From f724e05d539a1456cbdf7309bd1090a94208bc07 Mon Sep 17 00:00:00 2001 From: oleole39 <59071673+oleole39@users.noreply.github.com> Date: Tue, 21 Mar 2023 00:24:45 +0100 Subject: [PATCH 1/6] add autoupdate workflow --- .github/workflows/updater.sh | 79 ++++++++++++++--------------------- .github/workflows/updater.yml | 52 +++++++++++++++++++++++ 2 files changed, 83 insertions(+), 48 deletions(-) create mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index 72eb5cb..eb0ce5c 100755 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -17,8 +17,8 @@ exit 1 #================================================= # Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +current_version=$(cat manifest.toml | tomlq -j '.version|split("~")[0]') +repo=$(cat manifest.toml | tomlq -j '.upstream.code|split("https://github.com/")[1]') # Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) @@ -48,38 +48,24 @@ elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY. exit 0 fi -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" +# As of current build process, each release should contain a unique asset (zip) +case ${#assets[@]} in + 0) + echo "::warning ::no asset found, exiting" + exit 0 + ;; + 1) + echo "1 available asset, let's proceed" + ;; + *) + echo "::warning ::multiple assets, that breaks the expected pattern, exiting" + exit 0 #================================================= # UPDATE SOURCE FILES #================================================= -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - -echo "Handling asset at $asset_url" - -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *"admin"*) - src="app" - ;; - *"update"*) - src="app-upgrade" - ;; - *) - src="" - ;; -esac - -# If $src is not empty, let's process the asset -if [ ! -z "$src" ]; then +asset_url=${assets[0]} # Create the temporary directory tempdir="$(mktemp -d)" @@ -89,27 +75,21 @@ filename=${asset_url##*/} curl --silent -4 -L $asset_url -o "$tempdir/$filename" checksum=$(sha256sum "$tempdir/$filename" | head -c 64) +# Update manifest' source information in manifest +old_src_main_url=$(cat manifest.toml | tomlq -j '.resources.sources.main.url') +old_src_main_sha256=$(cat manifest.toml | tomlq -j '.resources.sources.main.sha256') +sed -i "s^$old_src_main_url^$asset_url^" # use alternate sed delimiter to avoid url escaping +sed -i "s/$old_src_main_sha256/$checksum/" +## Alternative less flexible +#sed -i "s/^\(\s*url\s\=\s\"\).*/\1$asset_url\"/" +#sed -i "s/^\(\s*sha256\s\=\s\"\).*/\1$checksum\"/" +## Alternative loosing manifest original's format (especially indentation) as yq currently does not apply automatic styling for toml, cf. https://github.com/kislyuk/yq/issues/164 +#cat manifest.toml | tomlq -t --arg url "$asset_url" --arg sha256 "$checksum" '.resources.sources.main.url |= $url | .resources.sources.main.sha256 |= $sha256' > $tempdir/manifest.toml +#mv $tempdir/manifest.toml manifest.toml + # Delete temporary directory rm -rf $tempdir -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -EOT -echo "... conf/$src.src updated" - else echo "... asset ignored" fi @@ -123,12 +103,15 @@ done # Any action on the app's source code can be done. # The GitHub Action workflow takes care of committing all changes after this script ends. +# Update nginx.conf index page +sed -i "s/^\s*index\sCyberChef.*/\ index CyberChef_v$version.html;/" conf/nginx.conf + #================================================= # GENERIC FINALIZATION #================================================= # Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json +sed -i "s/^version\s*=.*/version = \"$version~ynh1\"/" manifest.toml # No need to update the README, yunohost-bot takes care of it diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..34e0a47 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,52 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Download yq/tomlq + pip install yq + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + [See upstream release page](https://github.com/${{ env.REPO }}/releases/tag/v${{ env.VERSION }}) + draft: false From fc6f98a0beb23582615ee123ae53e5e4e77e8b62 Mon Sep 17 00:00:00 2001 From: oleole39 <59071673+oleole39@users.noreply.github.com> Date: Tue, 4 Apr 2023 05:19:40 +0200 Subject: [PATCH 2/6] remove GitHub autoupdate workflow files --- .github/workflows/updater.sh | 120 ---------------------------------- .github/workflows/updater.yml | 52 --------------- 2 files changed, 172 deletions(-) delete mode 100755 .github/workflows/updater.sh delete mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100755 index eb0ce5c..