From 4abc2646aa778615264b293502bebf26e6221d2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sun, 4 Feb 2024 20:53:59 +0100 Subject: [PATCH] Rename id, secret, callback as oicd_* --- .github/workflows/updater.sh | 98 ----------------------------------- .github/workflows/updater.yml | 49 ------------------ conf/config.yaml | 8 +-- manifest.toml | 16 +++--- scripts/upgrade | 18 ------- tests.toml | 8 +-- 6 files changed, 18 insertions(+), 179 deletions(-) delete mode 100755 .github/workflows/updater.sh delete mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100755 index 229c67e..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -src="app" -asset_url="https://github.com/dexidp/dex/archive/refs/tags/v${version}.tar.gz" - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_EXTRACT=true -SOURCE_IN_SUBDIR=true -EOT -echo "... conf/$src.src updated" - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index fe8aa57..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false \ No newline at end of file diff --git a/conf/config.yaml b/conf/config.yaml index c70ad8a..9987141 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -47,8 +47,8 @@ connectors: # Unfortunately the api is too complex to be used here # As a consequence we have to setup client as staticClient, which means we will need one Dex instance per client app staticClients: -- id: __ID__ +- id: __OIDC_APP__ redirectURIs: - - https://__CALLBACK__ - name: __ID__ - secret: __SECRET__ + - https://__OIDC_CALLBACK__ + name: __OIDC_APP__ + secret: __OIDC_SECRET__ diff --git a/manifest.toml b/manifest.toml index ec218b6..0778ebc 100644 --- a/manifest.toml +++ b/manifest.toml @@ -1,3 +1,5 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json + packaging_format = 2 id = "dex" @@ -36,17 +38,17 @@ ram.runtime = "50M" type = "path" default = "/dex" - [install.id] + [install.oidc_app] ask.en = "Name of the app you want to connect to the OIDC auth flow" ask.fr = "Nom de l'application que vous souhaitez connecter au flux d'authentification OIDC" type = "string" - [install.secret] + [install.oidc_secret] ask.en = "OIDC secret of the app you want to connect to the OIDC auth flow" ask.fr = "Secret OIDC de l'application que vous souhaitez connecter au flux d'authentification OIDC" type = "string" - [install.callback] + [install.oidc_callback] ask.en = "Callback URI required by the app you want to connect to the OIDC auth flow" ask.fr = "URI de rappel requis par l'application que vous souhaitez connecter au flux d'authentification OIDC" type = "string" @@ -56,10 +58,10 @@ ram.runtime = "50M" [resources.sources] - [resources.sources.main] - url = "https://github.com/dexidp/dex/archive/refs/tags/v2.37.0.tar.gz" - sha256 = "5140ecccac260855f375a40bb20120e644418d8e314c63667b0ee3e4ceace99f" - autoupdate.strategy = "latest_github_tag" + [resources.sources.main] + url = "https://github.com/dexidp/dex/archive/refs/tags/v2.37.0.tar.gz" + sha256 = "5140ecccac260855f375a40bb20120e644418d8e314c63667b0ee3e4ceace99f" + autoupdate.strategy = "latest_github_tag" [resources.system_user] diff --git a/scripts/upgrade b/scripts/upgrade index 7badaaf..210f5db 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -30,24 +30,6 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -if [ -z "${id:-}" ]; then - id=$oidc_name - ynh_app_setting_set --app=$app --key=id --value=$id - ynh_app_setting_delete --app=$app --key=oidc_name -fi - -if [ -z "${secret:-}" ]; then - secret=$oidc_secret - ynh_app_setting_set --app=$app --key=secret --value=$secret - ynh_app_setting_delete --app=$app --key=oidc_secret -fi - -if [ -z "${callback:-}" ]; then - callback=$oidc_callback - ynh_app_setting_set --app=$app --key=callback --value=$callback - ynh_app_setting_delete --app=$app --key=oidc_callback -fi - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= diff --git a/tests.toml b/tests.toml index 8222703..586f444 100644 --- a/tests.toml +++ b/tests.toml @@ -1,3 +1,5 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json + test_format = 1.0 [default] @@ -6,9 +8,9 @@ test_format = 1.0 # Default args to use for install # ------------------------------- - args.id = "Outline" - args.secret = "secret" - args.callback = "domain.tld/callback" + args.oidc_app = "Outline" + args.oidc_secret = "secret" + args.oidc_callback = "domain.tld/callback" # ------------------------------- # Commits to test upgrade from