From 1d564ea1c592d5c1d339466397abe3c438f71299 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 26 Jan 2024 22:16:29 +0100 Subject: [PATCH] manifestv2 --- .github/workflows/updater.sh | 107 ----- .github/workflows/updater.yml | 49 -- check_process | 28 -- conf/app.src | 7 - conf/ldap-auth.src | 3 - conf/nginx.conf | 426 ++++++++--------- conf/provisioning.sql | 12 + conf/systemd.service | 6 +- doc/ADMIN.md | 56 +++ doc/ADMIN_fr.md | 53 +++ doc/DESCRIPTION.md | 8 +- doc/DESCRIPTION_fr.md | 8 +- doc/PRE_INSTALL.md | 16 + doc/PRE_INSTALL_fr.md | 16 + manifest.json | 54 --- manifest.toml | 106 +++++ scripts/_common.sh | 139 +++--- scripts/backup | 37 +- scripts/change_url | 125 +---- scripts/install | 338 +++++--------- scripts/remove | 78 +--- scripts/restore | 142 ++---- scripts/upgrade | 437 ++++++------------ ...atch => main-1-use-latest_uglify-js.patch} | 0 ...upport-for-older-versions-of-brotli.patch} | 0 ...> main-4-fix-missing-git-repository.patch} | 0 ...in-5-fix-admin-watched-words-action.patch} | 0 ...tch => main-6-fix-download-calendar.patch} | 0 ...oad.patch => main-7-fix-uppy-upload.patch} | 0 ..._racer-dependencies-for-ARM-compati.patch} | 0 tests.toml | 12 + 31 files changed, 861 insertions(+), 1402 deletions(-) delete mode 100755 .github/workflows/updater.sh delete mode 100644 .github/workflows/updater.yml delete mode 100644 check_process delete mode 100644 conf/app.src delete mode 100644 conf/ldap-auth.src create mode 100644 conf/provisioning.sql create mode 100644 doc/ADMIN.md create mode 100644 doc/ADMIN_fr.md create mode 100644 doc/PRE_INSTALL.md create mode 100644 doc/PRE_INSTALL_fr.md delete mode 100644 manifest.json create mode 100644 manifest.toml rename sources/patches/{app-1-use-latest_uglify-js.patch => main-1-use-latest_uglify-js.patch} (100%) rename sources/patches/{app-3-Re-add-support-for-older-versions-of-brotli.patch => main-3-Re-add-support-for-older-versions-of-brotli.patch} (100%) rename sources/patches/{app-4-fix-missing-git-repository.patch => main-4-fix-missing-git-repository.patch} (100%) rename sources/patches/{app-5-fix-admin-watched-words-action.patch => main-5-fix-admin-watched-words-action.patch} (100%) rename sources/patches/{app-6-fix-download-calendar.patch => main-6-fix-download-calendar.patch} (100%) rename sources/patches/{app-7-fix-uppy-upload.patch => main-7-fix-uppy-upload.patch} (100%) rename sources/patches_arm/{app-2-Revert-libv8-mini_racer-dependencies-for-ARM-compati.patch => main-2-Revert-libv8-mini_racer-dependencies-for-ARM-compati.patch} (100%) create mode 100644 tests.toml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100755 index 1110a6d..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/tags" | jq -r '.[] | select( .name | contains("rc") or contains("beta") or contains("alpha") | not ) | .name' | sort -V | tail -1) -assets="https://github.com/discourse/discourse/archive/$version.tar.gz" - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Let's download source tarball -asset_url=$assets - -echo "Handling asset at $asset_url" - -src="app" - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true -EOT -echo "... conf/$src.src updated" - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index a56d7cb..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false diff --git a/check_process b/check_process deleted file mode 100644 index f804f25..0000000 --- a/check_process +++ /dev/null @@ -1,28 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - is_public=1 - admin="john" - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - # 2.8.8~ynh3 - upgrade=1 from_commit=80476a5622a7baabc40ae06be33ed27398139b87 - backup_restore=1 - # Activate multi-instance test only if you have more than 2Gb RAM! - multi_instance=0 - port_already_use=0 - change_url=1 -;;; Options -Email= -Notification=none -;;; Upgrade options - ; commit=80476a5622a7baabc40ae06be33ed27398139b87 - name=2.8.8~ynh1 - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1 diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index c499f0f..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/discourse/discourse/archive/v2.8.14.tar.gz -SOURCE_SUM=b4b9a2857515ab79b2bc71cc0bdd09f9bf749d506c095b76d86846c9adf62623 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/ldap-auth.src b/conf/ldap-auth.src deleted file mode 100644 index 049fa39..0000000 --- a/conf/ldap-auth.src +++ /dev/null @@ -1,3 +0,0 @@ -SOURCE_URL=https://github.com/jonmbake/discourse-ldap-auth/archive/v0.6.0.tar.gz -SOURCE_SUM=1f64f90f648f53b40608912221adb60d86c8c13856aaba68c645cd88279445d4 -SOURCE_FORMAT=tar.gz diff --git a/conf/nginx.conf b/conf/nginx.conf index a1dfbf9..13682be 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,213 +1,213 @@ - # maximum file upload size (keep up to date when changing the corresponding site setting) - client_max_body_size 10m; - - # extend timeouts - proxy_connect_timeout 600; - proxy_send_timeout 600; - proxy_read_timeout 600; - send_timeout 600; - - # path to discourse's public directory - set $public __FINALPATH__/public/; - - # without weak etags we get zero benefit from etags on dynamically compressed content - # further more etags are based on the file in nginx not sha of data - # use dates, it solves the problem fine even cross server - etag off; - - # prevent direct download of backups - location ^~ __PATH__/backups/ { - internal; - } - - # bypass rails stack with a cheap 204 for favicon.ico requests - location __PATH__/favicon.ico { - return 204; - access_log off; - log_not_found off; - } - -#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; - location __PATH__/ { - alias __FINALPATH__/public/ ; - proxy_hide_header ETag; - - # auth_basic on; - # auth_basic_user_file /etc/nginx/htpasswd; - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; - - - location ~* (assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico)$ { - expires 1y; - more_set_headers "Cache-Control : public,immutable"; - more_set_headers "Access-Control-Allow-Origin : *"; - } - - location = __PATH__/srv/status { - access_log off; - log_not_found off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Request-Start "t=${msec}"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock; - break; - } - - # some minimal caching here so we don't keep asking - # longer term we should increas probably to 1y - location ~ ^/javascripts/ { - expires 1d; - more_set_headers "Cache-Control : public,immutable"; - } - - location ~ ^/assets/(?.+)$ { - expires 1y; - # asset pipeline enables this - # brotli_static on; - gzip_static on; - more_set_headers "Cache-Control : public,immutable"; - # HOOK in asset location (used for extensibility) - # TODO I don't think this break is needed, it just breaks out of rewrite - break; - } - - location ~ ^/plugins/ { - expires 1y; - more_set_headers "Cache-Control : public,immutable"; - } - - # cache emojis - location ~ /images/emoji/ { - expires 1y; - more_set_headers "Cache-Control : public,immutable"; - } - - location ~ ^/uploads/ { - - # NOTE: it is really annoying that we can't just define headers - # at the top level and inherit. - # - # proxy_set_header DOES NOT inherit, by design, we must repeat it, - # otherwise headers are not set correctly - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Request-Start "t=${msec}"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Sendfile-Type X-Accel-Redirect; - proxy_set_header X-Accel-Mapping __FINALPATH__/public/=/downloads/; - expires 1y; - more_set_headers "Cache-Control : public,immutable"; - - ## optional upload anti-hotlinking rules - #valid_referers none blocked mysite.com *.mysite.com; - #if ($invalid_referer) { return 403; } - - # custom CSS - location ~ /stylesheet-cache/ { - try_files $uri =404; - } - # this allows us to bypass rails - location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff|svg|ico|webp)$ { - try_files $uri =404; - } - # thumbnails & optimized images - location ~ /_?optimized/ { - try_files $uri =404; - } - - proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock; - break; - } - - location ~ ^/admin/backups/ { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Request-Start "t=${msec}"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Sendfile-Type X-Accel-Redirect; - proxy_set_header X-Accel-Mapping __FINALPATH__/public/=/downloads/; - proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock; - break; - } - - # This big block is needed so we can selectively enable - # acceleration for backups and avatars - # see note about repetition above - location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied|service-worker) { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Request-Start "t=${msec}"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - - # if Set-Cookie is in the response nothing gets cached - # this is double bad cause we are not passing last modified in - proxy_ignore_headers "Set-Cookie"; - proxy_hide_header "Set-Cookie"; - - # note x-accel-redirect can not be used with proxy_cache -# proxy_cache one; - proxy_cache_valid 200 301 302 7d; - proxy_cache_valid any 1m; - proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock; - break; - } - -# location /letter_avatar_proxy/ { -# # Don't send any client headers to the avatars service -# proxy_method GET; -# proxy_pass_request_headers