1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/glitchsoc_ynh.git synced 2024-09-03 19:15:59 +02:00

last changes from example_ynh

This commit is contained in:
Tagada 2022-01-10 19:28:30 +01:00
parent 0bad9d24e8
commit 85f56d463b
10 changed files with 331 additions and 90 deletions

136
.github/workflows/updater.sh vendored Normal file
View file

@ -0,0 +1,136 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
# Remove this exit command when you are ready to run this Action
exit 1
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
echo "${#assets[@]} available asset(s)"
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Here we use the $assets variable to get the resources published in the upstream release.
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
# Let's loop over the array of assets URLs
for asset_url in ${assets[@]}; do
echo "Handling asset at $asset_url"
# Assign the asset to a source file in conf/ directory
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
# Leave $src empty to ignore the asset
case $asset_url in
*"admin"*)
src="app"
;;
*"update"*)
src="app-upgrade"
;;
*)
src=""
;;
esac
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
EOT
echo "... conf/$src.src updated"
else
echo "... asset ignored"
fi
done
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

View file

@ -4,6 +4,12 @@
# not demonstrate all available configuration options. Please look at # not demonstrate all available configuration options. Please look at
# https://docs.joinmastodon.org/admin/config/ for the full documentation. # https://docs.joinmastodon.org/admin/config/ for the full documentation.
# Note that this file accepts slightly different syntax depending on whether
# you are using `docker-compose` or not. In particular, if you use
# `docker-compose`, the value of each declared variable will be taken verbatim,
# including surrounding quotes.
# See: https://github.com/mastodon/mastodon/issues/16895
# Federation # Federation
# ---------- # ----------
# This identifies your server and cannot be changed safely later # This identifies your server and cannot be changed safely later

View file

@ -14,5 +14,35 @@ TimeoutSec=15
Restart=always Restart=always
StandardError=syslog StandardError=syslog
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -15,5 +15,35 @@ TimeoutSec=15
Restart=always Restart=always
StandardError=syslog StandardError=syslog
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -14,5 +14,35 @@ TimeoutSec=15
Restart=always Restart=always
StandardError=syslog StandardError=syslog
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -59,7 +59,7 @@ ynh_backup --src_path="/etc/systemd/system/$app-sidekiq.service"
ynh_backup --src_path="/etc/systemd/system/$app-streaming.service" ynh_backup --src_path="/etc/systemd/system/$app-streaming.service"
#================================================= #=================================================
# BACKUP A CRON FILE # BACKUP VARIOUS FILES
#================================================= #=================================================
ynh_backup --src_path="/etc/cron.d/$app" ynh_backup --src_path="/etc/cron.d/$app"

