grav_ynh/scripts/upgrade

#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1

app=$YNH_APP_INSTANCE_NAME

domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language)

fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)

#=================================================
# CHECK VERSION
#=================================================

upgrade_type=$(ynh_check_app_version_changed)

#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1

# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
	db_name=$(ynh_sanitize_dbid --db_name=$app)
	ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi

# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
	final_path=/var/www/$app
	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi

# Cleaning legacy permissions
is_public=$(ynh_app_setting_get --app=$app --key=is_public)

if [ -n "$is_public" ]; then
	# Removing skipped/unprotected_uris under certain conditions, remove the visitors group added during the migration process of 3.7
	# Remove skipped_uris. If the app was public, add visitors again to the main permission
	if ynh_permission_has_user --permission=main --user=visitors
	then
		# Remove unprotected_uris
		ynh_app_setting_delete --app=$app --key=unprotected_uris
		# Remove protected_uris
		ynh_app_setting_delete --app=$app --key=protected_uris
		# Remove skipped_uris
		ynh_app_setting_delete --app=$app --key=skipped_uris
		# Give visitors main permission
		ynh_permission_update --permission "main" --add "visitors"
	else
		# Remove unprotected_uris
		ynh_app_setting_delete --app=$app --key=unprotected_uris
		# Remove protected_uris
		ynh_app_setting_delete --app=$app --key=protected_uris
		# Remove skipped_uris
		ynh_app_setting_delete --app=$app --key=skipped_uris
	fi
	ynh_app_setting_delete --app=$app --key=is_public
fi

# If fpm_footprint doesn't exist, create it
if [ -z "$fpm_footprint" ]; then
	fpm_footprint=medium
	ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint
fi

# If fpm_usage doesn't exist, create it
if [ -z "$fpm_usage" ]; then
	fpm_usage=medium
	ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
fi

#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4

# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
	# restore it if the upgrade fails
	ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
	ynh_script_progression --message="Upgrading source files..." --weight=2

	# Download, check integrity, uncompress and patch the source from app.src
	ynh_setup_source --dest_dir="$final_path" --source_id="app-upgrade"
fi

#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2

# Create a dedicated nginx config
ynh_add_nginx_config

#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=3

# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path

#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1

# Create a dedicated php-fpm config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --package="$extra_php_dependencies"

# Delete existing ini configuration file (backward compatibility)
if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then
	ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini
fi

#=================================================
# SPECIFIC UPGRADE
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================

# Set permissions on app files
chown -R $app:www-data "$final_path"
find "$final_path" -type f -exec chmod 640 {} \;
find "$final_path/bin" -type f -exec chmod 750 {} \;
find "$final_path" -type d -exec chmod 750 {} \;
find "$final_path" -type d -exec chmod +s {} \;

#=================================================
# UPGRADE PLUGINS
#=================================================
ynh_script_progression --message="Updating all plugins..." --weight=1

yes N | ynh_exec_warn_less exec_as $app php${YNH_PHP_VERSION} $final_path/bin/gpm update --all-yes --no-interaction

#=================================================
# INSTALL LDAP PLUGIN
#=================================================
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=3

exec_as $app php${YNH_PHP_VERSION} "$final_path/bin/gpm" install login-ldap --all-yes --no-interaction
exec_as $app mkdir -p "$final_path/user/config/plugins/login-ldap"
exec_as $app touch "$final_path/user/accounts/admin.yaml"

ynh_add_config --template="../conf/login-ldap.yaml" --destination="$final_path/user/config/plugins/login-ldap.yaml"
chown $app:$app "$final_path/user/config/plugins/login-ldap.yaml"
chmod 640 "$final_path/user/config/plugins/login-ldap.yaml"

#=================================================
# CREATE A CRON TASK
#=================================================

echo "* *  *  *  * $app php${YNH_PHP_VERSION} $final_path/bin/grav scheduler 1>> /dev/null 2>&1" > /etc/cron.d/$app

#=================================================
# SETUP PERMISSIONS
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1

# Giving admin permission to the specified used
if ! ynh_permission_exists --permission "admin"
then
	ynh_permission_create --permission "admin" --allowed "$admin"
else
	ynh_permission_update --permission "admin" --add "$admin"
fi

# Creating user permission
if ! ynh_permission_exists --permission "user"
then
	ynh_permission_create --permission "user"
fi

#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1

ynh_systemd_action --service_name=php${YNH_PHP_VERSION}-fpm --action=restart
ynh_systemd_action --service_name=nginx --action=reload

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Upgrade of $app completed" --last