Merge pull request #224 from YunoHost-Apps/testing

1.3.0 (#223)

README.md

@@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network. 
 
-**Shipped version:** 1.2.10~ynh3
+**Shipped version:** 1.3.0~ynh1
 
 **Demo:** https://demo.funkwhale.audio
 

README_fr.md

@@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 
 Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé. 
 
-**Version incluse :** 1.2.10~ynh3
+**Version incluse :** 1.3.0~ynh1
 
 **Démo :** https://demo.funkwhale.audio
 

conf/env.prod

@@ -159,7 +159,6 @@ LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org
 LDAP_USER_ATTR_MAP=username:uid
 
 FUNKWHALE_FRONTEND_PATH=__INSTALL_DIR__/front/dist
-FUNKWHALE_SPA_HTML_ROOT=__INSTALL_DIR__/front/dist/index.html
 
 # Nginx related configuration
 NGINX_MAX_BODY_SIZE=100M

conf/funkwhale-beat.service

@@ -8,7 +8,7 @@ User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__/api
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO
+ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp beat -l INFO
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these

conf/funkwhale-server.service

@@ -8,7 +8,7 @@ User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__/api
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
+ExecStart=__INSTALL_DIR__/venv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html

conf/funkwhale-worker.service

@@ -8,7 +8,7 @@ User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__/api
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
+ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these

conf/nginx.conf

@@ -1,6 +1,6 @@
 root __INSTALL_DIR__/front/dist;
 
-location / {
+location /api/ {
 
   # global proxy conf
   proxy_set_header Host $host;
@@ -18,29 +18,21 @@ location / {
 
   # this is needed if you have file import via upload enabled
   client_max_body_size 100M;
-  proxy_pass   http://127.0.0.1:__PORT__/;
+  proxy_pass   http://127.0.0.1:__PORT__;
 }
 
-location /front/ {
-  more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
-  more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
-  more_set_headers "Service-Worker-Allowed: /";
-  more_set_headers "X-Frame-Options: SAMEORIGIN";
+location / {
   alias __INSTALL_DIR__/front/dist/;
-  expires 30d;
-  more_set_headers "Pragma: public";
-  more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
+  expires 1d;
+  try_files $uri $uri/  /index.html;
 }
 
-location /front/embed.html {
-  more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+location /embed.html {
+  more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
   more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
 
-  more_set_headers "X-Frame-Options: ALLOW";
   alias __INSTALL_DIR__/front/dist/embed.html;
-  expires 30d;
-  more_set_headers "Pragma: public";
-  more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
+  expires 1d;
 }
 
 location /federation/ {
@@ -98,33 +90,32 @@ location /.well-known/ {
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection $connection_upgrade;
 
-  proxy_pass   http://127.0.0.1:__PORT__/.well-known/;
+  proxy_pass   http://127.0.0.1:__PORT__;
 }
 
 location /media/__sized__/ {
   alias __DATA_DIR__/data/media/__sized__/;
+  more_set_headers "Access-Control-Allow-Origin: *";
 }
 
 location /media/attachments/ {
   alias __DATA_DIR__/data/media/attachments/;
+  more_set_headers "Access-Control-Allow-Origin: *";
 }
 
-location /_protected/media/ {
-  # this is an internal location that is used to serve
-  # audio files once correct permission / authentication
-  # has been checked on API side
-  internal;
-  alias   __DATA_DIR__/data/media/;
-}
-
-# Comment the previous location and uncomment this one if you're storing
-# media files in a S3 bucket
-# location ~ /_protected/media/(.+) {
-#   internal;
-#   # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
-#   proxy_set_header Authorization "";
-#   proxy_pass $1;
-# }
+    # This is an internal location that is used to serve
+    # media (uploaded) files once correct permission / authentication
+    # has been checked on API side.
+    # Comment the "NON-S3" commented lines and uncomment "S3" commented lines
+    # if you're storing media files in a S3 bucket.
+    #location ~ /_protected/media/(.+) {
+    #    internal;
+    #    alias   ${MEDIA_ROOT}/$1;                                           # NON-S3
+    #    # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
+#       proxy_set_header Authorization "";                                  # S3
+#       proxy_pass $1;                                                      # S3
+    #    more_set_headers "Access-Control-Allow-Origin: *";
+    #}
 
 location /_protected/music/ {
   # this is an internal location that is used to serve
@@ -133,9 +124,9 @@ location /_protected/music/ {
   # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
   internal;
   alias   __DATA_DIR__/data/music/;
+  more_set_headers "Access-Control-Allow-Origin: *";
 }
 
-location /staticfiles/ {
-  # django static files
-  alias __DATA_DIR__/data/static/;
+location /manifest.json {
+  return 302 /api/v1/instance/spa-manifest.json;
 }

manifest.toml

@@ -5,9 +5,9 @@ name = "Funkwhale"
 description.en = "Convivial and modern music server"
 description.fr = "Serveur de musique moderne et convivial"
 
-version = "1.2.10~ynh3"
+version = "1.3.0~ynh1"
 
-maintainers = ["Ciarán Ainsworth"]
+maintainers = ["Thovi98"]
 
 [upstream]
 license = "AGPL-3.0-or-later"
@@ -19,7 +19,7 @@ code = "https://dev.funkwhale.audio/funkwhale/funkwhale"
 fund = "https://next.funkwhale.audio/donate/"
 
