diff --git a/README.md b/README.md index 98ce024..23885a7 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,52 @@ + + # YunoRunner for YunoHost [![Integration level](https://dash.yunohost.org/integration/yunorunner.svg)](https://dash.yunohost.org/appci/app/yunorunner) ![](https://ci-apps.yunohost.org/ci/badges/yunorunner.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/yunorunner.maintain.svg) [![Install YunoRunner with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=yunorunner) -> *This package allows you to install YunoRunner quickly and simply on a YunoHost server. +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install YunoRunner quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview -YunoRunner is our own CI runner for YunoHost Apps -**Shipped version:** 2021-03-05 +CI runner of YunoHost + +**Shipped version:** 2021.09.22~ynh3 + + ## Screenshots -![](https://user-images.githubusercontent.com/30271971/52810447-e06b5600-3092-11e9-9853-fb46e46fda65.PNG) +![](./doc/screenshots/screenshot.png) -## Demo - -* [Official demo](https://ci-apps.yunohost.org) - -## YunoHost specific features - -#### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/yunorunner.svg)](https://ci-apps.yunohost.org/ci/apps/yunorunner/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/yunorunner.svg)](https://ci-apps-arm.yunohost.org/ci/apps/yunorunner/) +## Disclaimers / important information ## Limitations -* You need to install [CI_package_check](https://github.com/YunoHost/CI_package_check) using the build_CI.sh script before installing YunoRunner -* When YunoRunner is installed, modify the systemd script to add the path of the script analyseCI.sh. The default systemd is configured to `/home/CI_package_check/analyseCI.sh` +* You need to install [CI_package_check](https://github.com/YunoHost/CI_package_check) using the `install.sh` script before installing YunoRunner +* When YunoRunner is installed, modify the systemd script to add the path of the script `analyseCI.sh`. The default systemd is configured to `/home/CI_package_check/analyseCI.sh` -## Links +## Documentation and resources - * Report a bug: https://github.com/YunoHost-Apps/yunorunner_ynh_core/issues - * App website: https://github.com/YunoHost/yunorunner - * Upstream app repository: https://github.com/YunoHost/yunorunner - * YunoHost website: https://yunohost.org/ - ---- +* Upstream app code repository: https://github.com/YunoHost/yunorunner +* YunoHost documentation for this app: https://yunohost.org/app_yunorunner +* Report a bug: https://github.com/YunoHost-Apps/yunorunner_ynh/issues ## Developer info -Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/yunorunner_ynh_core/tree/testing). +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/yunorunner_ynh/tree/testing). To try the testing branch, please proceed like that. ``` -sudo yunohost app install https://github.com/YunoHost-Apps/yunorunner_ynh_core/tree/testing --debug +sudo yunohost app install https://github.com/YunoHost-Apps/yunorunner_ynh/tree/testing --debug or -sudo yunohost app upgrade yunorunner -u https://github.com/YunoHost-Apps/yunorunner_ynh_core/tree/testing --debug +sudo yunohost app upgrade yunorunner -u https://github.com/YunoHost-Apps/yunorunner_ynh/tree/testing --debug ``` + +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..b2095e6 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,48 @@ +# YunoRunner pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/yunorunner.svg)](https://dash.yunohost.org/appci/app/yunorunner) ![](https://ci-apps.yunohost.org/ci/badges/yunorunner.