YunoHost-Apps/discourse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/discourse_ynh.git synced 2024-09-03 18:26:18 +02:00
Code Issues Activity Actions

manifestv2

Browse source
This commit is contained in:
Salamandar 2024-01-26 22:16:29 +01:00
parent d271299cd7
commit 1d564ea1c5
31 changed files with 861 additions and 1402 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

107
.github/workflows/updater.sh vendored
View file

@ -1,107 +0,0 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/tags" | jq -r '.[] | select( .name | contains("rc") or contains("beta") or contains("alpha") | not ) | .name' | sort -V | tail -1)
assets="https://github.com/discourse/discourse/archive/$version.tar.gz"
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
echo "REPO=$repo" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Let's download source tarball
asset_url=$assets
echo "Handling asset at $asset_url"
src="app"
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true
EOT
echo "... conf/$src.src updated"
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

49
.github/workflows/updater.yml vendored
View file

@ -1,49 +0,0 @@
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
# This file should be enough by itself, but feel free to tune it to your needs.
# It calls updater.sh, which is where you should put the app-specific update steps.
name: Check for new upstream releases
on:
# Allow to manually trigger the workflow
workflow_dispatch:
# Run it every day at 6:00 UTC
schedule:
- cron: '0 6 * * *'
jobs:
updater:
runs-on: ubuntu-latest
steps:
- name: Fetch the source code
uses: actions/checkout@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run the updater script
id: run_updater
run: |
# Setting up Git user
git config --global user.name 'yunohost-bot'
git config --global user.email 'yunohost-bot@users.noreply.github.com'
# Run the updater script
/bin/bash .github/workflows/updater.sh
- name: Commit changes
id: commit
if: ${{ env.PROCEED == 'true' }}
run: |
git commit -am "Upgrade to v$VERSION"
- name: Create Pull Request
id: cpr
if: ${{ env.PROCEED == 'true' }}
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: Update to version ${{ env.VERSION }}
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
signoff: false
base: testing
branch: ci-auto-update-v${{ env.VERSION }}
delete-branch: true
title: 'Upgrade to version ${{ env.VERSION }}'
body: |
Upgrade to v${{ env.VERSION }}
draft: false

28
check_process
View file

@ -1,28 +0,0 @@
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
is_public=1
admin="john"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=1
upgrade=1
# 2.8.8~ynh3
upgrade=1 from_commit=80476a5622a7baabc40ae06be33ed27398139b87
backup_restore=1
# Activate multi-instance test only if you have more than 2Gb RAM!
multi_instance=0
port_already_use=0
change_url=1
;;; Options
Email=
Notification=none
;;; Upgrade options
; commit=80476a5622a7baabc40ae06be33ed27398139b87
name=2.8.8~ynh1
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1

7
conf/app.src
View file

@ -1,7 +0,0 @@
SOURCE_URL=https://github.com/discourse/discourse/archive/v2.8.14.tar.gz
SOURCE_SUM=b4b9a2857515ab79b2bc71cc0bdd09f9bf749d506c095b76d86846c9adf62623
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

3
conf/ldap-auth.src
View file

@ -1,3 +0,0 @@
SOURCE_URL=https://github.com/jonmbake/discourse-ldap-auth/archive/v0.6.0.tar.gz
SOURCE_SUM=1f64f90f648f53b40608912221adb60d86c8c13856aaba68c645cd88279445d4
SOURCE_FORMAT=tar.gz

426
conf/nginx.conf
View file

@ -1,213 +1,213 @@
# maximum file upload size (keep up to date when changing the corresponding site setting)
client_max_body_size 10m;
# extend timeouts
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
# path to discourse's public directory
set $public __FINALPATH__/public/;
# without weak etags we get zero benefit from etags on dynamically compressed content
# further more etags are based on the file in nginx not sha of data
# use dates, it solves the problem fine even cross server
etag off;
# prevent direct download of backups
location ^~ __PATH__/backups/ {
internal;
}
# bypass rails stack with a cheap 204 for favicon.ico requests
location __PATH__/favicon.ico {
return 204;
access_log off;
log_not_found off;
}
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
alias __FINALPATH__/public/ ;
proxy_hide_header ETag;
# auth_basic on;
# auth_basic_user_file /etc/nginx/htpasswd;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
location ~* (assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico)$ {
expires 1y;
more_set_headers "Cache-Control : public,immutable";
more_set_headers "Access-Control-Allow-Origin : *";
}
location = __PATH__/srv/status {
access_log off;
log_not_found off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock;
break;
}
# some minimal caching here so we don't keep asking
# longer term we should increas probably to 1y
location ~ ^/javascripts/ {
expires 1d;
more_set_headers "Cache-Control : public,immutable";
}
location ~ ^/assets/(?<asset_path>.+)$ {
expires 1y;
# asset pipeline enables this
# brotli_static on;
gzip_static on;
more_set_headers "Cache-Control : public,immutable";
# HOOK in asset location (used for extensibility)
# TODO I don't think this break is needed, it just breaks out of rewrite
break;
}
location ~ ^/plugins/ {
expires 1y;
more_set_headers "Cache-Control : public,immutable";
}
# cache emojis
location ~ /images/emoji/ {
expires 1y;
more_set_headers "Cache-Control : public,immutable";
}
location ~ ^/uploads/ {
# NOTE: it is really annoying that we can't just define headers
# at the top level and inherit.
#
# proxy_set_header DOES NOT inherit, by design, we must repeat it,
# otherwise headers are not set correctly
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping __FINALPATH__/public/=/downloads/;
expires 1y;
more_set_headers "Cache-Control : public,immutable";
## optional upload anti-hotlinking rules
#valid_referers none blocked mysite.com *.mysite.com;
#if ($invalid_referer) { return 403; }
# custom CSS
location ~ /stylesheet-cache/ {
try_files $uri =404;
}
# this allows us to bypass rails
location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff|svg|ico|webp)$ {
try_files $uri =404;
}
# thumbnails & optimized images
location ~ /_?optimized/ {
try_files $uri =404;
}
proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock;
break;
}
location ~ ^/admin/backups/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping __FINALPATH__/public/=/downloads/;
proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock;
break;
}
# This big block is needed so we can selectively enable
# acceleration for backups and avatars
# see note about repetition above
location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied|service-worker) {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# if Set-Cookie is in the response nothing gets cached
# this is double bad cause we are not passing last modified in
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie";
# note x-accel-redirect can not be used with proxy_cache
# proxy_cache one;
proxy_cache_valid 200 301 302 7d;
proxy_cache_valid any 1m;
proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock;
break;
}
# location /letter_avatar_proxy/ {
# # Don't send any client headers to the avatars service
# proxy_method GET;
# proxy_pass_request_headers off;
# proxy_pass_request_body off;
#
# # Don't let cookies interrupt caching, and don't pass them to the
# # client
# proxy_ignore_headers "Set-Cookie";
# proxy_hide_header "Set-Cookie";
#
# proxy_cache one;
# proxy_cache_key $uri;
# proxy_cache_valid 200 7d;
# proxy_cache_valid 404 1m;
# proxy_set_header Connection "";
#
# proxy_pass https://avatars.discourse.org/;
# break;
# }
# we need buffering off for message bus
location __PATH__/message-bus/ {
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_buffering off;
proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock;
break;
}
# this means every file in public is tried first
try_files $uri @__NAME__;
}
location __PATH__/downloads/ {
internal;
alias __FINALPATH__/public/ ;
}
location @__NAME__ {
more_set_headers "Referrer-Policy : no-referrer-when-downgrade";
proxy_set_header Host $host;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock;
}
# maximum file upload size (keep up to date when changing the corresponding site setting)
client_max_body_size 10m;
# extend timeouts
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
# path to discourse's public directory
set $public __INSTALL_DIR__/public/;
# without weak etags we get zero benefit from etags on dynamically compressed content
# further more etags are based on the file in nginx not sha of data
# use dates, it solves the problem fine even cross server
etag off;
# prevent direct download of backups
location ^~ __PATH__/backups/ {
internal;
}
# bypass rails stack with a cheap 204 for favicon.ico requests
location __PATH__/favicon.ico {
return 204;
access_log off;
log_not_found off;
}
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
alias __INSTALL_DIR__/public/ ;
proxy_hide_header ETag;
# auth_basic on;
# auth_basic_user_file /etc/nginx/htpasswd;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
location ~* (assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico)$ {
expires 1y;
more_set_headers "Cache-Control : public,immutable";
more_set_headers "Access-Control-Allow-Origin : *";
}
location = __PATH__/srv/status {
access_log off;
log_not_found off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock;
break;
}
# some minimal caching here so we don't keep asking
# longer term we should increas probably to 1y
location ~ ^/javascripts/ {
expires 1d;
more_set_headers "Cache-Control : public,immutable";
}
location ~ ^/assets/(?<asset_path>.+)$ {
expires 1y;
# asset pipeline enables this
# brotli_static on;
gzip_static on;
more_set_headers "Cache-Control : public,immutable";
# HOOK in asset location (used for extensibility)
# TODO I don't think this break is needed, it just breaks out of rewrite
break;
}
location ~ ^/plugins/ {
expires 1y;
more_set_headers "Cache-Control : public,immutable";
}
# cache emojis
location ~ /images/emoji/ {
expires 1y;
more_set_headers "Cache-Control : public,immutable";
}
location ~ ^/uploads/ {
# NOTE: it is really annoying that we can't just define headers
# at the top level and inherit.
#
# proxy_set_header DOES NOT inherit, by design, we must repeat it,
# otherwise headers are not set correctly
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping __INSTALL_DIR__/public/=/downloads/;
expires 1y;
more_set_headers "Cache-Control : public,immutable";
## optional upload anti-hotlinking rules
#valid_referers none blocked mysite.com *.mysite.com;
#if ($invalid_referer) { return 403; }
# custom CSS
location ~ /stylesheet-cache/ {
try_files $uri =404;
}
# this allows us to bypass rails
location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff|svg|ico|webp)$ {
try_files $uri =404;
}
# thumbnails & optimized images
location ~ /_?optimized/ {
try_files $uri =404;
}
proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock;
break;
}
location ~ ^/admin/backups/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping __INSTALL_DIR__/public/=/downloads/;
proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock;
break;
}
# This big block is needed so we can selectively enable
# acceleration for backups and avatars
# see note about repetition above
location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied|service-worker) {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# if Set-Cookie is in the response nothing gets cached
# this is double bad cause we are not passing last modified in
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie";
# note x-accel-redirect can not be used with proxy_cache
# proxy_cache one;
proxy_cache_valid 200 301 302 7d;
proxy_cache_valid any 1m;
proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock;
break;
}
# location /letter_avatar_proxy/ {
# # Don't send any client headers to the avatars service
# proxy_method GET;
# proxy_pass_request_headers off;
# proxy_pass_request_body off;
#
# # Don't let cookies interrupt caching, and don't pass them to the
# # client
# proxy_ignore_headers "Set-Cookie";
# proxy_hide_header "Set-Cookie";
#
# proxy_cache one;
# proxy_cache_key $uri;
# proxy_cache_valid 200 7d;
# proxy_cache_valid 404 1m;
# proxy_set_header Connection "";
#
# proxy_pass https://avatars.discourse.org/;
# break;
# }
# we need buffering off for message bus
location __PATH__/message-bus/ {
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_buffering off;
proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock;
break;
}
# this means every file in public is tried first
try_files $uri @__NAME__;
}
location __PATH__/downloads/ {
internal;
alias __INSTALL_DIR__/public/ ;
}
location @__NAME__ {
more_set_headers "Referrer-Policy : no-referrer-when-downgrade";
proxy_set_header Host $host;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock;
}