View file

@ -83,7 +83,7 @@ ynh_exec_warn_less ynh_install_ruby --ruby_version=$RUBY_VERSION
ynh_script_progression --message="Configuring system user..." ynh_script_progression --message="Configuring system user..."
# Create a system user # Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path" ynh_system_user_create --username=$app --home_dir=$final_path
#================================================= #=================================================
# CREATE A POSTGRESQL DATABASE # CREATE A POSTGRESQL DATABASE
@ -96,6 +96,7 @@ db_name=$(ynh_sanitize_dbid --db_name="${app}_production")
db_user=$(ynh_sanitize_dbid --db_name=$app) db_user=$(ynh_sanitize_dbid --db_name=$app)
db_pwd=$(ynh_string_random --length=30) db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_app_setting_set --app=$app --key=db_user --value=$db_user
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;"
@ -119,7 +120,7 @@ chown -R $app:www-data "$final_path"
ynh_script_progression --message="Configuring NGINX web server..." ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config 'port_web port_stream' ynh_add_nginx_config
#================================================= #=================================================
# SPECIFIC SETUP # SPECIFIC SETUP
@ -153,7 +154,7 @@ popd
#================================================= #=================================================
# ADD A CONFIGURATION # ADD A CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Adding a config file..." ynh_script_progression --message="Adding a configuration file..."
config="$final_path/live/.env.production" config="$final_path/live/.env.production"
@ -200,17 +201,17 @@ ynh_add_systemd_config --service="$app-streaming" --template="glitchsoc-streamin
ynh_script_progression --message="Installing Glitch-Soc..." ynh_script_progression --message="Installing Glitch-Soc..."
pushd "$final_path/live" pushd "$final_path/live"
sudo -u $app $ynh_ruby_load_path bin/bundle config deployment 'true' ynh_exec_as $app $ynh_ruby_load_path bin/bundle config deployment 'true'
sudo -u $app $ynh_ruby_load_path bin/bundle config without 'development test' ynh_exec_as $app $ynh_ruby_load_path bin/bundle config without 'development test'
sudo -u $app $ynh_ruby_load_path bin/bundle install -j$(getconf _NPROCESSORS_ONLN) ynh_exec_as $app $ynh_ruby_load_path bin/bundle install -j$(getconf _NPROCESSORS_ONLN)
ynh_use_nodejs ynh_use_nodejs
ynh_exec_warn_less sudo -u $app $ynh_node_load_PATH yarn install --pure-lockfile ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile
echo "SAFETY_ASSURED=1">> $config echo "SAFETY_ASSURED=1">> $config
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails db:setup --quiet ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails db:setup --quiet
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:precompile --quiet ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:precompile --quiet
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > /dev/null ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > /dev/null
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl accounts modify "$admin" --approve ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl accounts modify "$admin" --approve
popd popd
vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt") vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt")

View file

@ -18,7 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$(ynh_sanitize_dbid --db_name=$app) db_user=$(ynh_app_setting_get --app=$app --key=db_user)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#================================================= #=================================================
@ -64,17 +64,6 @@ ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user # Remove a database if it exists, along with the associated user
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_ruby
ynh_remove_nodejs
ynh_remove_app_dependencies
ynh_remove_extra_repo
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
#================================================= #=================================================
@ -91,12 +80,23 @@ ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated NGINX config # Remove the dedicated NGINX config
ynh_remove_nginx_config ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_ruby
ynh_remove_nodejs
ynh_remove_app_dependencies
ynh_remove_extra_repo
#================================================= #=================================================
# SPECIFIC REMOVE # SPECIFIC REMOVE
#================================================= #=================================================
# REMOVE THE CRON FILE # REMOVE VARIOUS FILES
#================================================= #=================================================
ynh_script_progression --message="Removing the cron file..." ynh_script_progression --message="Removing various files..."
# Remove a cron file # Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app" ynh_secure_remove --file="/etc/cron.d/$app"

View file

@ -31,7 +31,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$(ynh_sanitize_dbid --db_name=$app) db_user=$(ynh_app_setting_get --app=$app --key=db_user)
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
#================================================= #=================================================
@ -39,7 +39,8 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..." ynh_script_progression --message="Validating restoration parameters..."
test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#================================================= #=================================================
# STANDARD RESTORATION STEPS # STANDARD RESTORATION STEPS
@ -56,7 +57,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_script_progression --message="Recreating the dedicated system user..." ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing) # Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path" ynh_system_user_create --username=$app --home_dir=$final_path
#================================================= #=================================================
# RESTORE THE APP MAIN DIR # RESTORE THE APP MAIN DIR
@ -71,6 +72,27 @@ chown -R $app:www-data "$final_path"
#================================================= #=================================================
# SPECIFIC RESTORATION # SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..."
# Define and install dependencies
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
ynh_install_ruby --ruby_version=$RUBY_VERSION
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..."
ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;"
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
#================================================= #=================================================
# ADD SWAP IF NEEDED # ADD SWAP IF NEEDED
#================================================= #=================================================
@ -87,23 +109,6 @@ fi
ynh_script_progression --message="Adding $swap_needed Mo to swap..." ynh_script_progression --message="Adding $swap_needed Mo to swap..."
ynh_add_swap --size=$swap_needed ynh_add_swap --size=$swap_needed
#=================================================
# RESTORE THE CRON FILE
#=================================================
ynh_script_progression --message="Restoring the cron file..."
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..."
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
ynh_exec_warn_less ynh_install_ruby --ruby_version=$RUBY_VERSION
#================================================= #=================================================
# INSTALLING RUBY AND BUNDLER # INSTALLING RUBY AND BUNDLER
#================================================= #=================================================
@ -116,14 +121,11 @@ pushd "$final_path/live"
popd popd
#================================================= #=================================================
# RESTORE THE POSTGRESQL DATABASE # RESTORE VARIOUS FILES
#================================================= #=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..." ynh_script_progression --message="Restoring various files..."
ynh_psql_test_if_first_run ynh_restore_file --origin_path="/etc/cron.d/$app"
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;"
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
#================================================= #=================================================
# RESTORE SYSTEMD # RESTORE SYSTEMD

