YunoHost-Apps/funkwhale_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/funkwhale_ynh.git synced 2024-09-03 18:36:24 +02:00
Code Issues Activity Actions 1

Merge pull request #224 from YunoHost-Apps/testing

Browse source 
1.3.0 (#223)
This commit is contained in:
Thomas 2023-06-05 13:22:54 +02:00 committed by GitHub
commit 55eff2714c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 61 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network. Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network.
**Shipped version:** 1.2.10~ynh3 **Shipped version:** 1.3.0~ynh1
**Demo:** https://demo.funkwhale.audio **Demo:** https://demo.funkwhale.audio

2
README_fr.md
View file

@ -18,7 +18,7 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé. Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé.
**Version incluse :** 1.2.10~ynh3 **Version incluse :** 1.3.0~ynh1
**Démo :** https://demo.funkwhale.audio **Démo :** https://demo.funkwhale.audio

1
conf/env.prod
View file

@ -159,7 +159,6 @@ LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org
LDAP_USER_ATTR_MAP=username:uid LDAP_USER_ATTR_MAP=username:uid
FUNKWHALE_FRONTEND_PATH=__INSTALL_DIR__/front/dist FUNKWHALE_FRONTEND_PATH=__INSTALL_DIR__/front/dist
FUNKWHALE_SPA_HTML_ROOT=__INSTALL_DIR__/front/dist/index.html
# Nginx related configuration # Nginx related configuration
NGINX_MAX_BODY_SIZE=100M NGINX_MAX_BODY_SIZE=100M

2
conf/funkwhale-beat.service
View file

@ -8,7 +8,7 @@ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__INSTALL_DIR__/api WorkingDirectory=__INSTALL_DIR__/api
EnvironmentFile=__INSTALL_DIR__/config/.env EnvironmentFile=__INSTALL_DIR__/config/.env
ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp beat -l INFO
# Sandboxing options to harden security # Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these # Depending on specificities of your service/app, you may need to tweak these

2
conf/funkwhale-server.service
View file

@ -8,7 +8,7 @@ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__INSTALL_DIR__/api WorkingDirectory=__INSTALL_DIR__/api
EnvironmentFile=__INSTALL_DIR__/config/.env EnvironmentFile=__INSTALL_DIR__/config/.env
ExecStart=__INSTALL_DIR__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} ExecStart=__INSTALL_DIR__/venv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
# Denying access to capabilities that should not be relevant for webapps # Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html

2
conf/funkwhale-worker.service
View file

@ -8,7 +8,7 @@ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__INSTALL_DIR__/api WorkingDirectory=__INSTALL_DIR__/api
EnvironmentFile=__INSTALL_DIR__/config/.env EnvironmentFile=__INSTALL_DIR__/config/.env
ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0 ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
# Sandboxing options to harden security # Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these # Depending on specificities of your service/app, you may need to tweak these