12
conf/provisioning.sql Normal file
View file

@ -0,0 +1,12 @@
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('title', 1, 'YunoHost Forum', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_description', 1, 'YunoHost Forum', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_email', 14, '__ADMIN_MAIL__', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_url', 1, '__DOMAIN____PATH__', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_contact_username', 15, '__ADMIN__', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_url', 1, '__RELATIVE_URL_ROOT__/images/d-logo-sketch.png', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('long_polling_base_url', 1, '__RELATIVE_URL_ROOT__/', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_small_url', 1, '__RELATIVE_URL_ROOT__/images/d-logo-sketch-small.png', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('favicon_url', 1, '__RELATIVE_URL_ROOT__/images/default-favicon.ico', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('apple_touch_icon_url', 1, '__RELATIVE_URL_ROOT__/images/default-apple-touch-icon.png', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('wizard_enabled', 5, 'f', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('force_https', 5, 't', 'NOW()', 'NOW()');

6
conf/systemd.service
View file

@ -8,14 +8,14 @@ After=postgresql.service
[Service]
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__
WorkingDirectory=__INSTALL_DIR__
Environment=__ADDITIONAL_ENV__
Environment=RAILS_ENV=production
Environment=UNICORN_SIDEKIQS=1
Environment=LD_PRELOAD=__LIBJEMALLOC__
Environment=UNICORN_LISTENER=__FINALPATH__/tmp/sockets/unicorn.sock
Environment=UNICORN_LISTENER=__INSTALL_DIR__/tmp/sockets/unicorn.sock
Environment="__YNH_RUBY_LOAD_PATH__"
ExecStart=__FINALPATH__/bin/bundle exec unicorn --config config/unicorn.conf.rb -E production
ExecStart=__INSTALL_DIR__/bin/bundle exec unicorn --config config/unicorn.conf.rb -E production
Restart=always
RestartSec=10

56
doc/ADMIN.md Normal file
View file

@ -0,0 +1,56 @@
## Configuration
Use the admin panel of your Discourse to configure this app.
### Configuring "Reply-By-Email"
* You should create a dedicated Yunohost user for Discourse whose mailbox will be used by the Discourse application. You can do this with `yunohost user create response`, for example. You should ensure that the email address is configured to be on your Discourse domain.
* You should then configure your Discourse `/var/www/discourse/config/discourse.conf` file with the correct SMTP configuration values. Please see [this comment](https://github.com/YunoHost-Apps/discourse_ynh/issues/2#issuecomment-409510325) for an explanation of what values to change. Please be aware, when you update the application, you will have to re-apply this configuration.
* You must enable the Pop3 configuration for Dovecot. See [this thread](https://forum.yunohost.org/t/how-to-enable-pop3-in-yunohost/1662/2) on how to do that. You can validate your configuration with `systemctl restart dovecot && dovecot -n`. Don't forget to open the ports you need (`995` is the default). You can validate that with `nmap -p 995 yunohostdomain.org`.
* You should then configure the Pop3 polling in the Discourse admin interface. Please see [this comment](https://meta.discourse.org/t/set-up-reply-via-email-support/14003) for how to do so. You will need to follow step 5 in that comment. You can specify your main Yunohost domain for the `pop3_polling_host`.
You should now be able to start testing. Try using the `/admin/email` "Send Test Email" and then view the "Sent" or "Skipped" etc. tabs. You should see a report on what happened with the email. You may also want to look in `/var/www/discourse/log/production.log` as well as `/var/www/mail.err`. You should perhaps also use [Rainloop](https://github.com/YunoHost-Apps/rainloop_ynh) or another Yunohost email client application to quickly test that both your user and the dedicated Yunohost Discourse user (`response@...`) is receiving mail.
### "Reply-By-Email" and mail forwarding
If you use the administration UI in YunoHost to setup a mail forwarding address for your users then you may face the problem whereby your users are replying by email from the forwarded email address and the Discourse software is not able to understand how to receive that email.
For example, your user has email address `foo@myyunohostdomain.org` and all mail is forwarded to `foo@theirexternalmail.com`. Discourse receives replies from `foo@theirexternalmail.com` but cannot understand how to deliver this to the user account with `foo@myyunohostdomain.org` configured.
Their is on-going work to allow for [multiple email addresses for one user](https://meta.discourse.org/t/additional-email-address-per-user-account-support/59847) in Discourse development but at current major version (2.3 as of 2019-08-06), there is no web interface for this functionality. It is possible to set it up via the command-line interface but it is **experimental** and you should not undertake this work unless you take some time to understand what it is you are going to do.
Here's how to setup a secondary mail address for a user account:
```bash
cd /var/www/discourse
RAILS_ENV=production /opt/rbenv/versions/2.7.1/bin/bundle exec rails c
UserEmail.create!(user: User.find_by_username("foo"), email: "foo@theirexternalmail.com")
```
### LDAP integration
* LDAP integration: on the login pop-up, you can choose "Login with LDAP" and use your YunoHost credentials
![Login Popup](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/login.png)
Default administrator and YunoHost users must login using LDAP:
* click on the "with LDAP" button
* use your YunoHost credentials
When disabling Local Login and other authentication services, clicking the `Login` or `Sign Up` button will directly bring up the LDAP Login popup.
![Disable Local](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/disable_local.png)
![LDAP Login Popup](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/ldap_popup.png)
### Installing plugins
```bash
cd /var/www/discourse
sudo -i -u discourse RAILS_ENV=production bin/rake --trace plugin:install repo=https://github.com/discourse/discourse-solved (for example)
sudo -i -u discourse RAILS_ENV=production bin/rake --trace assets:precompile
systemctl restart discourse
```

