diff --git a/deploy.sh b/deploy.sh index d837822..b16868c 100755 --- a/deploy.sh +++ b/deploy.sh @@ -24,6 +24,20 @@ set -euo pipefail NAME=analytics_mcp PORT=8892 HOST_DOMAIN="${HOST_DOMAIN:-fleetmcp.fivetitude.com}" # prod: fleetmcp.rahamafresh.com +# Comma-separated list of every domain this service answers on (defaults to +# HOST_DOMAIN). All are folded into ONE Traefik router rule so a single cert +# covers them and connectors on either domain keep working. +HOST_DOMAINS="${HOST_DOMAINS:-$HOST_DOMAIN}" +BT='`' +RULE="" +IFS=',' read -ra _DOMS <<< "$HOST_DOMAINS" +for _d in "${_DOMS[@]}"; do + _d="${_d// /}" + if [ -n "$_d" ]; then + seg="Host(${BT}${_d}${BT})" + if [ -z "$RULE" ]; then RULE="$seg"; else RULE="$RULE || $seg"; fi + fi +done IMAGE="fleetanalytics-mcp:latest" ENV_FILE="$(pwd)/.deploy.env" @@ -53,9 +67,15 @@ RO_PW=$(cat "${ANALYTICS_RO_PW_FILE:-$HOME/.analytics_ro.pw}" 2>/dev/null || tru HOSTPART="${SRC_DB_URL#*@}" # host:port/dbname[?params] RO_DB_URL="postgresql://analytics_ro:${RO_PW}@${HOSTPART}" -# Build the image from this repo. -echo "Building $IMAGE ..." -docker build -t "$IMAGE" . +# Build the image from this repo (SKIP_BUILD=1 reuses the existing image for a +# labels/env-only change — no new code is pulled in). +if [ "${SKIP_BUILD:-0}" = "1" ]; then + echo "SKIP_BUILD=1 — reusing existing $IMAGE (no rebuild)." + docker image inspect "$IMAGE" >/dev/null 2>&1 || { echo "ERROR: $IMAGE not present"; exit 1; } +else + echo "Building $IMAGE ..." + docker build -t "$IMAGE" . +fi # Minimal env (read-only DSN + auth only — no Tracksolid ingestion secrets). { echo "DATABASE_URL=${RO_DB_URL}"; echo "MCP_AUTH_TOKENS=${MCP_AUTH_TOKENS}"; } > "$ENV_FILE" @@ -73,9 +93,9 @@ docker run -d --name "$NAME" --restart unless-stopped \ --label 'traefik.http.middlewares.fleetmcp-ratelimit.ratelimit.burst=60' \ --label "traefik.http.routers.http-0-fleetmcp.entryPoints=http" \ --label "traefik.http.routers.http-0-fleetmcp.middlewares=redirect-to-https" \ - --label "traefik.http.routers.http-0-fleetmcp.rule=Host(\`${HOST_DOMAIN}\`)" \ + --label "traefik.http.routers.http-0-fleetmcp.rule=${RULE}" \ --label "traefik.http.routers.https-0-fleetmcp.entryPoints=https" \ - --label "traefik.http.routers.https-0-fleetmcp.rule=Host(\`${HOST_DOMAIN}\`)" \ + --label "traefik.http.routers.https-0-fleetmcp.rule=${RULE}" \ --label "traefik.http.routers.https-0-fleetmcp.middlewares=fleetmcp-ratelimit" \ --label "traefik.http.routers.https-0-fleetmcp.tls=true" \ --label "traefik.http.routers.https-0-fleetmcp.tls.certresolver=letsencrypt" \