Fix deployment: stop service before binary replace, add self-update

The deploy script was failing with "Text file busy" because it tried to
overwrite the running binary with cp. Three-part fix:

1. scripts/deploy-moon (new standalone copy of server-side script):
   - Self-update: if bundle contains a newer version of this script,
     install it and re-exec before doing anything else
   - Stop the service (systemctl stop moon) before copying the binary
   - Use rm -f before cp to handle "Text file busy" even as a fallback

2. scripts/server-setup.sh: embed the same improved deploy-moon so
   re-running the setup script updates the server-side copy; also add
   NOPASSWD sudoers entry for "systemctl stop moon"

3. .github/workflows/deploy.yml:
   - Include scripts/deploy-moon in the SCP bundle so the server copy
     auto-updates on every deployment
   - Add continue-on-error: true to the "Stop service" step so the
     deploy still proceeds even if sudoers hasn't been updated yet

One-time manual step required: SSH into the server and run
  sudo bash scripts/server-setup.sh
to install the fixed deploy-moon and updated sudoers. After that,
all future deployments will be fully automated.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: exploded

.github/workflows/deploy.yml

@@ -53,11 +53,12 @@ jobs:
           username: ${{ secrets.DEPLOY_USER }}
           key: ${{ secrets.DEPLOY_SSH_KEY }}
           port: ${{ secrets.DEPLOY_PORT || '22' }}
-          source: "moon,index.html,about.html,calendar.html,static/"
+          source: "moon,index.html,about.html,calendar.html,static/,scripts/deploy-moon"
           target: "/tmp/moon-deploy"
           overwrite: true
 
       - name: Stop service before deploy
+        continue-on-error: true
         uses: appleboy/ssh-action@v1.0.3
         with:
           host: ${{ secrets.DEPLOY_HOST }}

scripts/deploy-moon

@@ -0,0 +1,60 @@
+#!/bin/bash
+# /usr/local/bin/deploy-moon
+# Runs as root (via sudo) during GitHub Actions deployments.
+#
+# To update this script on the server, include scripts/deploy-moon in the SCP
+# bundle — it will self-update and re-exec before doing anything else.
+
+set -e
+
+DEPLOY_SRC="${1:-/tmp/moon-deploy}"
+DEPLOY_DIR=/var/www/moon
+
+# Self-update: if the bundle contains a newer version of this script, install
+# it and re-exec so the rest of the deployment runs with the updated logic.
+BUNDLE_SCRIPT="$DEPLOY_SRC/scripts/deploy-moon"
+if [ -f "$BUNDLE_SCRIPT" ] && ! diff -q /usr/local/bin/deploy-moon "$BUNDLE_SCRIPT" > /dev/null 2>&1; then
+    echo "[deploy] Updating deploy script from bundle..."
+    install -m 755 "$BUNDLE_SCRIPT" /usr/local/bin/deploy-moon
+    exec /usr/local/bin/deploy-moon "$@"
+fi
+
+# Read the service owner from the installed unit — no hardcoded username
+SERVICE_USER=$(systemctl show moon --property=User --value)
+SERVICE_GROUP=$(systemctl show moon --property=Group --value)
+
+if [ -z "$SERVICE_USER" ]; then
+    echo "[deploy] ERROR: Could not read User from moon.service"
+    exit 1
+fi
+
+echo "[deploy] Stopping service..."
+systemctl stop moon || true
+
+echo "[deploy] Installing binary to $DEPLOY_DIR/moon (owner: $SERVICE_USER:$SERVICE_GROUP)..."
+rm -f "$DEPLOY_DIR/moon"
+cp "$DEPLOY_SRC/moon" "$DEPLOY_DIR/moon"
+chmod +x "$DEPLOY_DIR/moon"
+
+echo "[deploy] Updating web assets..."
+cp "$DEPLOY_SRC/index.html"    "$DEPLOY_DIR/"
+cp "$DEPLOY_SRC/about.html"    "$DEPLOY_DIR/"
+cp "$DEPLOY_SRC/calendar.html" "$DEPLOY_DIR/"
+cp -r "$DEPLOY_SRC/static/"    "$DEPLOY_DIR/"
+chown -R "$SERVICE_USER:$SERVICE_GROUP" "$DEPLOY_DIR"
+
+echo "[deploy] Starting service..."
+systemctl start moon
+
+echo "[deploy] Verifying service is active..."
+sleep 2
+if ! systemctl is-active --quiet moon; then
+    echo "[deploy] ERROR: Service failed to start. Status:"
+    systemctl status moon --no-pager --lines=30
+    exit 1
+fi
+
+echo "[deploy] Cleaning up..."
+rm -rf "$DEPLOY_SRC"
+
+echo "[deploy] Done — moon is running."