53
doc/ADMIN_fr.md Normal file
View file

@ -0,0 +1,53 @@
### Configuration de "Répondre par e-mail"
* Vous devez créer un utilisateur Yunohost dédié pour Discourse dont la boîte aux lettres sera utilisée par l'application Discourse. Vous pouvez le faire avec `yunohost user create response`, par exemple. Vous devez vous assurer que l'adresse e-mail est configurée pour être sur votre domaine Discourse.
* Vous devez ensuite configurer votre fichier Discourse `/var/www/discourse/config/discourse.conf` avec les valeurs de configuration SMTP correctes. Veuillez consulter [ce commentaire](https://github.com/YunoHost-Apps/discourse_ynh/issues/2#issuecomment-409510325) pour une explication des valeurs à modifier. Attention, lors de la mise à jour de l'application, vous devrez réappliquer cette configuration.
* Vous devez activer la configuration Pop3 pour Dovecot. Voir [ce fil](https://forum.yunohost.org/t/how-to-enable-pop3-in-yunohost/1662/2) pour savoir comment procéder. Vous pouvez valider votre configuration avec `systemctl restart dovecot && dovecot -n`. N'oubliez pas d'ouvrir les ports dont vous avez besoin ('995' est la valeur par défaut). Vous pouvez valider cela avec `nmap -p 995 yunohostdomain.org`.
* Vous devez ensuite configurer le sondage Pop3 dans l'interface d'administration de Discourse. Veuillez consulter [ce commentaire](https://meta.discourse.org/t/set-up-reply-via-email-support/14003) pour savoir comment procéder. Vous devrez suivre l'étape 5 de ce commentaire. Vous pouvez spécifier votre domaine Yunohost principal pour le `pop3_polling_host`.
Vous devriez maintenant pouvoir commencer à tester. Essayez d'utiliser le `/admin/email` « Envoyer un e-mail de test », puis affichez les onglets « Envoyé » ou « Ignoré », etc. Vous devriez voir un rapport sur ce qui s'est passé avec l'e-mail. Vous pouvez également regarder dans `/var/www/discourse/log/production.log` ainsi que `/var/www/mail.err`. Vous devriez peut-être également utiliser [Rainloop](https://github.com/YunoHost-Apps/rainloop_ynh) ou une autre application client de messagerie Yunohost pour tester rapidement que votre utilisateur et l'utilisateur dédié Yunohost Discourse (`response@...` ) reçoit du courrier.
### "Réponse par e-mail" et transfert de courrier
Si vous utilisez l'interface utilisateur d'administration de YunoHost pour configurer une adresse de transfert de courrier pour vos utilisateurs, vous risquez de rencontrer le problème selon lequel vos utilisateurs répondent par e-mail à partir de l'adresse e-mail transférée et le logiciel Discourse n'est pas capable de comprendre comment recevoir cet e-mail.
Par exemple, votre utilisateur a l'adresse e-mail "foo@myyunohostdomain.org" et tout le courrier est transféré à "foo@theirexternalmail.com". Discourse reçoit des réponses de `foo@theirexternalmail.com` mais ne peut pas comprendre comment les envoyer au compte utilisateur avec `foo@myyunohostdomain.org` configuré.
Leur travail est en cours pour permettre [plusieurs adresses e-mail pour un utilisateur](https://meta.discourse.org/t/additional-email-address-per-user-account-support/59847) dans le développement de discours mais dans la version majeure actuelle (2.3 au 06-08-2019), il n'y a pas d'interface Web pour cette fonctionnalité. Il est possible de le configurer via l'interface de ligne de commande mais c'est **expérimental** et vous ne devriez pas entreprendre ce travail à moins de prendre le temps de comprendre ce que vous allez faire.
Voici comment configurer une adresse e-mail secondaire pour un compte utilisateur :
```bash
cd /var/www/discours
RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails c
UserEmail.create!(user: User.find_by_username("foo"), email: "foo@theirexternalmail.com")
```
### Intégration LDAP
* dans la pop-up de connexion, vous pouvez choisir "Se connecter avec LDAP" et utiliser vos identifiants YunoHost
![Login Popup](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/login.png)
L'administrateur par défaut et les utilisateurs YunoHost doivent se connecter via LDAP :
* cliquez sur le bouton "avec LDAP"
* utilisez vos identifiants YunoHost
Lors de la désactivation de la connexion locale et d'autres services d'authentification, cliquez sur le bouton « Connexion » ou « Inscription » pour afficher directement la fenêtre contextuelle de connexion LDAP.
![Désactiver Local](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/disable_local.png)
![Popup de connexion LDAP](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/ldap_popup.png)
### Installer des plugins
```bash
cd /var/www/discourse
sudo -i -u discourse RAILS_ENV=production bin/rake --trace plugin:install repo=https://github.com/discourse/discourse-solved (for example)
sudo -i -u discourse RAILS_ENV=production bin/rake --trace assets:precompile
systemctl restart discourse
```

8
doc/DESCRIPTION.md
View file

@ -1 +1,7 @@
Discourse is modern forum software for your community. Use it as a mailing list, discussion forum, long-form chat room, and more!
[Discourse](http://www.discourse.org) is the 100% open source discussion platform built for the next decade of the Internet. Use it as a:
- mailing list
- discussion forum
- long-form chat room
To learn more about the philosophy and goals of the project, [visit **discourse.org**](http://www.discourse.org).

8
doc/DESCRIPTION_fr.md
View file

@ -1 +1,7 @@
Discourse est un logiciel de forum moderne pour votre communauté. Utilisez-le comme liste de diffusion, forum de discussion, salle de discussion longue durée, et plus encore !
[Discourse](http://www.discourse.org) est la plate-forme de discussion 100% open source conçue pour la prochaine décennie d'Internet. Utilisez-le comme :
- liste de diffusion
- forum de discussion
- salle de discussion longue durée
Pour en savoir plus sur la philosophie et les objectifs du projet, [visitez **discourse.org**](http://www.discourse.org).

16
doc/PRE_INSTALL.md Normal file
View file

@ -0,0 +1,16 @@
Attention: this package installs Discourse without Docker, for several reasons (mostly to support ARM architecture and low-profile servers, to mutualize nginx/postgresql/redis services and to simplify e-mail setup).
As stated by the Discourse team:
> The only officially supported installs of Discourse are [Docker](https://www.docker.io/) based. You must have SSH access to a 64-bit Linux server **with Docker support**. We regret that we cannot support any other methods of installation including cpanel, plesk, webmin, etc.
So please have this in mind when considering asking for Discourse support.
Moreover, you should have in mind Discourse [hardware requirements](https://github.com/discourse/discourse/blob/master/docs/INSTALL.md#hardware-requirements):
- modern single core CPU, dual core recommended
- 1 GB RAM minimum (with swap)
- 64 bit Linux compatible with Docker
- 10 GB disk space minimum
Finally, if installing on a low-end ARM device (e.g. Raspberry Pi):
- installation can last up to 3 hours,
- first access right after installation could take a couple of minutes.

