diff --git a/issue_template.md b/.github/ISSUE_TEMPLATE.md old mode 100644 new mode 100755 similarity index 55% rename from issue_template.md rename to .github/ISSUE_TEMPLATE.md index 72057cf..2729a6b --- a/issue_template.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,6 +1,6 @@ --- name: Bug report -about: Create a report to help us debug, it would be nice to fill the template as much as you can to help us, help you and help us all. +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. --- @@ -8,28 +8,30 @@ about: Create a report to help us debug, it would be nice to fill the template a 1. *Read this whole template first.* 2. *Determine if you are on the right place:* - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* - - *Otherwise, the issue may be due to Framagames itself. Refer to its documentation or repository for help.* - - *If you have a doubt, post here, we will figure it out together.* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* 3. *Delete the italic comments as you write over them below, and remove this guide.* --- -**Describe the bug** +### Describe the bug + *A clear and concise description of what the bug is.* -**Versions** +### Context + - Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* - YunoHost version: x.x.x - I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* -- Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: *no / yes* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* - If yes, please explain: - Using, or trying to install package version/branch: - If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* -**To Reproduce** -*Steps to reproduce the behavior.* +### Steps to reproduce + - *If you performed a command from the CLI, the command itself is enough. For example:* ```sh - sudo yunohost app install framagames + sudo yunohost app install the_app ``` - *If you used the webadmin, please perform the equivalent command from the CLI first.* - *If the error occurs in your browser, explain what you did:* @@ -38,9 +40,16 @@ about: Create a report to help us debug, it would be nice to fill the template a 3. *Scroll down to '...'* 4. *See error* -**Expected behavior** +### Expected behavior + *A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* -**Logs** -*After a failed command, YunoHost makes the log available to you, but also to others, thanks to `yunohost log display [log name] --share`. The actual command, with the correct log name, is displayed at the end of the failed attempt in the CLI. Execute it and copy here the share link it outputs.* +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + *If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100755 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100755 index 0000000..c4d53fc --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,136 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +# Remove this exit command when you are ready to run this Action +exit 1 + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) +assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + +echo "Handling asset at $asset_url" + +# Assign the asset to a source file in conf/ directory +# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) +# Leave $src empty to ignore the asset +case $asset_url in + *"admin"*) + src="app" + ;; + *"update"*) + src="app-upgrade" + ;; + *) + src="" + ;; +esac + +# If $src is not empty, let's process the asset +if [ ! -z "$src" ]; then + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${asset_url##*/} +curl --silent -4 -L $asset_url -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Delete temporary directory +rm -rf $tempdir + +# Get extension +if [[ $filename == *.tar.gz ]]; then + extension=tar.gz +else + extension=${filename##*.} +fi + +# Rewrite source file +cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +EOT +echo "... conf/$src.src updated" + +else +echo "... asset ignored" +fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/check_process b/check_process index 4aadc90..5e826d9 100644 --- a/check_process +++ b/check_process @@ -1,12 +1,9 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) + domain="domain.tld" + path="/path" language="fr" - is_public=1 (PUBLIC|public=1|private=0) + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 diff --git a/conf/app.src b/conf/app.src index f694dbf..b084141 100644 --- a/conf/app.src +++ b/conf/app.src @@ -3,4 +3,3 @@ SOURCE_SUM=6c2bf60663dad46ac6660ddb3634d1c05dcf38cea1f2687b8ee26743deb8a10e SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/nginx.conf b/conf/nginx.conf index a9e3b82..d280cff 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,11 +4,6 @@ location __PATH__/ { # Path to source alias __FINALPATH__/; - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - index index.php index.html; # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file diff --git a/manifest.json b/manifest.json index 7e3f6eb..c555b6f 100644 --- a/manifest.json +++ b/manifest.json @@ -7,14 +7,20 @@ "fr": "Ensemble de jeux Framagames venant de Framasoft" }, "version": "1.0~ynh3", - "url": "https://framagit.org/framasoft/framagames", + "url": "https://framagames.org/fr/", + "upstream": { + "license": "AGPL-3.0-only", + "website": "https://framagames.org/fr/", + "demo": "https://framagames.org/fr/", + "code": "https://framagit.org/framasoft/framagames" + }, "license": "AGPL-3.0-only", "maintainer": { "name": "polytan02", "email": "polytan02@mcgva.org" }, "requirements": { - "yunohost": ">= 4.1.7" + "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ @@ -25,8 +31,7 @@ "install" : [ { "name": "domain", - "type": "domain", - "example": "example.com" + "type": "domain" }, { "name": "path", diff --git a/pull_request_template.md b/pull_request_template.md deleted file mode 100644 index 6c28fc5..0000000 --- a/pull_request_template.md +++ /dev/null @@ -1,16 +0,0 @@ -## Problem -- *Description of why you made this PR* - -## Solution -- *And how do you fix that problem* - -## PR Status -- [ ] Code finished. -- [ ] Tested with Package_check. -- [ ] Fix or enhancement tested. -- [ ] Upgrade from last version tested. -- [ ] Can be reviewed and tested. - -## Package_check results ---- -* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"* diff --git a/scripts/install b/scripts/install index 90c8106..1c4220d 100644 --- a/scripts/install +++ b/scripts/install @@ -50,7 +50,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --path_url=$path_url #================================================= # STANDARD MODIFICATIONS @@ -63,6 +63,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -79,17 +83,6 @@ ynh_script_progression --message="Configuring PHP-FPM..." # Create a dedicated PHP-FPM config ynh_add_fpm_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions to app files -chown -R $app:www-data $final_path -chmod 775 $final_path - #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/restore b/scripts/restore index 5fd497d..a1747dc 100755 --- a/scripts/restore +++ b/scripts/restore @@ -32,10 +32,7 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " +test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS @@ -52,7 +49,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --path_url=$path_url #================================================= # RESTORE THE APP MAIN DIR diff --git a/scripts/upgrade b/scripts/upgrade index d7fd836..9328a65 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,10 +23,23 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -51,27 +64,13 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --path_url=$path_url #================================================= # STANDARD UPGRADE STEPS @@ -88,6 +87,10 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -104,17 +107,6 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." # Create a dedicated PHP-FPM config ynh_add_fpm_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions on app files -chown -R $app:www-data $final_path -chmod 775 $final_path - #================================================= # RELOAD NGINX #=================================================