off; -# proxy_pass_request_body off; -# -# # Don't let cookies interrupt caching, and don't pass them to the -# # client -# proxy_ignore_headers "Set-Cookie"; -# proxy_hide_header "Set-Cookie"; -# -# proxy_cache one; -# proxy_cache_key $uri; -# proxy_cache_valid 200 7d; -# proxy_cache_valid 404 1m; -# proxy_set_header Connection ""; -# -# proxy_pass https://avatars.discourse.org/; -# break; -# } - - # we need buffering off for message bus - location __PATH__/message-bus/ { - proxy_set_header X-Request-Start "t=${msec}"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_http_version 1.1; - proxy_buffering off; - proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock; - break; - } - - # this means every file in public is tried first - try_files $uri @__NAME__; - } - - location __PATH__/downloads/ { - internal; - alias __FINALPATH__/public/ ; - } - - location @__NAME__ { - more_set_headers "Referrer-Policy : no-referrer-when-downgrade"; - proxy_set_header Host $host; - proxy_set_header X-Request-Start "t=${msec}"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_pass http://unix:__FINALPATH__/tmp/sockets/unicorn.sock; -} + # maximum file upload size (keep up to date when changing the corresponding site setting) + client_max_body_size 10m; + + # extend timeouts + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 600; + + # path to discourse's public directory + set $public __INSTALL_DIR__/public/; + + # without weak etags we get zero benefit from etags on dynamically compressed content + # further more etags are based on the file in nginx not sha of data + # use dates, it solves the problem fine even cross server + etag off; + + # prevent direct download of backups + location ^~ __PATH__/backups/ { + internal; + } + + # bypass rails stack with a cheap 204 for favicon.ico requests + location __PATH__/favicon.ico { + return 204; + access_log off; + log_not_found off; + } + +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; + location __PATH__/ { + alias __INSTALL_DIR__/public/ ; + proxy_hide_header ETag; + + # auth_basic on; + # auth_basic_user_file /etc/nginx/htpasswd; + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; + + + location ~* (assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico)$ { + expires 1y; + more_set_headers "Cache-Control : public,immutable"; + more_set_headers "Access-Control-Allow-Origin : *"; + } + + location = __PATH__/srv/status { + access_log off; + log_not_found off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Request-Start "t=${msec}"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock; + break; + } + + # some minimal caching here so we don't keep asking + # longer term we should increas probably to 1y + location ~ ^/javascripts/ { + expires 1d; + more_set_headers "Cache-Control : public,immutable"; + } + + location ~ ^/assets/(?.+)$ { + expires 1y; + # asset pipeline enables this + # brotli_static on; + gzip_static on; + more_set_headers "Cache-Control : public,immutable"; + # HOOK in asset location (used for extensibility) + # TODO I don't think this break is needed, it just breaks out of rewrite + break; + } + + location ~ ^/plugins/ { + expires 1y; + more_set_headers "Cache-Control : public,immutable"; + } + + # cache emojis + location ~ /images/emoji/ { + expires 1y; + more_set_headers "Cache-Control : public,immutable"; + } + + location ~ ^/uploads/ { + + # NOTE: it is really annoying that we can't just define headers + # at the top level and inherit. + # + # proxy_set_header DOES NOT inherit, by design, we must repeat it, + # otherwise headers are not set correctly + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Request-Start "t=${msec}"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Sendfile-Type X-Accel-Redirect; + proxy_set_header X-Accel-Mapping __INSTALL_DIR__/public/=/downloads/; + expires 1y; + more_set_headers "Cache-Control : public,immutable"; + + ## optional upload anti-hotlinking rules + #valid_referers none blocked mysite.com *.mysite.com; + #if ($invalid_referer) { return 403; } + + # custom CSS + location ~ /stylesheet-cache/ { + try_files $uri =404; + } + # this allows us to bypass rails + location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff|svg|ico|webp)$ { + try_files $uri =404; + } + # thumbnails & optimized images + location ~ /_?optimized/ { + try_files $uri =404; + } + + proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock; + break; + } + + location ~ ^/admin/backups/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Request-Start "t=${msec}"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Sendfile-Type X-Accel-Redirect; + proxy_set_header X-Accel-Mapping __INSTALL_DIR__/public/=/downloads/; + proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock; + break; + } + + # This big block is needed so we can selectively enable + # acceleration for backups and avatars + # see note about repetition above + location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied|service-worker) { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Request-Start "t=${msec}"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + # if Set-Cookie is in the response nothing gets cached + # this is double bad cause we are not passing last modified in + proxy_ignore_headers "Set-Cookie"; + proxy_hide_header "Set-Cookie"; + + # note x-accel-redirect can not be used with proxy_cache +# proxy_cache one; + proxy_cache_valid 200 301 302 7d; + proxy_cache_valid any 1m; + proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock; + break; + } + +# location /letter_avatar_proxy/ { +# # Don't send any client headers to the avatars service +# proxy_method GET; +# proxy_pass_request_headers off; +# proxy_pass_request_body off; +# +# # Don't let cookies interrupt caching, and don't pass them to the +# # client +# proxy_ignore_headers "Set-Cookie"; +# proxy_hide_header "Set-Cookie"; +# +# proxy_cache one; +# proxy_cache_key $uri; +# proxy_cache_valid 200 7d; +# proxy_cache_valid 404 1m; +# proxy_set_header Connection ""; +# +# proxy_pass https://avatars.discourse.org/; +# break; +# } + + # we need buffering off for message bus + location __PATH__/message-bus/ { + proxy_set_header X-Request-Start "t=${msec}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_http_version 1.1; + proxy_buffering off; + proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock; + break; + } + + # this means every file in public is tried first + try_files $uri @__NAME__; + } + + location __PATH__/downloads/ { + internal; + alias __INSTALL_DIR__/public/ ; + } + + location @__NAME__ { + more_set_headers "Referrer-Policy : no-referrer-when-downgrade"; + proxy_set_header Host $host; + proxy_set_header X-Request-Start "t=${msec}"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://unix:__INSTALL_DIR__/tmp/sockets/unicorn.sock; +} diff --git a/conf/provisioning.sql b/conf/provisioning.sql new file mode 100644 index 0000000..4de1098 --- /dev/null +++ b/conf/provisioning.sql @@ -0,0 +1,12 @@ +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('title', 1, 'YunoHost Forum', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_description', 1, 'YunoHost Forum', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_email', 14, '__ADMIN_MAIL__', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_url', 1, '__DOMAIN____PATH__', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_contact_username', 15, '__ADMIN__', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_url', 1, '__RELATIVE_URL_ROOT__/images/d-logo-sketch.png', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('long_polling_base_url', 1, '__RELATIVE_URL_ROOT__/', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_small_url', 1, '__RELATIVE_URL_ROOT__/images/d-logo-sketch-small.png', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('favicon_url', 1, '__RELATIVE_URL_ROOT__/images/default-favicon.ico', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('apple_touch_icon_url', 1, '__RELATIVE_URL_ROOT__/images/default-apple-touch-icon.png', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('wizard_enabled', 5, 'f', 'NOW()', 'NOW()'); +INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('force_https', 5, 't', 'NOW()', 'NOW()'); diff --git a/conf/systemd.service b/conf/systemd.service index 6af31d1..d233091 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -8,14 +8,14 @@ After=postgresql.service [Service] User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__ +WorkingDirectory=__INSTALL_DIR__ Environment=__ADDITIONAL_ENV__ Environment=RAILS_ENV=production Environment=UNICORN_SIDEKIQS=1 Environment=LD_PRELOAD=__LIBJEMALLOC__ -Environment=UNICORN_LISTENER=__FINALPATH__/tmp/sockets/unicorn.sock +Environment=UNICORN_LISTENER=__INSTALL_DIR__/tmp/sockets/unicorn.sock Environment="__YNH_RUBY_LOAD_PATH__" -ExecStart=__FINALPATH__/bin/bundle exec unicorn --config config/unicorn.conf.rb -E production +ExecStart=__INSTALL_DIR__/bin/bundle exec unicorn --config config/unicorn.conf.rb -E production Restart=always RestartSec=10 diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..b5d7907 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,56 @@ +## Configuration + +Use the admin panel of your Discourse to configure this app. + +### Configuring "Reply-By-Email" + +* You should create a dedicated Yunohost user for Discourse