16
doc/PRE_INSTALL_fr.md Normal file
View file

@ -0,0 +1,16 @@
Attention: ce package installe Discourse sans Docker, pour plusieurs raisons (principalement pour prendre en charge l'architecture ARM et les serveurs discrets, pour mutualiser les services nginx/postgresql/redis et pour simplifier la configuration de la messagerie).
Comme indiqué par l'équipe Discourse :
> Les seules installations officiellement prises en charge de Discourse sont basées sur [Docker](https://www.docker.io/). Vous devez avoir un accès SSH à un serveur Linux 64 bits **avec prise en charge Docker**. Nous regrettons de ne pouvoir prendre en charge aucune autre méthode d'installation, notamment cpanel, plesk, webmin, etc.
Veuillez donc avoir cela à l'esprit lorsque vous envisagez de demander de l'aide à Discourse.
De plus, vous devriez avoir à l'esprit Discourse [exigences matérielles](https://github.com/discourse/discourse/blob/master/docs/INSTALL.md#hardware-requirements) :
- CPU monocœur moderne, double cœur recommandé
- 1 Go de RAM minimum (avec swap)
- Linux 64 bits compatible avec Docker
- 10 Go d'espace disque minimum
Enfin, si vous installez sur un appareil ARM bas de gamme (par exemple Raspberry Pi) :
- l'installation peut durer jusqu'à 3 heures,
- le premier accès juste après l'installation peut prendre quelques minutes.

54
manifest.json
View file

@ -1,54 +0,0 @@
{
"name": "Discourse",
"id": "discourse",
"packaging_format": 1,
"description": {
"en": "Discussion platform",
"fr": "Plateforme de discussion"
},
"version": "2.8.14~ynh2",
"url": "http://Discourse.org",
"upstream": {
"license": "GPL-2.0",
"website": "http://Discourse.org",
"demo": "https://try.discourse.org",
"code": "https://github.com/discourse/discourse",
"cpe": "cpe:2.3:a:discourse:discourse"
},
"license": "GPL-2.0",
"maintainer": {
"name": "JimboJoe",
"email": "jimmy@monin.net",
"url": ""
},
"requirements": {
"yunohost": ">= 11.2.12"
},
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/forum",
"default": "/forum"
},
{
"name": "is_public",
"type": "boolean",
"default": true
},
{
"name": "admin",
"type": "user"
}
]
}
}

106
manifest.toml Normal file
View file

@ -0,0 +1,106 @@
#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json
packaging_format = 2
id = "discourse"
name = "Discourse"
description.en = "Discussion platform"
description.fr = "Plateforme de discussion"
version = "2.8.14~ynh2"
maintainers = ["JimboJoe"]
[upstream]
license = "GPL-2.0"
website = "http://Discourse.org"
demo = "https://try.discourse.org"
code = "https://github.com/discourse/discourse"
cpe = "cpe:2.3:a:discourse:discourse"
[integration]
yunohost = ">=11.2.12"
architectures = "all"
multi_instance = true
ldap = true
sso = true
disk = "50M"
ram.build = "50M"
ram.runtime = "1G"
[install]
[install.domain]
type = "domain"
[install.path]
type = "path"
default = "/forum"
[install.init_main_permission]
type = "group"
default = "visitors"
[install.admin]
type = "user"
[resources]
[resources.sources]
[resources.sources.ldap-auth]
url = "https://github.com/jonmbake/discourse-ldap-auth/archive/v0.6.0.tar.gz"
sha256 = "1f64f90f648f53b40608912221adb60d86c8c13856aaba68c645cd88279445d4"
[resources.sources.main]
url = "https://github.com/discourse/discourse/archive/v2.8.14.tar.gz"
sha256 = "b4b9a2857515ab79b2bc71cc0bdd09f9bf749d506c095b76d86846c9adf62623"
[resources.system_user]
[resources.install_dir]
[resources.permissions]
main.url = "/"
[resources.apt]
packages = [
"advancecomp",
"brotli",
"cmake",
"g++",
"gifsicle",
"imagemagick",
"jhead",
"jpegoptim",
"libapr1-dev",
"libcurl4-dev",
"libcurl4-openssl-dev",
"libjemalloc-dev",
"libjemalloc2",
"libjpeg-turbo-progs",
"libpq-dev",
"libreadline-dev",
"libssl-dev",
"libtcmalloc-minimal4",
"libunwind-dev",
"libxml2-dev",
"libxslt1-dev",
"libyaml-dev",
"optipng",
"pngcrush",
"pngquant",
"vim",
"zlib1g-dev",
"postgresql",
"postgresql-client",
"postgresql-contrib",
"postgresql-server-dev-all",
]
extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main"
extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
extras.yarn.packages = "yarn"
[resources.database]
type = "postgresql"

139
scripts/_common.sh
View file

@ -4,15 +4,12 @@
# COMMON VARIABLES
#=================================================
# dependencies used by the app
#pkg_dependencies="g++ libjemalloc1|libjemalloc2 libjemalloc-dev zlib1g-dev libreadline-dev libpq-dev libssl-dev libyaml-dev libcurl4-dev libapr1-dev libxslt1-dev libxml2-dev vim imagemagick postgresql postgresql-server-dev-all postgresql-contrib optipng jhead jpegoptim gifsicle brotli"
pkg_dependencies="postgresql postgresql-client postgresql-contrib imagemagick libjemalloc1|libjemalloc2"
build_pkg_dependencies="libcurl4-openssl-dev libyaml-dev libxml2-dev libpq-dev libreadline-dev brotli libunwind-dev libtcmalloc-minimal4 cmake pngcrush pngquant advancecomp jhead jpegoptim libjpeg-turbo-progs optipng"
ruby_version="3.0.0"
nodejs_version="16"
libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')"
#=================================================
# PERSONAL HELPERS
#=================================================
@ -58,82 +55,82 @@ check_memory_requirements_upgrade() {
fi
}
ynh_maintenance_mode_ON () {
# Load value of $path_url and $domain from the config if their not set
if [ -z $path_url ]; then
path_url=$(ynh_app_setting_get $app path)
fi
if [ -z $domain ]; then
domain=$(ynh_app_setting_get $app domain)
fi
# ynh_maintenance_mode_ON () {
# # Load value of $path and $domain from the config if their not set
# if [ -z $path ]; then
# #REMOVEME? path=$(ynh_app_setting_get $app path)
# fi
# if [ -z $domain ]; then
# #REMOVEME? domain=$(ynh_app_setting_get $app domain)
# fi
# Create an html to serve as maintenance notice
echo "<!DOCTYPE html>
<html>
<head>
<meta http-equiv="refresh" content="3">
<title>Your app $app is currently under maintenance!</title>
<style>
body {
width: 70em;
margin: 0 auto;
}
</style>
</head>
<body>
<h1>Your app $app is currently under maintenance!</h1>
<p>This app has been put under maintenance by your administrator at $(date)</p>
<p>Please wait until the maintenance operation is done. This page will be reloaded as soon as your app will be back.</p>
# # Create an html to serve as maintenance notice
# echo "<!DOCTYPE html>
# <html>
# <head>
# <meta http-equiv="refresh" content="3">
# <title>Your app $app is currently under maintenance!</title>
# <style>
# body {
# width: 70em;
# margin: 0 auto;
# }
# </style>
# </head>
# <body>
# <h1>Your app $app is currently under maintenance!</h1>
# <p>This app has been put under maintenance by your administrator at $(date)</p>
# <p>Please wait until the maintenance operation is done. This page will be reloaded as soon as your app will be back.</p>
</body>
</html>" > "/var/www/html/maintenance.$app.html"
# </body>
# </html>" > "/var/www/html/maintenance.$app.html"
# Create a new nginx config file to redirect all access to the app to the maintenance notice instead.
echo "# All request to the app will be redirected to ${path_url}_maintenance and fall on the maintenance notice
rewrite ^${path_url}/(.*)$ ${path_url}_maintenance/? redirect;
# Use another location, to not be in conflict with the original config file
location ${path_url}_maintenance/ {
alias /var/www/html/ ;
# # Create a new nginx config file to redirect all access to the app to the maintenance notice instead.
# echo "# All request to the app will be redirected to ${path}_maintenance and fall on the maintenance notice
# rewrite ^${path}/(.*)$ ${path}_maintenance/? redirect;
# # Use another location, to not be in conflict with the original config file
# location ${path}_maintenance/ {
# alias /var/www/html/ ;
try_files maintenance.$app.html =503;
# try_files maintenance.$app.html =503;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
# # Include SSOWAT user panel.
# include conf.d/yunohost_panel.conf.inc;
# }" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
# The current config file will redirect all requests to the root of the app.
# To keep the full path, we can use the following rewrite rule:
# rewrite ^${path_url}/(.*)$ ${path_url}_maintenance/\$1? redirect;
# The difference will be in the $1 at the end, which keep the following queries.
# But, if it works perfectly for a html request, there's an issue with any php files.
# This files are treated as simple files, and will be downloaded by the browser.
# Would be really be nice to be able to fix that issue. So that, when the page is reloaded after the maintenance, the user will be redirected to the real page he was.
# # The current config file will redirect all requests to the root of the app.
# # To keep the full path, we can use the following rewrite rule:
# # rewrite ^${path}/(.*)$ ${path}_maintenance/\$1? redirect;
# # The difference will be in the $1 at the end, which keep the following queries.
# # But, if it works perfectly for a html request, there's an issue with any php files.
# # This files are treated as simple files, and will be downloaded by the browser.
# # Would be really be nice to be able to fix that issue. So that, when the page is reloaded after the maintenance, the user will be redirected to the real page he was.
systemctl reload nginx
}
# systemctl reload nginx
# }
ynh_maintenance_mode_OFF () {
# Load value of $path_url and $domain from the config if their not set
if [ -z $path_url ]; then
path_url=$(ynh_app_setting_get $app path)
fi
if [ -z $domain ]; then
domain=$(ynh_app_setting_get $app domain)
fi
# ynh_maintenance_mode_OFF () {
# # Load value of $path and $domain from the config if their not set
# if [ -z $path ]; then
# #REMOVEME? path=$(ynh_app_setting_get $app path)
# fi
# if [ -z $domain ]; then
# #REMOVEME? domain=$(ynh_app_setting_get $app domain)
# fi
# Rewrite the nginx config file to redirect from ${path_url}_maintenance to the real url of the app.
echo "rewrite ^${path_url}_maintenance/(.*)$ ${path_url}/\$1 redirect;" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
systemctl reload nginx
# # Rewrite the nginx config file to redirect from ${path}_maintenance to the real url of the app.
# echo "rewrite ^${path}_maintenance/(.*)$ ${path}/\$1 redirect;" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
# systemctl reload nginx
# Sleep 4 seconds to let the browser reload the pages and redirect the user to the app.
sleep 4
# # Sleep 4 seconds to let the browser reload the pages and redirect the user to the app.
# sleep 4
# Then remove the temporary files used for the maintenance.
rm "/var/www/html/maintenance.$app.html"
rm "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
# # Then remove the temporary files used for the maintenance.
# rm "/var/www/html/maintenance.$app.html"
# rm "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
systemctl reload nginx
}
# systemctl reload nginx
# }
#=================================================
# EXPERIMENTAL HELPERS
@ -142,7 +139,3 @@ ynh_maintenance_mode_OFF () {
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================
#=================================================
# RUBY HELPER
#=================================================

