1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dokuwiki_ynh.git synced 2024-09-03 18:26:20 +02:00

Apply example_ynh

This commit is contained in:
yalh76 2022-09-27 03:20:52 +02:00
parent 70075bdeb1
commit da54fe8875
11 changed files with 215 additions and 162 deletions

100
.github/workflows/updater.sh vendored Normal file
View file

@ -0,0 +1,100 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/tags" | jq -r '.[] | select( .name | contains("release_stable_") ) | .name' | sort -V | tail -1 | cut -d "_" -f3-)
assets="https://download.dokuwiki.org/src/dokuwiki/dokuwiki-$version.tgz"
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
echo "REPO=$repo" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Let's download source tarball
asset_url=$assets
echo "Handling asset at $asset_url"
src="app"
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true
EOT
echo "... conf/$src.src updated"
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"${version//-/.}~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

49
.github/workflows/updater.yml vendored Normal file
View file

@ -0,0 +1,49 @@
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
# This file should be enough by itself, but feel free to tune it to your needs.
# It calls updater.sh, which is where you should put the app-specific update steps.
name: Check for new upstream releases
on:
# Allow to manually trigger the workflow
workflow_dispatch:
# Run it every day at 6:00 UTC
schedule:
- cron: '0 6 * * *'
jobs:
updater:
runs-on: ubuntu-latest
steps:
- name: Fetch the source code
uses: actions/checkout@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run the updater script
id: run_updater
run: |
# Setting up Git user
git config --global user.name 'yunohost-bot'
git config --global user.email 'yunohost-bot@users.noreply.github.com'
# Run the updater script
/bin/bash .github/workflows/updater.sh
- name: Commit changes
id: commit
if: ${{ env.PROCEED == 'true' }}
run: |
git commit -am "Upgrade to v$VERSION"
- name: Create Pull Request
id: cpr
if: ${{ env.PROCEED == 'true' }}
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: Update to version ${{ env.VERSION }}
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
signoff: false
base: testing
branch: ci-auto-update-v${{ env.VERSION }}
delete-branch: true
title: 'Upgrade to version ${{ env.VERSION }}'
body: |
Upgrade to v${{ env.VERSION }}
draft: false

View file

@ -1,11 +1,10 @@
;; Test complet
auto_remove=1
; Manifest
domain="domain.tld"
path="/path"
admin="john"
is_public=1
language=en
admin="john"
; Checks
pkg_linter=1
setup_sub_dir=1
@ -19,6 +18,7 @@
upgrade=1 from_commit=f45c459b287c8f045c08e65cea412cfc2cae38f4
backup_restore=1
multi_instance=1
port_already_use=0
change_url=1
actions=0
config_panel=0

View file

@ -3,3 +3,5 @@ SOURCE_SUM=48ed2ae11fa4a0ae8338af9aedc837601b34e21c0be15d16e2d6228ca7a91f23
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

View file

@ -7,7 +7,7 @@
location __PATH__/ {
# Path to source
alias __FINALPATH__/ ;
alias __FINALPATH__/;
index index.php doku.php;

View file

@ -50,10 +50,6 @@
"example": "/dokuwiki",
"default": "/dokuwiki"
},
{
"name": "admin",
"type": "user"
},
{
"name": "is_public",
"type": "boolean",
@ -75,7 +71,11 @@
"fr"
],
"default": "en"
},
{
"name": "admin",
"type": "user"
}
]
}
}
}

View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
@ -13,6 +14,9 @@ source /usr/share/yunohost/helpers
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

