Apply example_ynh

.github/workflows/updater.sh

@@ -0,0 +1,132 @@
+#!/bin/bash
+
+#=================================================
+# PACKAGE UPDATING HELPER
+#=================================================
+
+# This script is meant to be run by GitHub Actions
+# The YunoHost-Apps organisation offers a template Action to run this script periodically
+# Since each app is different, maintainers can adapt its contents so as to perform
+# automatic actions when a new upstream release is detected.
+
+#=================================================
+# FETCHING LATEST RELEASE AND ITS ASSETS
+#=================================================
+
+# Fetching information
+current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
+repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
+# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
+version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
+assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
+
+# Later down the script, we assume the version has only digits and dots
+# Sometimes the release name starts with a "v", so let's filter it out.
+# You may need more tweaks here if the upstream repository has different naming conventions. 
+if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
+	version=${version:1}
+fi
+
+# Setting up the environment variables
+echo "Current version: $current_version"
+echo "Latest release from upstream: $version"
+echo "VERSION=$version" >> $GITHUB_ENV
+echo "REPO=$repo" >> $GITHUB_ENV
+# For the time being, let's assume the script will fail
+echo "PROCEED=false" >> $GITHUB_ENV
+
+# Proceed only if the retrieved version is greater than the current one
+if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
+	echo "::warning ::No new version available"
+	exit 0
+# Proceed only if a PR for this new version does not already exist
+elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
+	echo "::warning ::A branch already exists for this update"
+	exit 0
+fi
+
+# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
+echo "${#assets[@]} available asset(s)"
+
+#=================================================
+# UPDATE SOURCE FILES
+#=================================================
+
+# Here we use the $assets variable to get the resources published in the upstream release.
+# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
+
+# Let's loop over the array of assets URLs
+for asset_url in ${assets[@]}; do
+
+	echo "Handling asset at $asset_url"
+
+	# Assign the asset to a source file in conf/ directory
+	# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
+	# Leave $src empty to ignore the asset
+	case $asset_url in
+		*"web"*)
+			src="app"
+			;;
+		*)
+			src=""
+		;;
+	esac
+
+	# If $src is not empty, let's process the asset
+	if [ ! -z "$src" ]; then
+
+		# Create the temporary directory
+		tempdir="$(mktemp -d)"
+
+		# Download sources and calculate checksum
+		filename=${asset_url##*/}
+		curl --silent -4 -L $asset_url -o "$tempdir/$filename"
+		checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
+
+		# Delete temporary directory
+		rm -rf $tempdir
+
+		# Get extension
+		if [[ $filename == *.tar.gz ]]; then
+			extension=tar.gz
+		else
+			extension=${filename##*.}
+		fi
+
+		# Rewrite source file
+		cat <<EOT > conf/$src.src
+SOURCE_URL=$asset_url
+SOURCE_SUM=$checksum
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=$extension
+SOURCE_IN_SUBDIR=false
+SOURCE_FILENAME=
+SOURCE_EXTRACT=true
+EOT
+		echo "... conf/$src.src updated"
+
+	else
+		echo "... asset ignored"
+	fi
+
+done
+
+#=================================================
+# SPECIFIC UPDATE STEPS
+#=================================================
+
+# Any action on the app's source code can be done.
+# The GitHub Action workflow takes care of committing all changes after this script ends.
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+
+# Replace new version in manifest
+echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
+
+# No need to update the README, yunohost-bot takes care of it
+
+# The Action will proceed only if the PROCEED environment variable is set to true
+echo "PROCEED=true" >> $GITHUB_ENV
+exit 0

.github/workflows/updater.yml

@@ -0,0 +1,49 @@
+# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
+# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
+# This file should be enough by itself, but feel free to tune it to your needs.
+# It calls updater.sh, which is where you should put the app-specific update steps.
+name: Check for new upstream releases
+on:
+  # Allow to manually trigger the workflow
+  workflow_dispatch:
+  # Run it every day at 6:00 UTC
+  schedule:
+    - cron:  '0 6 * * *'
+jobs:
+  updater:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch the source code
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run the updater script
+        id: run_updater
+        run: |
+          # Setting up Git user
+          git config --global user.name 'yunohost-bot'
+          git config --global user.email 'yunohost-bot@users.noreply.github.com'
+          # Run the updater script
+          /bin/bash .github/workflows/updater.sh
+      - name: Commit changes
+        id: commit
+        if: ${{ env.PROCEED == 'true' }}
+        run: |
+          git commit -am "Upgrade to v$VERSION"
+      - name: Create Pull Request
+        id: cpr
+        if: ${{ env.PROCEED == 'true' }}
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Update to version ${{ env.VERSION }}
+          committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          signoff: false
+          base: testing
+          branch: ci-auto-update-v${{ env.VERSION }}
+          delete-branch: true
+          title: 'Upgrade to version ${{ env.VERSION }}'
+          body: |
+            Upgrade to v${{ env.VERSION }}
+          draft: false

conf/app.src

@@ -3,3 +3,5 @@ SOURCE_SUM=8e87a21b5781efb2420645dd2a41ef124d7626a9777142aedc43dcb11fcfa702
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=zip
 SOURCE_IN_SUBDIR=false
+SOURCE_FILENAME=
+SOURCE_EXTRACT=true