37
scripts/backup
View file

@ -1,7 +1,5 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
@ -10,27 +8,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@ -40,26 +17,16 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE NGINX CONFIGURATION
# BACKUP THE SYSTEM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
#=================================================

125
scripts/change_url
View file

@ -1,7 +1,5 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
@ -9,72 +7,10 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Add settings here as needed by your application
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
unicorn_workers=$(ynh_app_setting_get --app=$app --key=unicorn_workers)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_script_progression --message="Stopping $app's systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
@ -83,43 +19,18 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
ynh_change_url_nginx_config
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
if [ "$path_url" != "/" ] ; then
ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a config file..."
discourse_config_file="$final_path/config/discourse.conf"
discourse_config_file="$install_dir/config/discourse.conf"
old_relative_url_root="${old_path%/}"
new_relative_url_root="${new_path%/}"
# Configure hostname
ynh_replace_string --match_string="hostname = .*" --replace_string="hostname = \"$new_domain\"" --target_file="$discourse_config_file"
ynh_replace_string --match_string="relative_url_root = .*" --replace_string="relative_url_root = ${new_path%/}" --target_file="$discourse_config_file"
@ -129,36 +40,28 @@ ynh_replace_string --match_string="smtp_domain = .*" --replace_string="smtp_doma
ynh_store_file_checksum --file="$discourse_config_file"
# Change URL setting
ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name <<< "UPDATE site_settings SET value = replace(value, '${old_path%/}/images/', '${new_path%/}/images/');
ynh_psql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \
<<< "UPDATE site_settings SET value = replace(value, '$old_relative_url_root/images/', '$new_relative_url_root/images/');
UPDATE site_settings SET value = '${new_path}' WHERE name='long_polling_base_url';"
ynh_use_ruby
# Remap URLs in forum posts
ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec script/discourse remap ${old_path%/}/uploads ${new_path%/}/uploads <<< "YES
ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec script/discourse remap "$old_relative_url_root/uploads" "$new_relative_url_root/uploads" <<< "YES
# "
# Regenerate assets
ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/rake assets:precompile
ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/rake assets:precompile
# Regenerate all forum posts
ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/rake posts:rebake
ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/rake posts:rebake
#=================================================
# GENERIC FINALISATION
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_script_progression --message="Starting $app's systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
ynh_systemd_action --service_name="$app" --action="start" --log_path="$install_dir/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
#=================================================
# END OF SCRIPT

338
scripts/install
View file

@ -1,7 +1,5 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
@ -9,88 +7,54 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
:
else
# Check memory requirements
check_memory_requirements
if [ "${PACKAGE_CHECK_EXEC:-0}" -ne 1 ]; then
# Check memory requirements
check_memory_requirements
fi
#=================================================
# STORE SETTINGS FROM MANIFEST
# INITIALIZE AND STORE SETTINGS
#=================================================
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
relative_url_root=${path%/}
# Create a random password
admin_pwd=$(ynh_string_random)
admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
redis_db=$(ynh_redis_get_free_db)
ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db"
# Set a secret value
secret="$(ynh_string_random)"
# We assume for the moment that ARM devices are only dual core, so
# we restrict the number of workers to 2 (the default is 3)
if dpkg --print-architecture | grep -q "arm"; then
unicorn_workers=2
else
unicorn_workers=3
fi
ynh_app_setting_set --app="$app" --key=unicorn_workers --value=$unicorn_workers
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..."
ynh_script_progression --message="Installing Ruby..."
ynh_exec_warn_less ynh_install_ruby --ruby_version="$ruby_version"
ynh_use_ruby
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies
ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
ynh_script_progression --message="Installing NodeJS..."
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# CREATE DEDICATED USER
# CONFIGURE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Configuring system user..."
ynh_script_progression --message="Configuring $app's PostgreSQL database..."
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a PostgreSQL database..."
db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
# Set extensions
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS hstore;" --database=$db_name
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS hstore;"
ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -98,102 +62,85 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
ynh_script_progression --message="Setting up source files..."
# Specific actions on ARM architecture
if [ -n "$(uname -m | grep arm)" ] ; then
# Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM
# compatibility by pointing to a recent libv8 version
# This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261)
# that prevents it from being compiled on ARM hence no binary gem is available yet
cp ../sources/patches_arm/* ../sources/patches
if dpkg --print-architecture | grep -q "arm"; then
# Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM
# compatibility by pointing to a recent libv8 version
# This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261)
# that prevents it from being compiled on ARM hence no binary gem is available yet
cp ../sources/patches_arm/* ../sources/patches
fi
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$install_dir"
# Install LDAP plugin
mkdir -p "$final_path/plugins/discourse-ldap-auth"
ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth
ynh_setup_source --source_id=ldap-auth --dest_dir="$install_dir/plugins/discourse-ldap-auth"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
# Add a pids and socket directory for the systemd script.
mkdir -p "$install_dir/tmp/pids"
mkdir -p "$install_dir/tmp/sockets"
mkdir -p "$install_dir/public/forum"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..."
# Create specific folders and links for subfolder compatibility
# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
ln -s "$install_dir/public/uploads" "$install_dir/public/forum/uploads"
ln -s "$install_dir/public/backups" "$install_dir/public/forum/backups"
# Create a dedicated NGINX config
ynh_add_nginx_config
chmod -R o-rwx "$install_dir"
chown -R "$app:www-data" "$install_dir"
# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
if [ "$path_url" != "/" ] ; then
ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC SETUP
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..."
ynh_script_progression --message="Adding $app's configuration file..."
admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
redis_db=$(ynh_redis_get_free_db)
ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db"
relative_url_root=${path_url%/}
ynh_add_config --template="../conf/discourse_defaults.conf" --destination="$final_path/config/discourse.conf"
ynh_add_config --template="../conf/settings.yml" --destination="$final_path/plugins/discourse-ldap-auth/config/settings.yml"
ynh_add_config --template="discourse_defaults.conf" --destination="$install_dir/config/discourse.conf"
ynh_add_config --template="secrets.yml" --destination="$install_dir/config/secrets.yml"
ynh_add_config --template="settings.yml" --destination="$install_dir/plugins/discourse-ldap-auth/config/settings.yml"
# Disable svgo worker
echo "svgo: false" > $final_path/.image_optim.yml
echo "svgo: false" | ynh_exec_as "$app" tee "$install_dir/.image_optim.yml" >/dev/null
#=================================================
# SETUP UNICORN, A RUBY SERVER
#=================================================
ynh_script_progression --message="Setting up Unicorn..."
# Set a secret value
secret="$(ynh_string_random)"
ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml"
pushd "$final_path"
ynh_use_ruby
# Install bundler, a gems installer
ynh_gem install bundler
# Install without documentation
ynh_exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc"
pushd "$install_dir"
# Install bundler, a gems installer
ynh_gem install bundler
# Install without documentation
echo "gem: --no-ri --no-rdoc" | ynh_exec_as "$app" tee "$install_dir/.gemrc" >/dev/null
popd
# Specific actions on ARM architecture
if [ -n "$(uname -m | grep arm)" ] ; then
# Define the platform specifically to retrieve binaries
# for libv8 because it currently doesn't compile on ARM devices
ynh_exec_as $app --login bin/bundle config specific_platform arm-linux
if dpkg --print-architecture | grep -q "arm"; then
# Define the platform specifically to retrieve binaries
# for libv8 because it currently doesn't compile on ARM devices
ynh_exec_as "$app" --login bin/bundle config specific_platform arm-linux
fi
# Install dependencies
ynh_exec_as $app --login bin/bundle config set path 'vendor/bundle'
ynh_exec_as $app --login bin/bundle config set with 'development'
ynh_exec_as $app --login MAKEFLAGS=-j2 bin/bundle install --jobs 2
ynh_exec_as "$app" --login bin/bundle config set path 'vendor/bundle'
ynh_exec_as "$app" --login bin/bundle config set with 'development'
ynh_exec_as "$app" --login MAKEFLAGS=-j2 bin/bundle install --jobs 2
# On ARM architecture, replace bundled libpsl by system native libpsl
# because the provided binary isn't compatible
if [ -n "$(uname -m | grep arm)" ] ; then
(cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor
rm libpsl.so
ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so)
if dpkg --print-architecture | grep -q "arm"; then
(
cd "$install_dir/vendor/bundle/ruby"/*/"gems/mini_suffix-*/vendor"
rm libpsl.so
ln -s "$(ldconfig -p | grep libpsl | awk 'END {print $NF}')" libpsl.so
)
fi
pushd "$final_path"
ynh_use_nodejs
ynh_npm install --location=global terser
ynh_npm install --location=global uglify-js
ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --production --frozen-lockfile
ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn cache clean
pushd "$install_dir"
ynh_use_nodejs
ynh_npm install --location=global terser
ynh_npm install --location=global uglify-js
ynh_exec_warn_less ynh_exec_as "$app" "$ynh_node_load_PATH" yarn install --production --frozen-lockfile
ynh_exec_warn_less ynh_exec_as "$app" "$ynh_node_load_PATH" yarn cache clean
popd
#=================================================
@ -201,40 +148,20 @@ popd
#=================================================
ynh_script_progression --message="Preparing the database..."
ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake db:migrate
ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile
ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec rake db:migrate
ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_package_autoremove
#=================================================
# POPULATE THE DATABASE
#=================================================
ynh_script_progression --message="Populating the database..."
#Set default data (especially to have correct image URLs for subfolder install)
ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name <<< "INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('title', 1, 'YunoHost Forum', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_description', 1, 'YunoHost Forum', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_email', 14, '$admin_mail', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_url', 1, '$domain$path_url', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_contact_username', 15, '$admin', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_url', 1, '${path_url%/}/images/d-logo-sketch.png', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('long_polling_base_url', 1, '${path_url%/}/', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_small_url', 1, '${path_url%/}/images/d-logo-sketch-small.png', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('favicon_url', 1, '${path_url%/}/images/default-favicon.ico', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('apple_touch_icon_url', 1, '${path_url%/}/images/default-apple-touch-icon.png', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('wizard_enabled', 5, 'f', 'NOW()', 'NOW()');
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('force_https', 5, 't', 'NOW()', 'NOW()');
"
# Set default data (especially to have correct image URLs for subfolder install)
ynh_add_config --template="provisioning.sql" --destination="$install_dir/provisioning.sql"
ynh_psql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < "$install_dir/provisioning.sql"
ynh_secure_remove --file="$install_dir/provisioning.sql"
#=================================================
# CREATE DISCOURSE ADMIN USER
#=================================================
ynh_script_progression --message="Creating Discourse admin user..."
# Create a random password
admin_pwd=$(ynh_string_random)
ynh_exec_as $app --login RAILS_ENV=production bin/rake admin:create <<< "$admin_mail
ynh_exec_as "$app" --login RAILS_ENV=production bin/rake admin:create <<< "$admin_mail
$admin_pwd
$admin_pwd
y
@ -248,94 +175,41 @@ ynh_script_progression --message="Configuring plugins..."
# Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder
# (Can only do that now because we are patching dependencies which have just been downloaded)
# Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16
(cd $final_path/plugins/discourse-ldap-auth/gems/${ruby_version}/gems/omniauth-ldap*/
patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch)
patch -p1 -d "$install_dir/plugins/discourse-ldap-auth/gems/$ruby_version/gems/omniauth-ldap*/" \
< "../conf/ldap-auth-fix-subfolder.patch"
#=================================================
# SETUP SYSTEMD
# SYSTEM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring a systemd service..."
ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
# We assume for the moment that ARM devices are only dual core, so
# we restrict the number of workers to 2 (the default is 3)
if [ -n "$(uname -m | grep arm)" ] ; then
additional_env="UNICORN_WORKERS=2"
unicorn_workers=2
else
additional_env=""
unicorn_workers=3
# Create a dedicated NGINX config
ynh_add_nginx_config
# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
if [ "$path" != "/" ] ; then
ynh_replace_string --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" \
--match_string='$proxy_add_x_forwarded_for' \
--replace_string='$http_your_original_ip_header'
fi
ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers
libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')"
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
additional_env="UNICORN_WORKERS=$unicorn_workers"
ynh_add_systemd_config
yunohost service add "$app" --log "$install_dir/log/unicorn.stderr.log" "$install_dir/log/unicorn.stdout.log" "$install_dir/log/production.log"
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_script_progression --message="Securing files and directories..."
# Add a pids and socket directory for the systemd script.
mkdir -p "$final_path/tmp/pids"
mkdir "$final_path/tmp/sockets"
# Create specific folders and links for subfolder compatibility
# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
(
cd $final_path
mkdir -p "public/forum"
cd public/forum && ln -s ../uploads && ln -s ../backups
)
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."
# Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log"
ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log"
ynh_use_logrotate --logfile="$final_path/log/production.log"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log"
ynh_use_logrotate --logfile="$install_dir/log/unicorn.stderr.log"
ynh_use_logrotate --logfile="$install_dir/log/unicorn.stdout.log"
ynh_use_logrotate --logfile="$install_dir/log/production.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_script_progression --message="Starting $app's systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
ynh_systemd_action --service_name="$app" --action="start" --log_path="$install_dir/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
#=================================================
# END OF SCRIPT

78
scripts/remove
View file

@ -1,7 +1,5 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
@ -10,54 +8,23 @@ source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
# REMOVE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..."
yunohost service remove $app
if ynh_exec_warn_less yunohost service status "$app" >/dev/null; then
yunohost service remove "$app"
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user
ynh_psql_remove_db --db_user="$db_user" --db_name="$db_name"
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE THE REDIS DATABASE
@ -66,42 +33,15 @@ ynh_script_progression --message="Removing the redis database..."
ynh_redis_remove_db "$redis_db"
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..."
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
ynh_script_progression --message="Removing NodeJS..."
ynh_remove_nodejs
ynh_script_progression --message="Removing Ruby..."
ynh_remove_ruby
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================

