diff --git a/server/deploy.sh b/server/deploy.sh index 7410d99..1850b24 100755 --- a/server/deploy.sh +++ b/server/deploy.sh @@ -1,6 +1,13 @@ #!/bin/bash # Deploy script for Data Analyst application -# This script is called by GitHub Actions or manually to deploy updates +# This script is called by GitHub Actions or manually to deploy updates. +# +# Works with any data source (Keboola, BigQuery, etc.) — instance-specific +# configuration comes from instance.yaml and GHA secrets, not from this script. +# +# Usage: +# bash server/deploy.sh # Full deploy (from GHA or manually) +# bash server/deploy.sh --scripts-only # Only update /data/scripts and /data/docs set -euo pipefail @@ -10,6 +17,14 @@ VENV_DIR="${APP_DIR}/.venv" LOG_DIR="${APP_DIR}/logs" DEPLOY_LOG="${LOG_DIR}/deploy.log" +# Parse arguments +SCRIPTS_ONLY=false +for arg in "$@"; do + case "$arg" in + --scripts-only) SCRIPTS_ONLY=true ;; + esac +done + log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$DEPLOY_LOG" } @@ -31,36 +46,41 @@ cd "$REPO_DIR" || error "Cannot cd to $REPO_DIR" # Ensure git trusts this directory git config --global --add safe.directory "$REPO_DIR" 2>/dev/null || true -# Pull latest changes -log "Pulling latest changes from origin/main..." -git fetch origin -git reset --hard origin/main +if [[ "$SCRIPTS_ONLY" == false ]]; then + # Pull latest changes + log "Pulling latest changes from origin/main..." + git fetch origin + git reset --hard origin/main -# Update Python dependencies if requirements.txt changed -if git diff HEAD@{1} --name-only 2>/dev/null | grep -q "requirements.txt"; then - log "requirements.txt changed, updating dependencies..." - source "${VENV_DIR}/bin/activate" - pip install -q -r requirements.txt - deactivate + # Update Python dependencies if requirements.txt changed + if git diff HEAD@{1} --name-only 2>/dev/null | grep -q "requirements.txt"; then + log "requirements.txt changed, updating dependencies..." + source "${VENV_DIR}/bin/activate" + pip install -q -r requirements.txt + deactivate + fi fi -# Update server management scripts +# --- Core: scripts and docs (always runs) --- + +# Update server management scripts (add-analyst, list-analysts, etc.) log "Updating server management scripts..." -for script in "${REPO_DIR}"/server/bin/*; do - if [[ -f "$script" ]]; then - script_name=$(basename "$script") - sudo /usr/bin/cp "$script" "/usr/local/bin/${script_name}" - sudo /usr/bin/chmod 755 "/usr/local/bin/${script_name}" - log " Updated /usr/local/bin/${script_name}" - fi -done +if compgen -G "${REPO_DIR}/server/bin/*" > /dev/null 2>&1; then + for script in "${REPO_DIR}"/server/bin/*; do + if [[ -f "$script" ]]; then + script_name=$(basename "$script") + sudo /usr/bin/cp "$script" "/usr/local/bin/${script_name}" + sudo /usr/bin/chmod 755 "/usr/local/bin/${script_name}" + log " Updated /usr/local/bin/${script_name}" + fi + done +fi # Update sudoers configurations log "Updating sudoers configurations..." for sudoers_file in "${REPO_DIR}"/server/sudoers-*; do if [[ -f "$sudoers_file" ]]; then sudoers_name=$(basename "$sudoers_file" | sed 's/sudoers-//') - # Validate before installing if sudo /usr/sbin/visudo -cf "$sudoers_file" 2>/dev/null; then sudo /usr/bin/cp "$sudoers_file" "/etc/sudoers.d/${sudoers_name}" sudo /usr/bin/chmod 440 "/etc/sudoers.d/${sudoers_name}" @@ -71,123 +91,132 @@ for sudoers_file in "${REPO_DIR}"/server/sudoers-*; do fi done -# Update user scripts in /data/scripts +# Update user-facing scripts in /data/scripts +# These are synced to analyst machines via sync_data.sh log "Updating scripts in /data/scripts/..." sudo /usr/bin/mkdir -p /data/scripts -sudo /usr/bin/cp "${REPO_DIR}"/scripts/setup_views.sh /data/scripts/ -sudo /usr/bin/cp "${REPO_DIR}"/scripts/duckdb_manager.py /data/scripts/ -sudo /usr/bin/cp "${REPO_DIR}"/scripts/sync_data.sh /data/scripts/ -sudo /usr/bin/cp "${REPO_DIR}"/scripts/activate_venv.sh /data/scripts/ -sudo /usr/bin/cp "${REPO_DIR}"/scripts/README.md /data/scripts/ -sudo /usr/bin/cp "${REPO_DIR}"/scripts/sync_jira.sh /data/scripts/ -sudo /usr/bin/cp "${REPO_DIR}"/scripts/generate_user_sync_configs.py /data/scripts/ -sudo /usr/bin/cp "${REPO_DIR}"/scripts/collect_session.py /data/scripts/ +for script_file in setup_views.sh duckdb_manager.py sync_data.sh activate_venv.sh \ + README.md generate_user_sync_configs.py collect_session.py; do + if [[ -f "${REPO_DIR}/scripts/${script_file}" ]]; then + sudo /usr/bin/cp "${REPO_DIR}/scripts/${script_file}" /data/scripts/ + fi +done +# Copy connector-specific sync scripts (e.g. sync_jira.sh) if they exist +for sync_script in "${REPO_DIR}"/connectors/*/scripts/sync_*.sh "${REPO_DIR}"/scripts/sync_*.sh; do + if [[ -f "$sync_script" ]]; then + sudo /usr/bin/cp "$sync_script" /data/scripts/ + fi +done sudo /usr/bin/chmod -R 755 /data/scripts -sudo /usr/bin/chown -R deploy:data-ops /data/scripts +sudo /usr/bin/chown -R root:data-ops /data/scripts log " Scripts updated in /data/scripts/" # Update documentation in /data/docs log "Updating documentation..." sudo /usr/bin/mkdir -p /data/docs/setup -if [[ -f "${REPO_DIR}/docs/data_description.md" ]]; then - sudo /usr/bin/cp "${REPO_DIR}"/docs/data_description.md /data/docs/ -fi -sudo /usr/bin/cp "${REPO_DIR}"/docs/GETTING_STARTED.md /data/docs/ -if [[ -f "${REPO_DIR}/docs/notifications.md" ]]; then - sudo /usr/bin/cp "${REPO_DIR}"/docs/notifications.md /data/docs/ -fi -if [[ -f "${REPO_DIR}/docs/jira_schema.md" ]]; then - sudo /usr/bin/cp "${REPO_DIR}"/docs/jira_schema.md /data/docs/ -fi -sudo /usr/bin/cp "${REPO_DIR}"/docs/setup/bootstrap.yaml /data/docs/setup/ -sudo /usr/bin/cp "${REPO_DIR}"/docs/setup/claude_md_template.txt /data/docs/setup/ -sudo /usr/bin/cp "${REPO_DIR}"/docs/setup/claude_settings.json /data/docs/setup/ +# Core docs (copy if they exist) +for doc_file in data_description.md GETTING_STARTED.md notifications.md jira_schema.md schema.yml; do + if [[ -f "${REPO_DIR}/docs/${doc_file}" ]]; then + sudo /usr/bin/cp "${REPO_DIR}/docs/${doc_file}" /data/docs/ + fi +done +# Setup docs +for setup_file in bootstrap.yaml claude_md_template.txt claude_settings.json; do + if [[ -f "${REPO_DIR}/docs/setup/${setup_file}" ]]; then + sudo /usr/bin/cp "${REPO_DIR}/docs/setup/${setup_file}" /data/docs/setup/ + fi +done +# Metrics definitions if [[ -d "${REPO_DIR}/docs/metrics" ]]; then sudo /usr/bin/cp -r "${REPO_DIR}"/docs/metrics /data/docs/ fi -# Note: schema.yml files are generated directly to DOCS_OUTPUT_DIR by data_sync.py -# Here we only copy static *.md files from datasets/ +# Dataset documentation if [[ -d "${REPO_DIR}/docs/datasets" ]]; then sudo /usr/bin/mkdir -p /data/docs/datasets - # Copy only .md files (glob expands before sudo) if compgen -G "${REPO_DIR}/docs/datasets/*.md" > /dev/null; then sudo /usr/bin/cp "${REPO_DIR}"/docs/datasets/*.md /data/docs/datasets/ fi - log " Dataset docs (*.md) copied to /data/docs/datasets/" + log " Dataset docs copied to /data/docs/datasets/" fi sudo /usr/bin/chmod -R 775 /data/docs -sudo /usr/bin/chown -R deploy:data-ops /data/docs +sudo /usr/bin/chown -R root:data-ops /data/docs log " Documentation updated in /data/docs/" -# Deploy notify-runner to /usr/local/bin -log "Deploying notify-runner..." -if [[ -f "${REPO_DIR}/server/bin/notify-runner" ]]; then - sudo /usr/bin/cp "${REPO_DIR}/server/bin/notify-runner" /usr/local/bin/notify-runner - sudo /usr/bin/chmod 755 /usr/local/bin/notify-runner - log " Updated /usr/local/bin/notify-runner" +# Deploy examples (notifications, queries, etc.) +log "Deploying examples..." +if [[ -d "${REPO_DIR}/examples" ]]; then + sudo /usr/bin/mkdir -p /data/examples + sudo /usr/bin/cp -r "${REPO_DIR}"/examples/* /data/examples/ 2>/dev/null || true + sudo /usr/bin/chmod -R 755 /data/examples + sudo /usr/bin/chown -R root:data-ops /data/examples fi -# Deploy notify-scripts helper to /usr/local/bin -log "Deploying notify-scripts..." -if [[ -f "${REPO_DIR}/server/bin/notify-scripts" ]]; then - sudo /usr/bin/cp "${REPO_DIR}/server/bin/notify-scripts" /usr/local/bin/notify-scripts - sudo /usr/bin/chmod 755 /usr/local/bin/notify-scripts - log " Updated /usr/local/bin/notify-scripts" +if [[ "$SCRIPTS_ONLY" == true ]]; then + log "Scripts-only deployment completed successfully!" + exit 0 fi -# Create notifications data directory -log "Setting up notifications directory..." -sudo /usr/bin/mkdir -p /data/notifications -sudo /usr/bin/chown deploy:data-ops /data/notifications -sudo /usr/bin/chmod 2770 /data/notifications # setgid, no others access (socket is in /run/notify-bot/) +# --- Optional: server management scripts --- -# Ensure deploy user is in dataread group (needed for notify-bot socket group ownership) -if ! id -nG deploy | grep -qw dataread; then - sudo /usr/sbin/usermod -a -G dataread deploy - log " Added deploy user to dataread group" +# Deploy helper binaries to /usr/local/bin (notify-runner, notify-scripts, etc.) +for bin_file in "${REPO_DIR}"/server/bin/*; do + if [[ -f "$bin_file" ]]; then + bin_name=$(basename "$bin_file") + sudo /usr/bin/cp "$bin_file" "/usr/local/bin/${bin_name}" + sudo /usr/bin/chmod 755 "/usr/local/bin/${bin_name}" + log " Updated /usr/local/bin/${bin_name}" + fi +done + +# --- Optional: data directories (created only if relevant features exist) --- + +# Notifications directory +if [[ -f "${REPO_DIR}/server/bin/notify-runner" ]] || [[ -n "${TELEGRAM_BOT_TOKEN:-}" ]]; then + log "Setting up notifications directory..." + sudo /usr/bin/mkdir -p /data/notifications + sudo /usr/bin/chown root:data-ops /data/notifications + sudo /usr/bin/chmod 2770 /data/notifications fi -# Create Jira webhook data directory (raw data, will be processed to parquet later) -log "Setting up Jira data directory..." -sudo /usr/bin/mkdir -p /data/src_data/raw/jira/issues -sudo /usr/bin/mkdir -p /data/src_data/raw/jira/webhook_events -sudo /usr/bin/mkdir -p /data/src_data/raw/jira/attachments -sudo /usr/bin/chown -R root:data-ops /data/src_data/raw/jira -sudo /usr/bin/chmod -R 2770 /data/src_data/raw/jira # setgid, www-data (data-ops member) can write +# Jira data directory (only if Jira connector exists) +if [[ -d "${REPO_DIR}/connectors/jira" ]]; then + log "Setting up Jira data directory..." + sudo /usr/bin/mkdir -p /data/src_data/raw/jira/issues + sudo /usr/bin/mkdir -p /data/src_data/raw/jira/webhook_events + sudo /usr/bin/mkdir -p /data/src_data/raw/jira/attachments + sudo /usr/bin/chown -R root:data-ops /data/src_data/raw/jira + sudo /usr/bin/chmod -R 2770 /data/src_data/raw/jira + # ACL for read access by analysts + if command -v setfacl &>/dev/null; then + sudo /usr/bin/setfacl -R -m g:dataread:rx /data/src_data/raw/jira/attachments 2>/dev/null || true + sudo /usr/bin/setfacl -R -d -m g:dataread:rx /data/src_data/raw/jira/attachments 2>/dev/null || true + fi +fi -# Create password auth data directory -log "Setting up password auth directory..." -sudo /usr/bin/mkdir -p /data/auth -sudo /usr/bin/chown www-data:data-ops /data/auth -sudo /usr/bin/chmod 2770 /data/auth # setgid, www-data can write, no others access +# Password auth directory (only if password auth module exists) +if [[ -f "${REPO_DIR}/auth/password.py" ]]; then + log "Setting up password auth directory..." + sudo /usr/bin/mkdir -p /data/auth + sudo /usr/bin/chown www-data:data-ops /data/auth + sudo /usr/bin/chmod 2770 /data/auth +fi -# Create corporate memory data directory -log "Setting up corporate memory directory..." -sudo /usr/bin/mkdir -p /data/corporate-memory -sudo /usr/bin/chown deploy:data-ops /data/corporate-memory -sudo /usr/bin/chmod 2770 /data/corporate-memory # setgid, deploy can write +# Corporate memory directory +if [[ -d "${REPO_DIR}/services/corporate-memory" ]]; then + log "Setting up corporate memory directory..." + sudo /usr/bin/mkdir -p /data/corporate-memory + sudo /usr/bin/chown root:data-ops /data/corporate-memory + sudo /usr/bin/chmod 2770 /data/corporate-memory +fi -# Create user sessions data directory +# User sessions directory log "Setting up user sessions directory..." sudo /usr/bin/mkdir -p /data/user_sessions sudo /usr/bin/chown root:data-ops /data/user_sessions -sudo /usr/bin/chmod 2770 /data/user_sessions # setgid, root writes, admins only +sudo /usr/bin/chmod 2770 /data/user_sessions -# Create staging directory for data sync (uses /tmp for faster I/O) -log "Setting up staging directory..." -sudo /usr/bin/mkdir -p /tmp/data_analyst_staging -sudo /usr/bin/chown root:data-ops /tmp/data_analyst_staging -sudo /usr/bin/chmod 2770 /tmp/data_analyst_staging # setgid, data-ops can write - -# Add read access to Jira attachments for analysts (dataread group) -if command -v setfacl &>/dev/null; then - sudo /usr/bin/setfacl -R -m g:dataread:rx /data/src_data/raw/jira/attachments 2>/dev/null || true - sudo /usr/bin/setfacl -R -d -m g:dataread:rx /data/src_data/raw/jira/attachments 2>/dev/null || true - log " ACL set for dataread group on Jira attachments" -fi - -# Set ACL for private data directory (data-private group only, remove dataread) -if command -v setfacl &>/dev/null; then +# Private data ACL (only if private