#!/usr/bin/env bash set -euo pipefail [[ "${DEBUG_DEPLOY:-0}" = "1" ]] && set -x trap 'echo "[deploy-fx] error at line $LINENO" >&2' ERR if [[ $# -ne 1 ]]; then echo "usage: $(basename "$0") " >&2 exit 64 fi SERVICE="$1" : "${REMOTE_BASE:?missing REMOTE_BASE}" : "${SSH_USER:?missing SSH_USER}" : "${SSH_HOST:?missing SSH_HOST}" REMOTE_TARGET="${SSH_USER}@${SSH_HOST}" case "$SERVICE" in ingestor) : "${FX_INGESTOR_DIR:?missing FX_INGESTOR_DIR}" REMOTE_DIR="${REMOTE_BASE%/}/${FX_INGESTOR_DIR}" COMPOSE_PROJECT="${FX_INGESTOR_COMPOSE_PROJECT:-sendico-fx-ingestor}" COMPOSE_FILE="fx_ingestor.yml" SERVICE_NAMES="${FX_INGESTOR_SERVICE_NAME:-sendico_fx_ingestor}" REQUIRED_SECRETS=(FX_MONGO_USER FX_MONGO_PASSWORD) ;; oracle) : "${FX_ORACLE_DIR:?missing FX_ORACLE_DIR}" REMOTE_DIR="${REMOTE_BASE%/}/${FX_ORACLE_DIR}" COMPOSE_PROJECT="${FX_ORACLE_COMPOSE_PROJECT:-sendico-fx-oracle}" COMPOSE_FILE="fx_oracle.yml" SERVICE_NAMES="${FX_ORACLE_SERVICE_NAME:-sendico_fx_oracle}" REQUIRED_SECRETS=(FX_MONGO_USER FX_MONGO_PASSWORD NATS_USER NATS_PASSWORD FX_NATS_URL) ;; *) echo "unknown service: ${SERVICE}" >&2 exit 64 ;; esac for var in "${REQUIRED_SECRETS[@]}"; do if [[ -z "${!var:-}" ]]; then echo "missing required secret env: ${var}" >&2 exit 65 fi done if [[ ! -s .env.version ]]; then echo ".env.version is missing; run version step first" >&2 exit 66 fi b64enc() { printf '%s' "$1" | base64 | tr -d '\n' } FX_MONGO_USER_B64="$(b64enc "${FX_MONGO_USER}")" FX_MONGO_PASSWORD_B64="$(b64enc "${FX_MONGO_PASSWORD}")" FX_NATS_URL_B64="" NATS_USER_B64="" NATS_PASSWORD_B64="" if [[ -n "${FX_NATS_URL:-}" ]]; then FX_NATS_URL_B64="$(b64enc "${FX_NATS_URL}")" fi if [[ -n "${NATS_USER:-}" ]]; then NATS_USER_B64="$(b64enc "${NATS_USER}")" fi if [[ -n "${NATS_PASSWORD:-}" ]]; then NATS_PASSWORD_B64="$(b64enc "${NATS_PASSWORD}")" fi SSH_OPTS=( -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -q ) if [[ "${DEBUG_DEPLOY:-0}" = "1" ]]; then SSH_OPTS=("${SSH_OPTS[@]/-q/}" -vv) fi RSYNC_FLAGS=(-az --delete) [[ "${DEBUG_DEPLOY:-0}" = "1" ]] && RSYNC_FLAGS=(-avz --delete) ssh "${SSH_OPTS[@]}" "$REMOTE_TARGET" "mkdir -p ${REMOTE_DIR}/{compose,env}" rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" ci/prod/compose/ "$REMOTE_TARGET:${REMOTE_DIR}/compose/" rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" ci/prod/.env.runtime "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.runtime" rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" .env.version "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.version" SERVICES_LINE="${SERVICE_NAMES}" ssh "${SSH_OPTS[@]}" "$REMOTE_TARGET" \ REMOTE_DIR="$REMOTE_DIR" \ COMPOSE_FILE="$COMPOSE_FILE" \ COMPOSE_PROJECT="$COMPOSE_PROJECT" \ SERVICES_LINE="$SERVICES_LINE" \ FX_MONGO_USER_B64="$FX_MONGO_USER_B64" \ FX_MONGO_PASSWORD_B64="$FX_MONGO_PASSWORD_B64" \ FX_NATS_URL_B64="$FX_NATS_URL_B64" \ NATS_USER_B64="$NATS_USER_B64" \ NATS_PASSWORD_B64="$NATS_PASSWORD_B64" \ bash -s <<'EOSSH' set -euo pipefail cd "${REMOTE_DIR}/compose" set -a . ../env/.env.runtime load_kv_file() { file="$1" while IFS= read -r line || [ -n "$line" ]; do case "$line" in ''|\#*) continue ;; esac if printf '%s' "$line" | grep -Eq '^[[:alpha:]_][[:alnum:]_]*='; then eval "$line" fi done <"$file" } load_kv_file ../env/.env.version set +a if base64 -d >/dev/null 2>&1 <<<'AA=='; then BASE64_DECODE_FLAG='-d' else BASE64_DECODE_FLAG='--decode' fi decode_b64() { val="$1" if [[ -z "$val" ]]; then printf '' return fi printf '%s' "$val" | base64 "${BASE64_DECODE_FLAG}" } FX_MONGO_USER="$(decode_b64 "$FX_MONGO_USER_B64")" FX_MONGO_PASSWORD="$(decode_b64 "$FX_MONGO_PASSWORD_B64")" FX_NATS_URL="$(decode_b64 "${FX_NATS_URL_B64:-}")" NATS_USER="$(decode_b64 "${NATS_USER_B64:-}")" NATS_PASSWORD="$(decode_b64 "${NATS_PASSWORD_B64:-}")" export FX_MONGO_USER FX_MONGO_PASSWORD FX_NATS_URL NATS_USER NATS_PASSWORD COMPOSE_PROJECT_NAME="$COMPOSE_PROJECT" export COMPOSE_PROJECT_NAME read -r -a SERVICES <<<"${SERVICES_LINE}" pull_cmd=(docker compose -f "$COMPOSE_FILE" pull) up_cmd=(docker compose -f "$COMPOSE_FILE" up -d --remove-orphans) ps_cmd=(docker compose -f "$COMPOSE_FILE" ps) if [[ "${#SERVICES[@]}" -gt 0 ]]; then pull_cmd+=("${SERVICES[@]}") up_cmd+=("${SERVICES[@]}") ps_cmd+=("${SERVICES[@]}") fi "${pull_cmd[@]}" "${up_cmd[@]}" "${ps_cmd[@]}" date -Is > .last_deploy logger -t "deploy-${COMPOSE_PROJECT}" "${COMPOSE_PROJECT} deployed at $(date -Is) in ${REMOTE_DIR}" EOSSH