Merge pull request #194 from YunoHost-Apps/master

maj
2024-09-03 18:26:14 +02:00 · 2023-05-04 14:18:55 +00:00 · 2023-05-04 14:18:55 +00:00 · ffc722b901
commit ffc722b901
parent 803f7da6d7 3c0eaa75d8
7 changed files with 15 additions and 189 deletions
--- a/.github/workflows/updater.sh
+++ b/.github/workflows/updater.sh
@ -1,127 +0,0 @@
 #!/bin/bash
 #=================================================
 # PACKAGE UPDATING HELPER
 #=================================================
 # This script is meant to be run by GitHub Actions
 # The YunoHost-Apps organisation offers a template Action to run this script periodically
 # Since each app is different, maintainers can adapt its contents so as to perform
 # automatic actions when a new upstream release is detected.
 # Remove this exit command when you are ready to run this Action
 #exit 1
 #=================================================
 # FETCHING LATEST RELEASE AND ITS ASSETS
 #=================================================
 # Fetching information
 current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
 repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
 # Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
 version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
 assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
 if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
    version=${version:1}
 fi
 # Setting up the environment variables
 echo "Current version: $current_version"
 echo "Latest release from upstream: $version"
 echo "VERSION=$version" >> $GITHUB_ENV
 # For the time being, let's assume the script will fail
 echo "PROCEED=false" >> $GITHUB_ENV
 # Proceed only if the retrieved version is greater than the current one
 if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
    echo "::warning ::No new version available"
    exit 0
 # Proceed only if a PR for this new version does not already exist
 elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
    echo "::warning ::A branch already exists for this update"
    exit 0
 fi
 # Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
 echo "${#assets[@]} available asset(s)"
 #=================================================
 # UPDATE SOURCE FILES
 #=================================================
 # Here we use the $assets variable to get the resources published in the upstream release.
 # Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
 # Let's loop over the array of assets URLs
 for asset_url in ${assets[@]}; do
 echo "Handling asset at $asset_url"
 # Assign the asset to a source file in conf/ directory
 # Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
 # Leave $src empty to ignore the asset
 case $asset_url in
  *".tar.gz")
    src="app"
    ;;
 esac
 # If $src is not empty, let's process the asset
 if [ ! -z "$src" ]; then
 # Create the temporary directory
 tempdir="$(mktemp -d)"
 # Download sources and calculate checksum
 filename=${asset_url##*/}
 curl --silent -4 -L $asset_url -o "$tempdir/$filename"
 checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
 # Delete temporary directory
 rm -rf $tempdir
 # Get extension
 if [[ $filename == *.tar.gz ]]; then
  extension=tar.gz
 else
  extension=${filename##*.}
 fi
 # Rewrite source file
 cat <<EOT > conf/$src.src
 SOURCE_URL=$asset_url
 SOURCE_SUM=$checksum
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=$extension
 SOURCE_IN_SUBDIR=true
 SOURCE_FILENAME=cryptpad.tar.gz
 EOT
 echo "... conf/$src.src updated"
 else
 echo "... asset ignored"
 fi
 done
 #=================================================
 # SPECIFIC UPDATE STEPS
 #=================================================
 # Any action on the app's source code can be done.
 # The GitHub Action workflow takes care of committing all changes after this script ends.
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # Replace new version in manifest
 echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
 # No need to update the README, yunohost-bot takes care of it
 # The Action will proceed only if the PROCEED environment variable is set to true
 echo "PROCEED=true" >> $GITHUB_ENV
 exit 0
--- a/.github/workflows/updater.yml
+++ b/.github/workflows/updater.yml
@ -1,48 +0,0 @@
 # This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
 # You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
 # This file should be enough by itself, but feel free to tune it to your needs.
 # It calls updater.sh, which is where you should put the app-specific update steps.
 name: Check for new upstream releases
 on:
  # Allow to manually trigger the workflow
  workflow_dispatch:
  # Run it every day at 6:00 UTC
  schedule:
    - cron:  '0 6 * * *'
 jobs:
  updater:
    runs-on: ubuntu-latest
    steps:
      - name: Fetch the source code
        uses: actions/checkout@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Run the updater script
        id: run_updater
        run: |
          # Setting up Git user
          git config --global user.name 'yunohost-bot'
          git config --global user.email 'yunohost-bot@users.noreply.github.com'
          # Run the updater script
          /bin/bash .github/workflows/updater.sh
      - name: Commit changes
        id: commit
        if: ${{ env.PROCEED == 'true' }}
        run: |
          git commit -am "Upgrade to v$VERSION"
      - name: Create Pull Request
        id: cpr
        if: ${{ env.PROCEED == 'true' }}
        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: Update to version ${{ env.VERSION }}
          committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
          author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
          signoff: false
          branch: ci-auto-update-v${{ env.VERSION }}
          delete-branch: true
          title: 'Upgrade to version ${{ env.VERSION }}'
          body: |
            Upgrade to v${{ env.VERSION }}
          draft: false
--- a/README.md
+++ b/README.md
@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
-**Shipped version:** 5.2.1~ynh7
+**Shipped version:** 5.2.1~ynh8
 **Demo:** https://cryptpad.fr/
--- a/README_fr.md
+++ b/README_fr.md
@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké. 