directory exists) +if [[ -d /data/src_data/parquet/private ]] && command -v setfacl &>/dev/null; then sudo /usr/bin/setfacl -R -m g:data-private:rx /data/src_data/parquet/private/ 2>/dev/null || true sudo /usr/bin/setfacl -R -d -m g:data-private:rx /data/src_data/parquet/private/ 2>/dev/null || true sudo /usr/bin/setfacl -R -x g:dataread /data/src_data/parquet/private/ 2>/dev/null || true @@ -195,7 +224,8 @@ if command -v setfacl &>/dev/null; then log " ACL set for data-private group on private parquet directory" fi -# Deploy systemd service and timer files from services/ and connectors/ +# --- Deploy systemd services and timers --- + log "Deploying systemd service and timer files..." SYSTEMD_CHANGED=false for unit_file in "${REPO_DIR}"/services/*/systemd/*.service "${REPO_DIR}"/services/*/systemd/*.timer \ @@ -219,154 +249,128 @@ if [[ -f "/etc/systemd/system/jira-consistency.service" ]]; then sudo /usr/bin/chmod 664 /opt/data-analyst/logs/jira-consistency.log fi -# Deploy example notification scripts to /data/examples -log "Deploying example notification scripts..." -sudo /usr/bin/mkdir -p /data/examples/notifications -for example in "${REPO_DIR}"/examples/notifications/*.py; do - if [[ -f "$example" ]]; then - sudo /usr/bin/cp "$example" /data/examples/notifications/ - fi -done -sudo /usr/bin/chmod -R 755 /data/examples -sudo /usr/bin/chown -R deploy:data-ops /data/examples - # Update resource limits configuration -log "Updating resource limits..." if [[ -f "${REPO_DIR}/server/limits-users.conf" ]]; then + log "Updating resource limits..." sudo /usr/bin/cp "${REPO_DIR}/server/limits-users.conf" /etc/security/limits.d/99-users.conf sudo /usr/bin/chmod 644 /etc/security/limits.d/99-users.conf - log " Updated /etc/security/limits.d/99-users.conf" fi -# Create data sync .env file from environment variables (passed from GitHub Actions) +# --- Create .env for data sync (data-source agnostic) --- + SYNC_ENV_FILE="${REPO_DIR}/.env" -if [[ -n "${KEBOOLA_STORAGE_TOKEN:-}" ]]; then - log "Creating data sync .env file..." - { - echo "KEBOOLA_STORAGE_TOKEN=${KEBOOLA_STORAGE_TOKEN}" - echo "KEBOOLA_STACK_URL=${KEBOOLA_STACK_URL}" - echo "KEBOOLA_PROJECT_ID=${KEBOOLA_PROJECT_ID}" - echo "DATA_DIR=${DATA_DIR}" - echo "DATA_SOURCE=${DATA_SOURCE}" - echo "LOG_LEVEL=${LOG_LEVEL}" - if [[ -n "${DOCS_OUTPUT_DIR:-}" ]]; then - echo "DOCS_OUTPUT_DIR=${DOCS_OUTPUT_DIR}" + +# Write all known env vars that are set (works for any data source) +log "Creating data sync .env file..." +{ + # Core settings (always written if set) + for var in DATA_DIR DATA_SOURCE DOCS_OUTPUT_DIR LOG_LEVEL; do + if [[ -n "${!var:-}" ]]; then + echo "${var}=${!var}" fi - if [[ -n "${TELEGRAM_BOT_TOKEN:-}" ]]; then - echo "TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN}" + done + + # Keboola data source + for var in KEBOOLA_STORAGE_TOKEN KEBOOLA_STACK_URL KEBOOLA_PROJECT_ID; do + if [[ -n "${!var:-}" ]]; then + echo "${var}=${!var}" fi - if [[ -n "${DESKTOP_JWT_SECRET:-}" ]]; then - echo "DESKTOP_JWT_SECRET=${DESKTOP_JWT_SECRET}" + done + + # BigQuery data source + for var in BIGQUERY_PROJECT BIGQUERY_LOCATION; do + if [[ -n "${!var:-}" ]]; then + echo "${var}=${!var}" fi - if [[ -n "${SENDGRID_API_KEY:-}" ]]; then - echo "SENDGRID_API_KEY=${SENDGRID_API_KEY}" + done + + # OpenMetadata catalog + for var in OPENMETADATA_TOKEN; do + if [[ -n "${!var:-}" ]]; then + echo "${var}=${!var}" fi - if [[ -n "${JIRA_SLA_EMAIL:-}" ]]; then - echo "JIRA_SLA_EMAIL=${JIRA_SLA_EMAIL}" + done + + # Optional services (written only if set) + for var in TELEGRAM_BOT_TOKEN DESKTOP_JWT_SECRET SENDGRID_API_KEY \ + JIRA_SLA_EMAIL JIRA_SLA_API_TOKEN JIRA_CLOUD_ID \ + EMAIL_FROM_ADDRESS EMAIL_FROM_NAME ALLOWED_EMAILS \ + ANTHROPIC_API_KEY; do + if [[ -n "${!var:-}" ]]; then + echo "${var}=${!var}" fi - if [[ -n "${JIRA_SLA_API_TOKEN:-}" ]]; then - echo "JIRA_SLA_API_TOKEN=${JIRA_SLA_API_TOKEN}" - fi - if [[ -n "${JIRA_CLOUD_ID:-}" ]]; then - echo "JIRA_CLOUD_ID=${JIRA_CLOUD_ID}" - fi - if [[ -n "${EMAIL_FROM_ADDRESS:-}" ]]; then - echo "EMAIL_FROM_ADDRESS=${EMAIL_FROM_ADDRESS}" - fi - if [[ -n "${EMAIL_FROM_NAME:-}" ]]; then - echo "EMAIL_FROM_NAME=${EMAIL_FROM_NAME}" - fi - if [[ -n "${ALLOWED_EMAILS:-}" ]]; then - echo "ALLOWED_EMAILS=${ALLOWED_EMAILS}" - fi - if [[ -n "${ANTHROPIC_API_KEY:-}" ]]; then - echo "ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}" - fi - } | sudo /usr/bin/tee "$SYNC_ENV_FILE" > /dev/null + done +} | sudo /usr/bin/tee "$SYNC_ENV_FILE" > /dev/null + +# Only set permissions if file has content +if [[ -s "$SYNC_ENV_FILE" ]]; then sudo /usr/bin/chown root:data-ops "$SYNC_ENV_FILE" sudo /usr/bin/chmod 640 "$SYNC_ENV_FILE" log " Data sync .env created with secure permissions (640)" else - log " Skipping data sync .env creation (no sync credentials provided)" + log " No environment variables provided, .env is empty" fi -# Set correct permissions +# --- Set correct permissions --- + log "Setting permissions..." sudo /usr/bin/chown -R root:data-ops "$APP_DIR" -sudo /usr/bin/chmod -R 770 "$APP_DIR" # owner+group rwx, others none -sudo /usr/bin/chmod -R g+s "$APP_DIR" # setgid for new files +sudo /usr/bin/chmod -R 770 "$APP_DIR" +sudo /usr/bin/chmod -R g+s "$APP_DIR" # Restore .env permissions (may have been overwritten by chmod -R) if [[ -f "$SYNC_ENV_FILE" ]]; then sudo /usr/bin/chmod 640 "$SYNC_ENV_FILE" fi -# Update and restart webapp if running +# --- Restart services --- + +# Webapp (always restart if running) if systemctl is-active --quiet webapp 2>/dev/null || systemctl is-enabled --quiet webapp 2>/dev/null; then log "Updating webapp service..." - sudo /usr/bin/cp "${REPO_DIR}/server/webapp.service" /etc/systemd/system/webapp.service - sudo /usr/bin/systemctl daemon-reload + if [[ -f "${REPO_DIR}/server/webapp.service" ]]; then + sudo /usr/bin/cp "${REPO_DIR}/server/webapp.service" /etc/systemd/system/webapp.service + sudo /usr/bin/systemctl daemon-reload + fi log "Restarting webapp..." sudo /usr/bin/systemctl restart webapp fi -# Restart notify-bot if running -if systemctl is-active --quiet notify-bot 2>/dev/null; then - log "Restarting notify-bot..." - sudo /usr/bin/systemctl restart notify-bot -elif [[ -n "${TELEGRAM_BOT_TOKEN:-}" ]]; then - log "Starting notify-bot service..." - sudo /usr/bin/systemctl enable notify-bot - sudo /usr/bin/systemctl start notify-bot -fi +# Optional services (restart only if already running or newly configured) +for svc in notify-bot ws-gateway; do + if systemctl is-active --quiet "$svc" 2>/dev/null; then + log "Restarting ${svc}..." + sudo /usr/bin/systemctl restart "$svc" + fi +done -# Restart ws-gateway if running -if systemctl is-active --quiet ws-gateway 2>/dev/null; then - log "Restarting ws-gateway..." - sudo /usr/bin/systemctl restart ws-gateway -elif [[ -n "${DESKTOP_JWT_SECRET:-}" ]]; then - log "Starting ws-gateway service..." - sudo /usr/bin/systemctl enable ws-gateway - sudo /usr/bin/systemctl start ws-gateway -fi - -# Enable corporate-memory timer if ANTHROPIC_API_KEY is set -if [[ -n "${ANTHROPIC_API_KEY:-}" ]]; then - if ! systemctl is-enabled --quiet corporate-memory.timer 2>/dev/null; then - log "Enabling corporate-memory timer..." - sudo /usr/bin/systemctl enable corporate-memory.timer - sudo /usr/bin/systemctl start corporate-memory.timer +# Enable notify-bot if Telegram token is newly provided +if [[ -n "${TELEGRAM_BOT_TOKEN:-}" ]] && ! systemctl is-active --quiet notify-bot 2>/dev/null; then + if [[ -f "/etc/systemd/system/notify-bot.service" ]]; then + log "Starting notify-bot service..." + sudo /usr/bin/systemctl enable notify-bot + sudo /usr/bin/systemctl start notify-bot fi fi -# Enable jira-sla-poll timer if JIRA_SLA_API_TOKEN is set -if [[ -n "${JIRA_SLA_API_TOKEN:-}" ]]; then - if ! systemctl is-enabled --quiet jira-sla-poll.timer 2>/dev/null; then - log "Enabling jira-sla-poll timer..." - sudo /usr/bin/systemctl enable jira-sla-poll.timer - sudo /usr/bin/systemctl start jira-sla-poll.timer +# Enable ws-gateway if JWT secret is newly provided +if [[ -n "${DESKTOP_JWT_SECRET:-}" ]] && ! systemctl is-active --quiet ws-gateway 2>/dev/null; then + if [[ -f "/etc/systemd/system/ws-gateway.service" ]]; then + log "Starting ws-gateway service..." + sudo /usr/bin/systemctl enable ws-gateway + sudo /usr/bin/systemctl start ws-gateway fi fi -# Enable jira-consistency timers (always enabled if Jira credentials are configured) -if [[ -f "/opt/data-analyst/.env" ]] && grep -q "JIRA_API_TOKEN" /opt/data-analyst/.env 2>/dev/null; then - if ! systemctl is-enabled --quiet jira-consistency.timer 2>/dev/null; then - log "Enabling jira-consistency timer..." - sudo /usr/bin/systemctl enable jira-consistency.timer - sudo /usr/bin/systemctl start jira-consistency.timer +# Enable timers (only if service files exist) +for timer in corporate-memory session-collector jira-sla-poll jira-consistency jira-consistency-deep; do + if [[ -f "/etc/systemd/system/${timer}.timer" ]]; then + if ! systemctl is-enabled --quiet "${timer}.timer" 2>/dev/null; then + log "Enabling ${timer} timer..." + sudo /usr/bin/systemctl enable "${timer}.timer" + sudo /usr/bin/systemctl start "${timer}.timer" + fi fi - if ! systemctl is-enabled --quiet jira-consistency-deep.timer 2>/dev/null; then - log "Enabling jira-consistency-deep timer..." - sudo /usr/bin/systemctl enable jira-consistency-deep.timer - sudo /usr/bin/systemctl start jira-consistency-deep.timer - fi -fi +done -# Enable session-collector timer -if ! systemctl is-enabled --quiet session-collector.timer 2>/dev/null; then - log "Enabling session-collector timer..." - sudo /usr/bin/systemctl enable session-collector.timer - sudo /usr/bin/systemctl start session-collector.timer -fi - -log "Deployment completed successfully! (v4)" +log "Deployment completed successfully! (v5)"