mirror of
https://github.com/YunoHost-Apps/cryptpad_ynh.git
synced 2024-09-03 18:26:14 +02:00
commit
3c0eaa75d8
4 changed files with 2 additions and 179 deletions
127
.github/workflows/updater.sh
vendored
127
.github/workflows/updater.sh
vendored
|
@ -1,127 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# PACKAGE UPDATING HELPER
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# This script is meant to be run by GitHub Actions
|
|
||||||
# The YunoHost-Apps organisation offers a template Action to run this script periodically
|
|
||||||
# Since each app is different, maintainers can adapt its contents so as to perform
|
|
||||||
# automatic actions when a new upstream release is detected.
|
|
||||||
|
|
||||||
# Remove this exit command when you are ready to run this Action
|
|
||||||
#exit 1
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# FETCHING LATEST RELEASE AND ITS ASSETS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Fetching information
|
|
||||||
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
|
|
||||||
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
|
|
||||||
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
|
|
||||||
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
|
|
||||||
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
|
|
||||||
|
|
||||||
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
|
|
||||||
version=${version:1}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Setting up the environment variables
|
|
||||||
echo "Current version: $current_version"
|
|
||||||
echo "Latest release from upstream: $version"
|
|
||||||
echo "VERSION=$version" >> $GITHUB_ENV
|
|
||||||
# For the time being, let's assume the script will fail
|
|
||||||
echo "PROCEED=false" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
# Proceed only if the retrieved version is greater than the current one
|
|
||||||
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
|
|
||||||
echo "::warning ::No new version available"
|
|
||||||
exit 0
|
|
||||||
# Proceed only if a PR for this new version does not already exist
|
|
||||||
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
|
|
||||||
echo "::warning ::A branch already exists for this update"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
|
|
||||||
echo "${#assets[@]} available asset(s)"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# UPDATE SOURCE FILES
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Here we use the $assets variable to get the resources published in the upstream release.
|
|
||||||
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
|
|
||||||
|
|
||||||
# Let's loop over the array of assets URLs
|
|
||||||
for asset_url in ${assets[@]}; do
|
|
||||||
|
|
||||||
echo "Handling asset at $asset_url"
|
|
||||||
|
|
||||||
# Assign the asset to a source file in conf/ directory
|
|
||||||
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
|
|
||||||
# Leave $src empty to ignore the asset
|
|
||||||
case $asset_url in
|
|
||||||
*".tar.gz")
|
|
||||||
src="app"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# If $src is not empty, let's process the asset
|
|
||||||
if [ ! -z "$src" ]; then
|
|
||||||
|
|
||||||
# Create the temporary directory
|
|
||||||
tempdir="$(mktemp -d)"
|
|
||||||
|
|
||||||
# Download sources and calculate checksum
|
|
||||||
filename=${asset_url##*/}
|
|
||||||
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
|
|
||||||
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
|
|
||||||
|
|
||||||
# Delete temporary directory
|
|
||||||
rm -rf $tempdir
|
|
||||||
|
|
||||||
# Get extension
|
|
||||||
if [[ $filename == *.tar.gz ]]; then
|
|
||||||
extension=tar.gz
|
|
||||||
else
|
|
||||||
extension=${filename##*.}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Rewrite source file
|
|
||||||
cat <<EOT > conf/$src.src
|
|
||||||
SOURCE_URL=$asset_url
|
|
||||||
SOURCE_SUM=$checksum
|
|
||||||
SOURCE_SUM_PRG=sha256sum
|
|
||||||
SOURCE_FORMAT=$extension
|
|
||||||
SOURCE_IN_SUBDIR=true
|
|
||||||
SOURCE_FILENAME=cryptpad.tar.gz
|
|
||||||
EOT
|
|
||||||
echo "... conf/$src.src updated"
|
|
||||||
|
|
||||||
else
|
|
||||||
echo "... asset ignored"
|
|
||||||
fi
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC UPDATE STEPS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Any action on the app's source code can be done.
