YunoHost/lxd_img_builder
1
0
Fork 0
mirror of https://github.com/YunoHost/lxd_img_builder.git synced 2024-09-03 19:56:55 +02:00
Code Issues Projects Releases Packages Wiki Activity
lxd_img_builder/recipes
Alexandre Aubin ce035f67db Port uncommited changes from prod
2024-08-13 18:41:21 +02:00

171 lines
7.9 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
function build_and_lint()
{
APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install --no-install-recommends"
# Needed to build and access artefacts on core CI ...
$APT_INSTALL ca-certificates git curl
dpkg -i /root/gitlab-runner-light.deb
rm /root/gitlab-runner-light.deb
# This is for
# a) building .debs
TOOLING_APT_DEPENDENCIES="devscripts build-essential debhelper dpkg-dev dh-python wget hub"
TOOLING_APT_DEPENDENCIES+=" python3 python3-all python3-yaml python3-jinja2 python3-pip python-is-python3"
$APT_INSTALL $TOOLING_APT_DEPENDENCIES
# b) running tox, black, mypy, flake8, i18n string consistency check, bot sending PRs (actually this one is 'hub' in apt dependency right before)
if [[ $DEBIAN_VERSION == "bullseye" ]]
then
TOOLING_PIP_DEPENDENCIES='pyOpenSSL "tox==4.0.0" ansi2html toml "black>=22.12" jinja2 "packaging<22"'
else
TOOLING_PIP_DEPENDENCIES='pyOpenSSL "tox>=4.17" ansi2html toml "black>=24.4" jinja2 --break-system-packages'
fi
PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $TOOLING_PIP_DEPENDENCIES
TOOLING_PIP_DEPENDENCIES='types-ipaddress types-enum34 types-cryptography types-toml types-requests types-PyYAML types-pyOpenSSL types-mock'
[[ $DEBIAN_VERSION == "bullseye" ]] || TOOLING_PIP_DEPENDENCIES+=" --break-system-packages"
PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $TOOLING_PIP_DEPENDENCIES
}
function before_install()
{
APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install --no-install-recommends"
# Needed to build and access artefacts on core CI ...
$APT_INSTALL ca-certificates git curl
dpkg -i /root/gitlab-runner-light.deb
rm /root/gitlab-runner-light.deb
# Download the YunoHost install script
INSTALL_SCRIPT="https://raw.githubusercontent.com/YunoHost/install_script/main/$DEBIAN_VERSION"
curl $INSTALL_SCRIPT > install.sh
# Disable the install of yunohost itself, because we need this for the core CI
sed -i -E 's/(step\s+install_yunohost_packages)/#\1/' install.sh
sed -i -E 's/(^\s+install_yunohost_packages)/#\1/' install.sh
# Trick to disable restarting the service during install
sed -i -E 's/(step\s+restart_services)/echo skip restart service #\1/' install.sh
echo exit 101 > /usr/sbin/policy-rc.d
chmod +x /usr/sbin/policy-rc.d
# Actual install of everything...except yunohost itself
cat install.sh | bash -s -- -a -d $RELEASE
DEPENDENCIES_TO_PREINSTALL=$(
curl https://raw.githubusercontent.com/YunoHost/yunohost/$gitbranch/debian/control 2> /dev/null | sed -n '/^Depends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" | grep -v "moulinette\|ssowat\|yunohost-portal";
curl https://raw.githubusercontent.com/YunoHost/yunohost/$gitbranch/debian/control 2> /dev/null | sed -n '/^Recommends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" | grep -v "yunohost-admin";
curl https://raw.githubusercontent.com/YunoHost/moulinette/$gitbranch/debian/control 2> /dev/null | sed -n '/^Depends:/,/^\w/{//!p}' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g";
# Same as above, except that all dependencies are in the same line
curl https://raw.githubusercontent.com/YunoHost/ssowat/$gitbranch/debian/control 2> /dev/null | grep '^Depends:' | sed 's/Depends://' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g";
)
# To extract the dependencies, we want to retrieve the lines between "^Dependencies:" and the new line that doesn't start with a space (exclusively) . Then, we remove ",", then we remove the version specifiers "(>= X.Y)", then we add simple quotes to packages when there is a pipe (or) 'php-mysql|php-mysqlnd'.
APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install"
export SUDO_FORCE_REMOVE=yes
$APT_INSTALL python3-all $(echo $DEPENDENCIES_TO_PREINSTALL | tr '\n' ' ')
rm /usr/sbin/policy-rc.d
# FIXME: where does this comes from x_x / why
sed -i 's/worker_processes.*;/worker_processes 4;/g' /etc/nginx/nginx.conf
}
function dev()
{
YUNOHOST_PACKAGES="yunohost yunohost-admin"
if [[ $DEBIAN_VERSION == "bookworm" ]]; then
YUNOHOST_PACKAGES+=" yunohost-portal"
fi
# Do not install vim (in recommends), just to save up space...
YUNOHOST_PACKAGES+=" vim-"
export SUDO_FORCE_REMOVE=yes
APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install"
$APT_INSTALL $YUNOHOST_PACKAGES
}
function appci()
{
YUNO_PWD="SomeSuperStrongPassword"
DOMAIN="domain.tld"
SUBDOMAIN="sub.$DOMAIN"
TEST_USER="package_checker"
TEST_USER_DISPLAY=${TEST_USER//"_"/""}
yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --username $TEST_USER --fullname "$TEST_USER_DISPLAY"
# Disable password strength check for convenience on the app CI
echo 'admin_strength: -1' >> /etc/yunohost/settings.yml
echo 'user_strength: -1' >> /etc/yunohost/settings.yml
yunohost domain add $SUBDOMAIN
}
function core_tests()
{
# Reneable default password strength check
sed -i '/admin_strength/d' /etc/yunohost/settings.yml
sed -i '/user_strength/d' /etc/yunohost/settings.yml
CORE_TESTS_APT_DEPENDENCIES="python3-pip"
CORE_TESTS_PIP_DEPENCENDIES='mock pip pyOpenSSL pytest pytest-cov pytest-mock pytest-sugar requests-mock "packaging<22"'
if [[ "$DEBIAN_VERSION" == "bookworm" ]]
then
# We add php8.2-cli, mariadb-client and mariadb-server to the dependencies for test_app_resources
CORE_TESTS_APT_DEPENDENCIES+=" php8.2-cli mariadb-client mariadb-server"
CORE_TESTS_PIP_DEPENCENDIES+=" --break-system-packages"
fi
APT_INSTALL="apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install --no-install-recommends"
$APT_INSTALL $CORE_TESTS_APT_DEPENDENCIES
PIP_NO_CACHE_DIR=1 PIP_PROGRESS_BAR='off' python3 -m pip install -U $CORE_TESTS_PIP_DEPENCENDIES
}
function slimify()
{
apt clean
# Disable mandb because zzzzz: https://stackoverflow.com/questions/69974259/fully-disable-man-db
mv /usr/bin/mandb /usr/bin/mandb-OFF || true
cp -p /bin/true /usr/bin/mandb
rm -rf /var/cache/man
rm -f /var/lib/man-db/auto-update
apt-mark hold man-db || true
# Other tricks to save up space (at least 100MB or even 200MB wtf?!)
# https://stackoverflow.com/questions/59794891/how-does-debian-differ-from-debian-slim
rm -rf /usr/share/doc
rm -rf /usr/share/info
rm -rf /usr/share/i18n
rm -rf /usr/share/locale
rm -rf /usr/share/man
rm -rf /var/lib/apt/lists/*
apt remove vim --purge --autoremove --assume-yes || true
# Disable apt annoyances
systemctl -q disable apt-daily.timer --now
systemctl -q disable apt-daily-upgrade.timer --now
systemctl -q disable apt-daily.service --now
systemctl -q disable apt-daily-upgrade.service --now
rm -f /etc/cron.daily/apt-compat
cp /bin/true /usr/lib/apt/apt.systemd.daily
# Disable services that are useless in the vast majority of cases to try to improve perfs
systemctl -q disable rspamd --now || true
systemctl -q disable dovecot --now || true
systemctl -q disable postsrsd --now || true
systemctl -q disable metronome --now || true
systemctl -q disable opendkim --now || true
systemctl -q disable fake-hwclock.service --now || true
systemctl -q disable haveged.service --now || true
systemctl -q disable unattended-upgrades.service --now || true
systemctl -q disable e2scrub_all.timer --now || true
systemctl -q disable logrotate.timer --now || true
systemctl -q disable phpsessionclean.timer --now || true
systemctl -q disable systemd-tmpfiles-clean.timer --now || true
systemctl -q disable yunohost-api --now || true
systemctl -q disable yunoprompt --now || true
}
Reference in a new issue View git blame Copy permalink