scripts/server-setup.sh

@@ -62,12 +62,24 @@ cat > /usr/local/bin/deploy-moon << 'DEPLOY_SCRIPT'
 #!/bin/bash
 # /usr/local/bin/deploy-moon
 # Runs as root (via sudo) during GitHub Actions deployments.
+#
+# To update this script on the server, include scripts/deploy-moon in the SCP
+# bundle — it will self-update and re-exec before doing anything else.
 
 set -e
 
 DEPLOY_SRC="${1:-/tmp/moon-deploy}"
 DEPLOY_DIR=/var/www/moon
 
+# Self-update: if the bundle contains a newer version of this script, install
+# it and re-exec so the rest of the deployment runs with the updated logic.
+BUNDLE_SCRIPT="$DEPLOY_SRC/scripts/deploy-moon"
+if [ -f "$BUNDLE_SCRIPT" ] && ! diff -q /usr/local/bin/deploy-moon "$BUNDLE_SCRIPT" > /dev/null 2>&1; then
+    echo "[deploy] Updating deploy script from bundle..."
+    install -m 755 "$BUNDLE_SCRIPT" /usr/local/bin/deploy-moon
+    exec /usr/local/bin/deploy-moon "$@"
+fi
+
 # Read the service owner from the installed unit — no hardcoded username
 SERVICE_USER=$(systemctl show moon --property=User --value)
 SERVICE_GROUP=$(systemctl show moon --property=Group --value)
@@ -77,7 +89,11 @@ if [ -z "$SERVICE_USER" ]; then
     exit 1
 fi
 
+echo "[deploy] Stopping service..."
+systemctl stop moon || true
+
 echo "[deploy] Installing binary to $DEPLOY_DIR/moon (owner: $SERVICE_USER:$SERVICE_GROUP)..."
+rm -f "$DEPLOY_DIR/moon"
 cp "$DEPLOY_SRC/moon" "$DEPLOY_DIR/moon"
 chmod +x "$DEPLOY_DIR/moon"
 
@@ -88,8 +104,8 @@ cp "$DEPLOY_SRC/calendar.html" "$DEPLOY_DIR/"
 cp -r "$DEPLOY_SRC/static/"    "$DEPLOY_DIR/"
 chown -R "$SERVICE_USER:$SERVICE_GROUP" "$DEPLOY_DIR"
 
-echo "[deploy] Restarting service..."
-systemctl restart moon
+echo "[deploy] Starting service..."
+systemctl start moon
 
 echo "[deploy] Verifying service is active..."
 sleep 2
@@ -116,6 +132,8 @@ SUDOERS_FILE="/etc/sudoers.d/moon-deploy"
 cat > "$SUDOERS_FILE" << 'EOF'
 # Allow the deploy user to run the moon deployment script as root
 deploy ALL=(ALL) NOPASSWD: /usr/local/bin/deploy-moon
+# Allow stopping the moon service directly (used by the GitHub Actions workflow)
+deploy ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop moon
 EOF
 
 chmod 440 "$SUDOERS_FILE"