proxmox/scripts/deployment/sync-sankofa-public-web-to-ct.sh

#!/usr/bin/env bash
# Sync Sankofa repo-root Next.js app (corporate / marketing site) to a dedicated LXC for apex sankofa.nexus.
# Does not run NextAuth portal setup — use sync-sankofa-portal-7801.sh for client SSO on portal.sankofa.nexus.
#
# Prerequisites: SSH root@PROXMOX_HOST; sibling repo at ../Sankofa (root package.json + src/app + public/).
# On the CT: install systemd unit config/systemd/sankofa-public-web.service → /etc/systemd/system/ and enable.
#
# Usage:
#   ./scripts/deployment/sync-sankofa-public-web-to-ct.sh [--dry-run]
# Env:
#   PROXMOX_HOST, SANKOFA_PUBLIC_WEB_VMID (default 7806), SANKOFA_PUBLIC_WEB_SRC, SANKOFA_PUBLIC_WEB_CT_DIR, SANKOFA_PUBLIC_WEB_SERVICE
#
# After first deploy: set IP_SANKOFA_PUBLIC_WEB + SANKOFA_PUBLIC_WEB_PORT in config/ip-addresses.conf (or .env) and run
#   scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# shellcheck source=/dev/null
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"
VMID="${SANKOFA_PUBLIC_WEB_VMID:-7806}"
CT_APP_DIR="${SANKOFA_PUBLIC_WEB_CT_DIR:-/opt/sankofa-public-web}"
SERVICE_NAME="${SANKOFA_PUBLIC_WEB_SERVICE:-sankofa-public-web}"
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"

DEFAULT_SRC="${PROJECT_ROOT}/../Sankofa"
if [[ -d "$DEFAULT_SRC" && -f "$DEFAULT_SRC/package.json" ]]; then
  SANKOFA_PUBLIC_WEB_SRC="${SANKOFA_PUBLIC_WEB_SRC:-$DEFAULT_SRC}"
else
  SANKOFA_PUBLIC_WEB_SRC="${SANKOFA_PUBLIC_WEB_SRC:-}"
fi

DRY_RUN=false
[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true

echo "=== Sync Sankofa public (repo root) → CT ${VMID} (${CT_APP_DIR}) ==="
echo "Proxmox: ${PROXMOX_HOST}"
echo "Source:  ${SANKOFA_PUBLIC_WEB_SRC:-<unset>}"
echo ""

if [[ -z "$SANKOFA_PUBLIC_WEB_SRC" || ! -d "$SANKOFA_PUBLIC_WEB_SRC" ]]; then
  echo "ERROR: Set SANKOFA_PUBLIC_WEB_SRC to the Sankofa monorepo root (parent of portal/)."
  echo "Example: SANKOFA_PUBLIC_WEB_SRC=/path/to/Sankofa $0"
  exit 1
fi

if ! command -v tar >/dev/null; then
  echo "ERROR: tar required"
  exit 1
fi

TMP_TGZ="${TMPDIR:-/tmp}/sankofa-public-web-sync-$$.tgz"
REMOTE_TGZ="/tmp/sankofa-public-web-sync-$$.tgz"
CT_TGZ="/tmp/sankofa-public-web-sync.tgz"

cleanup() { rm -f "$TMP_TGZ"; }
trap cleanup EXIT

if $DRY_RUN; then
  echo "[DRY-RUN] tar (exclude node_modules,.next,.git) → $TMP_TGZ"
  echo "[DRY-RUN] scp → root@${PROXMOX_HOST}:${REMOTE_TGZ}"
  echo "[DRY-RUN] pct push ${VMID} … && systemctl stop ${SERVICE_NAME}"
  echo "[DRY-RUN] pnpm install && pnpm build && systemctl start ${SERVICE_NAME}"
  exit 0
fi

echo "📦 Archiving Sankofa repo root (excluding node_modules, .next, .git, .env / .env.local)…"
tar czf "$TMP_TGZ" \
  --exclude=node_modules \
  --exclude=.next \
  --exclude=portal/node_modules \
  --exclude=portal/.next \
  --exclude=.git \
  --exclude=.env.local \
  --exclude=.env \
  -C "$SANKOFA_PUBLIC_WEB_SRC" .

echo "📤 Copy to Proxmox host…"
scp $SSH_OPTS "$TMP_TGZ" "root@${PROXMOX_HOST}:${REMOTE_TGZ}"

echo "📥 Push into CT ${VMID} and build…"
ssh $SSH_OPTS "root@${PROXMOX_HOST}" bash -s <<REMOTE_EOF
set -euo pipefail
pct push ${VMID} ${REMOTE_TGZ} ${CT_TGZ}
rm -f ${REMOTE_TGZ}
pct exec ${VMID} -- systemctl stop ${SERVICE_NAME} || true
pct exec ${VMID} -- bash -lc 'set -euo pipefail
  mkdir -p ${CT_APP_DIR}
  cd ${CT_APP_DIR}
  tar xzf ${CT_TGZ}
  rm -f ${CT_TGZ}
  command -v pnpm >/dev/null || { echo "ERROR: pnpm missing in CT"; exit 1; }
  pnpm install
  pnpm build
'
pct exec ${VMID} -- systemctl start ${SERVICE_NAME}
pct exec ${VMID} -- systemctl is-active ${SERVICE_NAME}
REMOTE_EOF

echo ""
echo "✅ Done. Point NPM apex with IP_SANKOFA_PUBLIC_WEB / SANKOFA_PUBLIC_WEB_PORT, then:"
echo "   bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh"
echo "   curl -sS http://${IP_SANKOFA_PUBLIC_WEB:-<CT_IP>}:${SANKOFA_PUBLIC_WEB_PORT:-3000}/ | head -c 120"