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/yunorunner.maintain.svg) +[![Installer YunoRunner avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=yunorunner) + +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* + +> *Ce package vous permet d'installer YunoRunner rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +Runner d'intégration continue de YunoHost + +**Version incluse :** 2021.09.22~ynh3 + + + +## Captures d'écran + +![](./doc/screenshots/screenshot.png) + +## Avertissements / informations importantes + +## Limitations + +* You need to install [CI_package_check](https://github.com/YunoHost/CI_package_check) using the `install.sh` script before installing YunoRunner +* When YunoRunner is installed, modify the systemd script to add the path of the script `analyseCI.sh`. The default systemd is configured to `/home/CI_package_check/analyseCI.sh` + +## Documentations et ressources + +* Dépôt de code officiel de l'app : https://github.com/YunoHost/yunorunner +* Documentation YunoHost pour cette app : https://yunohost.org/app_yunorunner +* Signaler un bug : https://github.com/YunoHost-Apps/yunorunner_ynh/issues + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/yunorunner_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/yunorunner_ynh/tree/testing --debug +ou +sudo yunohost app upgrade yunorunner -u https://github.com/YunoHost-Apps/yunorunner_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/check_process b/check_process index 03d9e18..f0f31f4 100644 --- a/check_process +++ b/check_process @@ -2,8 +2,8 @@ ; pre-install sudo git clone https://github.com/YunoHost/CI_package_check /home/CI_package_check ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) + domain="domain.tld" + path="/path" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -12,12 +12,10 @@ setup_private=0 setup_public=1 upgrade=1 - # 03 Sep 2018 - # upgrade=1 from_commit=04cb5f0ec18def9d50fa861c16d491275843b9e7 - # 041120 - # upgrade=1 from_commit=7b3acfc9b28b6ed33a1590ae16261d7dd3b5b06a # 2021-03-05~ynh1 upgrade=1 from_commit=f0e9373aa2403bf04f84c67646ac5d34376b7959 + # 2021-09-22~ynh1 + upgrade=1 from_commit=fea498cd83a7da12a102efe2f47397dace3cddda backup_restore=1 multi_instance=1 port_already_use=1 (4242) @@ -26,10 +24,7 @@ Email= Notification=down ;;; Upgrade options - ; commit=04cb5f0ec18def9d50fa861c16d491275843b9e7 - name=03 Sep 2018 04cb5f0ec18def9d50fa861c16d491275843b9e7 - manifest_arg=domain=DOMAIN&path=PATH& - ; commit=7b3acfc9b28b6ed33a1590ae16261d7dd3b5b06a - name=041120 ; commit=f0e9373aa2403bf04f84c67646ac5d34376b7959 name=2021-03-05~ynh1 + ; commit=fea498cd83a7da12a102efe2f47397dace3cddda + name=2021-09-22~ynh1 diff --git a/conf/nginx.conf b/conf/nginx.conf index bcb3b45..b6fef56 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,16 +1,14 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { - alias __FINALPATH__/; - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } + proxy_pass http://127.0.0.1:__PORT__/; - proxy_pass http://127.0.0.1:__PORT__/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; @@ -29,9 +27,8 @@ location __PATH__/ { location __PATH__/summary/ { alias /home/CI_package_check/summary/; autoindex on; - etag off; - more_set_headers "Cache-control: max-age=300, s-maxage=300"; + etag off; + more_set_headers "Cache-control: max-age=300, s-maxage=300"; error_page 404 /ci/summary/empty.png; - } - + } } diff --git a/conf/systemd.service b/conf/systemd.service index d7c7185..ad977e3 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,8 +7,25 @@ Type=simple Restart=always User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__ +WorkingDirectory=__FINALPATH__/ ExecStart=__FINALPATH__/venv/bin/python ./run.py +# Sandboxing options to harden security +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/.gitkeep b/doc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..75994f3 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,4 @@ +## Limitations + +* You need to install [CI_package_check](https://github.com/YunoHost/CI_package_check) using the `install.sh` script before installing YunoRunner +* When YunoRunner is installed, modify the systemd script to add the path of the script `analyseCI.sh`. The default systemd is configured to `/home/CI_package_check/analyseCI.sh` diff --git a/doc/screenshots/.gitkeep b/doc/screenshots/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/screenshots/screenshot.png b/doc/screenshots/screenshot.png new file mode 100644 index 0000000..32b0f32 Binary files /dev/null and b/doc/screenshots/screenshot.png differ diff --git a/manifest.json b/manifest.json index 3530445..f3fd036 100644 --- a/manifest.json +++ b/manifest.json @@ -6,8 +6,12 @@ "en": "CI runner of YunoHost", "fr": "Runner d'intégration continue de YunoHost" }, - "version": "2021-03-05~ynh1", + "version": "2021.09.22~ynh3", "url": "https://github.com/YunoHost/yunorunner", + "upstream": { + "license": "GPL-3.0-or-later", + "code": "https://github.com/YunoHost/yunorunner" + }, "license": "GPL-3.0-or-later", "maintainer": { "name": "" @@ -17,7 +21,7 @@ "email": "maniackc_dev@crudelis.fr" }, "requirements": { - "yunohost": ">= 4.1.3" + "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ @@ -27,8 +31,7 @@ "install" : [ { "name": "domain", - "type": "domain", - "example": "example.com" + "type": "domain" }, { "name": "path", diff --git a/scripts/_common.sh b/scripts/_common.sh index 3ecbdc2..88c8417 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -9,7 +9,7 @@ pkg_dependencies="python3-venv python3-dev python3-pip sqlite3" yunorunner_repository="https://github.com/YunoHost/yunorunner" -yunorunner_release="444de3ae11db85294b6839b79b603e2d86b0a662" +yunorunner_release="0e87f07e8bcb1f3aee055a694f3c7198e22b4019" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 4cb2ff6..202e137 100644 --- a/scripts/install +++ b/scripts/install @@ -71,7 +71,7 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -110,9 +110,6 @@ pushd $final_path python3 -m venv venv venv/bin/pip install --upgrade pip venv/bin/pip install -r requirements-frozen.txt - #Fix current websocket version error (2019-02-14) - venv/bin/pip uninstall -y websockets - venv/bin/pip install 'websockets>=6.0,<7.0' popd #================================================= diff --git a/scripts/remove b/scripts/remove index c561c2c..524c878 100644 --- a/scripts/remove +++ b/scripts/remove @@ -26,6 +26,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then ynh_script_progression --message="Removing $app service integration..." diff --git a/scripts/restore b/scripts/restore index dc2d712..67bef3d 100644 --- a/scripts/restore +++ b/scripts/restore @@ -36,10 +36,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " +test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " #================================================= # ACTIVATE MAINTENANCE MODE @@ -94,9 +91,6 @@ pushd $final_path python3 -m venv venv venv/bin/pip install --upgrade pip venv/bin/pip install -r requirements-frozen.txt - #Fix current websocket version error (2019-02-14) - venv/bin/pip uninstall -y websockets - venv/bin/pip install 'websockets>=6.0,<7.0' popd #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 392ee1a..677b0ec 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -28,35 +28,6 @@ ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." - -# If port doesn't exist, create it -if [ -z "$port" ]; then - port=4242 - ynh_app_setting_set --app=$app --key=port --value=$port -fi - -if [[ ! -d "$final_path/.git/" ]] -then - git init "$final_path" - pushd "$final_path" - git remote add origin "$yunorunner_repository" - popd -fi - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -# Remove Pythonz -ynh_secure_remove --file="$final_path/.pythonz" - #================================================= # CLOSE A PORT #================================================= @@ -96,13 +67,42 @@ ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped YunoRunner CI" +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." + +# If port doesn't exist, create it +if [ -z "$port" ]; then + port=4242 + ynh_app_setting_set --app=$app --key=port --value=$port +fi + +if [[ ! -d "$final_path/.git/" ]] +then + git init "$final_path" + pushd "$final_path" + git remote add origin "$yunorunner_repository" + popd +fi + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +# Remove Pythonz +ynh_secure_remove --file="$final_path/.pythonz" + #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -149,9 +149,6 @@ pushd $final_path python3 -m venv venv venv/bin/pip install --upgrade pip venv/bin/pip install -r requirements-frozen.txt - #Fix current websocket version error (2019-02-14) - venv/bin/pip uninstall -y websockets - venv/bin/pip install 'websockets>=6.0,<7.0' popd #=================================================