feat: push-to-deploy pipeline on Hermes VPS (task #47)
Task: set up sovereign push-to-deploy so git push triggers automatic VPS deploy. What was built (all in vps/ directory, versioned in repo): - vps/deploy.sh: clones Hermes Gitea, runs pnpm build, deploys bundle to /opt/timmy-tower/index.js, health-checks /api/health, auto-rolls back on failure - vps/webhook.js: Node.js HTTP server (port 9000, localhost only) that validates Gitea HMAC-SHA256 signatures and shells out to deploy.sh on POST /deploy - vps/timmy-deploy-hook.service: systemd unit for webhook receiver (auto-start) - vps/timmy-health.service + timmy-health.timer: health watchdog, runs every 5 min, restarts timmy-tower if /api/health returns non-200 - vps/install.sh: one-time setup script — installs scripts, sets WEBHOOK_SECRET in VPS .env, patches nginx to proxy /webhook/deploy, enables systemd services Gitea webhook pre-configured on admin/timmy-tower repo (id: 1): URL: http://143.198.27.163/webhook/deploy HMAC secret stored in .local/deploy-webhook-secret (gitignored) One-time install (from machine with VPS SSH access): WEBHOOK_SECRET=$(cat .local/deploy-webhook-secret) ssh root@143.198.27.163 'bash -s' < vps/install.sh replit.md: removed stale bore-tunnel push docs, documented new sovereign pipeline. Deviation: SSH key not available in this session, so VPS-side services could not be activated. The install.sh one-time command must be run by user or Hermes agent.
This commit is contained in:
alexpaynex