replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
228 Commits 15 Branches 0 Tags
main
Commit Graph

7 Commits

Author SHA1 Message Date
Replit Agent
42b8826d18 fix: install.sh — update Gitea repo reference to replit/timmy-tower 2026-03-20 21:56:42 +00:00
Replit Agent
630a585178 fix: webhook HMAC — Gitea sends raw hex, not sha256= prefixed 
Gitea's X-Gitea-Signature header contains raw hex HMAC-SHA256.
GitHub's X-Hub-Signature-256 uses the sha256= prefix.
verifySignature now normalises both formats to raw hex before
timingSafeEqual comparison, so pushes from Gitea trigger deploys.
 2026-03-20 21:55:04 +00:00
Replit Agent
0acec171a3 fix: update Gitea repo path to replit/timmy-tower 
- deploy.sh: GITEA_REPO changed from admin/timmy-tower to replit/timmy-tower;
  git clone user changed from admin to replit
- push-to-gitea.sh: GITEA_REPO_OWNER default changed from admin to replit

The admin/timmy-tower repo doesn't exist — admin is not a Gitea username.
Canonical repo is replit/timmy-tower on Hermes Gitea.
 2026-03-20 21:50:44 +00:00
Replit Agent
7cbb451821 fix: install.sh hardening per code review 
- Marker-based nginx insertion (BEGIN/END comments) instead of brittle sed;
  validates against temp file before patching live nginx.conf
- Gitea pull token check: warns if /root/.gitea-replit-token missing,
  prints creation instructions (deploy.sh fails without it)
- TLS note in summary output: explains HTTP-only transport, recommends TLS
- mkdir -p DEPLOY_DIR; chmod 600 .env
 2026-03-20 21:11:10 +00:00
Replit Agent
bb3b14029e fix: webhook fail-closed, /api/healthz endpoint, queued deploy 
- webhook.js: fail-closed on missing WEBHOOK_SECRET (exits at startup,
  never accepts unsigned requests)
- webhook.js: single-slot queue — push during deploy is held and runs
  after current deploy completes (not silently dropped)
- deploy.sh + health-check.sh: URL corrected to /api/healthz
 2026-03-20 21:07:32 +00:00
Replit Agent
06396e2b35 feat: push-to-deploy pipeline on Hermes VPS (task #47) 
vps/ directory — all versioned, installed on VPS with one command:
- vps/deploy.sh: pull from Hermes Gitea → pnpm build → deploy bundle
  → health check → auto-rollback on failure
- vps/webhook.js: Node.js webhook receiver (port 9000, HMAC-SHA256)
  validates Gitea signature, runs deploy.sh, skips non-main branches
- vps/timmy-deploy-hook.service: systemd unit for webhook receiver
- vps/timmy-health.service + .timer: health watchdog every 5 min,
  auto-restarts timmy-tower if /api/health returns non-200
- vps/install.sh: one-time VPS setup — installs scripts, sets
  WEBHOOK_SECRET in .env, adds nginx /webhook/deploy block, enables services

Gitea webhook configured on admin/timmy-tower (id: 1):
- URL: http://143.198.27.163/webhook/deploy
- HMAC secret stored in .local/deploy-webhook-secret (gitignored)

One-time install command:
  WEBHOOK_SECRET=$(cat .local/deploy-webhook-secret) \
    ssh root@143.198.27.163 'bash -s' < vps/install.sh

replit.md: removed stale bore-tunnel push instructions; documented
sovereign deploy workflow, monitoring commands, and rollback procedure
 2026-03-20 21:04:40 +00:00
alexpaynex
6a4c29eb16 Published your App 
Replit-Commit-Author: Deployment
Replit-Commit-Session-Id: 90c7a60b-2c61-4699-b5c6-6a1ac7469a4d
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: bca5769b-f33f-4202-85e3-b4f84e426350
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/90c7a60b-2c61-4699-b5c6-6a1ac7469a4d/G03TLre
Replit-Commit-Deployment-Build-Id: 6750cd6c-5980-4b2b-bcd1-ceb093d94078
Replit-Helium-Checkpoint-Created: true
 2026-03-20 21:01:26 +00:00