View file

@ -13,6 +13,9 @@ source /usr/share/yunohost/helpers
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -22,9 +25,9 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin_user=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME
@ -48,6 +51,8 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=language --value=$language
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
@ -63,8 +68,6 @@ ynh_script_progression --message="Configuring system user..." --weight=2
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -99,9 +102,9 @@ ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# CUSTOMIZE DOKUWIKI
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring DokuWiki..." --weight=2
ynh_script_progression --message="Adding a configuration file..." --weight=2
# Loading order of configuration files
#
@ -137,6 +140,7 @@ ynh_add_config --template="../conf/acl.auth.php" --destination="$final_path/conf
#=================================================
# CREATE DEFAULT FILES
#=================================================
ynh_script_progression --message="Creating default files..." --weight=1
# For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
# Other files will be read ony and owned by root.
@ -158,61 +162,13 @@ cp --archive ../conf/plugins.local.php $final_path/conf
cp --archive ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
#=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE
#=================================================
# Calculate and store the config file checksum into the app settings
#ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
### Files '$final_path/conf/local.php' and '$final_path/conf/acl.auth.php' can be modified by user, no need to store checksum as they cannot be overwritten safely by the upgrade script
# #=================================================
# # GENERIC FINALIZATION
# #=================================================
# # SECURE FILES AND DIRECTORIES
# #=================================================
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# # Files owned by DokuWiki can just read
# chown -R root: $final_path
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# # There are only files in the folder and there are no sublevels. No need to use "find"
# chmod -R a+r $final_path/{conf,inc}
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# # Remove access to "other"
# chmod -R o-rwx $final_path/data
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
# # Allow access to public assets like style sheets
# find $final_path/lib -type f -print0 | xargs -0 chmod 0644
# find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# # Using "find" instead of "chmod -R 755" so files does not become executable too
# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
# GENERIC FINALIZATION
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=7
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
#=================================================
@ -223,17 +179,19 @@ ynh_script_progression --message="Configuring permissions..." --weight=2
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
# Create the "admin" permission and add the "admin_user" to it
# Create the "admin" permission and add the "admin" to it
# More users can be added to the group from the YunoHost webadmin
ynh_permission_create --permission "admin" --allowed "$admin_user"
ynh_permission_create --permission "admin" --allowed "$admin"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload

View file

@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
@ -24,7 +24,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..."
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
@ -32,7 +32,7 @@ ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config
ynh_remove_nginx_config
@ -50,7 +50,7 @@ ynh_remove_fpm_config
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies if no other package need them
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
@ -58,6 +58,7 @@ ynh_remove_app_dependencies
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=7
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
@ -65,7 +66,7 @@ ynh_remove_fail2ban_config
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app

View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
@ -13,20 +14,22 @@ source /usr/share/yunohost/helpers
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading settings..." --weight=2
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
@ -52,7 +55,7 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path"
@ -60,31 +63,6 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
# #=================================================
# # RESTORE USER RIGHTS
# #=================================================
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
@ -107,7 +85,7 @@ ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=5
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
@ -127,7 +105,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM.." --weight=2
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=2
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload

View file

@ -18,16 +18,16 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
language=$(ynh_app_setting_get --app=$app --key=language)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
language=$(ynh_app_setting_get --app=$app --key=language)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..." --weight=1
upgrade_type=$(ynh_check_app_version_changed)
@ -39,16 +39,18 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
@ -183,11 +185,9 @@ fi
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a system user
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -204,14 +204,6 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
@ -227,9 +219,19 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPGRADE DOKUWIKI
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
@ -324,61 +326,20 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
# #=================================================
# # GENERIC FINALIZATION
# #=================================================
# # SECURE FILES AND DIRECTORIES
# #=================================================
# # Try to use "least privilege" to grant minimal access
# # For details, see https://www.dokuwiki.org/install:permissions
# # Files owned by DokuWiki can just read
# chown -R root: $final_path
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
# chown $app:root $final_path/{conf,inc}
# # Make "DokuWiki" owner of configuration files that must be writable
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
# # See https://www.dokuwiki.org/devel:preload
# chown $app:root $final_path/inc/preload.php
# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
# # There are only files in the folder and there are no sublevels. No need to use "find"
# chmod -R a+r $final_path/{conf,inc}
# # Give write access to "data" and subfolders
# chown -R $app:root $final_path/data
# # Remove access to "other"
# chmod -R o-rwx $final_path/data
# # Allow the web admin panel to run, aka "Extension Manager"
# chown -R $app:root $final_path/lib/plugins
# # Allow to install templates
# chown -R $app:root $final_path/lib/tpl
# # Allow access to public assets like style sheets
# find $final_path/lib -type f -print0 | xargs -0 chmod 0644
# find $final_path/lib -type d -print0 | xargs -0 chmod 0755
# # Using "find" instead of "chmod -R 755" so files does not become executable too
# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
#=================================================
# SETUP FAIL2BAN
# GENERIC FINALIZATION
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload