diff --git a/deploy.sh b/deploy.sh index 8508a97..9d867dd 100755 --- a/deploy.sh +++ b/deploy.sh @@ -80,9 +80,16 @@ fi # ── 3. Ownership ────────────────────────────────────────────────────────────── step "File ownership and permissions" -echo " Setting $REPO_DIR → $SERVICE_NAME:$SERVICE_NAME (group-writable)" -chown -R "$SERVICE_NAME:$SERVICE_NAME" "$REPO_DIR" -chmod -R g+w "$REPO_DIR" +# Only chown what the service needs to write at runtime. +# Source code stays owned by the invoking user. +DB_FILE="$REPO_DIR/pipekit.db" +if [ -f "$DB_FILE" ]; then + echo " $DB_FILE → $SERVICE_NAME" + chown "$SERVICE_NAME:$SERVICE_NAME" "$DB_FILE" +else + echo " $DB_FILE not yet created (pipekit init will create it as $SERVICE_NAME)" +fi +echo " $VENV_DIR → $SERVICE_NAME (created/managed below)" echo " Done." # ── 4. Venv + deps ──────────────────────────────────────────────────────────── @@ -135,6 +142,12 @@ fi # ── 7. Schema init ──────────────────────────────────────────────────────────── step "Database schema" +DB_FILE="$REPO_DIR/pipekit.db" +if [ ! -f "$DB_FILE" ]; then + echo " Creating $DB_FILE owned by $SERVICE_NAME" + touch "$DB_FILE" + chown "$SERVICE_NAME:$SERVICE_NAME" "$DB_FILE" +fi echo " Running pipekit init" sudo -u "$SERVICE_NAME" HOME=/nonexistent "$LAUNCHER" init echo " Done."