142
scripts/restore
View file

@ -1,7 +1,5 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
@ -10,151 +8,69 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..."
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
:
else
# Check memory requirements
check_memory_requirements
if [ "${PACKAGE_CHECK_EXEC:-0}" -ne 1 ]; then
# Check memory requirements
check_memory_requirements
fi
#=================================================
# STANDARD RESTORATION STEPS
# INSTALL DEPENDENCIES
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
ynh_script_progression --message="Reinstalling Ruby..."
ynh_exec_warn_less ynh_install_ruby --ruby_version="$ruby_version"
ynh_use_ruby
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell
ynh_script_progression --message="Reinstalling NodeJS..."
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
ynh_restore_file --origin_path="$install_dir"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..."
# Define and install dependencies
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies
ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
chmod -R o-rwx "$install_dir"
chown -R "$app:www-data" "$install_dir"
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..."
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
ynh_psql_test_if_first_run
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS hstore;" --database=$db_name
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database=$db_name
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS hstore;"
ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;"
ynh_psql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql
#=================================================
# REINSTALL BUNDLE GEM
#=================================================
ynh_script_progression --message="Reinstall Bundle Gem..."
pushd "$final_path"
ynh_use_ruby
ynh_gem install bundler
pushd "$install_dir"
ynh_gem install bundler
popd
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_package_autoremove
#=================================================
# RESTORE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
systemctl enable "$app.service" --quiet
yunohost service add "$app" --log "$install_dir/log/unicorn.stderr.log" "$install_dir/log/unicorn.stdout.log" "$install_dir/log/production.log"
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
if [ -n "$(uname -m | grep arm)" ] ; then
unicorn_workers=2
else
unicorn_workers=3
fi
ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers
ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name="$app" --action="start" --log_path="$install_dir/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
ynh_systemd_action --service_name=nginx --action=reload