-**Version incluse :** 5.2.1~ynh7
+**Version incluse :** 5.2.1~ynh8
 **Démo :** https://cryptpad.fr/
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -4,9 +4,6 @@ set $allowed_origins "https://${sandbox_domain}";
 set $api_domain "__DOMAIN__";
 set $files_domain "__DOMAIN__";
 ssl_ecdh_curve secp384r1;
 more_set_headers "Strict-Transport-Security: 'max-age=31536000; includeSubDomains' always";
 more_set_headers "X-XSS-Protection: '1; mode=block'";
 more_set_headers "X-Content-Type-Options: nosniff";
 more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
 more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
 more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
@ -21,7 +18,7 @@ if ($args ~ ver=) {
 }
 more_set_headers "Cache-Control: $cacheControl";
 set $styleSrc   "'unsafe-inline' 'self' https://${main_domain}";
-set $connectSrc "'self' blob: https://${main_domain} https://${sandbox_domain} wss://${main_domain}";
+set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
 set $fontSrc    "'self' data: https://${main_domain}";
 set $imgSrc     "'self' data: blob: https://${main_domain}";
 set $frameSrc   "'self' https://${sandbox_domain} blob:";
@ -67,9 +64,9 @@ location ~ ^/api/.*$ {
 }
 location ^~ /blob/ {
    if ($request_method = 'OPTIONS') {
-        more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
+        more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
        more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
-        more_set_headers "Access-Control-Allow-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'";
+        more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range";
        more_set_headers "Access-Control-Max-Age: 1728000";
        more_set_headers "Content-Type: 'application/octet-stream; charset=utf-8'";
        more_set_headers "Content-Length: 0";
@ -77,10 +74,10 @@ location ^~ /blob/ {
    }
    more_set_headers "X-Content-Type-Options: nosniff";
    more_set_headers "Cache-Control: max-age=31536000'";
-    more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
+    more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
    more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
-    more_set_headers "Access-Control-Allow-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'";
+    more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length";
-    more_set_headers "Access-Control-Expose-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'";
+    more_set_headers "Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length";
    try_files $uri =404;
 }
 location ^~ /block/ {
--- a/doc/POST_INSTALL.md
+++ b/doc/POST_INSTALL.md
@ -2,12 +2,15 @@ We have added a sandbox domain: __SANDBOXDOMAIN__ for you but you still need to
 You will need also to restart CryptPad service after this is done.
 Then you can please open CryptPad domain: https://__DOMAIN__
 Once CryptPad is installed, create an account via the Sign Up button on the home page which will take you to the Register page.
 To make this account an instance administrator:
 1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
-2. Paste this key in /var/www/cryptpad/config/config.js in the following array (uncomment and replace the placeholder):
+2. Paste this key in `/var/www/cryptpad/config/config.js` in the following array (uncomment and replace the placeholder):
 ```
 adminKeys: [
        "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
 ],
 ```
--- a/manifest.toml
+++ b/manifest.toml
@ -5,7 +5,7 @@ name = "CryptPad"
 description.en = "Zero Knowledge realtime collaborative office suite"
 description.fr = "Suite bureautique chiffrée pour la collaboration en temps réel"
-version = "5.2.1~ynh7"
+version = "5.2.1~ynh8"
 maintainers = ["ddataa"]
@ -19,7 +19,7 @@ cpe = "cpe:2.3:a:xwiki:cryptpad"
 fund = "https://opencollective.com/cryptpad/contribute?language=fr"
 [integration]
-yunohost = ">= 11.1.15"
+yunohost = ">= 11.1.17"
 architectures = "all"
 multi_instance = false
 ldap = false
@ -48,6 +48,7 @@ ram.runtime = "50M"
        [resources.sources.main]
        url = "https://github.com/xwiki-labs/cryptpad/archive/5.2.1.tar.gz"
        sha256 = "945abe5bae0da25a4e2ef8e02730aaa5bb5e5a0b8bfd7a23a09ec38422d7c47f"
        autoupdate.strategy = "latest_github_tag"
    [resources.ports]
    main.default = 3000