Task/WI-202: insert letsencrypt post-renewal hook after deploy (#58)

jarosenb · web-flow · commit df8d5f599444 · 2025-03-03T10:20:26.000-06:00
* add step to place a letsencrypt post-renew hook

* update makefile

* fix script name
diff --git a/Makefile b/Makefile
@@ -24,7 +24,10 @@ else
 override COMPOSE =
 endif
 
-DOCKER_COMPOSE := ${COMPOSE_COMMAND} ${BASE_COMPOSE} ${COMPOSE} --env-file=$(ENV_FILE)
+DOCKER_COMPOSE := ${COMPOSE_COMMAND} ${BASE_COMPOSE} ${COMPOSE} --env-file=$(pwd)/$(ENV_FILE)
+
+# This command uses an Alpine linux image to run a script to add a post-renew hook to letsencrypt 
+PLACE_RENEWAL_HOOK := docker run -e DOCKER_COMPOSE=${DOCKER_COMPOSE} -v /etc/letsencrypt:/etc/letsencrypt -v ${CAMINO_HOME}/conf/scripts/post-renew.sh:/opt-post-renew.sh alpine:3 /bin/sh -c "chmod +x /opt/post-renew.sh && /opt/post-renew.sh"
 
 .PHONY: deploy-docs
 deploy-docs:
@@ -76,6 +79,7 @@ ifdef POST_DEPLOY_SCRIPT
 	chmod +x ${CAMINO_HOME}/conf/camino/${POST_DEPLOY_SCRIPT} && ${CAMINO_HOME}/conf/camino/${POST_DEPLOY_SCRIPT} all
 endif
 	$(DOCKER_COMPOSE) restart nginx
+	$(PLACE_RENEWAL_HOOK)
 
 .PHONY: migrate
 migrate:
diff --git a/conf/scripts/post-renew.sh b/conf/scripts/post-renew.sh
@@ -0,0 +1,4 @@
+#! /bin/sh
+mkdir -p /etc/letsencrypt/renewal-hooks/post/
+echo -e "#! /bin/sh\n${DOCKER_COMPOSE} restart nginx\n" > /etc/letsencrypt/renewal-hooks/post/post-renew.sh
+chmod +x /etc/letsencrypt/renewal-hooks/post/post-renew.sh
