Simplify supervisor architecture and automate bootstrap

- Simplify supervisor.sh following TigerBeetle pattern - Remove complex functions, use simple while loop - Add || sleep 600 for resilience against crashes - Use git switch --discard-changes for clean updates - Run pipelines every hour (SQLMesh handles scheduling) - Use POSIX sh instead of bash - Remove /repo subdirectory nesting - Repository clones directly to /opt/materia - Simpler paths throughout - Move systemd service to repo - Bootstrap copies from repo instead of hardcoding - Service can be updated via git pull - Automate bootstrap in CI/CD - deploy:supervisor now auto-bootstraps on first deploy - Waits for SSH to be ready (retry loop) - Injects secrets via SSH environment - Idempotent: detects if already bootstrapped Result: Push to master and supervisor "just works" 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-13 21:17:12 +02:00
parent 21f99767bf
commit 2fff895a73
5 changed files with 53 additions and 191 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -94,7 +94,7 @@ deploy:supervisor:
        exit 1
      fi

-      echo "Deploying to supervisor at ${SUPERVISOR_IP}..."
+      echo "Connecting to supervisor at ${SUPERVISOR_IP}..."

      # Setup SSH
      mkdir -p ~/.ssh
@@ -102,15 +102,25 @@ deploy:supervisor:
      chmod 600 ~/.ssh/id_rsa
      ssh-keyscan -H $SUPERVISOR_IP >> ~/.ssh/known_hosts

+      # Wait for SSH to be ready (new instance may take a moment)
+      echo "Waiting for SSH to be ready..."
+      for i in $(seq 1 30); do
+        if ssh -o ConnectTimeout=5 root@${SUPERVISOR_IP} "echo 'SSH ready'"; then
+          break
+        fi
+        echo "Attempt $i/30 failed, retrying..."
+        sleep 10
+      done
+
      # Check if supervisor is bootstrapped
-      if ssh -o ConnectTimeout=10 root@${SUPERVISOR_IP} "test -d /opt/materia/repo/.git"; then
-        echo "Supervisor already bootstrapped, triggering update..."
-        # Just signal supervisor to pull latest - it will do so on next check cycle
-        ssh root@${SUPERVISOR_IP} "systemctl is-active materia-supervisor || echo 'Service not running, may need bootstrap'"
+      if ssh root@${SUPERVISOR_IP} "test -d /opt/materia/.git"; then
+        echo "Supervisor already bootstrapped and will auto-update"
+        ssh root@${SUPERVISOR_IP} "systemctl status materia-supervisor --no-pager"
      else
-        echo "Supervisor not bootstrapped yet. Run bootstrap script:"
-        echo "  export PULUMI_ACCESS_TOKEN=\${PULUMI_ACCESS_TOKEN}"
-        echo "  ssh root@${SUPERVISOR_IP} 'bash -s' < infra/bootstrap_supervisor.sh"
+        echo "Bootstrapping supervisor for the first time..."
+        # Export secrets and run bootstrap
+        ssh root@${SUPERVISOR_IP} "export PULUMI_ACCESS_TOKEN='${PULUMI_ACCESS_TOKEN}' GITLAB_READ_TOKEN='${GITLAB_READ_TOKEN}' && bash -s" < infra/bootstrap_supervisor.sh
+        echo "Bootstrap complete!"
      fi
  dependencies:
    - deploy:infra