#!/usr/bin/env bash # Déploiement local par rsync + SSH (même logique que .github/workflows/deploy-ssh.yml). # # Configuration : .secrets/.env (voir .secrets/.env.example) # DEPLOY_HOST, DEPLOY_USER, DEPLOY_PATH, SSH_PRIVATE_KEY_FILE # Optionnel : DEPLOY_PORT, DEPLOY_DEFAULT_SINGLE # # Usage (depuis la racine du dépôt) : # ./scripts/deploy-ssh.sh # ./scripts/deploy-ssh.sh --only-path www/mon-fichier.php # ./scripts/deploy-ssh.sh --full # ./scripts/deploy-ssh.sh --dry-run set -euo pipefail ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" cd "$ROOT" ENV_FILE="${DEPLOY_ENV:-$ROOT/.secrets/.env}" ONLY_PATH="" FULL_SYNC=false DRY_RUN=false usage() { sed -n '2,14p' "$0" | sed 's/^# \{0,1\}//' exit "${1:-0}" } while [[ $# -gt 0 ]]; do case "$1" in -h|--help) usage 0 ;; --env) ENV_FILE="$2"; shift 2 ;; --only-path) ONLY_PATH="$2"; shift 2 ;; --full) FULL_SYNC=true; shift ;; --dry-run) DRY_RUN=true; shift ;; *) echo "Option inconnue : $1" >&2; usage 1 ;; esac done load_env_file() { local file="$1" [[ -f "$file" ]] || { echo "Fichier introuvable : $file" >&2; exit 1; } while IFS= read -r line || [[ -n "$line" ]]; do line="${line%%#*}" line="${line#"${line%%[![:space:]]*}"}" line="${line%"${line##*[![:space:]]}"}" [[ -n "$line" ]] || continue [[ "$line" == *"="* ]] || continue local key="${line%%=*}" local val="${line#*=}" key="${key#"${key%%[![:space:]]*}"}" key="${key%"${key##*[![:space:]]}"}" val="${val#"${val%%[![:space:]]*}"}" val="${val%"${val##*[![:space:]]}"}" if [[ "$val" == \"*\" && "$val" == *\" ]]; then val="${val:1:${#val}-2}" elif [[ "$val" == \'*\' && "$val" == *\' ]]; then val="${val:1:${#val}-2}" fi export "$key=$val" done < "$file" } load_env_file "$ENV_FILE" : "${DEPLOY_HOST:?DEPLOY_HOST manquant dans $ENV_FILE}" : "${DEPLOY_USER:?DEPLOY_USER manquant dans $ENV_FILE}" : "${DEPLOY_PATH:?DEPLOY_PATH manquant dans $ENV_FILE}" DEPLOY_PORT="${DEPLOY_PORT:-22}" resolve_key_file() { if [[ -n "${SSH_PRIVATE_KEY_FILE:-}" ]]; then local key="$SSH_PRIVATE_KEY_FILE" [[ "$key" != /* ]] && key="$ROOT/$key" [[ -f "$key" ]] || { echo "Clé SSH introuvable : $key" >&2; exit 1; } echo "$key" return fi if [[ -n "${SSH_PRIVATE_KEY:-}" ]]; then local tmp tmp="$(mktemp)" chmod 600 "$tmp" printf '%s\n' "$SSH_PRIVATE_KEY" >"$tmp" echo "$tmp" trap 'rm -f "$tmp"' EXIT return fi echo "SSH_PRIVATE_KEY_FILE ou SSH_PRIVATE_KEY requis dans $ENV_FILE" >&2 exit 1 } KEY_FILE="$(resolve_key_file)" chmod 600 "$KEY_FILE" 2>/dev/null || true export RSYNC_RSH="ssh -4 -i ${KEY_FILE} -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o ConnectTimeout=120 -p ${DEPLOY_PORT}" DEST="${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH%/}/" RSYNC_OPTS=(-avz) [[ "$DRY_RUN" == true ]] && RSYNC_OPTS+=(-n) if [[ "$FULL_SYNC" == true ]]; then REL="" elif [[ -n "$ONLY_PATH" ]]; then REL="$ONLY_PATH" elif [[ -n "${DEPLOY_DEFAULT_SINGLE:-}" ]]; then REL="$DEPLOY_DEFAULT_SINGLE" else REL="" fi if [[ -n "$REL" ]]; then case "$REL" in /*) echo "Chemin relatif uniquement (sans / au début)" >&2; exit 1 ;; *..*) echo "Chemin refusé (pas de ..)" >&2; exit 1 ;; esac if [[ ! -e "./${REL}" ]]; then echo "Introuvable dans le dépôt : ${REL}" >&2 exit 1 fi if [[ -d "./${REL}" ]]; then echo "Synchro partielle (dossier) : ${REL}/ → ${DEST}${REL}/" rsync "${RSYNC_OPTS[@]}" "./${REL}/" "${DEST}${REL}/" else echo "Synchro partielle : ${REL} → ${DEST}${REL}" rsync "${RSYNC_OPTS[@]}" "./${REL}" "${DEST}${REL}" fi exit 0 fi echo "Synchro complète → ${DEST}" rsync "${RSYNC_OPTS[@]}" \ --delete \ --exclude '.git/' \ --exclude '.github/' \ --exclude '.secrets/' \ --exclude 'exports/' \ --exclude 'www/wp-content/cache/' \ --exclude 'www/wp-content/jetpack-waf/' \ --exclude 'www/wp-content/languages/' \ --exclude 'www/wp-content/litespeed/' \ --exclude 'www/wp-content/uploads/' \ --exclude 'www/wp-content/w3tc-config/' \ --exclude 'www/wp-content/webp-express/' \ --exclude 'www/wp-content/webtoffee_export/' \ --exclude 'www/wp-config.php' \ --exclude 'wp-config.php' \ --exclude '.htaccess' \ --exclude 'www/.htaccess' \ --exclude '*.log' \ --exclude '.DS_Store' \ ./ "$DEST" echo "Terminé."