63
conf/nginx.conf
View file

@ -1,6 +1,6 @@
root __INSTALL_DIR__/front/dist; root __INSTALL_DIR__/front/dist;
location / { location /api/ {
# global proxy conf # global proxy conf
proxy_set_header Host $host; proxy_set_header Host $host;
@ -18,29 +18,21 @@ location / {
# this is needed if you have file import via upload enabled # this is needed if you have file import via upload enabled
client_max_body_size 100M; client_max_body_size 100M;
proxy_pass http://127.0.0.1:__PORT__/; proxy_pass http://127.0.0.1:__PORT__;
} }
location /front/ { location / {
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "Service-Worker-Allowed: /";
more_set_headers "X-Frame-Options: SAMEORIGIN";
alias __INSTALL_DIR__/front/dist/; alias __INSTALL_DIR__/front/dist/;
expires 30d; expires 1d;
more_set_headers "Pragma: public"; try_files $uri $uri/ /index.html;
more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
} }
location /front/embed.html { location /embed.html {
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "X-Frame-Options: ALLOW";
alias __INSTALL_DIR__/front/dist/embed.html; alias __INSTALL_DIR__/front/dist/embed.html;
expires 30d; expires 1d;
more_set_headers "Pragma: public";
more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
} }
location /federation/ { location /federation/ {
@ -98,33 +90,32 @@ location /.well-known/ {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:__PORT__/.well-known/; proxy_pass http://127.0.0.1:__PORT__;
} }
location /media/__sized__/ { location /media/__sized__/ {
alias __DATA_DIR__/data/media/__sized__/; alias __DATA_DIR__/data/media/__sized__/;
more_set_headers "Access-Control-Allow-Origin: *";
} }
location /media/attachments/ { location /media/attachments/ {
alias __DATA_DIR__/data/media/attachments/; alias __DATA_DIR__/data/media/attachments/;
more_set_headers "Access-Control-Allow-Origin: *";
} }
location /_protected/media/ { # This is an internal location that is used to serve
# this is an internal location that is used to serve # media (uploaded) files once correct permission / authentication
# audio files once correct permission / authentication # has been checked on API side.
# has been checked on API side # Comment the "NON-S3" commented lines and uncomment "S3" commented lines
internal; # if you're storing media files in a S3 bucket.
alias __DATA_DIR__/data/media/; #location ~ /_protected/media/(.+) {
} # internal;
# alias ${MEDIA_ROOT}/$1; # NON-S3
# Comment the previous location and uncomment this one if you're storing # # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
# media files in a S3 bucket # proxy_set_header Authorization ""; # S3
# location ~ /_protected/media/(.+) { # proxy_pass $1; # S3
# internal; # more_set_headers "Access-Control-Allow-Origin: *";
# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932 #}
# proxy_set_header Authorization "";
# proxy_pass $1;
# }
location /_protected/music/ { location /_protected/music/ {
# this is an internal location that is used to serve # this is an internal location that is used to serve
@ -133,9 +124,9 @@ location /_protected/music/ {
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
internal; internal;
alias __DATA_DIR__/data/music/; alias __DATA_DIR__/data/music/;
more_set_headers "Access-Control-Allow-Origin: *";
} }
location /staticfiles/ { location /manifest.json {
# django static files return 302 /api/v1/instance/spa-manifest.json;
alias __DATA_DIR__/data/static/;
} }

16
manifest.toml
View file

@ -5,9 +5,9 @@ name = "Funkwhale"
description.en = "Convivial and modern music server" description.en = "Convivial and modern music server"
description.fr = "Serveur de musique moderne et convivial" description.fr = "Serveur de musique moderne et convivial"
version = "1.2.10~ynh3" version = "1.3.0~ynh1"
maintainers = ["Ciarán Ainsworth"] maintainers = ["Thovi98"]
[upstream] [upstream]
license = "AGPL-3.0-or-later" license = "AGPL-3.0-or-later"
@ -19,7 +19,7 @@ code = "https://dev.funkwhale.audio/funkwhale/funkwhale"
fund = "https://next.funkwhale.audio/donate/" fund = "https://next.funkwhale.audio/donate/"
[integration] [integration]
yunohost = ">= 11.1.15" yunohost = ">= 11.1.19"
architectures = "all" architectures = "all"
multi_instance = true multi_instance = true
ldap = false ldap = false
@ -45,15 +45,15 @@ ram.runtime = "50M"
[resources] [resources]
[resources.sources] [resources.sources]
[resources.sources.api] [resources.sources.api]
url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api" url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.3.0/download?job=build_api"
sha256 = "c0a840f223b4a3a93ffb2639e1bacb709d8ec9ed62214b377971aad5c04ae815" sha256 = "57323ce6641183bd33fcf3aa243b0b7aba667509da8c5c3446b73def40109650"
in_subdir = true in_subdir = true
extract = true extract = true
format = "zip" format = "zip"
[resources.sources.front] [resources.sources.front]
url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front" url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.3.0/download?job=build_front"
sha256 = "c8845317d1cc6aae7f46d1e69e22fa378c45b563e1ad1edd57d3db08af6f7a44" sha256 = "8e17543cd688572f7e48c9c416ef33c065c7c6ac01b5ae85939632030a530bf0"
in_subdir = true in_subdir = true
extract = true extract = true
format = "zip" format = "zip"
@ -71,7 +71,7 @@ ram.runtime = "50M"
main.url = "/" main.url = "/"
[resources.apt] [resources.apt]
packages = "postgresql curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev python3-dev make zlib1g-dev libffi-dev libssl-dev" packages = "build-essential curl ffmpeg libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-client postgresql-contrib python3-dev libldap2-dev libsasl2-dev make unzip zlib1g-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg-dev redis-server python3-venv git"
[resources.database] [resources.database]
type = "postgresql" type = "postgresql"

