From 3b5290b882940cbbd70d569da32c086b3b175ab3 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 29 Jul 2022 02:04:07 +0200 Subject: [PATCH] Apply example_ynh --- .github/workflows/updater.sh | 132 ++++++++++++++++++++++++++++++++++ .github/workflows/updater.yml | 49 +++++++++++++ conf/app.src | 2 + conf/nginx.conf | 2 +- manifest.json | 11 ++- scripts/backup | 4 +- scripts/install | 2 +- scripts/restore | 22 +++--- scripts/upgrade | 32 ++++----- 9 files changed, 218 insertions(+), 38 deletions(-) create mode 100644 .github/workflows/updater.sh create mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100644 index 0000000..aa544b7 --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,132 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) +assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +echo "REPO=$repo" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + + echo "Handling asset at $asset_url" + + # Assign the asset to a source file in conf/ directory + # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) + # Leave $src empty to ignore the asset + case $asset_url in + *"web"*) + src="app" + ;; + *) + src="" + ;; + esac + + # If $src is not empty, let's process the asset + if [ ! -z "$src" ]; then + + # Create the temporary directory + tempdir="$(mktemp -d)" + + # Download sources and calculate checksum + filename=${asset_url##*/} + curl --silent -4 -L $asset_url -o "$tempdir/$filename" + checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + + # Delete temporary directory + rm -rf $tempdir + + # Get extension + if [[ $filename == *.tar.gz ]]; then + extension=tar.gz + else + extension=${filename##*.} + fi + + # Rewrite source file + cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=false +SOURCE_FILENAME= +SOURCE_EXTRACT=true +EOT + echo "... conf/$src.src updated" + + else + echo "... asset ignored" + fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..fb72ba0 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,49 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false diff --git a/conf/app.src b/conf/app.src index 13fb70f..9063874 100644 --- a/conf/app.src +++ b/conf/app.src @@ -3,3 +3,5 @@ SOURCE_SUM=8e87a21b5781efb2420645dd2a41ef124d7626a9777142aedc43dcb11fcfa702 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=false +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf index 508fc0a..9782b91 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,7 +2,7 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/ ; + alias __FINALPATH__/; # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; diff --git a/manifest.json b/manifest.json index 2838698..aed2feb 100644 --- a/manifest.json +++ b/manifest.json @@ -6,14 +6,11 @@ "en": "Duniter client to manage wallets, certifications in a libre money", "fr": "Client Duniter pour gérer ses portes-monnaie, les certifications au sein d’une monnaie libre" }, - "version": "1.6.12~ynh1", + "version": "1.6.12~ynh2", "url": "https://github.com/duniter/cesium", "upstream": { "license": "AGPL-3.0-or-later", "website": "https://cesium.app", - "demo": "https://demo.example.com", - "admindoc": "https://yunohost.org/packaging_apps", - "userdoc": "https://yunohost.org/apps", "code": "https://github.com/duniter/cesium" }, "license": "AGPL-3.0-or-later", @@ -23,21 +20,21 @@ "url": "https://moul.re" }, "requirements": { - "yunohost": ">> 4.2.3" + "yunohost": ">= 4.3.0" }, "multi_instance": false, "services": [ "nginx" ], "arguments": { - "install" : [ + "install": [ { "name": "domain", "type": "domain" }, { "name": "path", - "type": "path", + "type": "path", "example": "/cesium", "default": "/cesium" }, diff --git a/scripts/backup b/scripts/backup index f42c579..13af146 100755 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - true + true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors diff --git a/scripts/install b/scripts/install index 3aaa344..150033d 100644 --- a/scripts/install +++ b/scripts/install @@ -75,7 +75,7 @@ chown -R $app:www-data "$final_path" #================================================= ynh_script_progression --message="Configuring NGINX web server..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= diff --git a/scripts/restore b/scripts/restore index 2df94e3..88298ee 100755 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - true + true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -23,7 +23,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -37,17 +37,10 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) ynh_script_progression --message="Validating restoration parameters..." test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX configuration..." - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -67,6 +60,13 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 8cdce50..b8d04cc 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -16,7 +16,6 @@ ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME - domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) @@ -25,6 +24,7 @@ is_public=$(ynh_app_setting_get --app=$app --key=is_public) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." upgrade_type=$(ynh_check_app_version_changed) @@ -36,8 +36,8 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup + # Restore it if the upgrade fails + ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -49,15 +49,15 @@ ynh_script_progression --message="Ensuring downward compatibility..." # If final_path doesn't exist, create it if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi # Cleaning legacy permissions if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all + ynh_legacy_permissions_delete_all - ynh_app_setting_delete --app=$app --key=is_public + ynh_app_setting_delete --app=$app --key=is_public fi #================================================= @@ -74,10 +74,10 @@ ynh_system_user_create --username=$app --home_dir="$final_path" if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." + ynh_script_progression --message="Upgrading source files..." - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" fi chmod 750 "$final_path" @@ -89,12 +89,12 @@ chown -R $app:www-data "$final_path" #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config if [ "$path_url" != "/" ] then - ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf" + ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf" fi #================================================= @@ -112,10 +112,10 @@ ynh_script_progression --message="Upgrading configuring permissions..." # If app is public, add url to SSOWat conf as skipped_uris and read-only mode if [[ $is_public -eq 1 ]]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" - # activate read-only - ynh_replace_string --match_string='"readonly": false,' --replace_string='"readonly": true,' --target_file="$final_path/config.js" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_permission_update --permission="main" --add="visitors" + # activate read-only + ynh_replace_string --match_string='"readonly": false,' --replace_string='"readonly": true,' --target_file="$final_path/config.js" fi #=================================================