diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index 6274d07..2e7f2dd 100644 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -9,9 +9,6 @@ # Since each app is different, maintainers can adapt its contents so as to perform # automatic actions when a new upstream release is detected. -# Remove this exit command when you are ready to run this Action -#exit 1 - #================================================= # FETCHING LATEST RELEASE AND ITS ASSETS #================================================= @@ -23,25 +20,29 @@ repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1] version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} + version=${version:1} fi # Setting up the environment variables echo "Current version: $current_version" echo "Latest release from upstream: $version" echo "VERSION=$version" >> $GITHUB_ENV +echo "REPO=$repo" >> $GITHUB_ENV # For the time being, let's assume the script will fail echo "PROCEED=false" >> $GITHUB_ENV # Proceed only if the retrieved version is greater than the current one if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 + echo "::warning ::No new version available" + exit 0 # Proceed only if a PR for this new version does not already exist elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 + echo "::warning ::A branch already exists for this update" + exit 0 fi # Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) @@ -57,53 +58,56 @@ echo "${#assets[@]} available asset(s)" # Let's loop over the array of assets URLs for asset_url in ${assets[@]}; do -echo "Handling asset at $asset_url" + echo "Handling asset at $asset_url" -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *".tar.gz") - src="app" - ;; -esac + # Assign the asset to a source file in conf/ directory + # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) + # Leave $src empty to ignore the asset + case $asset_url in + *".tar.gz") + src="app" + ;; + *) + src="" + ;; + esac -# If $src is not empty, let's process the asset -if [ ! -z "$src" ]; then + # If $src is not empty, let's process the asset + if [ ! -z "$src" ]; then -# Create the temporary directory -tempdir="$(mktemp -d)" + # Create the temporary directory + tempdir="$(mktemp -d)" -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + # Download sources and calculate checksum + filename=${asset_url##*/} + curl --silent -4 -L $asset_url -o "$tempdir/$filename" + checksum=$(sha256sum "$tempdir/$filename" | head -c 64) -# Delete temporary directory -rm -rf $tempdir + # Delete temporary directory + rm -rf $tempdir -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi + # Get extension + if [[ $filename == *.tar.gz ]]; then + extension=tar.gz + else + extension=${filename##*.} + fi -# Rewrite source file -cat < conf/$src.src + # Rewrite source file + cat < conf/$src.src SOURCE_URL=$asset_url SOURCE_SUM=$checksum SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=$extension SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=cryptpad.tar.gz +SOURCE_FILENAME= +SOURCE_EXTRACT=true EOT -echo "... conf/$src.src updated" - -else -echo "... asset ignored" -fi + echo "... conf/$src.src updated" + else + echo "... asset ignored" + fi done #================================================= diff --git a/check_process b/check_process index 86b0fb0..45ef13f 100644 --- a/check_process +++ b/check_process @@ -20,6 +20,3 @@ ;;; Options Email= Notification=none -;;; Upgrade options - ; commit=2a54cd03f90c93b07150a64644ffc7f208110a18 - name=update to 4.10.0 diff --git a/conf/app.src b/conf/app.src index b4fdbbf..3fee7be 100644 --- a/conf/app.src +++ b/conf/app.src @@ -3,4 +3,5 @@ SOURCE_SUM=e529b484c297f73227f991971189c51f64da1ab53fc78334d1fb08e320d4385e SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=cryptpad.tar.gz \ No newline at end of file +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/systemd.service b/conf/systemd.service index b4c0368..17f4ada 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,7 +13,7 @@ ExecStart=__YNH_NPM__ start Restart=always # Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these +# Depending on specificities of your service/app, you may need to tweak these # .. but this should be a good baseline # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes @@ -40,8 +40,7 @@ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index c89aa0a..2a0de8c 100644 --- a/manifest.json +++ b/manifest.json @@ -32,11 +32,7 @@ "install": [ { "name": "domain", - "type": "domain", - "help": { - "en": "CryptPad needs to be installed in a dedicated domain or sub-domain.", - "fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié." - } + "type": "domain" }, { "name": "is_public", diff --git a/scripts/_common.sh b/scripts/_common.sh index f9d06de..ee90f78 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,10 @@ # COMMON VARIABLES #================================================= -nodejs_version="14" +nodejs_version=14 + +# dependencies used by the app (must be on a single line) +pkg_dependencies="" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 77ad500..c4f7766 100644 --- a/scripts/install +++ b/scripts/install @@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ynh_clean_check_starting + true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -27,10 +27,11 @@ domain=$YNH_APP_ARG_DOMAIN path_url="/" is_public=$YNH_APP_ARG_IS_PUBLIC admin=$YNH_APP_ARG_ADMIN -email=$(ynh_user_get_info --username=$admin --key=mail) app=$YNH_APP_INSTANCE_NAME +email=$(ynh_user_get_info --username=$admin --key=mail) + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -45,7 +46,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." +ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url @@ -71,6 +72,7 @@ ynh_app_setting_set --app=$app --key=porti --value=$porti #================================================= ynh_script_progression --message="Installing dependencies..." --weight=20 +ynh_install_app_dependencies $pkg_dependencies ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= @@ -105,7 +107,7 @@ ynh_add_nginx_config #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." +ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="../conf/config.js" --destination="$final_path/config/config.js" @@ -158,6 +160,8 @@ ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi diff --git a/scripts/remove b/scripts/remove index e201fda..c1328ed 100644 --- a/scripts/remove +++ b/scripts/remove @@ -62,6 +62,8 @@ ynh_remove_nginx_config #================================================= ynh_script_progression --message="Removing dependencies..." --weight=3 +# Remove metapackage and its dependencies +ynh_remove_app_dependencies ynh_remove_nodejs #================================================= diff --git a/scripts/restore b/scripts/restore index 81c92b5..abce3ea 100644 --- a/scripts/restore +++ b/scripts/restore @@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ynh_clean_check_starting + true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -41,13 +41,6 @@ test ! -d $final_path \ #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -74,8 +67,16 @@ chmod 600 "$final_path/config/config.js" ynh_script_progression --message="Reinstalling dependencies..." --weight=7 # Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + #================================================= # RESTORE SYSTEMD #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 7b46a12..a786cc4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,7 +27,7 @@ porti=$(ynh_app_setting_get --app=$app --key=porti) #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." +ynh_script_progression --message="Checking version..." --weight=1 upgrade_type=$(ynh_check_app_version_changed) @@ -39,7 +39,6 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - ynh_clean_check_starting # Restore it if the upgrade fails ynh_restore_upgradebackup } @@ -97,6 +96,14 @@ then chown -R $app:$app "$final_path" fi +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=6 + +ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + #================================================= # NGINX CONFIGURATION #================================================= @@ -106,12 +113,7 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - ynh_add_nginx_config #================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=6 - -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version - +# SPECIFIC UPGRADE #================================================= # INSTALL CRYPTPAD #=================================================