YunoHost-Apps/vaultwarden_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/vaultwarden_ynh.git synced 2024-09-03 18:26:31 +02:00
Code Issues Activity Actions

Merge pull request #196 from YunoHost-Apps/from_docker

Browse source 
From docker
This commit is contained in:
yalh76 2022-08-30 20:39:06 +02:00 committed by GitHub
commit 5406850d0b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 39 additions and 154 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
.github/workflows/updater.sh vendored
View file

@ -18,9 +18,6 @@ current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) # Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
webversion=$(curl --silent "https://api.github.com/repos/dani-garcia/bw_web_builds/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").tarball_url ] | join(" ") | @sh' | tr -d "'"))
assets+=($(curl --silent "https://api.github.com/repos/dani-garcia/bw_web_builds/releases" | jq -r '[ .[] | select(.tag_name=="'$webversion'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
# Later down the script, we assume the version has only digits and dots # Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out. # Sometimes the release name starts with a "v", so let's filter it out.
@ -47,74 +44,6 @@ elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.
exit 0 exit 0
fi fi
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
echo "${#assets[@]} available asset(s)"
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Here we use the $assets variable to get the resources published in the upstream release.
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
# Let's loop over the array of assets URLs
for asset_url in ${assets[@]}; do
echo "Handling asset at $asset_url"
# Assign the asset to a source file in conf/ directory
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
# Leave $src empty to ignore the asset
case $asset_url in
*"vaultwarden"*)
src="app"
;;
*"bw_web_v"*".tar.gz")
src="web"
;;
*)
src=""
;;
esac
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true
EOT
echo "... conf/$src.src updated"
else
echo "... asset ignored"
fi
done
#================================================= #=================================================
# SPECIFIC UPDATE STEPS # SPECIFIC UPDATE STEPS
#================================================= #=================================================

7
conf/app.src
View file

@ -1,7 +0,0 @@
SOURCE_URL=https://api.github.com/repos/dani-garcia/vaultwarden/tarball/1.25.2
SOURCE_SUM=856c0442ad3a44bc580246a8fe9eaac4578d4b04b84a0a899b840a551186c25f
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

7
conf/docker-image-extract.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://codeload.github.com/jjlin/docker-image-extract/tar.gz/a9e455e44bbbfba897bf3342d9661b182cee67a9
SOURCE_SUM=9eb0c734e83a3fd7102fc7209af4977024ec467fbc819782491af47295675f67
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

7
conf/web.src
View file

@ -1,7 +0,0 @@
SOURCE_URL=https://github.com/dani-garcia/bw_web_builds/releases/download/v2022.6.2/bw_web_v2022.6.2.tar.gz
SOURCE_SUM=206fde0814d46bb78a79a7a5ab10963beaeb5c952e05a9e1b18c2495fb7174e1
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

2
manifest.json
View file

@ -20,7 +20,7 @@
"name": "yalh76" "name": "yalh76"
}, },
"requirements": { "requirements": {
"yunohost": ">= 4.3.0" "yunohost": ">= 11.0.0"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [

2
scripts/_common.sh
View file

@ -5,7 +5,7 @@
#================================================= #=================================================
# dependencies used by the app # dependencies used by the app
pkg_dependencies="build-essential pkg-config libssl-dev libc6-dev" pkg_dependencies="libpq5"
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS

53
scripts/install
View file

@ -91,14 +91,9 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
ynh_script_progression --message="Setting up source files..." ynh_script_progression --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract"
mkdir -p "$final_path/live/"
# Download, check integrity, uncompress and patch the source from web.src
ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web"
mkdir -p "$final_path/.rustup"
mkdir -p "$final_path/.cargo"
chmod 750 "$final_path" chmod 750 "$final_path"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$final_path"
@ -114,31 +109,6 @@ ynh_add_nginx_config
#================================================= #=================================================
# SPECIFIC SETUP # SPECIFIC SETUP
#=================================================
# MAKE INSTALL
#=================================================
ynh_script_progression --message="Making install..."
# Install rustup with the toolchain needed by vaultwarden
pushd "$final_path"
ynh_exec_warn_less ynh_exec_as "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -q -y'
popd
export PATH="$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin:$PATH"
# Compile vaultwarden
pushd "$final_path"/build
ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" CARGO_HOME="$final_path/.cargo" $final_path/.cargo/bin/cargo build --features sqlite --release
popd
# Install vaultwarden
cp -af "$final_path/build/target/release/vaultwarden" "$final_path/live/vaultwarden"
# Remove build files and rustup
ynh_secure_remove --file="$final_path/build"
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
#================================================= #=================================================
# CREATE DATA DIRECTORY # CREATE DATA DIRECTORY
#================================================= #=================================================
@ -153,6 +123,23 @@ chmod 750 "$datadir"
chmod -R o-rwx "$datadir" chmod -R o-rwx "$datadir"
chown -R $app:$app "$datadir" chown -R $app:$app "$datadir"
#=================================================
# MAKE INSTALL
#=================================================
ynh_script_progression --message="Making install..."
pushd "$final_path"/build
./docker-image-extract vaultwarden/server:$(ynh_app_upstream_version)
popd
mv -f "$final_path/build/output/vaultwarden" "$final_path/live/vaultwarden"
rsync -a "$final_path/build/output/web-vault/" "$final_path/live/web-vault/"
ynh_secure_remove --file="$final_path/build"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#================================================= #=================================================
# ADD A CONFIGURATION # ADD A CONFIGURATION
#================================================= #=================================================

44
scripts/upgrade
View file

@ -141,13 +141,8 @@ then
ynh_script_progression --message="Upgrading source files..." ynh_script_progression --message="Upgrading source files..."
# Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory # Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory
ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract"
mkdir -p "$final_path/live/"
# Download, check integrity, uncompress and patch the source from web.src
ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web"
mkdir -p "$final_path/.rustup"
mkdir -p "$final_path/.cargo"
fi fi
chmod 750 "$final_path" chmod 750 "$final_path"
@ -176,41 +171,22 @@ ynh_add_nginx_config
#================================================= #=================================================
ynh_script_progression --message="Making upgrade..." ynh_script_progression --message="Making upgrade..."
# Set right permissions
chown -R "$app":"$app" "$final_path"
if [ "$upgrade_type" == "UPGRADE_APP" ] if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
# Install rustup with the toolchain needed by vaultwarden
pushd "$final_path"
ynh_exec_warn_less ynh_exec_as "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -q -y'
popd
export PATH="$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin:$PATH"
# Compile vaultwarden
pushd "$final_path"/build pushd "$final_path"/build
ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" CARGO_HOME="$final_path/.cargo" $final_path/.cargo/bin/cargo build --features sqlite --release ./docker-image-extract vaultwarden/server:$(ynh_app_upstream_version)
popd popd
# Remove old generated files before copying the new ones mv -f "$final_path/build/output/vaultwarden" "$final_path/live/vaultwarden"
ynh_secure_remove --file="$final_path/live/.fingerprint" ynh_secure_remove --file="$final_path/live/web-vault/"
ynh_secure_remove --file="$final_path/live/build" rsync -a "$final_path/build/output/web-vault/" "$final_path/live/web-vault/"
ynh_secure_remove --file="$final_path/live/deps"
ynh_secure_remove --file="$final_path/live/examples"
ynh_secure_remove --file="$final_path/live/incremental"
ynh_secure_remove --file="$final_path/live/.cargo-lock"
ynh_secure_remove --file="$final_path/live/vaultwarden.d"
# Install vaultwarden
cp -af "$final_path/build/target/release/vaultwarden" "$final_path/live/vaultwarden"
# Remove build files and rustup
ynh_secure_remove --file="$final_path/build" ynh_secure_remove --file="$final_path/build"
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
fi fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#================================================= #=================================================
# UPDATE A CONFIG FILE # UPDATE A CONFIG FILE
#================================================= #=================================================