mirror of
https://github.com/YunoHost-Apps/dex_ynh.git
synced 2024-09-03 18:26:22 +02:00
Rename id, secret, callback as oicd_*
This commit is contained in:
parent
999400e29e
commit
4abc2646aa
6 changed files with 18 additions and 179 deletions
98
.github/workflows/updater.sh
vendored
98
.github/workflows/updater.sh
vendored
|
@ -1,98 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
#=================================================
|
||||
# PACKAGE UPDATING HELPER
|
||||
#=================================================
|
||||
|
||||
# This script is meant to be run by GitHub Actions
|
||||
# The YunoHost-Apps organisation offers a template Action to run this script periodically
|
||||
# Since each app is different, maintainers can adapt its contents so as to perform
|
||||
# automatic actions when a new upstream release is detected.
|
||||
|
||||
|
||||
#=================================================
|
||||
# FETCHING LATEST RELEASE AND ITS ASSETS
|
||||
#=================================================
|
||||
|
||||
# Fetching information
|
||||
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
|
||||
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
|
||||
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
|
||||
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
|
||||
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
|
||||
|
||||
# Later down the script, we assume the version has only digits and dots
|
||||
# Sometimes the release name starts with a "v", so let's filter it out.
|
||||
# You may need more tweaks here if the upstream repository has different naming conventions.
|
||||
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
|
||||
version=${version:1}
|
||||
fi
|
||||
|
||||
# Setting up the environment variables
|
||||
echo "Current version: $current_version"
|
||||
echo "Latest release from upstream: $version"
|
||||
echo "VERSION=$version" >> $GITHUB_ENV
|
||||
# For the time being, let's assume the script will fail
|
||||
echo "PROCEED=false" >> $GITHUB_ENV
|
||||
|
||||
# Proceed only if the retrieved version is greater than the current one
|
||||
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
|
||||
echo "::warning ::No new version available"
|
||||
exit 0
|
||||
# Proceed only if a PR for this new version does not already exist
|
||||
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
|
||||
echo "::warning ::A branch already exists for this update"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
|
||||
echo "${#assets[@]} available asset(s)"
|
||||
|
||||
#=================================================
|
||||
# UPDATE SOURCE FILES
|
||||
#=================================================
|
||||
|
||||
src="app"
|
||||
asset_url="https://github.com/dexidp/dex/archive/refs/tags/v${version}.tar.gz"
|
||||
|
||||
# Create the temporary directory
|
||||
tempdir="$(mktemp -d)"
|
||||
|
||||
# Download sources and calculate checksum
|
||||
filename=${asset_url##*/}
|
||||
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
|
||||
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
|
||||
|
||||
# Delete temporary directory
|
||||
rm -rf $tempdir
|
||||
|
||||
# Rewrite source file
|
||||
cat <<EOT > conf/$src.src
|
||||
SOURCE_URL=$asset_url
|
||||
SOURCE_SUM=$checksum
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_EXTRACT=true
|
||||
SOURCE_IN_SUBDIR=true
|
||||
EOT
|
||||
echo "... conf/$src.src updated"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPDATE STEPS
|
||||
#=================================================
|
||||
|
||||
# Any action on the app's source code can be done.
|
||||
# The GitHub Action workflow takes care of committing all changes after this script ends.
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
|
||||
# Replace new version in manifest
|
||||
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
|
||||
|
||||
# No need to update the README, yunohost-bot takes care of it
|
||||
|
||||
# The Action will proceed only if the PROCEED environment variable is set to true
|
||||
echo "PROCEED=true" >> $GITHUB_ENV
|
||||
exit 0
|
49
.github/workflows/updater.yml
vendored
49
.github/workflows/updater.yml
vendored
|
@ -1,49 +0,0 @@
|
|||
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
|
||||
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
|
||||
# This file should be enough by itself, but feel free to tune it to your needs.
|
||||
# It calls updater.sh, which is where you should put the app-specific update steps.
|
||||
name: Check for new upstream releases
|
||||
on:
|
||||
# Allow to manually trigger the workflow
|
||||
workflow_dispatch:
|
||||
# Run it every day at 6:00 UTC
|
||||
schedule:
|
||||
- cron: '0 6 * * *'
|
||||
jobs:
|
||||
updater:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Fetch the source code
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run the updater script
|
||||
id: run_updater
|
||||
run: |
|
||||
# Setting up Git user
|
||||
git config --global user.name 'yunohost-bot'
|
||||
git config --global user.email 'yunohost-bot@users.noreply.github.com'
|
||||
# Run the updater script
|
||||
/bin/bash .github/workflows/updater.sh
|
||||
- name: Commit changes
|
||||
id: commit
|
||||
if: ${{ env.PROCEED == 'true' }}
|
||||
run: |
|
||||
git commit -am "Upgrade to v$VERSION"
|
||||
- name: Create Pull Request
|
||||
id: cpr
|
||||
if: ${{ env.PROCEED == 'true' }}
|
||||
uses: peter-evans/create-pull-request@v4
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
commit-message: Update to version ${{ env.VERSION }}
|
||||
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
||||
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
||||
signoff: false
|
||||
base: testing
|
||||
branch: ci-auto-update-v${{ env.VERSION }}
|
||||
delete-branch: true
|
||||
title: 'Upgrade to version ${{ env.VERSION }}'
|
||||
body: |
|
||||
Upgrade to v${{ env.VERSION }}
|
||||
draft: false
|
|
@ -47,8 +47,8 @@ connectors:
|
|||
# Unfortunately the api is too complex to be used here
|
||||
# As a consequence we have to setup client as staticClient, which means we will need one Dex instance per client app
|
||||
staticClients:
|
||||
- id: __ID__
|
||||
- id: __OIDC_APP__
|
||||
redirectURIs:
|
||||
- https://__CALLBACK__
|
||||
name: __ID__
|
||||
secret: __SECRET__
|
||||
- https://__OIDC_CALLBACK__
|
||||
name: __OIDC_APP__
|
||||
secret: __OIDC_SECRET__
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json
|
||||
|
||||
packaging_format = 2
|
||||
|
||||
id = "dex"
|
||||
|
@ -36,17 +38,17 @@ ram.runtime = "50M"
|
|||
type = "path"
|
||||
default = "/dex"
|
||||
|
||||
[install.id]
|
||||
[install.oidc_app]
|
||||
ask.en = "Name of the app you want to connect to the OIDC auth flow"
|
||||
ask.fr = "Nom de l'application que vous souhaitez connecter au flux d'authentification OIDC"
|
||||
type = "string"
|
||||
|
||||
[install.secret]
|
||||
[install.oidc_secret]
|
||||
ask.en = "OIDC secret of the app you want to connect to the OIDC auth flow"
|
||||
ask.fr = "Secret OIDC de l'application que vous souhaitez connecter au flux d'authentification OIDC"
|
||||
type = "string"
|
||||
|
||||
[install.callback]
|
||||
[install.oidc_callback]
|
||||
ask.en = "Callback URI required by the app you want to connect to the OIDC auth flow"
|
||||
ask.fr = "URI de rappel requis par l'application que vous souhaitez connecter au flux d'authentification OIDC"
|
||||
type = "string"
|
||||
|
|
|
@ -30,24 +30,6 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
|
|||
#=================================================
|
||||
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
|
||||
|
||||
if [ -z "${id:-}" ]; then
|
||||
id=$oidc_name
|
||||
ynh_app_setting_set --app=$app --key=id --value=$id
|
||||
ynh_app_setting_delete --app=$app --key=oidc_name
|
||||
fi
|
||||
|
||||
if [ -z "${secret:-}" ]; then
|
||||
secret=$oidc_secret
|
||||
ynh_app_setting_set --app=$app --key=secret --value=$secret
|
||||
ynh_app_setting_delete --app=$app --key=oidc_secret
|
||||
fi
|
||||
|
||||
if [ -z "${callback:-}" ]; then
|
||||
callback=$oidc_callback
|
||||
ynh_app_setting_set --app=$app --key=callback --value=$callback
|
||||
ynh_app_setting_delete --app=$app --key=oidc_callback
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json
|
||||
|
||||
test_format = 1.0
|
||||
|
||||
[default]
|
||||
|
@ -6,9 +8,9 @@ test_format = 1.0
|
|||
# Default args to use for install
|
||||
# -------------------------------
|
||||
|
||||
args.id = "Outline"
|
||||
args.secret = "secret"
|
||||
args.callback = "domain.tld/callback"
|
||||
args.oidc_app = "Outline"
|
||||
args.oidc_secret = "secret"
|
||||
args.oidc_callback = "domain.tld/callback"
|
||||
|
||||
# -------------------------------
|
||||
# Commits to test upgrade from
|
||||
|
|
Loading…
Add table
Reference in a new issue