#!/usr/bin/env bash # update.sh — pull a branch and rebuild the Turnstone container. # # Usage (must run as root): # sudo bash /opt/turnstone/scripts/update.sh # pull main # sudo bash /opt/turnstone/scripts/update.sh feat/live-watch # test a branch # # Local files preserved across updates: # patterns/watch.yaml — site-specific watch source config # data/corpus_watermark.txt — corpus export watermark (last exported rowid) # data/incident_watermark.txt — incident export watermark (last exported timestamp) # data/ — database and live journal files (bind-mounted, untouched) set -euo pipefail BRANCH="${1:-main}" REPO_DIR=/opt/turnstone IMAGE=localhost/turnstone:latest cd "$REPO_DIR" echo "==> Turnstone update: branch=$BRANCH" # ── Preserve site-local config ──────────────────────────────────────────────── # watch.yaml is tracked in git as a template but overridden per-host. # Corpus watermarks track the last exported entry/incident — must survive updates # or the next export run will re-push everything from the beginning. # Back them up before the pull and restore after. WATCH_YAML="$REPO_DIR/patterns/watch.yaml" WATCH_BACKUP="" if [ -f "$WATCH_YAML" ]; then WATCH_BACKUP=$(mktemp /tmp/watch-yaml.XXXXXX) cp "$WATCH_YAML" "$WATCH_BACKUP" fi CORPUS_WM="$REPO_DIR/data/corpus_watermark.txt" INCIDENT_WM="$REPO_DIR/data/incident_watermark.txt" CORPUS_WM_BACKUP="" INCIDENT_WM_BACKUP="" if [ -f "$CORPUS_WM" ]; then CORPUS_WM_BACKUP=$(mktemp /tmp/corpus-wm.XXXXXX) cp "$CORPUS_WM" "$CORPUS_WM_BACKUP" fi if [ -f "$INCIDENT_WM" ]; then INCIDENT_WM_BACKUP=$(mktemp /tmp/incident-wm.XXXXXX) cp "$INCIDENT_WM" "$INCIDENT_WM_BACKUP" fi # ── Pull ────────────────────────────────────────────────────────────────────── git fetch --all --tags --quiet # Switch branch if needed, creating a local tracking branch on first use CURRENT=$(git rev-parse --abbrev-ref HEAD) if [ "$CURRENT" != "$BRANCH" ]; then echo "==> Switching $CURRENT -> $BRANCH" git checkout "$BRANCH" 2>/dev/null \ || git checkout -b "$BRANCH" "origin/$BRANCH" fi git pull --ff-only origin "$BRANCH" COMMIT=$(git log -1 --format='%h %s') echo "==> At: $COMMIT" # ── Restore site-local config ───────────────────────────────────────────────── if [ -n "$WATCH_BACKUP" ]; then cp "$WATCH_BACKUP" "$WATCH_YAML" rm -f "$WATCH_BACKUP" echo "==> Restored patterns/watch.yaml" fi if [ -n "$CORPUS_WM_BACKUP" ]; then cp "$CORPUS_WM_BACKUP" "$CORPUS_WM" rm -f "$CORPUS_WM_BACKUP" echo "==> Restored data/corpus_watermark.txt" fi if [ -n "$INCIDENT_WM_BACKUP" ]; then cp "$INCIDENT_WM_BACKUP" "$INCIDENT_WM" rm -f "$INCIDENT_WM_BACKUP" echo "==> Restored data/incident_watermark.txt" fi # ── Build ───────────────────────────────────────────────────────────────────── echo "==> Building $IMAGE ..." podman build -t "$IMAGE" "$REPO_DIR" # ── Restart ─────────────────────────────────────────────────────────────────── echo "==> Restarting turnstone service ..." systemctl restart turnstone # ── Health check ───────────────────────────────────────────────────────────── echo "==> Waiting for health check ..." for i in $(seq 1 12); do sleep 3 if curl -sf http://localhost:8534/turnstone/health > /dev/null 2>&1; then echo "==> OK — Turnstone up on branch '$BRANCH' @ ${COMMIT%% *}" exit 0 fi echo " attempt $i/12 ..." done echo "ERROR: health check timed out — check: journalctl -u turnstone -n 50" exit 1