Update S3 paths to use scripts folder with proper permissions

- Changed deployment URLs from /icewatch to /scripts
- Added cache control headers for better performance
- Updated bucket policy for scripts/* public access
- All deployment files now use consistent scripts/ path

.github/workflows/deploy-scripts.yml

@@ -30,29 +30,32 @@ jobs:
       - name: Upload deployment script to S3
         run: |
           # Upload the main deployment script
-          aws s3 cp scripts/deploy.sh s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/deploy.sh \
+          aws s3 cp scripts/deploy.sh s3://${{ secrets.S3_BUCKET_NAME }}/scripts/deploy.sh \
             --acl public-read \
             --content-type "text/plain" \
+            --cache-control "max-age=300" \
             --metadata-directive REPLACE \
             --metadata "version=$(git rev-parse --short HEAD),updated=$(date -u +%Y-%m-%dT%H:%M:%SZ)"
           
           # Upload systemd service file
-          aws s3 cp scripts/icewatch.service s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/icewatch.service \
+          aws s3 cp scripts/icewatch.service s3://${{ secrets.S3_BUCKET_NAME }}/scripts/icewatch.service \
             --acl public-read \
-            --content-type "text/plain"
+            --content-type "text/plain" \
+            --cache-control "max-age=3600"
           
           # Upload Caddyfile
-          aws s3 cp scripts/Caddyfile s3://${{ secrets.S3_BUCKET_NAME }}/icewatch/Caddyfile \
+          aws s3 cp scripts/Caddyfile s3://${{ secrets.S3_BUCKET_NAME }}/scripts/Caddyfile \
             --acl public-read \
-            --content-type "text/plain"
+            --content-type "text/plain" \
+            --cache-control "max-age=3600"
           
           echo "✅ Scripts uploaded successfully!"
-          echo "📁 Deploy script URL: https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/icewatch/deploy.sh"
+          echo "📁 Deploy script URL: https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/scripts/deploy.sh"
 
       - name: Update README with current URLs
         run: |
           # Update README with current S3 URLs
-          sed -i "s|curl -sSL.*deploy.sh|curl -sSL https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/icewatch/deploy.sh|g" README.md
+          sed -i "s|curl -sSL.*deploy.sh|curl -sSL https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/scripts/deploy.sh|g" README.md
           
           # Check if README was modified
           if git diff --quiet README.md; then

README.md

@@ -65,7 +65,7 @@ PORT=3000
 
 1. **Run the deployment script on your server:**
    ```bash
-   curl -sSL https://ice.puremichigan.lol.s3.amazonaws.com/icewatch/deploy.sh | bash
+   curl -sSL https://ice.puremichigan.lol.s3.amazonaws.com/scripts/deploy.sh | bash
    ```
 
 2. **Deploy your application:**

s3-bucket-policy.json

@@ -0,0 +1,12 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "PublicReadGetObject",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "s3:GetObject",
+      "Resource": "arn:aws:s3:::ice.puremichigan.lol/scripts/*"
+    }
+  ]
+}

scripts/deploy.sh

@@ -38,7 +38,7 @@ sudo useradd --system --shell /bin/false --home /opt/icewatch --create-home icew
 
 # Download additional configuration files from S3
 echo "📥 Downloading configuration files..."
-S3_BASE_URL="https://ice.puremichigan.lol.s3.amazonaws.com/icewatch"
+S3_BASE_URL="https://ice.puremichigan.lol.s3.amazonaws.com/scripts"
 
 # Download systemd service file
 echo "📥 Downloading systemd service..."