deploy/nginx/upstream-error-pages.conf` and the matching static page at `public/errors/upstream-gateway.html`.
To enable it on production:
1. Include the snippet inside the Skinbase `server {}` block.
2. Add `fastcgi_intercept_errors on;` to every FastCGI location that should use the static fallback.
3. Keep the static file available in the live public path so nginx can serve it without Laravel.
On the current `skinbase.top` vhost, the required FastCGI locations are:
- `location ^~ /api/uploads/`
- `location = /index.php`
This intentionally intercepts only `502` and `504`, so Laravel remains responsible for normal `404`, `419`, `429`, `500`, and `503` rendering when the application is actually running.
Reference in New Issue View Git Blame Copy Permalink