4
scripts/change_url
View file

@ -39,8 +39,8 @@ ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/
# MODIFY THE FEDERATION # MODIFY THE FEDERATION
#================================================= #=================================================
source $install_dir/virtualenv/bin/activate source $install_dir/venv/bin/activate
ynh_exec_warn_less python3 $install_dir/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE

18
scripts/install
View file

@ -86,14 +86,10 @@ ynh_add_systemd_config --service="${app}-beat" --template="funkwhale-beat.serv
ynh_script_progression --message="Installing Python dependencies..." --weight=1 ynh_script_progression --message="Installing Python dependencies..." --weight=1
pushd $install_dir pushd $install_dir
python3 -m venv $install_dir/virtualenv python3 -m venv $install_dir/venv
source $install_dir/virtualenv/bin/activate source $install_dir/venv/bin/activate
pip install --upgrade pip ynh_exec_warn_less pip install --upgrade pip wheel toml
pip install --upgrade setuptools ynh_exec_warn_less pip install --editable ./api
ynh_exec_warn_less pip install wheel toml
# Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt"
ynh_exec_warn_less pip install -r api/requirements.txt
popd popd
#================================================= #=================================================
@ -102,14 +98,14 @@ popd
ynh_script_progression --message="Building funkwhale..." --weight=1 ynh_script_progression --message="Building funkwhale..." --weight=1
pushd $install_dir pushd $install_dir
source $install_dir/virtualenv/bin/activate source $install_dir/venv/bin/activate
# needed for enabling the 'unaccent' extension # needed for enabling the 'unaccent' extension
ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name"
ynh_exec_warn_less python api/manage.py migrate ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate
ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name"
echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$admin', '$admin_mail', 'funkwhale') " | ynh_exec_warn_less python api/manage.py shell echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$admin', '$admin_mail', 'funkwhale') " | ynh_exec_warn_less python api/manage.py shell
echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic echo "yes" | ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage collectstatic
popd popd
chmod 750 "$install_dir" chmod 750 "$install_dir"

22
scripts/upgrade
View file

@ -59,15 +59,13 @@ ynh_add_nginx_config
ynh_script_progression --message="Installing Python dependencies..." --weight=1 ynh_script_progression --message="Installing Python dependencies..." --weight=1
pushd $install_dir pushd $install_dir
ynh_secure_remove --file="$install_dir/virtualenv" ynh_secure_remove --file="$install_dir/virtualenv"
python3 -m venv $install_dir/virtualenv ynh_secure_remove --file="$install_dir/venv"
source $install_dir/virtualenv/bin/activate
pip install --upgrade pip python3 -m venv $install_dir/venv
pip install --upgrade setuptools source $install_dir/venv/bin/activate
ynh_exec_warn_less pip install wheel toml ynh_exec_warn_less pip install --upgrade pip wheel toml
# Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' ynh_exec_warn_less pip install --editable ./api
ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt"
ynh_exec_warn_less pip install -r api/requirements.txt
popd popd
#================================================= #=================================================
@ -86,13 +84,13 @@ chown $app:$app "$install_dir/config/.env"
ynh_script_progression --message="Upgrading Funkwhale..." --weight=1 ynh_script_progression --message="Upgrading Funkwhale..." --weight=1
pushd $install_dir pushd $install_dir
source $install_dir/virtualenv/bin/activate source $install_dir/venv/bin/activate
echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic --clear --noinput echo "yes" | ynh_exec_warn_less $install_dir/venv/bin/funkwhale-manage collectstatic --clear --noinput
# needed for enabling the 'unaccent' extension # needed for enabling the 'unaccent' extension
ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name"
ynh_exec_warn_less python api/manage.py migrate ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate
ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name"
popd popd

3
tests.toml
View file

@ -4,5 +4,6 @@ test_format = 1.0
exclude = ["install.nourl"] exclude = ["install.nourl"]
test_upgrade_from.7a50028.name = "Upgrade from 1.2.9" test_upgrade_from.7a50028.name = "1.2.9"
test_upgrade_from.ae7b6c5.name = "1.2.10"