whose mailbox will be used by the Discourse application. You can do this with `yunohost user create response`, for example. You should ensure that the email address is configured to be on your Discourse domain. + +* You should then configure your Discourse `/var/www/discourse/config/discourse.conf` file with the correct SMTP configuration values. Please see [this comment](https://github.com/YunoHost-Apps/discourse_ynh/issues/2#issuecomment-409510325) for an explanation of what values to change. Please be aware, when you update the application, you will have to re-apply this configuration. + +* You must enable the Pop3 configuration for Dovecot. See [this thread](https://forum.yunohost.org/t/how-to-enable-pop3-in-yunohost/1662/2) on how to do that. You can validate your configuration with `systemctl restart dovecot && dovecot -n`. Don't forget to open the ports you need (`995` is the default). You can validate that with `nmap -p 995 yunohostdomain.org`. + +* You should then configure the Pop3 polling in the Discourse admin interface. Please see [this comment](https://meta.discourse.org/t/set-up-reply-via-email-support/14003) for how to do so. You will need to follow step 5 in that comment. You can specify your main Yunohost domain for the `pop3_polling_host`. + +You should now be able to start testing. Try using the `/admin/email` "Send Test Email" and then view the "Sent" or "Skipped" etc. tabs. You should see a report on what happened with the email. You may also want to look in `/var/www/discourse/log/production.log` as well as `/var/www/mail.err`. You should perhaps also use [Rainloop](https://github.com/YunoHost-Apps/rainloop_ynh) or another Yunohost email client application to quickly test that both your user and the dedicated Yunohost Discourse user (`response@...`) is receiving mail. + +### "Reply-By-Email" and mail forwarding + +If you use the administration UI in YunoHost to setup a mail forwarding address for your users then you may face the problem whereby your users are replying by email from the forwarded email address and the Discourse software is not able to understand how to receive that email. + +For example, your user has email address `foo@myyunohostdomain.org` and all mail is forwarded to `foo@theirexternalmail.com`. Discourse receives replies from `foo@theirexternalmail.com` but cannot understand how to deliver this to the user account with `foo@myyunohostdomain.org` configured. + +Their is on-going work to allow for [multiple email addresses for one user](https://meta.discourse.org/t/additional-email-address-per-user-account-support/59847) in Discourse development but at current major version (2.3 as of 2019-08-06), there is no web interface for this functionality. It is possible to set it up via the command-line interface but it is **experimental** and you should not undertake this work unless you take some time to understand what it is you are going to do. + +Here's how to setup a secondary mail address for a user account: + +```bash +cd /var/www/discourse +RAILS_ENV=production /opt/rbenv/versions/2.7.1/bin/bundle exec rails c +UserEmail.create!(user: User.find_by_username("foo"), email: "foo@theirexternalmail.com") +``` + +### LDAP integration + +* LDAP integration: on the login pop-up, you can choose "Login with LDAP" and use your YunoHost credentials + +![Login Popup](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/login.png) + +Default administrator and YunoHost users must login using LDAP: +* click on the "with LDAP" button +* use your YunoHost credentials + +When disabling Local Login and other authentication services, clicking the `Login` or `Sign Up` button will directly bring up the LDAP Login popup. + +![Disable Local](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/disable_local.png) + +![LDAP Login Popup](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/ldap_popup.png) + +### Installing plugins + +```bash +cd /var/www/discourse +sudo -i -u discourse RAILS_ENV=production bin/rake --trace plugin:install repo=https://github.com/discourse/discourse-solved (for example) +sudo -i -u discourse RAILS_ENV=production bin/rake --trace assets:precompile +systemctl restart discourse +``` diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..acf2eb5 --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1,53 @@ +### Configuration de "Répondre par e-mail" + +* Vous devez créer un utilisateur Yunohost dédié pour Discourse dont la boîte aux lettres sera utilisée par l'application Discourse. Vous pouvez le faire avec `yunohost user create response`, par exemple. Vous devez vous assurer que l'adresse e-mail est configurée pour être sur votre domaine Discourse. + +* Vous devez ensuite configurer votre fichier Discourse `/var/www/discourse/config/discourse.conf` avec les valeurs de configuration SMTP correctes. Veuillez consulter [ce commentaire](https://github.com/YunoHost-Apps/discourse_ynh/issues/2#issuecomment-409510325) pour une explication des valeurs à modifier. Attention, lors de la mise à jour de l'application, vous devrez réappliquer cette configuration. + +* Vous devez activer la configuration Pop3 pour Dovecot. Voir [ce fil](https://forum.yunohost.org/t/how-to-enable-pop3-in-yunohost/1662/2) pour savoir comment procéder. Vous pouvez valider votre configuration avec `systemctl restart dovecot && dovecot -n`. N'oubliez pas d'ouvrir les ports dont vous avez besoin ('995' est la valeur par défaut). Vous pouvez valider cela avec `nmap -p 995 yunohostdomain.org`. + +* Vous devez ensuite configurer le sondage Pop3 dans l'interface d'administration de Discourse. Veuillez consulter [ce commentaire](https://meta.discourse.org/t/set-up-reply-via-email-support/14003) pour savoir comment procéder. Vous devrez suivre l'étape 5 de ce commentaire. Vous pouvez spécifier votre domaine Yunohost principal pour le `pop3_polling_host`. + +Vous devriez maintenant pouvoir commencer à tester. Essayez d'utiliser le `/admin/email` « Envoyer un e-mail de test », puis affichez les onglets « Envoyé » ou « Ignoré », etc. Vous devriez voir un rapport sur ce qui s'est passé avec l'e-mail. Vous pouvez également regarder dans `/var/www/discourse/log/production.log` ainsi que `/var/www/mail.err`. Vous devriez peut-être également utiliser [Rainloop](https://github.com/YunoHost-Apps/rainloop_ynh) ou une autre application client de messagerie Yunohost pour tester rapidement que votre utilisateur et l'utilisateur dédié Yunohost Discourse (`response@...` ) reçoit du courrier. + +### "Réponse par e-mail" et transfert de courrier + +Si vous utilisez l'interface utilisateur d'administration de YunoHost pour configurer une adresse de transfert de courrier pour vos utilisateurs, vous risquez de rencontrer le problème selon lequel vos utilisateurs répondent par e-mail à partir de l'adresse e-mail transférée et le logiciel Discourse n'est pas capable de comprendre comment recevoir cet e-mail. + +Par exemple, votre utilisateur a l'adresse e-mail "foo@myyunohostdomain.org" et tout le courrier est transféré à "foo@theirexternalmail.com". Discourse reçoit des réponses de `foo@theirexternalmail.com` mais ne peut pas comprendre comment les envoyer au compte utilisateur avec `foo@myyunohostdomain.org` configuré. + +Leur travail est en cours pour permettre [plusieurs adresses e-mail pour un utilisateur](https://meta.discourse.org/t/additional-email-address-per-user-account-support/59847) dans le développement de discours mais dans la version majeure actuelle (2.3 au 06-08-2019), il n'y a pas d'interface Web pour cette fonctionnalité. Il est possible de le configurer via l'interface de ligne de commande mais c'est **expérimental** et vous ne devriez pas entreprendre ce travail à moins de prendre le temps de comprendre ce que vous allez faire. + +Voici comment configurer une adresse e-mail secondaire pour un compte utilisateur : + +```bash +cd /var/www/discours +RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails c +UserEmail.create!