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -# Remove this exit command when you are ready to run this Action -exit 1 - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.toml | tomlq -j '.version|split("~")[0]') -repo=$(cat manifest.toml | tomlq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# As of current build process, each release should contain a unique asset (zip) -case ${#assets[@]} in - 0) - echo "::warning ::no asset found, exiting" - exit 0 - ;; - 1) - echo "1 available asset, let's proceed" - ;; - *) - echo "::warning ::multiple assets, that breaks the expected pattern, exiting" - exit 0 - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -asset_url=${assets[0]} - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Update manifest' source information in manifest -old_src_main_url=$(cat manifest.toml | tomlq -j '.resources.sources.main.url') -old_src_main_sha256=$(cat manifest.toml | tomlq -j '.resources.sources.main.sha256') -sed -i "s^$old_src_main_url^$asset_url^" # use alternate sed delimiter to avoid url escaping -sed -i "s/$old_src_main_sha256/$checksum/" -## Alternative less flexible -#sed -i "s/^\(\s*url\s\=\s\"\).*/\1$asset_url\"/" -#sed -i "s/^\(\s*sha256\s\=\s\"\).*/\1$checksum\"/" -## Alternative loosing manifest original's format (especially indentation) as yq currently does not apply automatic styling for toml, cf. https://github.com/kislyuk/yq/issues/164 -#cat manifest.toml | tomlq -t --arg url "$asset_url" --arg sha256 "$checksum" '.resources.sources.main.url |= $url | .resources.sources.main.sha256 |= $sha256' > $tempdir/manifest.toml -#mv $tempdir/manifest.toml manifest.toml - -# Delete temporary directory -rm -rf $tempdir - -else -echo "... asset ignored" -fi - -done - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -# Update nginx.conf index page -sed -i "s/^\s*index\sCyberChef.*/\ index CyberChef_v$version.html;/" conf/nginx.conf - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -sed -i "s/^version\s*=.*/version = \"$version~ynh1\"/" manifest.toml - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index 34e0a47..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,52 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Download yq/tomlq - pip install yq - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - [See upstream release page](https://github.com/${{ env.REPO }}/releases/tag/v${{ env.VERSION }}) - draft: false From fa44ad22e8160566348bf9becac0b67628563f6b Mon Sep 17 00:00:00 2001 From: oleole39 <59071673+oleole39@users.noreply.github.com> Date: Tue, 4 Apr 2023 05:18:44 +0200 Subject: [PATCH 3/6] add new autoupdate parameters to manifest, correct version number to match upstream's and update sources --- manifest.toml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifest.toml b/manifest.toml index b9aa8a2..be92ec6 100644 --- a/manifest.toml +++ b/manifest.toml @@ -4,7 +4,7 @@ id = "cyberchef" name = "CyberChef" description.en = "The Cyber Swiss Army Knife - client-side toolbox for data analysis (encoding, encryption, parsing and more)." description.fr = "Le cyber-couteau suisse - boîte à outils s'executant côté client pour l'analyse de données (encodage, chiffrage, extraction, et plus encore)." -version = "1.0~ynh1" +version = "10.4.0~ynh1" maintainers = ["oleole39"] @@ -21,7 +21,7 @@ architectures = "all" multi_instance = true ldap = "not_relevant" sso = "not_relevant" -disk = "40M" +disk = "50M" ram.build = "0M" ram.runtime = "0M" @@ -43,11 +43,13 @@ ram.runtime = "0M" [resources.sources] [resources.sources.main] - url = "https://github.com/gchq/CyberChef/releases/download/v9.55.0/CyberChef_v9.55.0.zip" - sha256 = "da55adc790d011f6bf3740e7e704d340351f7e1c8ebd8e7d9dd24aa46562307c" + url = "https://github.com/gchq/CyberChef/releases/download/v10.4.0/CyberChef_v10.4.0.zip" + sha256 = "8485713baeed5fced47e2543b3072032bc9e541d1962b9ee8356b615efa074a2" extract = true zip = true in_subdir = false + autoupdate.strategy = "latest_github_release" + autoupdate.asset = "CyberChef_.