|
|
||||||
# The GitHub Action workflow takes care of committing all changes after this script ends.
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC FINALIZATION
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Replace new version in manifest
|
|
||||||
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
|
|
||||||
|
|
||||||
# No need to update the README, yunohost-bot takes care of it
|
|
||||||
|
|
||||||
# The Action will proceed only if the PROCEED environment variable is set to true
|
|
||||||
echo "PROCEED=true" >> $GITHUB_ENV
|
|
||||||
exit 0
|
|
48
.github/workflows/updater.yml
vendored
48
.github/workflows/updater.yml
vendored
|
@ -1,48 +0,0 @@
|
||||||
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
|
|
||||||
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
|
|
||||||
# This file should be enough by itself, but feel free to tune it to your needs.
|
|
||||||
# It calls updater.sh, which is where you should put the app-specific update steps.
|
|
||||||
name: Check for new upstream releases
|
|
||||||
on:
|
|
||||||
# Allow to manually trigger the workflow
|
|
||||||
workflow_dispatch:
|
|
||||||
# Run it every day at 6:00 UTC
|
|
||||||
schedule:
|
|
||||||
- cron: '0 6 * * *'
|
|
||||||
jobs:
|
|
||||||
updater:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Fetch the source code
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
- name: Run the updater script
|
|
||||||
id: run_updater
|
|
||||||
run: |
|
|
||||||
# Setting up Git user
|
|
||||||
git config --global user.name 'yunohost-bot'
|
|
||||||
git config --global user.email 'yunohost-bot@users.noreply.github.com'
|
|
||||||
# Run the updater script
|
|
||||||
/bin/bash .github/workflows/updater.sh
|
|
||||||
- name: Commit changes
|
|
||||||
id: commit
|
|
||||||
if: ${{ env.PROCEED == 'true' }}
|
|
||||||
run: |
|
|
||||||
git commit -am "Upgrade to v$VERSION"
|
|
||||||
- name: Create Pull Request
|
|
||||||
id: cpr
|
|
||||||
if: ${{ env.PROCEED == 'true' }}
|
|
||||||
uses: peter-evans/create-pull-request@v4
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
commit-message: Update to version ${{ env.VERSION }}
|
|
||||||
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
|
||||||
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
|
||||||
signoff: false
|
|
||||||
branch: ci-auto-update-v${{ env.VERSION }}
|
|
||||||
delete-branch: true
|
|
||||||
title: 'Upgrade to version ${{ env.VERSION }}'
|
|
||||||
body: |
|
|
||||||
Upgrade to v${{ env.VERSION }}
|
|
||||||
draft: false
|
|
|
@ -4,9 +4,6 @@ set $allowed_origins "https://${sandbox_domain}";
|
||||||
set $api_domain "__DOMAIN__";
|
set $api_domain "__DOMAIN__";
|
||||||
set $files_domain "__DOMAIN__";
|
set $files_domain "__DOMAIN__";
|
||||||
ssl_ecdh_curve secp384r1;
|
ssl_ecdh_curve secp384r1;
|
||||||
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; always";
|
|
||||||
more_set_headers "X-XSS-Protection: '1; mode=block'";
|
|
||||||
more_set_headers "X-Content-Type-Options: nosniff";
|
|
||||||
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
|
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
|
||||||
more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
|
more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
|
||||||
more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
|
more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
|
||||||
|
|
|
@ -19,7 +19,7 @@ cpe = "cpe:2.3:a:xwiki:cryptpad"
|
||||||
fund = "https://opencollective.com/cryptpad/contribute?language=fr"
|
fund = "https://opencollective.com/cryptpad/contribute?language=fr"
|
||||||
|
|
||||||
[integration]
|
[integration]
|
||||||
yunohost = ">= 11.1.15"
|
yunohost = ">= 11.1.17"
|
||||||
architectures = "all"
|
architectures = "all"
|
||||||
multi_instance = false
|
multi_instance = false
|
||||||
ldap = false
|
ldap = false
|
||||||
|
@ -48,6 +48,7 @@ ram.runtime = "50M"
|
||||||
[resources.sources.main]
|
[resources.sources.main]
|
||||||
url = "https://github.com/xwiki-labs/cryptpad/archive/5.2.1.tar.gz"
|
url = "https://github.com/xwiki-labs/cryptpad/archive/5.2.1.tar.gz"
|
||||||
sha256 = "945abe5bae0da25a4e2ef8e02730aaa5bb5e5a0b8bfd7a23a09ec38422d7c47f"
|
sha256 = "945abe5bae0da25a4e2ef8e02730aaa5bb5e5a0b8bfd7a23a09ec38422d7c47f"
|
||||||
|
autoupdate.strategy = "latest_github_tag"
|
||||||
|
|
||||||
[resources.ports]
|
[resources.ports]
|
||||||
main.default = 3000
|
main.default = 3000
|
||||||
|
|
Loading…
Reference in a new issue