(user: User.find_by_username("foo"), email: "foo@theirexternalmail.com") +``` + +### Intégration LDAP + +* dans la pop-up de connexion, vous pouvez choisir "Se connecter avec LDAP" et utiliser vos identifiants YunoHost + +![Login Popup](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/login.png) + +L'administrateur par défaut et les utilisateurs YunoHost doivent se connecter via LDAP : + +* cliquez sur le bouton "avec LDAP" +* utilisez vos identifiants YunoHost + +Lors de la désactivation de la connexion locale et d'autres services d'authentification, cliquez sur le bouton « Connexion » ou « Inscription » pour afficher directement la fenêtre contextuelle de connexion LDAP. + +![Désactiver Local](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/disable_local.png) + +![Popup de connexion LDAP](https://raw.githubusercontent.com/jonmbake/screenshots/master/discourse-ldap-auth/ldap_popup.png) + +### Installer des plugins + +```bash +cd /var/www/discourse +sudo -i -u discourse RAILS_ENV=production bin/rake --trace plugin:install repo=https://github.com/discourse/discourse-solved (for example) +sudo -i -u discourse RAILS_ENV=production bin/rake --trace assets:precompile +systemctl restart discourse +``` diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 29dd95c..55ed412 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1 +1,7 @@ -Discourse is modern forum software for your community. Use it as a mailing list, discussion forum, long-form chat room, and more! \ No newline at end of file +[Discourse](http://www.discourse.org) is the 100% open source discussion platform built for the next decade of the Internet. Use it as a: + +- mailing list +- discussion forum +- long-form chat room + +To learn more about the philosophy and goals of the project, [visit **discourse.org**](http://www.discourse.org). diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index d901451..8c2208c 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1 +1,7 @@ -Discourse est un logiciel de forum moderne pour votre communauté. Utilisez-le comme liste de diffusion, forum de discussion, salle de discussion longue durée, et plus encore ! \ No newline at end of file +[Discourse](http://www.discourse.org) est la plate-forme de discussion 100% open source conçue pour la prochaine décennie d'Internet. Utilisez-le comme : + +- liste de diffusion +- forum de discussion +- salle de discussion longue durée + +Pour en savoir plus sur la philosophie et les objectifs du projet, [visitez **discourse.org**](http://www.discourse.org). diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..ccef7a1 --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1,16 @@ +Attention: this package installs Discourse without Docker, for several reasons (mostly to support ARM architecture and low-profile servers, to mutualize nginx/postgresql/redis services and to simplify e-mail setup). +As stated by the Discourse team: +> The only officially supported installs of Discourse are [Docker](https://www.docker.io/) based. You must have SSH access to a 64-bit Linux server **with Docker support**. We regret that we cannot support any other methods of installation including cpanel, plesk, webmin, etc. +So please have this in mind when considering asking for Discourse support. + +Moreover, you should have in mind Discourse [hardware requirements](https://github.com/discourse/discourse/blob/master/docs/INSTALL.md#hardware-requirements): + +- modern single core CPU, dual core recommended +- 1 GB RAM minimum (with swap) +- 64 bit Linux compatible with Docker +- 10 GB disk space minimum + +Finally, if installing on a low-end ARM device (e.g. Raspberry Pi): + +- installation can last up to 3 hours, +- first access right after installation could take a couple of minutes. diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md new file mode 100644 index 0000000..cd08c2a --- /dev/null +++ b/doc/PRE_INSTALL_fr.md @@ -0,0 +1,16 @@ +Attention: ce package installe Discourse sans Docker, pour plusieurs raisons (principalement pour prendre en charge l'architecture ARM et les serveurs discrets, pour mutualiser les services nginx/postgresql/redis et pour simplifier la configuration de la messagerie). +Comme indiqué par l'équipe Discourse : +> Les seules installations officiellement prises en charge de Discourse sont basées sur [Docker](https://www.docker.io/). Vous devez avoir un accès SSH à un serveur Linux 64 bits **avec prise en charge Docker**. Nous regrettons de ne pouvoir prendre en charge aucune autre méthode d'installation, notamment cpanel, plesk, webmin, etc. +Veuillez donc avoir cela à l'esprit lorsque vous envisagez de demander de l'aide à Discourse. + +De plus, vous devriez avoir à l'esprit Discourse [exigences matérielles](https://github.com/discourse/discourse/blob/master/docs/INSTALL.md#hardware-requirements) : + +- CPU monocœur moderne, double cœur recommandé +- 1 Go de RAM minimum (avec swap) +- Linux 64 bits compatible avec Docker +- 10 Go d'espace disque minimum + +Enfin, si vous installez sur un appareil ARM bas de gamme (par exemple Raspberry Pi) : + +- l'installation peut durer jusqu'à 3 heures, +- le premier accès juste après l'installation peut prendre quelques minutes. diff --git a/manifest.json b/manifest.json deleted file mode 100644 index ee37eed..0000000 --- a/manifest.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "name": "Discourse", - "id": "discourse", - "packaging_format": 1, - "description": { - "en": "Discussion platform", - "fr": "Plateforme de discussion" - }, - "version": "2.8.14~ynh2", - "url": "http://Discourse.org", - "upstream": { - "license": "GPL-2.0", - "website": "http://Discourse.org", - "demo": "https://try.discourse.org", - "code": "https://github.com/discourse/discourse", - "cpe": "cpe:2.3:a:discourse:discourse" - }, - "license": "GPL-2.0", - "maintainer": { - "name": "JimboJoe", - "email": "jimmy@monin.net", - "url": "" - }, - "requirements": { - "yunohost": ">= 11.2.12" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/forum", - "default": "/forum" - }, - { - "name": "is_public", - "type": "boolean", - "default": true - }, - { - "name": "admin", - "type": "user" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..164f285 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,106 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json + +packaging_format = 2 + +id = "discourse" +name = "Discourse" +description.en = "Discussion platform" +description.fr = "Plateforme de discussion" + +version = "2.8.14~ynh2" + +maintainers = ["JimboJoe"] + +[upstream] +license = "GPL-2.0" +website = "http://Discourse.org" +demo = "https://try.discourse.org" +code = "https://github.com/discourse/discourse" +cpe = "cpe:2.3:a:discourse:discourse" + +[integration] +yunohost = ">=11.2.12" +architectures = "all" +multi_instance = true +ldap = true +sso = true + +disk = "50M" +ram.build = "50M" +ram.runtime = "1G" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/forum" + + [install.init_main_permission] + type = "group" + default = "visitors" + + [install.admin] + type = "user" + +[resources] + [resources.sources] + [resources.sources.ldap-auth] + url = "https://github.com/jonmbake/discourse-ldap-auth/archive/v0.6.0.tar.gz" + sha256 = "1f64f90f648f53b40608912221adb60d86c8c13856aaba68c645cd88279445d4" + + [resources.sources.main] + url = "https://github.com/discourse/discourse/archive/v2.8.14.tar.gz" + sha256 = "b4b9a2857515ab79b2bc71cc0bdd09f9bf749d506c095b76d86846c9adf62623" + + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + + [resources.apt] + packages = [ + "advancecomp", + "brotli", + "cmake", + "g++", + "gifsicle", + "imagemagick", + "jhead", + "jpegoptim", + "libapr1-dev", + "libcurl4-dev", + "libcurl4-openssl-dev", + "libjemalloc-dev", + "libjemalloc2", + "libjpeg-turbo-progs", + "libpq-dev", + "libreadline-dev", + "libssl-dev", + "libtcmalloc-minimal4", + "libunwind-dev", + "libxml2-dev", + "libxslt1-dev", + "libyaml-dev", + "optipng", + "pngcrush", + "pngquant", + "vim", + "zlib1g-dev", + + "postgresql", + "postgresql-client", + "postgresql-contrib", + "postgresql-server-dev-all", + ] + + extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main" + extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + extras.yarn.packages = "yarn" + + [resources.database] + type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index b9a1bbc..24b3ebe 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,15 +4,12 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -#pkg_dependencies="g++ libjemalloc1|libjemalloc2 libjemalloc-dev zlib1g-dev libreadline-dev libpq-dev libssl-dev libyaml-dev libcurl4-dev libapr1-dev libxslt1-dev libxml2-dev vim imagemagick postgresql postgresql-server-dev-all postgresql-contrib optipng jhead jpegoptim gifsicle brotli" -pkg_dependencies="postgresql postgresql-client postgresql-contrib imagemagick libjemalloc1|libjemalloc2" -build_pkg_dependencies="libcurl4-openssl-dev libyaml-dev libxml2-dev libpq-dev libreadline-dev brotli libunwind-dev libtcmalloc-minimal4 cmake pngcrush pngquant advancecomp jhead jpegoptim libjpeg-turbo-progs optipng" - ruby_version="3.0.0" nodejs_version="16" +libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" + #================================================= # PERSONAL HELPERS #================================================= @@ -58,82 +55,82 @@ check_memory_requirements_upgrade() { fi } -ynh_maintenance_mode_ON () { - # Load value of $path_url and $domain from the config if their not set - if [ -z $path_url ]; then - path_url=$(ynh_app_setting_get $app path) - fi - if [ -z $domain ]; then - domain=$(ynh_app_setting_get $app domain) - fi +# ynh_maintenance_mode_ON () { +# # Load value of $path and $domain from the config if their not set +# if [ -z $path ]; then +# #REMOVEME? path=$(ynh_app_setting_get $app path) +# fi +# if [ -z $domain ]; then +# #REMOVEME? domain=$(ynh_app_setting_get $app domain) +# fi - # Create an html to serve as maintenance notice - echo " - - - -Your app $app is currently under maintenance! - - - -

Your app $app is currently under maintenance!

-

This app has been put under maintenance by your administrator at $(date)

-

Please wait until the maintenance operation is done. This page will be reloaded as soon as your app will be back.

+# # Create an html to serve as maintenance notice +# echo " +# +# +# +# Your app $app is currently under maintenance! +# +# +# +#

Your app $app is currently under maintenance!

+#

This app has been put under maintenance by your administrator at $(date)

+#

Please wait until the maintenance operation is done. This page will be reloaded as soon as your app will be back.

