diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index eec8545..c6c82b4 100644 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -18,9 +18,6 @@ current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') # Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -webversion=$(curl --silent "https://api.github.com/repos/dani-garcia/bw_web_builds/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").tarball_url ] | join(" ") | @sh' | tr -d "'")) -assets+=($(curl --silent "https://api.github.com/repos/dani-garcia/bw_web_builds/releases" | jq -r '[ .[] | select(.tag_name=="'$webversion'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) # Later down the script, we assume the version has only digits and dots # Sometimes the release name starts with a "v", so let's filter it out. @@ -47,74 +44,6 @@ elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY. exit 0 fi -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - - echo "Handling asset at $asset_url" - - # Assign the asset to a source file in conf/ directory - # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) - # Leave $src empty to ignore the asset - case $asset_url in - *"vaultwarden"*) - src="app" - ;; - *"bw_web_v"*".tar.gz") - src="web" - ;; - *) - src="" - ;; - esac - - # If $src is not empty, let's process the asset - if [ ! -z "$src" ]; then - # Create the temporary directory - tempdir="$(mktemp -d)" - - # Download sources and calculate checksum - filename=${asset_url##*/} - curl --silent -4 -L $asset_url -o "$tempdir/$filename" - checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - - # Delete temporary directory - rm -rf $tempdir - - # Get extension - if [[ $filename == *.tar.gz ]]; then - extension=tar.gz - else - extension=${filename##*.} - fi - - # Rewrite source file - cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true -EOT - echo "... conf/$src.src updated" - - else - echo "... asset ignored" - fi - -done - #================================================= # SPECIFIC UPDATE STEPS #================================================= diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index b1b51cd..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://api.github.com/repos/dani-garcia/vaultwarden/tarball/1.25.2 -SOURCE_SUM=856c0442ad3a44bc580246a8fe9eaac4578d4b04b84a0a899b840a551186c25f -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/docker-image-extract.src b/conf/docker-image-extract.src new file mode 100644 index 0000000..64fe1a1 --- /dev/null +++ b/conf/docker-image-extract.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://codeload.github.com/jjlin/docker-image-extract/tar.gz/a9e455e44bbbfba897bf3342d9661b182cee67a9 +SOURCE_SUM=9eb0c734e83a3fd7102fc7209af4977024ec467fbc819782491af47295675f67 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/web.src b/conf/web.src deleted file mode 100644 index a6edd9d..0000000 --- a/conf/web.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/dani-garcia/bw_web_builds/releases/download/v2022.6.2/bw_web_v2022.6.2.tar.gz -SOURCE_SUM=206fde0814d46bb78a79a7a5ab10963beaeb5c952e05a9e1b18c2495fb7174e1 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/manifest.json b/manifest.json index aa86eb3..9101ef5 100644 --- a/manifest.json +++ b/manifest.json @@ -20,7 +20,7 @@ "name": "yalh76" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.0" }, "multi_instance": true, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index 65744f6..124b61d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="build-essential pkg-config libssl-dev libc6-dev" +pkg_dependencies="libpq5" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 3ea215c..0a6c775 100644 --- a/scripts/install +++ b/scripts/install @@ -91,14 +91,9 @@ ynh_system_user_create --username=$app --home_dir="$final_path" ynh_script_progression --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path -# Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory -ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" - -# Download, check integrity, uncompress and patch the source from web.src -ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web" - -mkdir -p "$final_path/.rustup" -mkdir -p "$final_path/.cargo" +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract" +mkdir -p "$final_path/live/" chmod 750 "$final_path" chmod -R o-rwx "$final_path" @@ -114,31 +109,6 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP -#================================================= -# MAKE INSTALL -#================================================= -ynh_script_progression --message="Making install..." - -# Install rustup with the toolchain needed by vaultwarden -pushd "$final_path" - ynh_exec_warn_less ynh_exec_as "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -q -y' -popd - -export PATH="$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin:$PATH" - -# Compile vaultwarden -pushd "$final_path"/build - ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" CARGO_HOME="$final_path/.cargo" $final_path/.cargo/bin/cargo build --features sqlite --release -popd - -# Install vaultwarden -cp -af "$final_path/build/target/release/vaultwarden" "$final_path/live/vaultwarden" - -# Remove build files and rustup -ynh_secure_remove --file="$final_path/build" -ynh_secure_remove --file="$final_path/.cargo" -ynh_secure_remove --file="$final_path/.rustup" - #================================================= # CREATE DATA DIRECTORY #================================================= @@ -153,6 +123,23 @@ chmod 750 "$datadir" chmod -R o-rwx "$datadir" chown -R $app:$app "$datadir" +#================================================= +# MAKE INSTALL +#================================================= +ynh_script_progression --message="Making install..." + +pushd "$final_path"/build + ./docker-image-extract vaultwarden/server:$(ynh_app_upstream_version) +popd + +mv -f "$final_path/build/output/vaultwarden" "$final_path/live/vaultwarden" +rsync -a "$final_path/build/output/web-vault/" "$final_path/live/web-vault/" +ynh_secure_remove --file="$final_path/build" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + #================================================= # ADD A CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 4040911..ad6610f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -141,13 +141,8 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory - ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" - - # Download, check integrity, uncompress and patch the source from web.src - ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web" - - mkdir -p "$final_path/.rustup" - mkdir -p "$final_path/.cargo" + ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract" + mkdir -p "$final_path/live/" fi chmod 750 "$final_path" @@ -176,41 +171,22 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Making upgrade..." -# Set right permissions -chown -R "$app":"$app" "$final_path" - if [ "$upgrade_type" == "UPGRADE_APP" ] then - # Install rustup with the toolchain needed by vaultwarden - pushd "$final_path" - ynh_exec_warn_less ynh_exec_as "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -q -y' - popd - - export PATH="$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin:$PATH" - - # Compile vaultwarden pushd "$final_path"/build - ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" CARGO_HOME="$final_path/.cargo" $final_path/.cargo/bin/cargo build --features sqlite --release + ./docker-image-extract vaultwarden/server:$(ynh_app_upstream_version) popd - # Remove old generated files before copying the new ones - ynh_secure_remove --file="$final_path/live/.fingerprint" - ynh_secure_remove --file="$final_path/live/build" - ynh_secure_remove --file="$final_path/live/deps" - ynh_secure_remove --file="$final_path/live/examples" - ynh_secure_remove --file="$final_path/live/incremental" - ynh_secure_remove --file="$final_path/live/.cargo-lock" - ynh_secure_remove --file="$final_path/live/vaultwarden.d" - - # Install vaultwarden - cp -af "$final_path/build/target/release/vaultwarden" "$final_path/live/vaultwarden" - - # Remove build files and rustup + mv -f "$final_path/build/output/vaultwarden" "$final_path/live/vaultwarden" + ynh_secure_remove --file="$final_path/live/web-vault/" + rsync -a "$final_path/build/output/web-vault/" "$final_path/live/web-vault/" ynh_secure_remove --file="$final_path/build" - ynh_secure_remove --file="$final_path/.cargo" - ynh_secure_remove --file="$final_path/.rustup" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + #================================================= # UPDATE A CONFIG FILE #=================================================