 [integration]
-yunohost = ">= 11.1.15"
+yunohost = ">= 11.1.19"
 architectures = "all"
 multi_instance = true
 ldap = false
@@ -45,15 +45,15 @@ ram.runtime = "50M"
 [resources]
     [resources.sources]
         [resources.sources.api]
-        url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api"
-        sha256 = "c0a840f223b4a3a93ffb2639e1bacb709d8ec9ed62214b377971aad5c04ae815"
+        url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.3.0/download?job=build_api"
+        sha256 = "57323ce6641183bd33fcf3aa243b0b7aba667509da8c5c3446b73def40109650"
         in_subdir = true
         extract   = true
         format = "zip"
 
         [resources.sources.front]
-        url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front"
-        sha256 = "c8845317d1cc6aae7f46d1e69e22fa378c45b563e1ad1edd57d3db08af6f7a44"
+        url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.3.0/download?job=build_front"
+        sha256 = "8e17543cd688572f7e48c9c416ef33c065c7c6ac01b5ae85939632030a530bf0"
         in_subdir = true
         extract   = true
         format = "zip"
@@ -71,7 +71,7 @@ ram.runtime = "50M"
     main.url = "/"
 
     [resources.apt]
-    packages = "postgresql curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev python3-dev make zlib1g-dev libffi-dev libssl-dev"
+    packages = "build-essential curl ffmpeg libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-client postgresql-contrib python3-dev libldap2-dev libsasl2-dev make unzip zlib1g-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg-dev redis-server python3-venv git"
 
     [resources.database]
     type = "postgresql"

scripts/change_url

@@ -39,8 +39,8 @@ ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/
 # MODIFY THE FEDERATION 
 #=================================================
 
-source $install_dir/virtualenv/bin/activate
-ynh_exec_warn_less python3 $install_dir/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input
+source $install_dir/venv/bin/activate
+ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input
 
 #=================================================
 # START SYSTEMD SERVICE

scripts/install

@@ -86,14 +86,10 @@ ynh_add_systemd_config --service="${app}-beat"   --template="funkwhale-beat.serv
 ynh_script_progression --message="Installing Python dependencies..." --weight=1
 
 pushd $install_dir
-	python3 -m venv $install_dir/virtualenv
-	source $install_dir/virtualenv/bin/activate
-	pip install --upgrade pip
-	pip install --upgrade setuptools
-	ynh_exec_warn_less pip install wheel toml
-	# Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
-	ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt"
-	ynh_exec_warn_less pip install -r api/requirements.txt
+	python3 -m venv $install_dir/venv
+	source $install_dir/venv/bin/activate
+	ynh_exec_warn_less pip install --upgrade pip wheel toml
+	ynh_exec_warn_less pip install --editable ./api
 popd
 
 #=================================================
@@ -102,14 +98,14 @@ popd
 ynh_script_progression --message="Building funkwhale..." --weight=1
 
 pushd $install_dir
-	source $install_dir/virtualenv/bin/activate
+	source $install_dir/venv/bin/activate
 
 	# needed for enabling the 'unaccent' extension
 	ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name"
-	ynh_exec_warn_less python api/manage.py migrate
+	ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate
 	ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name"
 	echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$admin', '$admin_mail', 'funkwhale') " | ynh_exec_warn_less python api/manage.py shell
-	echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic
+	echo "yes" | ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage collectstatic
 popd
 
 chmod 750 "$install_dir"

scripts/upgrade

@@ -59,15 +59,13 @@ ynh_add_nginx_config
 ynh_script_progression --message="Installing Python dependencies..." --weight=1
 
 pushd $install_dir
-ynh_secure_remove --file="$install_dir/virtualenv"
-	python3 -m venv $install_dir/virtualenv
-	source $install_dir/virtualenv/bin/activate
-	pip install --upgrade pip
-	pip install --upgrade setuptools
-	ynh_exec_warn_less pip install wheel toml
-	# Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
-	ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt"
-	ynh_exec_warn_less pip install -r api/requirements.txt
+	ynh_secure_remove --file="$install_dir/virtualenv"
+	ynh_secure_remove --file="$install_dir/venv"
+	
+	python3 -m venv $install_dir/venv
+	source $install_dir/venv/bin/activate
+	ynh_exec_warn_less pip install --upgrade pip wheel toml
+	ynh_exec_warn_less pip install --editable ./api
 popd
 
 #=================================================
@@ -86,13 +84,13 @@ chown $app:$app "$install_dir/config/.env"
 ynh_script_progression --message="Upgrading Funkwhale..." --weight=1
 
 pushd $install_dir
-	source $install_dir/virtualenv/bin/activate
+	source $install_dir/venv/bin/activate
 
-	echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic --clear --noinput
+	echo "yes" | ynh_exec_warn_less $install_dir/venv/bin/funkwhale-manage collectstatic --clear --noinput
 
 	# needed for enabling the 'unaccent' extension
 	ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name"
-	ynh_exec_warn_less python api/manage.py migrate
+	ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate
 	ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name"
 popd
 

tests.toml

@@ -4,5 +4,6 @@ test_format = 1.0
 
     exclude = ["install.nourl"]
 
-    test_upgrade_from.7a50028.name = "Upgrade from 1.2.9"
+    test_upgrade_from.7a50028.name = "1.2.9"
+    test_upgrade_from.ae7b6c5.name = "1.2.10"