- -" > "/var/www/html/maintenance.$app.html" +# +# " > "/var/www/html/maintenance.$app.html" - # Create a new nginx config file to redirect all access to the app to the maintenance notice instead. - echo "# All request to the app will be redirected to ${path_url}_maintenance and fall on the maintenance notice -rewrite ^${path_url}/(.*)$ ${path_url}_maintenance/? redirect; -# Use another location, to not be in conflict with the original config file -location ${path_url}_maintenance/ { -alias /var/www/html/ ; +# # Create a new nginx config file to redirect all access to the app to the maintenance notice instead. +# echo "# All request to the app will be redirected to ${path}_maintenance and fall on the maintenance notice +# rewrite ^${path}/(.*)$ ${path}_maintenance/? redirect; +# # Use another location, to not be in conflict with the original config file +# location ${path}_maintenance/ { +# alias /var/www/html/ ; -try_files maintenance.$app.html =503; +# try_files maintenance.$app.html =503; -# Include SSOWAT user panel. -include conf.d/yunohost_panel.conf.inc; -}" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf" +# # Include SSOWAT user panel. +# include conf.d/yunohost_panel.conf.inc; +# }" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf" - # The current config file will redirect all requests to the root of the app. - # To keep the full path, we can use the following rewrite rule: - # rewrite ^${path_url}/(.*)$ ${path_url}_maintenance/\$1? redirect; - # The difference will be in the $1 at the end, which keep the following queries. - # But, if it works perfectly for a html request, there's an issue with any php files. - # This files are treated as simple files, and will be downloaded by the browser. - # Would be really be nice to be able to fix that issue. So that, when the page is reloaded after the maintenance, the user will be redirected to the real page he was. +# # The current config file will redirect all requests to the root of the app. +# # To keep the full path, we can use the following rewrite rule: +# # rewrite ^${path}/(.*)$ ${path}_maintenance/\$1? redirect; +# # The difference will be in the $1 at the end, which keep the following queries. +# # But, if it works perfectly for a html request, there's an issue with any php files. +# # This files are treated as simple files, and will be downloaded by the browser. +# # Would be really be nice to be able to fix that issue. So that, when the page is reloaded after the maintenance, the user will be redirected to the real page he was. - systemctl reload nginx -} +# systemctl reload nginx +# } -ynh_maintenance_mode_OFF () { - # Load value of $path_url and $domain from the config if their not set - if [ -z $path_url ]; then - path_url=$(ynh_app_setting_get $app path) - fi - if [ -z $domain ]; then - domain=$(ynh_app_setting_get $app domain) - fi +# ynh_maintenance_mode_OFF () { +# # Load value of $path and $domain from the config if their not set +# if [ -z $path ]; then +# #REMOVEME? path=$(ynh_app_setting_get $app path) +# fi +# if [ -z $domain ]; then +# #REMOVEME? domain=$(ynh_app_setting_get $app domain) +# fi - # Rewrite the nginx config file to redirect from ${path_url}_maintenance to the real url of the app. - echo "rewrite ^${path_url}_maintenance/(.*)$ ${path_url}/\$1 redirect;" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf" - systemctl reload nginx +# # Rewrite the nginx config file to redirect from ${path}_maintenance to the real url of the app. +# echo "rewrite ^${path}_maintenance/(.*)$ ${path}/\$1 redirect;" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf" +# systemctl reload nginx - # Sleep 4 seconds to let the browser reload the pages and redirect the user to the app. - sleep 4 +# # Sleep 4 seconds to let the browser reload the pages and redirect the user to the app. +# sleep 4 - # Then remove the temporary files used for the maintenance. - rm "/var/www/html/maintenance.$app.html" - rm "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf" +# # Then remove the temporary files used for the maintenance. +# rm "/var/www/html/maintenance.$app.html" +# rm "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf" - systemctl reload nginx -} +# systemctl reload nginx +# } #================================================= # EXPERIMENTAL HELPERS @@ -142,7 +139,3 @@ ynh_maintenance_mode_OFF () { #================================================= # FUTURE OFFICIAL HELPERS #================================================= - -#================================================= -# RUBY HELPER -#================================================= diff --git a/scripts/backup b/scripts/backup index 37a5e95..74cc404 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,27 +8,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -40,26 +17,16 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= -# BACKUP THE NGINX CONFIGURATION +# BACKUP THE SYSTEM CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# SPECIFIC BACKUP -#================================================= -# BACKUP LOGROTATE -#================================================= - ynh_backup --src_path="/etc/logrotate.d/$app" -#================================================= -# BACKUP SYSTEMD -#================================================= - ynh_backup --src_path="/etc/systemd/system/$app.service" #================================================= diff --git a/scripts/change_url b/scripts/change_url index 0da2928..f693d23 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC STARTING #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -9,72 +7,10 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -# Add settings here as needed by your application -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -unicorn_workers=$(ynh_app_setting_get --app=$app --key=unicorn_workers) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - -#================================================= -# STANDARD MODIFICATIONS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." +ynh_script_progression --message="Stopping $app's systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" @@ -83,43 +19,18 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf +ynh_change_url_nginx_config -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config - # Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191 - if [ "$path_url" != "/" ] ; then - ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" - fi - ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi - -#================================================= -# SPECIFIC MODIFICATIONS #================================================= # UPDATE A CONFIG FILE #================================================= ynh_script_progression --message="Updating a config file..." -discourse_config_file="$final_path/config/discourse.conf" +discourse_config_file="$install_dir/config/discourse.conf" + +old_relative_url_root="${old_path%/}" +new_relative_url_root="${new_path%/}" + # Configure hostname ynh_replace_string --match_string="hostname = .*" --replace_string="hostname = \"$new_domain\"" --target_file="$discourse_config_file" ynh_replace_string --match_string="relative_url_root = .*" --replace_string="relative_url_root = ${new_path%/}" --target_file="$discourse_config_file" @@ -129,36 +40,28 @@ ynh_replace_string --match_string="smtp_domain = .*" --replace_string="smtp_doma ynh_store_file_checksum --file="$discourse_config_file" # Change URL setting -ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name <<< "UPDATE site_settings SET value = replace(value, '${old_path%/}/images/', '${new_path%/}/images/'); +ynh_psql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \ + <<< "UPDATE site_settings SET value = replace(value, '$old_relative_url_root/images/', '$new_relative_url_root/images/'); UPDATE site_settings SET value = '${new_path}' WHERE name='long_polling_base_url';" ynh_use_ruby # Remap URLs in forum posts -ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec script/discourse remap ${old_path%/}/uploads ${new_path%/}/uploads <<< "YES +ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec script/discourse remap "$old_relative_url_root/uploads" "$new_relative_url_root/uploads" <<< "YES # " # Regenerate assets -ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/rake assets:precompile +ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/rake assets:precompile # Regenerate all forum posts -ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/rake posts:rebake +ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/rake posts:rebake -#================================================= -# GENERIC FINALISATION #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." +ynh_script_progression --message="Starting $app's systemd service..." # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name="$app" --action="start" --log_path="$install_dir/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index d2a5c84..0fb0d7a 100644 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -9,88 +7,54 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -is_public=$YNH_APP_ARG_IS_PUBLIC -admin=$YNH_APP_ARG_ADMIN - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - : -else - # Check memory requirements - check_memory_requirements +if [ "${PACKAGE_CHECK_EXEC:-0}" -ne 1 ]; then + # Check memory requirements + check_memory_requirements fi #================================================= -# STORE SETTINGS FROM MANIFEST +# INITIALIZE AND STORE SETTINGS #================================================= -ynh_script_progression --message="Storing installation settings..." -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin +relative_url_root=${path%/} + +# Create a random password +admin_pwd=$(ynh_string_random) +admin_mail=$(ynh_user_get_info --username=$admin --key=mail) + +redis_db=$(ynh_redis_get_free_db) +ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db" + +# Set a secret value +secret="$(ynh_string_random)" + +# We assume for the moment that ARM devices are only dual core, so +# we restrict the number of workers to 2 (the default is 3) +if dpkg --print-architecture | grep -q "arm"; then + unicorn_workers=2 +else + unicorn_workers=3 +fi +ynh_app_setting_set --app="$app" --key=unicorn_workers --value=$unicorn_workers -#================================================= -# STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." +ynh_script_progression --message="Installing Ruby..." +ynh_exec_warn_less ynh_install_ruby --ruby_version="$ruby_version" +ynh_use_ruby -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_script_progression --message="Installing NodeJS..." ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= -# CREATE DEDICATED USER +# CONFIGURE A POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Configuring system user..." +ynh_script_progression --message="Configuring $app's PostgreSQL database..." -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell - -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." - -db_name=$(ynh_sanitize_dbid --db_name=$app) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name # Set extensions -ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS hstore;" --database=$db_name -ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) +ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS hstore;" +ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -98,102 +62,85 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) ynh_script_progression --message="Setting up source files..." # Specific actions on ARM architecture -if [ -n "$(uname -m | grep arm)" ] ; then - # Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM - # compatibility by pointing to a recent libv8 version - # This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261) - # that prevents it from being compiled on ARM hence no binary gem is available yet - cp ../sources/patches_arm/* ../sources/patches +if dpkg --print-architecture | grep -q "arm"; then + # Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM + # compatibility by pointing to a recent libv8 version + # This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261) + # that prevents it from being compiled on ARM hence no binary gem is available yet + cp ../sources/patches_arm/* ../sources/patches fi -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$install_dir" # Install LDAP plugin -mkdir -p "$final_path/plugins/discourse-ldap-auth" -ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth +ynh_setup_source --source_id=ldap-auth --dest_dir="$install_dir/plugins/discourse-ldap-auth" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +# Add a pids and socket directory for the systemd script. +mkdir -p "$install_dir/tmp/pids" +mkdir -p "$install_dir/tmp/sockets" +mkdir -p "$install_dir/public/forum" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring NGINX web server..." +# Create specific folders and links for subfolder compatibility +# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507) +ln -s "$install_dir/public/uploads" "$install_dir/public/forum/uploads" +ln -s "$install_dir/public/backups" "$install_dir/public/forum/backups" -# Create a dedicated NGINX config -ynh_add_nginx_config +chmod -R o-rwx "$install_dir" +chown -R "$app:www-data" "$install_dir" -# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191 -if [ "$path_url" != "/" ] ; then - ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" -fi -ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# SPECIFIC SETUP #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." +ynh_script_progression --message="Adding $app's configuration file..." -admin_mail=$(ynh_user_get_info --username=$admin --key=mail) -redis_db=$(ynh_redis_get_free_db) -ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db" -relative_url_root=${path_url%/} - -ynh_add_config --template="../conf/discourse_defaults.conf" --destination="$final_path/config/discourse.conf" - -ynh_add_config --template="../conf/settings.yml" --destination="$final_path/plugins/discourse-ldap-auth/config/settings.yml" +ynh_add_config --template="discourse_defaults.conf" --destination="$install_dir/config/discourse.conf" +ynh_add_config --template="secrets.yml" --destination="$install_dir/config/secrets.yml" +ynh_add_config --template="settings.yml" --destination="$install_dir/plugins/discourse-ldap-auth/config/settings.yml" # Disable svgo worker -echo "svgo: false" > $final_path/.image_optim.yml +echo "svgo: false" | ynh_exec_as "$app" tee "$install_dir/.image_optim.yml" >/dev/null #================================================= # SETUP UNICORN, A RUBY SERVER #================================================= ynh_script_progression --message="Setting up Unicorn..." -# Set a secret value -secret="$(ynh_string_random)" -ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml" - -pushd "$final_path" - ynh_use_ruby - # Install bundler, a gems installer - ynh_gem install bundler - # Install without documentation - ynh_exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc" +pushd "$install_dir" + # Install bundler, a gems installer + ynh_gem install bundler + # Install without documentation + echo "gem: --no-ri --no-rdoc" | ynh_exec_as "$app" tee "$install_dir/.gemrc" >/dev/null popd # Specific actions on ARM architecture -if [ -n "$(uname -m | grep arm)" ] ; then - # Define the platform specifically to retrieve binaries - # for libv8 because it currently doesn't compile on ARM devices - ynh_exec_as $app --login bin/bundle config specific_platform arm-linux +if dpkg --print-architecture | grep -q "arm"; then + # Define the platform specifically to retrieve binaries + # for libv8 because it currently doesn't compile on ARM devices + ynh_exec_as "$app" --login bin/bundle config specific_platform arm-linux fi # Install dependencies -ynh_exec_as $app --login bin/bundle config set path 'vendor/bundle' -ynh_exec_as $app --login bin/bundle config set with 'development' -ynh_exec_as $app --login MAKEFLAGS=-j2 bin/bundle install --jobs 2 +ynh_exec_as "$app" --login bin/bundle config set path 'vendor/bundle' +ynh_exec_as "$app" --login bin/bundle config set with 'development' +ynh_exec_as "$app" --login MAKEFLAGS=-j2 bin/bundle install --jobs 2 # On ARM architecture, replace bundled libpsl by system native libpsl # because the provided binary isn't compatible -if [ -n "$(uname -m | grep arm)" ] ; then - (cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor - rm libpsl.so - ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so) +if dpkg --print-architecture | grep -q "arm"; then + ( + cd "$install_dir/vendor/bundle/ruby"/*/"gems/mini_suffix-*/vendor" + rm libpsl.so + ln -s "$(ldconfig -p | grep libpsl | awk 'END {print $NF}')" libpsl.so + ) fi -pushd "$final_path" - ynh_use_nodejs - ynh_npm install --location=global terser - ynh_npm install --location=global uglify-js - ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --production --frozen-lockfile - ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn cache clean +pushd "$install_dir" + ynh_use_nodejs + ynh_npm install --location=global terser + ynh_npm install --location=global uglify-js + ynh_exec_warn_less ynh_exec_as "$app" "$ynh_node_load_PATH" yarn install --production --frozen-lockfile + ynh_exec_warn_less ynh_exec_as "$app" "$ynh_node_load_PATH" yarn cache clean popd #================================================= @@ -201,40 +148,20 @@ popd #================================================= ynh_script_progression --message="Preparing the database..." -ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake db:migrate -ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile +ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec rake db:migrate +ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove - -#================================================= -# POPULATE THE DATABASE -#================================================= -ynh_script_progression --message="Populating the database..." - -#Set default data (especially to have correct image URLs for subfolder install) -ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name <<< "INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('title', 1, 'YunoHost Forum', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_description', 1, 'YunoHost Forum', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_email', 14, '$admin_mail', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_url', 1, '$domain$path_url', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_contact_username', 15, '$admin', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_url', 1, '${path_url%/}/images/d-logo-sketch.png', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('long_polling_base_url', 1, '${path_url%/}/', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_small_url', 1, '${path_url%/}/images/d-logo-sketch-small.png', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('favicon_url', 1, '${path_url%/}/images/default-favicon.ico', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('apple_touch_icon_url', 1, '${path_url%/}/images/default-apple-touch-icon.png', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('wizard_enabled', 5, 'f', 'NOW()', 'NOW()'); -INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('force_https', 5, 't', 'NOW()', 'NOW()'); -" +# Set default data (especially to have correct image URLs for subfolder install) +ynh_add_config --template="provisioning.sql" --destination="$install_dir/provisioning.sql" +ynh_psql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < "$install_dir/provisioning.sql" +ynh_secure_remove --file="$install_dir/provisioning.sql" #================================================= # CREATE DISCOURSE ADMIN USER #================================================= ynh_script_progression --message="Creating Discourse admin user..." -# Create a random password -admin_pwd=$(ynh_string_random) -ynh_exec_as $app --login RAILS_ENV=production bin/rake admin:create <<< "$admin_mail +ynh_exec_as "$app" --login RAILS_ENV=production bin/rake admin:create <<< "$admin_mail $admin_pwd $admin_pwd y @@ -248,94 +175,41 @@ ynh_script_progression --message="Configuring plugins..." # Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder # (Can only do that now because we are patching dependencies which have just been downloaded) # Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16 -(cd $final_path/plugins/discourse-ldap-auth/gems/${ruby_version}/gems/omniauth-ldap*/ -patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch) +patch -p1 -d "$install_dir/plugins/discourse-ldap-auth/gems/$ruby_version/gems/omniauth-ldap*/" \ + < "../conf/ldap-auth-fix-subfolder.patch" #================================================= -# SETUP SYSTEMD +# SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring a systemd service..." +ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -# We assume for the moment that ARM devices are only dual core, so -# we restrict the number of workers to 2 (the default is 3) -if [ -n "$(uname -m | grep arm)" ] ; then - additional_env="UNICORN_WORKERS=2" - unicorn_workers=2 -else - additional_env="" - unicorn_workers=3 +# Create a dedicated NGINX config +ynh_add_nginx_config +# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191 +if [ "$path" != "/" ] ; then + ynh_replace_string --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" \ + --match_string='$proxy_add_x_forwarded_for' \ + --replace_string='$http_your_original_ip_header' fi -ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers -libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" +ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" + +additional_env="UNICORN_WORKERS=$unicorn_workers" ynh_add_systemd_config +yunohost service add "$app" --log "$install_dir/log/unicorn.stderr.log" "$install_dir/log/unicorn.stdout.log" "$install_dir/log/production.log" -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Add a pids and socket directory for the systemd script. -mkdir -p "$final_path/tmp/pids" -mkdir "$final_path/tmp/sockets" - -# Create specific folders and links for subfolder compatibility -# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507) -( -cd $final_path -mkdir -p "public/forum" -cd public/forum && ln -s ../uploads && ln -s ../backups -) - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log" -ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log" -ynh_use_logrotate --logfile="$final_path/log/production.log" - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log" +ynh_use_logrotate --logfile="$install_dir/log/unicorn.stderr.log" +ynh_use_logrotate --logfile="$install_dir/log/unicorn.stdout.log" +ynh_use_logrotate --logfile="$install_dir/log/production.