-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
80 lines (67 loc) · 2.75 KB
/
Makefile
File metadata and controls
80 lines (67 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
.PHONY: dev build test lint seed seed-prod crawl docker-build docker-up docker-down deploy backup clean
# Development
dev:
npm run dev
build:
npm run build
test:
npm test
lint:
npm run lint
# Database
seed:
npm run seed
seed-prod: build
npm run seed:prod
backup:
@mkdir -p backups
cp data/satrank.db "backups/satrank-$$(date +%Y%m%d-%H%M%S).db"
@echo "Backup saved to backups/"
# Crawler
crawl:
npm run crawl
# Docker
docker-build:
docker build \
--build-arg GIT_COMMIT=$$(git rev-parse --short HEAD 2>/dev/null || echo dev) \
--build-arg BUILD_DATE=$$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-t satrank:$$(git rev-parse --short HEAD 2>/dev/null || echo dev) \
-t satrank:latest .
docker-up: docker-build
GIT_COMMIT=$$(git rev-parse --short HEAD 2>/dev/null || echo dev) \
BUILD_DATE=$$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
docker compose up -d
docker-down:
docker compose down
# Deploy to VPS
# Usage: SATRANK_HOST=user@host REMOTE_DIR=/path/to/satrank make deploy
# Example: SATRANK_HOST=root@your.server REMOTE_DIR=/opt/satrank make deploy
#
# Exclusions live in .rsync-exclude (authoritative). DO NOT run ad-hoc rsync
# against prod — two incidents in 2026 (.env.production erased in Phase 7,
# probe-pay.macaroon erased in Phase 9) were caused by hand-typed excludes
# that missed entries. Always go through `make deploy`.
# See docs/DEPLOY.md for the full procedure.
deploy:
@test -n "$(SATRANK_HOST)" || (echo "ERROR: set SATRANK_HOST=user@host (ex: root@your.server)" && exit 1)
@test -n "$(REMOTE_DIR)" || (echo "ERROR: set REMOTE_DIR=/path/to/satrank (ex: /opt/satrank)" && exit 1)
@test -f .rsync-exclude || (echo "ERROR: .rsync-exclude missing — refusing to deploy without canonical exclusion list" && exit 1)
@# Stamp build-info.json with the current commit + UTC timestamp + package
@# version so /api/version reports real values after deploy. The file is
@# gitignored (volatile per deploy) and rsynced into the container so it
@# reaches both the builder stage and the runtime stage.
@printf '{"commit":"%s","buildDate":"%s","version":"%s"}\n' \
"$$(git rev-parse --short HEAD 2>/dev/null || echo dev)" \
"$$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
"$$(node -p "require('./package.json').version" 2>/dev/null || echo 0.0.0)" \
> build-info.json
rsync -avz --exclude-from=.rsync-exclude \
. $(SATRANK_HOST):$(REMOTE_DIR)/
# Audit M9: rsync preserves the local operator's UID by default, which
# mapped to UNKNOWN:staff on the server (no user with UID 501 exists).
# Force root:root ownership post-sync so the deploy never leaves files
# that another user with a matching UID could later modify.
ssh $(SATRANK_HOST) "chown -R root:root $(REMOTE_DIR) && chmod 600 $(REMOTE_DIR)/.env.production 2>/dev/null || true"
# Cleanup
clean:
rm -rf dist/ data/