View file

@ -23,7 +23,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language) language=$(ynh_app_setting_get --app=$app --key=language)
redis_namespace=$(ynh_app_setting_get --app=$app --key=db_name) redis_namespace=$(ynh_app_setting_get --app=$app --key=db_name)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$(ynh_sanitize_dbid --db_name=$app) db_user=$(ynh_app_setting_get --app=$app --key=db_user)
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
admin_mail=$(ynh_user_get_info --username=$admin --key='mail') admin_mail=$(ynh_user_get_info --username=$admin --key='mail')
port_web=$(ynh_app_setting_get --app=$app --key=port_web) port_web=$(ynh_app_setting_get --app=$app --key=port_web)
@ -43,6 +43,32 @@ ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd --line_match="Stopped"
ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd --line_match="Stopped"
ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd --line_match="Stopped"
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
@ -72,6 +98,12 @@ if [[ -z "$port_stream" ]]; then
ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream
fi fi
# If db_user doesn't exist, create it, needed for old install
if [[ -z "$db_user" ]]; then
db_user=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_user --value=$db_user
fi
# If db_pwd doesn't exist, create it, needed for old install # If db_pwd doesn't exist, create it, needed for old install
if [[ -z "$db_pwd" ]]; then if [[ -z "$db_pwd" ]]; then
db_pwd=$(ynh_string_random) db_pwd=$(ynh_string_random)
@ -119,39 +151,13 @@ fi
#Remove previous added repository #Remove previous added repository
ynh_remove_extra_repo ynh_remove_extra_repo
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd --line_match="Stopped"
ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd --line_match="Stopped"
ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd --line_match="Stopped"
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing) # Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path" ynh_system_user_create --username=$app --home_dir=$final_path
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -193,7 +199,7 @@ chown -R $app:www-data "$final_path"
ynh_script_progression --message="Upgrading NGINX web server configuration..." ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config 'port_web port_stream' ynh_add_nginx_config
#================================================= #=================================================
# UPGRADE DEPENDENCIES # UPGRADE DEPENDENCIES
@ -262,15 +268,15 @@ ynh_add_systemd_config --service="$app-streaming" --template="glitchsoc-streamin
ynh_script_progression --message="Upgrading Glitch-Soc..." ynh_script_progression --message="Upgrading Glitch-Soc..."
pushd "$final_path/live" pushd "$final_path/live"
sudo -u $app $ynh_ruby_load_path bin/bundle config deployment 'true' ynh_exec_as $app $ynh_ruby_load_path bin/bundle config deployment 'true'
sudo -u $app $ynh_ruby_load_path bin/bundle config without 'development test' ynh_exec_as $app $ynh_ruby_load_path bin/bundle config without 'development test'
sudo -u $app $ynh_ruby_load_path bin/bundle install -j$(getconf _NPROCESSORS_ONLN) ynh_exec_as $app $ynh_ruby_load_path bin/bundle install -j$(getconf _NPROCESSORS_ONLN)
ynh_use_nodejs ynh_use_nodejs
sudo -u $app $ynh_node_load_PATH yarn install --pure-lockfile ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:clean ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:clean
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:precompile ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:precompile
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails db:migrate ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails db:migrate
ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl cache clear ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl cache clear
popd popd
#================================================= #=================================================