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." +ynh_script_progression --message="Starting $app's systemd service..." # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name="$app" --action="start" --log_path="$install_dir/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 1d5f13c..54c4268 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,54 +8,23 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) - -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST +# REMOVE SYSTEM CONFIGURATIONS #================================================= +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null -then - ynh_script_progression --message="Removing $app service integration..." - yunohost service remove $app +if ynh_exec_warn_less yunohost service status "$app" >/dev/null; then + yunohost service remove "$app" fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." - # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." - # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user="$db_user" --db_name="$db_name" +# Remove the dedicated NGINX config +ynh_remove_nginx_config #================================================= # REMOVE THE REDIS DATABASE @@ -66,42 +33,15 @@ ynh_script_progression --message="Removing the redis database..." ynh_redis_remove_db "$redis_db" -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." - -# Remove the dedicated NGINX config -ynh_remove_nginx_config - #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing dependencies..." - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies +ynh_script_progression --message="Removing NodeJS..." ynh_remove_nodejs + +ynh_script_progression --message="Removing Ruby..." ynh_remove_ruby -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index e346337..aa3ffee 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,151 +8,69 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - : -else - # Check memory requirements - check_memory_requirements +if [ "${PACKAGE_CHECK_EXEC:-0}" -ne 1 ]; then + # Check memory requirements + check_memory_requirements fi #================================================= -# STANDARD RESTORATION STEPS +# INSTALL DEPENDENCIES #================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." +ynh_script_progression --message="Reinstalling Ruby..." +ynh_exec_warn_less ynh_install_ruby --ruby_version="$ruby_version" +ynh_use_ruby -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell +ynh_script_progression --message="Reinstalling NodeJS..." +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." - -# Define and install dependencies -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version - -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +chmod -R o-rwx "$install_dir" +chown -R "$app:www-data" "$install_dir" #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Restoring the PostgreSQL database..." +ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 -ynh_psql_test_if_first_run -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd -ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS hstore;" --database=$db_name -ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database=$db_name -ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" +ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS hstore;" +ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" + +ynh_psql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql #================================================= # REINSTALL BUNDLE GEM #================================================= ynh_script_progression --message="Reinstall Bundle Gem..." -pushd "$final_path" - ynh_use_ruby - ynh_gem install bundler +pushd "$install_dir" + ynh_gem install bundler popd -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove +#================================================= +# RESTORE SYSTEM CONFIGURATIONS +#================================================= +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet - -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." +systemctl enable "$app.service" --quiet +yunohost service add "$app" --log "$install_dir/log/unicorn.stderr.log" "$install_dir/log/unicorn.stdout.log" "$install_dir/log/production.log" ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= -# INTEGRATE SERVICE IN YUNOHOST +# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." +ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log" - -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." - -if [ -n "$(uname -m | grep arm)" ] ; then - unicorn_workers=2 -else - unicorn_workers=3 -fi -ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers -ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." +ynh_systemd_action --service_name="$app" --action="start" --log_path="$install_dir/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index bab4c14..0c4ac6d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -9,51 +7,18 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -admin=$(ynh_app_setting_get --app=$app --key=admin) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) -unicorn_workers=$(ynh_app_setting_get --app=$app --key=unicorn_workers) - -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - : -else - # Check memory requirements - check_memory_requirements_upgrade +if [ "${PACKAGE_CHECK_EXEC:-0}" -ne 1 ]; then + # Check memory requirements + check_memory_requirements fi #================================================= -# CHECK VERSION +# INITIALIZE AND STORE SETTINGS #================================================= -ynh_script_progression --message="Checking version..." -upgrade_type=$(ynh_check_app_version_changed) - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +admin_mail=$(ynh_user_get_info --username=$admin --key=mail) +relative_url_root=${path%/} +secret="$(ynh_string_random)" #================================================= # ENABLE MAINTENANCE MODE @@ -62,14 +27,12 @@ ynh_script_progression --message="Enabling maintenance mode..." ynh_maintenance_mode_ON -#================================================= -# STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/log/unicorn.stderr.log" +ynh_systemd_action --service_name="$app" --action="stop" --log_path="$install_dir/log/unicorn.stderr.log" #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -77,309 +40,184 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/l ynh_script_progression --message="Ensuring downward compatibility..." # If unicorn_workers doesn't exist, create it -if [ -z "$unicorn_workers" ] -then - # We assume for the moment that ARM devices are only dual core, so - # we restrict the number of workers to 2 (the default is 3) - if [ -n "$(uname -m | grep arm)" ] - then - unicorn_workers=2 - else - unicorn_workers=3 - fi - ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers -fi - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public +if [ -z "$unicorn_workers" ]; then + # We assume for the moment that ARM devices are only dual core, so + # we restrict the number of workers to 2 (the default is 3) + if dpkg --print-architecture | grep -q "arm"; then + unicorn_workers=2 + else + unicorn_workers=3 + fi + ynh_app_setting_set --app="$app" --key="unicorn_workers" --value="$unicorn_workers" fi #================================================= -# CREATE DEDICATED USER +# UPGRADING DEPENDENCIES #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." +ynh_script_progression --message="Upgrading Ruby..." +ynh_exec_warn_less ynh_install_ruby --ruby_version="$ruby_version" +ynh_use_ruby -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell +ynh_script_progression --message="Upgrading NodeJS..." +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Upgrading source files..." -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." - - # Specific actions on ARM architecture - if [ -n "$(uname -m | grep arm)" ] ; then - # Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM - # compatibility by pointing to a recent libv8 version - # This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261) - # that prevents it from being compiled on ARM hence no binary gem is available yet - cp ../sources/patches_arm/* ../sources/patches - fi - - # Backup files to keep - tmpdir=$(mktemp -d) - cp -Rp $final_path/plugins $final_path/config/discourse.conf $tmpdir - if [ -d $final_path/public/uploads ] ; then - cp -Rp $final_path/public/uploads $tmpdir - fi - if [ -d $final_path/public/backups ] ; then - cp -Rp $final_path/public/backups $tmpdir - fi - if [ -d $final_path/log ] ; then - cp -Rp $final_path/log $tmpdir - fi - # Remove destination directory - ynh_secure_remove --file=$final_path - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" - # Restore previous files - if [ -d $tmpdir/uploads ] ; then - cp -Rp $tmpdir/uploads $final_path/public - fi - if [ -d $tmpdir/backups ] ; then - cp -Rp $tmpdir/backups $final_path/public - fi - if [ -d $tmpdir/log ] ; then - cp -Rp $tmpdir/log $final_path - fi - ( - cd $tmpdir/plugins/ - for discourse_plugin_dir in */ - do - # Only copy plugins not included in Discourse archive - if [ ! -d "$final_path/plugins/$discourse_plugin_dir" ] - then - cp -a "$discourse_plugin_dir" "$final_path/plugins/$discourse_plugin_dir" - fi - done - ) - cp -Rp $tmpdir/log $final_path - cp -p $tmpdir/discourse.conf $final_path/config - ynh_secure_remove --file="$tmpdir" - - # Install LDAP plugin - tmpdir=$(mktemp -d) - cp -Rp "$final_path/plugins/discourse-ldap-auth/config/settings.yml" $tmpdir - ynh_secure_remove --file="$final_path/plugins/discourse-ldap-auth" - mkdir -p "$final_path/plugins/discourse-ldap-auth" - ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth - cp -p $tmpdir/settings.yml $final_path/plugins/discourse-ldap-auth/config - ynh_secure_remove --file="$tmpdir" +# Specific actions on ARM architecture +if dpkg --print-architecture | grep -q "arm"; then + # Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM + # compatibility by pointing to a recent libv8 version + # This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261) + # that prevents it from being compiled on ARM hence no binary gem is available yet + cp ../sources/patches_arm/* ../sources/patches fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +# Small trick to backup non-core plugins +mv "$install_dir/plugins" "$install_dir/plugins_old" -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$install_dir" --full_replace=1 \ + --keep="config/discourse.conf plugins_old public/uploads public/backups log" -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_use_ruby +# Restore all non-core plugins +for plugin_dir in "$install_dir/plugins"/*; do + plugin_name=$(basename "$plugin_dir") + if [ ! -d "$install_dir/plugins/$plugin_name" ]; then + mv "$plugin_dir" "$install_dir/plugins/$plugin_name" + fi +done +ynh_secure_remove --file="$install_dir/plugins_old" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." +# Install LDAP plugin +ynh_setup_source --source_id=ldap-auth --dest_dir="$install_dir/plugins/discourse-ldap-auth" --full_replace=1 \ + --keep="config/settings.yml" -# Create a dedicated NGINX config -ynh_add_nginx_config +# Add a pids and socket directory for the systemd script. +mkdir -p "$install_dir/tmp/pids" +mkdir -p "$install_dir/tmp/sockets" +mkdir -p "$install_dir/public/forum" -# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191 -if [ "$path_url" != "/" ] ; then - ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" -fi -ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" +# Create specific folders and links for subfolder compatibility +# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507) +ln -s "$install_dir/public/uploads" "$install_dir/public/forum/uploads" +ln -s "$install_dir/public/backups" "$install_dir/public/forum/backups" + +# Set permissions to app files +chmod -R o-rwx "$install_dir" +chown -R "$app:www-data" "$install_dir" -#================================================= -# SPECIFIC UPGRADE #================================================= # UPDATE A CONFIG FILE #================================================= +ynh_script_progression --message="Updating $app's config file..." -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Updating a config file..." +ynh_add_config --template="discourse_defaults.conf" --destination="$install_dir/config/discourse.conf" +ynh_add_config --template="secrets.yml" --destination="$install_dir/config/secrets.yml" +ynh_add_config --template="settings.yml" --destination="$install_dir/plugins/discourse-ldap-auth/config/settings.yml" - admin_mail=$(ynh_user_get_info --username=$admin --key=mail) - relative_url_root=${path_url%/} - ynh_add_config --template="../conf/discourse_defaults.conf" --destination="$final_path/config/discourse.conf" - - ynh_add_config --template="../conf/settings.yml" --destination="$final_path/plugins/discourse-ldap-auth/config/settings.yml" - - # Disable svgo worker - echo "svgo: false" > $final_path/.image_optim.yml -fi +# Disable svgo worker +echo "svgo: false" | ynh_exec_as "$app" tee "$install_dir/.image_optim.yml" >/dev/null #================================================= # SETUP UNICORN, A RUBY SERVER #================================================= +ynh_script_progression --message="Setting up Unicorn..." -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Setting up Unicorn..." +# Make a backup of the original config file if modified +unicorn_config_file="$install_dir/config/unicorn.conf.rb" +ynh_backup_if_checksum_is_different "$unicorn_config_file" +ynh_store_file_checksum --file="$unicorn_config_file" - unicorn_config_file="$final_path/config/unicorn.conf.rb" - # Make a backup of the original config file if modified - ynh_backup_if_checksum_is_different "$unicorn_config_file" +pushd "$install_dir" + # Install bundler, a gems installer + ynh_gem install bundler + # Install without documentation + echo "gem: --no-ri --no-rdoc" | ynh_exec_as "$app" "$install_dir/.gemrc" >/dev/null +popd - # Calculate and store the config file checksum - ynh_store_file_checksum --file="$unicorn_config_file" - - secret="$(ynh_string_random)" - ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml" - - # Set permissions to app files - chmod 750 "$final_path" - chmod -R o-rwx "$final_path" - chown -R $app:www-data "$final_path" - - pushd "$final_path" - # Install bundler, a gems installer - ynh_gem install bundler - # Install without documentation - ynh_exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc" - popd - - # Specific actions on ARM architecture - if [ -n "$(uname -m | grep arm)" ] ; then - # Define the platform specifically to retrieve binaries - # for libv8 because it currently doesn't compile on ARM devices - ynh_exec_as $app --login bin/bundle config specific_platform arm-linux - fi - # Install dependencies - ynh_exec_as $app --login bin/bundle config set path 'vendor/bundle' - ynh_exec_as $app --login bin/bundle config set with 'development' - ynh_exec_as $app --login MAKEFLAGS=-j2 bin/bundle install --jobs 2 - - # On ARM architecture, replace bundled libpsl by system native libpsl - # because the provided binary isn't compatible - if [ -n "$(uname -m | grep arm)" ] ; then - ( - cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor - rm libpsl.so - ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so - ) - fi - - pushd "$final_path" - ynh_use_nodejs - ynh_npm install --location=global terser - ynh_npm install --location=global uglify-js - ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --production --frozen-lockfile - ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn cache clean - popd +# Specific actions on ARM architecture +if dpkg --print-architecture | grep -q "arm"; then + # Define the platform specifically to retrieve binaries + # for libv8 because it currently doesn't compile on ARM devices + ynh_exec_as "$app" --login bin/bundle config specific_platform arm-linux fi +# Install dependencies +ynh_exec_as "$app" --login bin/bundle config set path 'vendor/bundle' +ynh_exec_as "$app" --login bin/bundle config set with 'development' +ynh_exec_as "$app" --login MAKEFLAGS=-j2 bin/bundle install --jobs 2 + +# On ARM architecture, replace bundled libpsl by system native libpsl +# because the provided binary isn't compatible +if dpkg --print-architecture | grep -q "arm"; then + ( + cd "$install_dir/vendor/bundle/ruby"/*/"gems/mini_suffix-*/vendor" + rm libpsl.so + ln -s "$(ldconfig -p | grep libpsl | awk 'END {print $NF}')" libpsl.so + ) +fi + +pushd "$install_dir" + ynh_use_nodejs + ynh_npm install --location=global terser + ynh_npm install --location=global uglify-js + ynh_exec_warn_less ynh_exec_as "$app" "$ynh_node_load_PATH" yarn install --production --frozen-lockfile + ynh_exec_warn_less ynh_exec_as "$app" "$ynh_node_load_PATH" yarn cache clean +popd + #================================================= # PREPARE THE DATABASE #================================================= -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Preparing the database..." +ynh_script_progression --message="Preparing the database..." - ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake db:migrate - ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile -fi - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove +ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec rake db:migrate +ynh_exec_warn_less ynh_exec_as "$app" --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile #================================================= # CONFIGURE PLUGINS #================================================= +ynh_script_progression --message="Configuring plugins..." -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Configuring plugins..." +# Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder +# (Can only do that now because we are patching dependencies which have just been downloaded) +# Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16 +patch -p1 -d "$install_dir/plugins/discourse-ldap-auth/gems/$ruby_version/gems/omniauth-ldap*/" \ + < "../conf/ldap-auth-fix-subfolder.patch" - # Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder - # (Can only do that now because we are patching dependencies which have just been downloaded) - # Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16 - ( - cd $final_path/plugins/discourse-ldap-auth/gems/${ruby_version}/gems/omniauth-ldap*/ - patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch - ) +#================================================= +# REAPPLY SYSTEM CONFIGURATIONS +#================================================= +ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config +# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191 +if [ "$path" != "/" ] ; then + ynh_replace_string --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" \ + --match_string='$proxy_add_x_forwarded_for' \ + --replace_string='$http_your_original_ip_header' fi +ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# SETUP SYSTEMD -#================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Configuring a systemd service..." - - additional_env="UNICORN_WORKERS=$unicorn_workers" - libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" - ynh_add_systemd_config -fi - -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Add a pids and socket directory for the systemd script. -mkdir -p "$final_path/tmp/pids" -mkdir -p "$final_path/tmp/sockets" - -# Create specific folders and links for subfolder compatibilityn -# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507) -( - cd $final_path - mkdir -p "public/forum" - cd public/forum - if [ ! -L ./uploads ]; then - ln -s ../uploads - fi - if [ ! -L ./backups ]; then - ln -s ../backups - fi -) - -# Set permissions to app files -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." +additional_env="UNICORN_WORKERS=$unicorn_workers" +ynh_add_systemd_config +yunohost service add "$app" --log "$install_dir/log/unicorn.stderr.log" "$install_dir/log/unicorn.stdout.log" "$install_dir/log/production.log" # Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log" -ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log" -ynh_use_logrotate --logfile="$final_path/log/production.log" - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log" +ynh_use_logrotate --logfile="$install_dir/log/unicorn.stderr.log" +ynh_use_logrotate --logfile="$install_dir/log/unicorn.stdout.log" +ynh_use_logrotate --logfile="$install_dir/log/production.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." +ynh_script_progression --message="Starting $app's systemd service..." -ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" +ynh_systemd_action --service_name="$app" --action="start" --log_path="$install_dir/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" #================================================= # DISABLE MAINTENANCE MODE @@ -388,13 +226,6 @@ ynh_script_progression --message="Disabling maintenance mode..." ynh_maintenance_mode_OFF -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/sources/patches/app-1-use-latest_uglify-js.patch b/sources/patches/main-1-use-latest_uglify-js.patch similarity index 100% rename from sources/patches/app-1-use-latest_uglify-js.patch rename to sources/patches/main-1-use-latest_uglify-js.patch diff --git a/sources/patches/app-3-Re-add-support-for-older-versions-of-brotli.patch b/sources/patches/main-3-Re-add-support-for-older-versions-of-brotli.patch similarity index 100% rename from sources/patches/app-3-Re-add-support-for-older-versions-of-brotli.patch rename to sources/patches/main-3-Re-add-support-for-older-versions-of-brotli.patch diff --git a/sources/patches/app-4-fix-missing-git-repository.patch b/sources/patches/main-4-fix-missing-git-repository.patch similarity index 100% rename from sources/patches/app-4-fix-missing-git-repository.patch rename to sources/patches/main-4-fix-missing-git-repository.patch diff --git a/sources/patches/app-5-fix-admin-watched-words-action.patch b/sources/patches/main-5-fix-admin-watched-words-action.patch similarity index 100% rename from sources/patches/app-5-fix-admin-watched-words-action.patch rename to sources/patches/main-5-fix-admin-watched-words-action.patch diff --git a/sources/patches/app-6-fix-download-calendar.patch b/sources/patches/main-6-fix-download-calendar.patch similarity index 100% rename from sources/patches/app-6-fix-download-calendar.patch rename to sources/patches/main-6-fix-download-calendar.patch diff --git a/sources/patches/app-7-fix-uppy-upload.patch b/sources/patches/main-7-fix-uppy-upload.patch similarity index 100% rename from sources/patches/app-7-fix-uppy-upload.patch rename to sources/patches/main-7-fix-uppy-upload.patch diff --git a/sources/patches_arm/app-2-Revert-libv8-mini_racer-dependencies-for-ARM-compati.patch b/sources/patches_arm/main-2-Revert-libv8-mini_racer-dependencies-for-ARM-compati.patch similarity index 100% rename from sources/patches_arm/app-2-Revert-libv8-mini_racer-dependencies-for-ARM-compati.patch rename to sources/patches_arm/main-2-Revert-libv8-mini_racer-dependencies-for-ARM-compati.patch diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..37daa79 --- /dev/null +++ b/tests.toml @@ -0,0 +1,12 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json + +test_format = 1.0 + +[default] + + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.80476a5622a7baabc40ae06be33ed27398139b87.name = "2.8.8~ynh3"