conf/nginx.conf

@@ -2,7 +2,7 @@
 location __PATH__/ {
 
   # Path to source
-  alias __FINALPATH__/ ;
+  alias __FINALPATH__/;
 
   # Include SSOWAT user panel.
   include conf.d/yunohost_panel.conf.inc;

manifest.json

@@ -6,14 +6,11 @@
         "en": "Duniter client to manage wallets, certifications in a libre money",
         "fr": "Client Duniter pour gérer ses portes-monnaie, les certifications au sein d’une monnaie libre"
     },
-    "version": "1.6.12~ynh1",
+    "version": "1.6.12~ynh2",
     "url": "https://github.com/duniter/cesium",
     "upstream": {
         "license": "AGPL-3.0-or-later",
         "website": "https://cesium.app",
-        "demo": "https://demo.example.com",
-        "admindoc": "https://yunohost.org/packaging_apps",
-        "userdoc": "https://yunohost.org/apps",
         "code": "https://github.com/duniter/cesium"
     },
     "license": "AGPL-3.0-or-later",
@@ -23,21 +20,21 @@
         "url": "https://moul.re"
     },
     "requirements": {
-        "yunohost": ">> 4.2.3"
+        "yunohost": ">= 4.3.0"
     },
     "multi_instance": false,
     "services": [
         "nginx"
     ],
     "arguments": {
-        "install" : [
+        "install": [
             {
                 "name": "domain",
                 "type": "domain"
             },
             {
                 "name": "path",
-		        "type": "path",
+                "type": "path",
                 "example": "/cesium",
                 "default": "/cesium"
             },

scripts/backup

@@ -6,7 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
-#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
+# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 
@@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 
 ynh_clean_setup () {
-  true
+	true
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors

scripts/install

@@ -75,7 +75,7 @@ chown -R $app:www-data "$final_path"
 #=================================================
 ynh_script_progression --message="Configuring NGINX web server..."
 
-# Create a dedicated nginx config
+# Create a dedicated NGINX config
 ynh_add_nginx_config
 
 #=================================================

scripts/restore

@@ -6,7 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
-#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
+# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 
@@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 
 ynh_clean_setup () {
-  true
+	true
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
@@ -23,7 +23,7 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading settings..."
+ynh_script_progression --message="Loading installation settings..."
 
 app=$YNH_APP_INSTANCE_NAME
 
@@ -37,17 +37,10 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 ynh_script_progression --message="Validating restoration parameters..."
 
 test ! -d $final_path \
-  || ynh_die --message="There is already a directory: $final_path "
+	|| ynh_die --message="There is already a directory: $final_path "
 
 #=================================================
 # STANDARD RESTORATION STEPS
-#=================================================
-# RESTORE THE NGINX CONFIGURATION
-#=================================================
-ynh_script_progression --message="Restoring the NGINX configuration..."
-
-ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
@@ -67,6 +60,13 @@ chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
 
+#=================================================
+# RESTORE THE NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the NGINX web server configuration..."
+
+ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/upgrade

@@ -16,7 +16,6 @@ ynh_script_progression --message="Loading installation settings..."
 
 app=$YNH_APP_INSTANCE_NAME
 
-
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
@@ -25,6 +24,7 @@ is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 #=================================================
 # CHECK VERSION
 #=================================================
+ynh_script_progression --message="Restoring the NGINX web server configuration..."
 
 upgrade_type=$(ynh_check_app_version_changed)
 
@@ -36,8 +36,8 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
 # Backup the current version of the app
 ynh_backup_before_upgrade
 ynh_clean_setup () {
-  # restore it if the upgrade fails
-  ynh_restore_upgradebackup
+	# Restore it if the upgrade fails
+	ynh_restore_upgradebackup
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
@@ -49,15 +49,15 @@ ynh_script_progression --message="Ensuring downward compatibility..."
 
 # If final_path doesn't exist, create it
 if [ -z "$final_path" ]; then
-  final_path=/var/www/$app
-  ynh_app_setting_set --app=$app --key=final_path --value=$final_path
+	final_path=/var/www/$app
+	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
 # Cleaning legacy permissions
 if ynh_legacy_permissions_exists; then
-  ynh_legacy_permissions_delete_all
+	ynh_legacy_permissions_delete_all
 
-  ynh_app_setting_delete --app=$app --key=is_public
+	ynh_app_setting_delete --app=$app --key=is_public
 fi
 
 #=================================================
@@ -74,10 +74,10 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
 
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
-  ynh_script_progression --message="Upgrading source files..."
+	ynh_script_progression --message="Upgrading source files..."
 
-  # Download, check integrity, uncompress and patch the source from app.src
-  ynh_setup_source --dest_dir="$final_path"
+	# Download, check integrity, uncompress and patch the source from app.src
+	ynh_setup_source --dest_dir="$final_path"
 fi
 
 chmod 750 "$final_path"
@@ -89,12 +89,12 @@ chown -R $app:www-data "$final_path"
 #=================================================
 ynh_script_progression --message="Upgrading NGINX web server configuration..."
 
-# Create a dedicated nginx config
+# Create a dedicated NGINX config
 ynh_add_nginx_config
 
 if [ "$path_url" != "/" ]
 then
-  ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf"
+	ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf"
 fi
 
 #=================================================
@@ -112,10 +112,10 @@ ynh_script_progression --message="Upgrading configuring permissions..."
 
 # If app is public, add url to SSOWat conf as skipped_uris and read-only mode
 if [[ $is_public -eq 1 ]]; then
-  # unprotected_uris allows SSO credentials to be passed anyway.
-  ynh_permission_update --permission="main" --add="visitors"
-  # activate read-only
-  ynh_replace_string --match_string='"readonly": false,' --replace_string='"readonly": true,' --target_file="$final_path/config.js"
+	# unprotected_uris allows SSO credentials to be passed anyway.
+	ynh_permission_update --permission="main" --add="visitors"
+	# activate read-only
+	ynh_replace_string --match_string='"readonly": false,' --replace_string='"readonly": true,' --target_file="$final_path/config.js"
 fi
 
 #=================================================