diff --git a/deploy_gsp.sh b/deploy_gsp.sh new file mode 100644 index 00000000..c4606de6 --- /dev/null +++ b/deploy_gsp.sh @@ -0,0 +1,122 @@ +#!/usr/bin/env bash +set -Eeuo pipefail +umask 022 + +# ---------- Config (override via env if you like) ---------- +REPO_URL="${REPO_URL:-https://github.com/GameServerPanel/GSP.git}" +STAGE_DIR="${STAGE_DIR:-$HOME/gsp_stage}" # keeps clone in your home folder +WEB_ROOT="${WEB_ROOT:-/var/www/html/panel}" # live site root +OWNER="${OWNER:-www-data}" +GROUP="${GROUP:-www-data}" +SUDO="${SUDO:-sudo}" # set SUDO= to skip sudo if not needed +DRY_RUN="${DRY_RUN:-0}" # set DRY_RUN=1 to test without writing + +# Never overwrite these: +EXCLUDES=( + ".git/" + "includes/config.inc.php" + "modules/billing/includes/config.inc.php" +) + +# ---------- Helpers ---------- +log(){ printf '[%s] %s\n' "$(date +'%F %T')" "$*"; } +trap 'rc=$?; log "ERROR on line $LINENO (exit $rc)"; exit $rc' ERR + +# ---------- Requirements ---------- +if ! command -v git >/dev/null 2>&1; then + log "Installing git + rsync..." + if command -v apt-get >/dev/null 2>&1; then + $SUDO apt-get update && $SUDO apt-get install -y git rsync + elif command -v dnf >/dev/null 2>&1; then + $SUDO dnf install -y git rsync + elif command -v yum >/dev/null 2>&1; then + $SUDO yum install -y git rsync + else + log "git/rsync required; please install manually." + exit 1 + fi +fi + +# ---------- Prepare stage clone in home folder ---------- +log "Stage dir: $STAGE_DIR" +mkdir -p "$STAGE_DIR" +if [[ ! -d "$STAGE_DIR/.git" ]]; then + log "Cloning $REPO_URL ..." + git clone --depth 1 "$REPO_URL" "$STAGE_DIR" +else + log "Fetching latest from origin..." + git -C "$STAGE_DIR" fetch --all --prune +fi + +# Determine default branch (origin/HEAD), fallback to main/master +DEFAULT_BRANCH="$(git -C "$STAGE_DIR" symbolic-ref --quiet --short refs/remotes/origin/HEAD 2>/dev/null || true)" +DEFAULT_BRANCH="${DEFAULT_BRANCH#origin/}" +if [[ -z "${DEFAULT_BRANCH:-}" ]]; then + if git -C "$STAGE_DIR" ls-remote --exit-code --heads origin main >/dev/null 2>&1; then + DEFAULT_BRANCH="main" + else + DEFAULT_BRANCH="master" + fi +fi +log "Default branch: $DEFAULT_BRANCH" + +# Reset stage to remote HEAD +git -C "$STAGE_DIR" checkout -B "$DEFAULT_BRANCH" "origin/$DEFAULT_BRANCH" +git -C "$STAGE_DIR" reset --hard "origin/$DEFAULT_BRANCH" +git -C "$STAGE_DIR" clean -fdx +COMMIT="$(git -C "$STAGE_DIR" rev-parse --short HEAD)" +log "Prepared commit: $COMMIT" + +# ---------- Rsync to webroot (preserve configs) ---------- +RSYNC_ARGS=(-a --delete --omit-dir-times --human-readable --progress --itemize-changes) +for e in "${EXCLUDES[@]}"; do RSYNC_ARGS+=(--exclude="$e"); done +if [[ "$DRY_RUN" == "1" ]]; then + RSYNC_ARGS+=(--dry-run) + log "DRY RUN enabled — no changes will be written." +fi + +log "Syncing to $WEB_ROOT ..." +$SUDO mkdir -p "$WEB_ROOT" +$SUDO rsync "${RSYNC_ARGS[@]}" "$STAGE_DIR"/ "$WEB_ROOT"/ + +# ---------- Permissions tuned for OGP panel ---------- +WEB_USER="${OWNER:-www-data}" +WEB_GROUP="${GROUP:-www-data}" + +log "Setting base permissions (OGP-safe)…" +# Base ownership +$SUDO chown -R "$OWNER:$GROUP" "$WEB_ROOT" + +# Safe defaults: dirs 755, files 644 (batched; no “arg list too long”) +$SUDO find "$WEB_ROOT" -type d -exec chmod 755 {} + +$SUDO find "$WEB_ROOT" -type f -exec chmod 644 {} + + +# Writable dirs for OGP +WRITABLE_NAMES="templates_c cache logs uploads storage tmp" +for name in $WRITABLE_NAMES; do + $SUDO find "$WEB_ROOT" -type d -name "$name" -print0 | while IFS= read -r -d '' d; do + log "Making writable dir: $d" + $SUDO chown -R "$OWNER:$GROUP" "$d" + $SUDO chmod -R 2775 "$d" + if command -v setfacl >/dev/null 2>&1; then + $SUDO setfacl -R -m g:$GROUP:rwx -m d:g:$GROUP:rwx "$d" || true + fi + done +done + +# Keep your configs tight (and preserved from rsync by the script’s excludes) +# If the panel needs to write them via web UI, relax to 660 and owner www-data. +CFG1="$WEB_ROOT/includes/config.inc.php" +CFG2="$WEB_ROOT/modules/billing/includes/config.inc.php" +for cfg in "$CFG1" "$CFG2"; do + if [[ -f "$cfg" ]]; then + $SUDO chown "$WEB_USER:$WEB_GROUP" "$cfg" + $SUDO chmod 640 "$cfg" + fi +done + +# Ensure billing folder itself is Apache-friendly (readable/executable) +$SUDO find "$WEB_ROOT/modules/billing" -type d -print0 | xargs -0 -r $SUDO chmod 755 +$SUDO find "$WEB_ROOT/modules/billing" -type f -print0 | xargs -0 -r $SUDO chmod 644 + +log "Permissions set for OGP panel + billing."