push

deploy_docker.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env sh
+set -eu
+
+STACK_NAME="${STACK_NAME:-ksef_app}"
+COMPOSE_FILE="${COMPOSE_FILE:-docker-compose.yml}"
+SSL_DIR="${SSL_DIR:-./deploy/caddy/ssl}"
+APP_DOMAIN="${APP_DOMAIN:-localhost}"
+CERT_FILE="${CERT_FILE:-${SSL_DIR}/server.crt}"
+KEY_FILE="${KEY_FILE:-${SSL_DIR}/server.key}"
+
+log() {
+  printf '%s\n' "$*"
+}
+
+need_cmd() {
+  command -v "$1" >/dev/null 2>&1 || {
+    printf 'Brak wymaganego polecenia: %s\n' "$1" >&2
+    exit 1
+  }
+}
+
+need_cmd docker
+need_cmd openssl
+
+mkdir -p "$SSL_DIR"
+
+if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then
+  log "Nie znaleziono certyfikatu SSL w katalogu ${SSL_DIR}, tworzę self-signed cert..."
+  rm -f "$CERT_FILE" "$KEY_FILE"
+  openssl req -x509 -nodes -newkey rsa:4096 -sha256 -days 825 \
+    -keyout "$KEY_FILE" \
+    -out "$CERT_FILE" \
+    -subj "/CN=${APP_DOMAIN}" \
+    -addext "subjectAltName=DNS:${APP_DOMAIN},DNS:localhost,IP:127.0.0.1"
+  chmod 600 "$KEY_FILE"
+  chmod 644 "$CERT_FILE"
+else
+  log "Znaleziono istniejący certyfikat SSL w katalogu ${SSL_DIR}."
+fi
+
+log "Pobieram najnowsze obrazy bazowe..."
+docker compose -f "$COMPOSE_FILE" pull
+
+log "Buduję obraz bez cache..."
+docker compose -f "$COMPOSE_FILE" build --no-cache
+
+log "Zatrzymuję aktualny stack..."
+docker compose -p "$STACK_NAME" -f "$COMPOSE_FILE" stop || true
+
+log "Usuwam osierocone kontenery i stare nieużywane obrazy..."
+docker compose -p "$STACK_NAME" -f "$COMPOSE_FILE" down --remove-orphans || true
+docker image prune -af || true
+docker builder prune -af || true
+
+authoritative_stack="${STACK_NAME}"
+log "Uruchamiam stack ${authoritative_stack}..."
+docker compose -p "$STACK_NAME" -f "$COMPOSE_FILE" up -d
+
+log "Deployment zakończony. Aplikacja powinna być dostępna pod https://${APP_DOMAIN}"