#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) unicorn_workers=$(ynh_app_setting_get --app=$app --key=unicorn_workers) if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then : else # Check memory requirements check_memory_requirements_upgrade fi #================================================= # CHECK VERSION #================================================= ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { ynh_clean_check_starting # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # ENABLE MAINTENANCE MODE #================================================= ynh_script_progression --message="Enabling maintenance mode..." ynh_maintenance_mode_ON #================================================= # STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/log/unicorn.stderr.log" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." # If unicorn_workers doesn't exist, create it if [ -z "$unicorn_workers" ] then # We assume for the moment that ARM devices are only dual core, so # we restrict the number of workers to 2 (the default is 3) if [ -n "$(uname -m | grep arm)" ] then unicorn_workers=2 else unicorn_workers=3 fi ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers fi # Cleaning legacy permissions if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all ynh_app_setting_delete --app=$app --key=is_public fi #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." # Specific actions on ARM architecture if [ -n "$(uname -m | grep arm)" ] ; then # Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM # compatibility by pointing to a recent libv8 version # This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261) # that prevents it from being compiled on ARM hence no binary gem is available yet cp ../sources/patches_arm/* ../sources/patches fi # Backup files to keep tmpdir=$(mktemp -d) cp -Rp $final_path/plugins $final_path/config/discourse.conf $tmpdir if [ -d $final_path/public/uploads ] ; then cp -Rp $final_path/public/uploads $tmpdir fi if [ -d $final_path/public/backups ] ; then cp -Rp $final_path/public/backups $tmpdir fi if [ -d $final_path/log ] ; then cp -Rp $final_path/log $tmpdir fi # Remove destination directory ynh_secure_remove --file=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" # Restore previous files if [ -d $tmpdir/uploads ] ; then cp -Rp $tmpdir/uploads $final_path/public fi if [ -d $tmpdir/backups ] ; then cp -Rp $tmpdir/backups $final_path/public fi if [ -d $tmpdir/log ] ; then cp -Rp $tmpdir/log $final_path fi ( cd $tmpdir/plugins/ for discourse_plugin_dir in */ do # Only copy plugins not included in Discourse archive if [ ! -d "$final_path/plugins/$discourse_plugin_dir" ] then cp -a "$discourse_plugin_dir" "$final_path/plugins/$discourse_plugin_dir" fi done ) cp -Rp $tmpdir/log $final_path cp -p $tmpdir/discourse.conf $final_path/config ynh_secure_remove --file="$tmpdir" # Install LDAP plugin tmpdir=$(mktemp -d) cp -Rp "$final_path/plugins/discourse-ldap-auth/config/settings.yml" $tmpdir ynh_secure_remove --file="$final_path/plugins/discourse-ldap-auth" mkdir -p "$final_path/plugins/discourse-ldap-auth" ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth cp -p $tmpdir/settings.yml $final_path/plugins/discourse-ldap-auth/config ynh_secure_remove --file="$tmpdir" fi chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" #================================================= # UPGRADE DEPENDENCIES #================================================= ynh_script_progression --message="Upgrading dependencies..." ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version ynh_use_ruby #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config ynh_add_nginx_config # Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191 if [ "$path_url" != "/" ] ; then ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" fi ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # SPECIFIC UPGRADE #================================================= # UPDATE A CONFIG FILE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Updating a config file..." admin_mail=$(ynh_user_get_info --username=$admin --key=mail) relative_url_root=${path_url%/} ynh_add_config --template="../conf/discourse_defaults.conf" --destination="$final_path/config/discourse.conf" ynh_add_config --template="../conf/settings.yml" --destination="$final_path/plugins/discourse-ldap-auth/config/settings.yml" # Disable svgo worker echo "svgo: false" > $final_path/.image_optim.yml fi #================================================= # SETUP UNICORN, A RUBY SERVER #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Setting up Unicorn..." unicorn_config_file="$final_path/config/unicorn.conf.rb" # Make a backup of the original config file if modified ynh_backup_if_checksum_is_different "$unicorn_config_file" # Calculate and store the config file checksum ynh_store_file_checksum --file="$unicorn_config_file" secret="$(ynh_string_random)" ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml" # Set permissions to app files chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" pushd "$final_path" # Install bundler, a gems installer ynh_gem install bundler # Install without documentation ynh_exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc" popd # Specific actions on ARM architecture if [ -n "$(uname -m | grep arm)" ] ; then # Define the platform specifically to retrieve binaries # for libv8 because it currently doesn't compile on ARM devices ynh_exec_as $app --login bin/bundle config specific_platform arm-linux fi # Install dependencies ynh_exec_as $app --login bin/bundle config set path 'vendor/bundle' ynh_exec_as $app --login bin/bundle config set with 'development' ynh_exec_as $app --login MAKEFLAGS=-j2 bin/bundle install --jobs 2 # On ARM architecture, replace bundled libpsl by system native libpsl # because the provided binary isn't compatible if [ -n "$(uname -m | grep arm)" ] ; then ( cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor rm libpsl.so ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so ) fi pushd "$final_path" ynh_use_nodejs ynh_npm install --location=global terser ynh_npm install --location=global uglify-js ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --production --frozen-lockfile ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn cache clean popd fi #================================================= # PREPARE THE DATABASE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Preparing the database..." ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake db:migrate ynh_exec_warn_less ynh_exec_as $app --login RAILS_ENV=production bin/bundle exec rake themes:update assets:precompile fi ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies ynh_package_autoremove #================================================= # CONFIGURE PLUGINS #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Configuring plugins..." # Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder # (Can only do that now because we are patching dependencies which have just been downloaded) # Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16 ( cd $final_path/plugins/discourse-ldap-auth/gems/${ruby_version}/gems/omniauth-ldap*/ patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch ) fi #================================================= # SETUP SYSTEMD #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Configuring a systemd service..." additional_env="UNICORN_WORKERS=$unicorn_workers" libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" ynh_add_systemd_config fi #================================================= # SECURE FILES AND DIRECTORIES #================================================= ynh_script_progression --message="Securing files and directories..." # Add a pids and socket directory for the systemd script. mkdir -p "$final_path/tmp/pids" mkdir -p "$final_path/tmp/sockets" # Create specific folders and links for subfolder compatibilityn # (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507) ( cd $final_path mkdir -p "public/forum" cd public/forum if [ ! -L ./uploads ]; then ln -s ../uploads fi if [ ! -L ./backups ]; then ln -s ../backups fi ) # Set permissions to app files chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log" ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log" ynh_use_logrotate --logfile="$final_path/log/production.log" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" #================================================= # DISABLE MAINTENANCE MODE #================================================= ynh_script_progression --message="Disabling maintenance mode..." ynh_maintenance_mode_OFF #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed"