feat(deploy): add automatic commit hash verification after deployment

- Query /api/devops/version endpoint to get deployed commit - Compare deployed commit with latest commit in repository - Warn if deployment didn't use the latest code - Suggest --force --no-cache if commits don't match This prevents silent deployment failures where old code is deployed. Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-05-13 02:07:39 +00:00 · 2026-05-13 02:07:39 +00:00 · b4efba965c
commit b4efba965c
parent c6351b9bf7
1 changed files with 40 additions and 0 deletions
--- a/deploy-invttrdg.sh
+++ b/deploy-invttrdg.sh
@ -394,3 +394,43 @@ ok "Deployment completed successfully!"
 log "Backend: http://localhost:4025 → $API_ENDPOINT"
 log "Web: http://localhost:3085 → $WEB_ENDPOINT"
 log "══════════════════════════════════════════════════════════════════════"
+
+# ── Verify Deployed Commit Hash ─────────────────────────────────────────────
+log "Verifying deployed commit hash..."
+BACKEND_URL="http://localhost:4025"
+DEVOPS_RESPONSE=$(curl -s "$BACKEND_URL/api/devops/version" 2>/dev/null || echo "{}")
+
+if [ "$DEVOPS_RESPONSE" != "{}" ] && [ -n "$DEVOPS_RESPONSE" ]; then
+  if command -v jq &> /dev/null; then
+    DEPLOYED_COMMIT_SHA=$(echo "$DEVOPS_RESPONSE" | jq -r '.commitSha // empty')
+    DEPLOYED_COMMIT_FULL=$(echo "$DEVOPS_RESPONSE" | jq -r '.commitShaFull // empty')
+    DEPLOYED_MESSAGE=$(echo "$DEVOPS_RESPONSE" | jq -r '.commitMessage // empty')
+
+    if [ -n "$DEPLOYED_COMMIT_SHA" ]; then
+      ok "Deployed commit: $DEPLOYED_COMMIT_SHA"
+      info "Full SHA: $DEPLOYED_COMMIT_FULL"
+      info "Message: $DEPLOYED_MESSAGE"
+
+      # Compare with expected latest commit
+      cd "$REPO_DIR"
+      LATEST_COMMIT=$(git rev-parse --short HEAD 2>/dev/null || echo "unknown")
+
+      if [ "$DEPLOYED_COMMIT_SHA" = "$LATEST_COMMIT" ]; then
+        ok "✓ Deployed commit matches latest commit ($LATEST_COMMIT)"
+      else
+        warn "✗ Deployed commit ($DEPLOYED_COMMIT_SHA) differs from latest commit ($LATEST_COMMIT)"
+        warn "  This indicates the deployment may not have used the latest code"
+        warn "  Consider running: ./deploy-invttrdg.sh --force --no-cache"
+      fi
+    else
+      warn "Could not extract commit SHA from devops endpoint"
+    fi
+  else
+    warn "jq not installed, showing raw devops response:"
+    echo "$DEVOPS_RESPONSE"
+  fi
+else
+  warn "Could not retrieve deployment info from devops endpoint"
+fi
+
+log "══════════════════════════════════════════════════════════════════════"