437
scripts/upgrade
View file

@ -1,7 +1,5 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
@ -9,51 +7,18 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
unicorn_workers=$(ynh_app_setting_get --app=$app --key=unicorn_workers)
if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
:
else
# Check memory requirements
check_memory_requirements_upgrade
if [ "${PACKAGE_CHECK_EXEC:-0}" -ne 1 ]; then
# Check memory requirements
check_memory_requirements
fi
#=================================================
# CHECK VERSION
# INITIALIZE AND STORE SETTINGS
#=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
relative_url_root=${path%/}
secret="$(ynh_string_random)"
#=================================================
# ENABLE MAINTENANCE MODE
@ -62,14 +27,12 @@ ynh_script_progression --message="Enabling maintenance mode..."
ynh_maintenance_mode_ON
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/log/unicorn.stderr.log"
ynh_systemd_action --service_name="$app" --action="stop" --log_path="$install_dir/log/unicorn.stderr.log"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
@ -77,309 +40,184 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/l
ynh_script_progression --message="Ensuring downward compatibility..."
# If unicorn_workers doesn't exist, create it
if [ -z "$unicorn_workers" ]
then
# We assume for the moment that ARM devices are only dual core, so
# we restrict the number of workers to 2 (the default is 3)
if [ -n "$(uname -m | grep arm)" ]
then
unicorn_workers=2
else
unicorn_workers=3
fi
ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
if [ -z "$unicorn_workers" ]; then
# We assume for the moment that ARM devices are only dual core, so
# we restrict the number of workers to 2 (the default is 3)
if dpkg --print-architecture | grep -q "arm"; then
unicorn_workers=2
else
unicorn_workers=3
fi
ynh_app_setting_set --app="$app" --key="unicorn_workers" --value="$unicorn_workers"
fi
#=================================================
# CREATE DEDICATED USER
# UPGRADING DEPENDENCIES
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
ynh_script_progression --message="Upgrading Ruby..."
ynh_exec_warn_less ynh_install_ruby --ruby_version="$ruby_version"
ynh_use_ruby
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell
ynh_script_progression --message="Upgrading NodeJS..."
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Upgrading source files..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..."
# Specific actions on ARM architecture
if [ -n "$(uname -m | grep arm)" ] ; then
# Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM
# compatibility by pointing to a recent libv8 version
# This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261)
# that prevents it from being compiled on ARM hence no binary gem is available yet
cp ../sources/patches_arm/* ../sources/patches
fi
# Backup files to keep
tmpdir=$(mktemp -d)
cp -Rp $final_path/plugins $final_path/config/discourse.conf $tmpdir
if [ -d $final_path/public/uploads ] ; then
cp -Rp $final_path/public/uploads $tmpdir
fi
if [ -d $final_path/public/backups ] ; then
cp -Rp $final_path/public/backups $tmpdir
fi
if [ -d $final_path/log ] ; then
cp -Rp $final_path/log $tmpdir
fi
# Remove destination directory
ynh_secure_remove --file=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
# Restore previous files
if [ -d $tmpdir/uploads ] ; then
cp -Rp $tmpdir/uploads $final_path/public
fi
if [ -d $tmpdir/backups ] ; then
cp -Rp $tmpdir/backups $final_path/public
fi
if [ -d $tmpdir/log ] ; then
cp -Rp $tmpdir/log $final_path
fi
(
cd $tmpdir/plugins/
for discourse_plugin_dir in */
do
# Only copy plugins not included in Discourse archive
if [ ! -d "$final_path/plugins/$discourse_plugin_dir" ]
then
cp -a "$discourse_plugin_dir" "$final_path/plugins/$discourse_plugin_dir"
fi
done
)
cp -Rp $tmpdir/log $final_path
cp -p $tmpdir/discourse.conf $final_path/config
ynh_secure_remove --file="$tmpdir"
# Install LDAP plugin
tmpdir=$(mktemp -d)
cp -Rp "$final_path/plugins/discourse-ldap-auth/config/settings.yml" $tmpdir
ynh_secure_remove --file="$final_path/plugins/discourse-ldap-auth"
mkdir -p "$final_path/plugins/discourse-ldap-auth"
ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth
cp -p $tmpdir/settings.yml $final_path/plugins/discourse-ldap-auth/config
ynh_secure_remove --file="$tmpdir"
# Specific actions on ARM architecture
if dpkg --print-architecture | grep -q "arm"; then
# Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM
# compatibility by pointing to a recent libv8 version
# This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261)
# that prevents it from being compiled on ARM hence no binary gem is available yet
cp ../sources/patches_arm/* ../sources/patches
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
# Small trick to backup non-core plugins
mv "$install_dir/plugins" "$install_dir/plugins_old"
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..."
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir" --full_replace=1 \
--keep="config/discourse.conf plugins_old public/uploads public/backups log"
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies
ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
ynh_use_ruby
# Restore all non-core plugins
for plugin_dir in "$install_dir/plugins"/*; do
plugin_name=$(basename "$plugin_dir")
if [ ! -d "$install_dir/plugins/$plugin_name" ]; then
mv "$plugin_dir" "$install_dir/plugins/$plugin_name"
fi
done
ynh_secure_remove --file="$install_dir/plugins_old"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Install LDAP plugin
ynh_setup_source --source_id=ldap-auth --dest_dir="$install_dir/plugins/discourse-ldap-auth" --full_replace=1 \
--keep="config/settings.yml"
# Create a dedicated NGINX config
ynh_add_nginx_config
# Add a pids and socket directory for the systemd script.
mkdir -p "$install_dir/tmp/pids"
mkdir -p "$install_dir/tmp/sockets"
mkdir -p "$install_dir/public/forum"
# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
if [ "$path_url" != "/" ] ; then
ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
# Create specific folders and links for subfolder compatibility
# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
ln -s "$install_dir/public/uploads" "$install_dir/public/forum/uploads"
ln -s "$install_dir/public/backups" "$install_dir/public/forum/backups"
# Set permissions to app files
chmod -R o-rwx "$install_dir"
chown -R "$app:www-data" "$install_dir"
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating $app's config file..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Updating a config file..."
ynh_add_config --template="discourse_defaults.conf" --destination="$install_dir/config/discourse.conf"
ynh_add_config --template="secrets.yml" --destination="$install_dir/config/secrets.yml"
ynh_add_config --template="settings.yml" --destination="$install_dir/plugins/discourse-ldap-auth/config/settings.yml"
admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
relative_url_root=${path_url%/}
ynh_add_config --template="../conf/discourse_defaults.conf" --destination="$final_path/config/discourse.conf"
ynh_add_config --template="../conf/settings.yml" --destination="$final_path/plugins/discourse-ldap-auth/config/settings.yml"
# Disable svgo worker
echo "svgo: false" > $final_path/.image_optim.yml
fi
# Disable svgo worker
echo "svgo: false" | ynh_exec_as "$app" tee "$install_dir/.image_optim.yml" >/dev/null
#=================================================
# SETUP UNICORN, A RUBY SERVER
#=================================================
ynh_script_progression --message="Setting up Unicorn..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Setting up Unicorn..."
# Make a backup of the original config file if modified
unicorn_config_file="$install_dir/config/unicorn.conf.rb"
ynh_backup_if_checksum_is_different "$unicorn_config_file"
ynh_store_file_checksum --file="$unicorn_config_file"
unicorn_config_file="$final_path/config/unicorn.conf.rb"
# Make a backup of the original config file if modified
ynh_backup_if_checksum_is_different "$unicorn_config_file"
pushd "$install_dir"
# Install bundler, a gems installer
ynh_gem install bundler
# Install without documentation
echo "gem: --no-ri --no-rdoc" | ynh_exec_as "$app" "$install_dir/.gemrc" >/dev/null
popd
# Calculate and store the config file checksum
ynh_store_file_checksum --file="$unicorn_config_file"
secret="$(ynh_string_random)"
ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml"
# Set permissions to app files
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
pushd "$final_path"
# Install bundler, a gems installer
ynh_gem install bundler
# Install without documentation
ynh_exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc"
popd
# Specific actions on ARM architecture
if [ -n "$(uname -m | grep arm)" ] ; then
# Define the platform specifically to retrieve binaries
# for libv8 because it currently doesn't compile on ARM devices
ynh_exec_as $app --login bin/bundle config specific_platform arm-linux
fi
# Install dependencies
ynh_exec_as $app --login bin/bundle config set path 'vendor/bundle'
ynh_exec_as $app --login bin/bundle config set with 'development'
ynh_exec_as $app --login MAKEFLAGS=-j2 bin/bundle install --jobs 2
# On ARM architecture, replace bundled libpsl by system native libpsl
# because the provided binary isn't compatible
if [ -n "$(uname -m | grep arm)" ] ; then
(
cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor
rm libpsl.so
ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so
)
fi
pushd "$final_path"
ynh_use_nodejs
ynh_npm install --location=global terser
ynh_npm install --location=global uglify-js
ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --production --frozen-lockfile
ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn cache clean
popd
# Specific actions on ARM architecture
if dpkg --print-architecture | grep -q "arm"; then
# Define the platform specifically to retrieve binaries
# for libv8 because it currently doesn't compile on ARM devices
ynh_exec_as "$app" --login bin/bundle config specific_platform arm-linux
fi
# Install dependencies
ynh_exec_as "$app" --login bin/bundle config set path 'vendor/bundle'
ynh_exec_as "$app" --login bin/bundle config set with 'development'
ynh_exec_as "$app" --login MAKEFLAGS=-j2 bin/bundle install --jobs 2
# On ARM architecture, replace bundled libpsl by system native libpsl
# because the provided binary isn't compatible
if dpkg --print-architecture | grep -q "arm"; then
(
cd "$install_dir/vendor/bundle/ruby"/*/"gems/mini_suffix-*/vendor"
rm libpsl.so
ln -s "$(ldconfig -p | grep libpsl | awk 'END {print $NF}')" libpsl.so
)
fi
pushd "$install_dir"
ynh_use_nodejs
ynh_npm install --location=global terser
ynh_npm install --location=global uglify-js
ynh_exec_warn_less ynh_exec_as "$app" "$ynh_node_load_PATH" yarn install --production --frozen-lockfile
ynh_exec_warn_less ynh_exec_as "$app" "$ynh_node_load_PATH" yarn cache clean
popd
#=================================================
# PREPARE THE DATABASE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Preparing the database..."
ynh_script_progression --message="Preparing the database..."
ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake db:migrate
ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile
fi
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_package_autoremove
ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec rake db:migrate
ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile
#=================================================
# CONFIGURE PLUGINS
#=================================================
ynh_script_progression --message="Configuring plugins..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Configuring plugins..."
# Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder
# (Can only do that now because we are patching dependencies which have just been downloaded)
# Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16
patch -p1 -d "$install_dir/plugins/discourse-ldap-auth/gems/$ruby_version/gems/omniauth-ldap*/" \
< "../conf/ldap-auth-fix-subfolder.patch"
# Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder
# (Can only do that now because we are patching dependencies which have just been downloaded)
# Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16
(
cd $final_path/plugins/discourse-ldap-auth/gems/${ruby_version}/gems/omniauth-ldap*/
patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch
)
#=================================================
# REAPPLY SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
if [ "$path" != "/" ] ; then
ynh_replace_string --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" \
--match_string='$proxy_add_x_forwarded_for' \
--replace_string='$http_your_original_ip_header'
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SETUP SYSTEMD
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Configuring a systemd service..."
additional_env="UNICORN_WORKERS=$unicorn_workers"
libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')"
ynh_add_systemd_config
fi
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_script_progression --message="Securing files and directories..."
# Add a pids and socket directory for the systemd script.
mkdir -p "$final_path/tmp/pids"
mkdir -p "$final_path/tmp/sockets"
# Create specific folders and links for subfolder compatibilityn
# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
(
cd $final_path
mkdir -p "public/forum"
cd public/forum
if [ ! -L ./uploads ]; then
ln -s ../uploads
fi
if [ ! -L ./backups ]; then
ln -s ../backups
fi
)
# Set permissions to app files
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."
additional_env="UNICORN_WORKERS=$unicorn_workers"
ynh_add_systemd_config
yunohost service add "$app" --log "$install_dir/log/unicorn.stderr.log" "$install_dir/log/unicorn.stdout.log" "$install_dir/log/production.log"
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log"
ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log"
ynh_use_logrotate --logfile="$final_path/log/production.log"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log"
ynh_use_logrotate --logfile="$install_dir/log/unicorn.stderr.log"
ynh_use_logrotate --logfile="$install_dir/log/unicorn.stdout.log"
ynh_use_logrotate --logfile="$install_dir/log/production.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_script_progression --message="Starting $app's systemd service..."
ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
ynh_systemd_action --service_name="$app" --action="start" --log_path="$install_dir/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
#=================================================
# DISABLE MAINTENANCE MODE
@ -388,13 +226,6 @@ ynh_script_progression --message="Disabling maintenance mode..."
ynh_maintenance_mode_OFF
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

0
sources/patches/app-1-use-latest_uglify-js.patch → sources/patches/main-1-use-latest_uglify-js.patch
View file

0
sources/patches/app-3-Re-add-support-for-older-versions-of-brotli.patch → sources/patches/main-3-Re-add-support-for-older-versions-of-brotli.patch
View file

0
sources/patches/app-4-fix-missing-git-repository.patch → sources/patches/main-4-fix-missing-git-repository.patch
View file

0
sources/patches/app-5-fix-admin-watched-words-action.patch → sources/patches/main-5-fix-admin-watched-words-action.patch
View file

0
sources/patches/app-6-fix-download-calendar.patch → sources/patches/main-6-fix-download-calendar.patch
View file

0
sources/patches/app-7-fix-uppy-upload.patch → sources/patches/main-7-fix-uppy-upload.patch
View file

0
sources/patches_arm/app-2-Revert-libv8-mini_racer-dependencies-for-ARM-compati.patch → sources/patches_arm/main-2-Revert-libv8-mini_racer-dependencies-for-ARM-compati.patch
View file

12
tests.toml Normal file
View file

@ -0,0 +1,12 @@
#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json
test_format = 1.0
[default]
# -------------------------------
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.80476a5622a7baabc40ae06be33ed27398139b87.name = "2.8.8~ynh3"