*zip" [resources.system_user] From 28927e666f60a0ff9c281d793f9336971175fd1f Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 5 Apr 2023 00:10:53 +0000 Subject: [PATCH 4/6] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f08f42e..cdf29ee 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in A simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression: encode, decode, format data, parse data, encrypt, decrypt, compress data, extract data, perform arithmetic functions against data, etc.. There are around 300 operations in CyberChef allowing you to carry out simple and complex tasks easily. -**Shipped version:** 1.0~ynh1 +**Shipped version:** 10.4.0~ynh1 **Demo:** https://gchq.github.io/CyberChef diff --git a/README_fr.md b/README_fr.md index 771e6a6..3751a9a 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Une application web simple et intuitive pour analyser et décoder des données sans avoir affaire à des outils ou des langages de programmation compliqués. CyberChef s'adresse aussi bien aux utilisateurs expérimentés qu'aux plus novices souhaitant explorer les formats de données, leur chiffrement et leur compression: encoder, décoder, formater, analyser, chiffrer, déchiffrer, compresser, extraire, fonctions arithmétiques, etc.. Il y a en tout près de 300 outils dans CyberChef permettant de réaliser facilement des tâches simples ou complexes. -**Version incluse :** 1.0~ynh1 +**Version incluse :** 10.4.0~ynh1 **Démo :** https://gchq.github.io/CyberChef From b71fe932ae4cb4fefbe7d81e52b30fa7c4c45086 Mon Sep 17 00:00:00 2001 From: oleole39 <59071673+oleole39@users.noreply.github.com> Date: Wed, 5 Apr 2023 02:53:23 +0200 Subject: [PATCH 5/6] add placeholder for nginx.conf & update install, upgrade & change_url scripts accordingly --- conf/nginx.conf | 2 +- scripts/change_url | 3 +++ scripts/install | 3 +++ scripts/upgrade | 4 ++++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 5a91f4c..6c989ad 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,7 +4,7 @@ location __PATH__/ { # Path to source alias __INSTALL_DIR__/; - index CyberChef_v9.55.0.html; + index __INDEX_PAGE__; # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; diff --git a/scripts/change_url b/scripts/change_url index 9c8f778..fe8ff1c 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,6 +9,9 @@ source _common.sh source /usr/share/yunohost/helpers +upstream_version=$(ynh_app_upstream_version) +index_page="CyberChef_v${upstream_version}.html" + #================================================= # STANDARD MODIFICATIONS #================================================= diff --git a/scripts/install b/scripts/install index 57d9907..cac142f 100755 --- a/scripts/install +++ b/scripts/install @@ -9,6 +9,9 @@ source _common.sh source /usr/share/yunohost/helpers +upstream_version=$(ynh_app_upstream_version) +index_page="CyberChef_v${upstream_version}.html" + #================================================= # APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC) #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d0f9e62..322ce49 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -11,6 +11,9 @@ source /usr/share/yunohost/helpers upgrade_type=$(ynh_check_app_version_changed) +upstream_version=$(ynh_app_upstream_version) +index_page="CyberChef_v${upstream_version}.html" + #================================================= # "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD, ETC...) #================================================= @@ -30,6 +33,7 @@ chown -R $app:www-data "$install_dir" #================================================= # REAPPLY SYSTEM CONFIGURATIONS #================================================= + ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=4 ynh_add_nginx_config From 15d9c4a0e013307c57f83db684e3d7cd37310e70 Mon Sep 17 00:00:00 2001 From: oleole39 <59071673+oleole39@users.noreply.github.com> Date: Wed, 5 Apr 2023 03:41:52 +0200 Subject: [PATCH 6/6] adjust RAM usage in manifest after Yunorunner's estimates --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index be92ec6..a6157e1 100644 --- a/manifest.toml +++ b/manifest.toml @@ -22,8 +22,8 @@ multi_instance = true ldap = "not_relevant" sso = "not_relevant" disk = "50M" -ram.build = "0M" -ram.runtime = "0M" +ram.build = "50M" +ram.runtime = "20M" [install]