From a748c9ee7aac8da51b7e3450949335137f96b0cc Mon Sep 17 00:00:00 2001 From: "bert.hausmans" Date: Wed, 6 May 2026 00:24:40 +0200 Subject: [PATCH] =?UTF-8?q?chore(deploy):=20single-host=20deploy=20config?= =?UTF-8?q?=20=E2=80=94=20drop=20apps/portal=20build,=20retire=20portal.cr?= =?UTF-8?q?ewli.app?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit deploy.sh referenced apps/portal which was deleted in WS-3 PR-B1; the script has been broken in main since that merge (npm run build -w apps/portal would fail). Collapse to a single-app build. Changes: - deploy.sh: replace dual-build block (build app + portal, verify both dist/) with single-app build (build app, verify dist/index.html) - deploy/nginx/csp-portal.conf: deleted (content was identical to csp-spa.conf — verified before removal) - deploy/README.md: replace "Portal (portal.crewli.app)" server-block section with "Legacy portal redirect" — a 301 server block template that redirects portal.crewli.app → crewli.app preserving the request URI. Notes that DNS retirement is a separate ops task Out of scope: actually retiring the portal.crewli.app DNS record (operational, tracked separately). bash -n deploy.sh: clean. Co-Authored-By: Claude Opus 4.7 (1M context) --- deploy.sh | 15 +++++---------- deploy/README.md | 18 +++++++++++++----- deploy/nginx/csp-portal.conf | 4 ---- 3 files changed, 18 insertions(+), 19 deletions(-) delete mode 100644 deploy/nginx/csp-portal.conf diff --git a/deploy.sh b/deploy.sh index da56da5e..29df22a7 100755 --- a/deploy.sh +++ b/deploy.sh @@ -93,18 +93,13 @@ else echo "→ package-lock.json unchanged — skipping npm ci" fi -echo "→ Building frontend assets (apps/app + apps/portal)..." -# Explicit per-workspace build to avoid silent single-app builds +echo "→ Building frontend assets (apps/app)..." npm run build -w apps/app -npm run build -w apps/portal -# Verify both dist folders exist and are non-empty -for app in app portal; do - if [ ! -f "apps/$app/dist/index.html" ]; then - echo "❌ Build failed: apps/$app/dist/index.html missing" - exit 1 - fi -done +if [ ! -f "apps/app/dist/index.html" ]; then + echo "❌ Build failed: apps/app/dist/index.html missing" + exit 1 +fi # ────────────────────────────────────────── # 5. Run migrations diff --git a/deploy/README.md b/deploy/README.md index c60c9d13..310f0379 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -28,18 +28,26 @@ server { } ``` -### Portal (portal.crewli.app) +### Legacy portal redirect (portal.crewli.app) + +Pre-WS-3 (April 2026), Crewli ran a separate portal SPA at +`portal.crewli.app`. The dual-SPA was consolidated into a single +workspace; the legacy host should redirect 301 → `crewli.app`: + ```nginx server { server_name portal.crewli.app; + listen 443 ssl; + # ... TLS config from DirectAdmin / Let's Encrypt ... - include /path/to/deploy/nginx/security-headers.conf; - include /path/to/deploy/nginx/csp-portal.conf; - - # ... rest of config + return 301 https://crewli.app$request_uri; } ``` +DNS retirement of `portal.crewli.app` is a separate operational task +tracked outside this repo. Until DNS is repointed, this redirect +handles any stale links. + ## CSP Rollout Process 1. Start with `Content-Security-Policy-Report-Only` (uncomment in `csp-spa.conf`) diff --git a/deploy/nginx/csp-portal.conf b/deploy/nginx/csp-portal.conf deleted file mode 100644 index 256eac5c..00000000 --- a/deploy/nginx/csp-portal.conf +++ /dev/null @@ -1,4 +0,0 @@ -# CSP for portal.crewli.app -# Same policy as SPA but with stricter connect-src since portal -# should only talk to the API. -add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://api.crewli.app; frame-ancestors 'none'; form-action 'self'; base-uri 'self'" always;