diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6b5049a..800d3cc 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -18,4 +18,5 @@ jobs: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.KEY }} + command_timeout: 1h script: bash /heydari/config/deploy.sh diff --git a/.gitignore b/.gitignore index c9b623b..e44f1c4 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,5 @@ main.db* logs/ __pycache__/ backup/ +log +*.db* diff --git a/VERSION b/VERSION index db15278..8d2c87f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.8 \ No newline at end of file +1.1.15 \ No newline at end of file diff --git a/config/deploy.sh b/config/deploy.sh index 5ccce69..0bc6ba5 100755 --- a/config/deploy.sh +++ b/config/deploy.sh @@ -61,11 +61,18 @@ fi if check_diff "src/*"; then echo "$EG cargo build" cargo build --release + systemctl restart heydari echo $SPACER fi -echo "$EG restart backend" -systemctl restart heydari -echo $SPACER +if check_diff "config/nginx.conf"; then + echo "$EG restart nginx" + if nginx -t; then + systemctl restart nginx + else + echo invalid nginx status ❌ + fi + echo $SPACER +fi echo "Deploy is Done! ✅" diff --git a/config/nginx.conf b/config/nginx.conf index 5c8c951..ad52616 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -24,7 +24,9 @@ server { # error_page 403 /error-403; # Security Headers - add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data: https://heydari-mi.com; connect-src 'self'; font-src 'self';"; + # add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://trustseal.enamad.ir https://simurgh.00-team.org https://www.googletagmanager.com https://www.google.com/"; + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' *"; + add_header Permissions-Policy "geolocation=(self), microphone=()"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block";