-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrecipes
executable file
·256 lines (208 loc) · 9.77 KB
/
recipes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
#!/usr/bin/env bash
set -Eeuo pipefail
set -x
# This script expects those variables to be defined:
# RELEASE, DEBIAN_VERSION, gitbranch
export PIP_NO_CACHE_DIR=1
export PIP_PROGRESS_BAR=off
function apt_yes()
{
SUDO_FORCE_REMOVE=yes DEBIAN_FRONTEND=noninteractive \
apt-get -y --no-install-recommends "$@"
}
function install_gitlab_runner_light()
{
# Needed to build and access artefacts on core CI ...
apt_yes install /root/gitlab-runner-light.deb
rm /root/gitlab-runner-light.deb
}
function build_and_lint()
{
apt_yes update
apt_yes upgrade
install_gitlab_runner_light
# This is for
# a) building .debs
TOOLING_APT_DEPENDENCIES=(
devscripts build-essential debhelper dpkg-dev dh-python wget hub
python3 python3-all python-is-python3 python3-pip
python3-yaml python3-toml python3-jinja2 python3-openssl
)
apt_yes install "${TOOLING_APT_DEPENDENCIES[@]}"
# b) running tox, black, mypy, flake8, i18n string consistency check, bot sending PRs (actually this one is 'hub' in apt dependency right before)
TOOLING_PIP_DEPENDENCIES=(
ansi2html
types-ipaddress types-enum34 types-cryptography types-toml
types-requests types-PyYAML types-pyOpenSSL types-mock
)
if [[ $DEBIAN_VERSION == "bullseye" ]]; then
TOOLING_PIP_DEPENDENCIES+=("tox==4.0.0" "black>=22.12" "packaging<22")
else
TOOLING_PIP_DEPENDENCIES+=("tox>=4.17" "black>=24.4" --break-system-packages)
fi
python3 -m pip install -U "${TOOLING_PIP_DEPENDENCIES[@]}"
}
function before_install()
{
apt_yes update
apt_yes upgrade
install_gitlab_runner_light
if [[ -z "${gitbranch:-}" ]]; then
echo "gitbranch must be defined when calling $0!"
exit 1
fi
# Download the YunoHost install script
INSTALL_SCRIPT="https://raw.githubusercontent.com/YunoHost/install_script/main/$DEBIAN_VERSION"
curl -L -s "$INSTALL_SCRIPT" -o install.sh
# Disable the install of yunohost itself, because we need this for the core CI
sed -i -E 's/(step\s+install_yunohost_packages)/#\1/' install.sh
sed -i -E 's/(^\s+install_yunohost_packages)/#\1/' install.sh
# Trick to disable restarting the service during install
sed -i -E 's/(step\s+restart_services)/echo skip restart service #\1/' install.sh
echo exit 101 > /usr/sbin/policy-rc.d
chmod +x /usr/sbin/policy-rc.d
# Actual install of everything...except yunohost itself
chmod +x install.sh
./install.sh -a -d "$RELEASE"
rm install.sh
# Extract the dependencies from control files
curl -s -L "https://raw.githubusercontent.com/YunoHost/yunohost/$gitbranch/debian/control" -o yunohost_control
curl -s -L "https://raw.githubusercontent.com/YunoHost/moulinette/$gitbranch/debian/control" -o moulinette_control
curl -s -L "https://raw.githubusercontent.com/YunoHost/ssowat/$gitbranch/debian/control" -o ssowat_control
# To extract the dependencies, we want to retrieve the lines between "^Dependencies:" and the new line that doesn't
# start with a space (exclusively) . Then, we remove ",", then we remove the version specifiers "(>= X.Y)",
# then we add simple quotes to packages when there is a pipe (or) 'php-mysql|php-mysqlnd'.
deps="$(
sed -n '/^Depends:/,/^\w/{//!p}' yunohost_control | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" | grep -v "moulinette\|ssowat\|yunohost-portal" ;
sed -n '/^Recommends:/,/^\w/{//!p}' yunohost_control | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" | grep -v "yunohost-admin" ;
sed -n '/^Depends:/,/^\w/{//!p}' moulinette_control | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g" ;
# Same as above, except that all dependencies are in the same line
grep '^Depends:' ssowat_control | sed 's/Depends://' | sed -e "s/,//g" -e "s/[(][^)]*[)]//g" -e "s/ | \S\+//g"
)"
readarray -t all_deps < <(echo "$deps" | xargs | tr " " "\n")
rm yunohost_control moulinette_control ssowat_control
apt_yes install python3-all "${all_deps[@]}"
rm /usr/sbin/policy-rc.d
# FIXME: where does this comes from x_x / why
sed -i 's/worker_processes.*;/worker_processes 4;/g' /etc/nginx/nginx.conf
}
function dev()
{
apt_yes update
apt_yes upgrade
install_gitlab_runner_light
# Download and run the YunoHost install script
INSTALL_SCRIPT="https://raw.githubusercontent.com/YunoHost/install_script/main/$DEBIAN_VERSION"
curl -L -s "$INSTALL_SCRIPT" -o install.sh
chmod +x install.sh
./install.sh -a -d "$RELEASE"
rm install.sh
}
function appci()
{
YUNO_PWD="SomeSuperStrongPassword"
DOMAIN="domain.tld"
SUBDOMAIN="sub.$DOMAIN"
TEST_USER="package_checker"
TEST_USER_DISPLAY=${TEST_USER//"_"/""}
yunohost tools postinstall --domain "$DOMAIN" --password "$YUNO_PWD" --username "$TEST_USER" --fullname "$TEST_USER_DISPLAY"
# Disable password strength check for convenience on the app CI
echo 'admin_strength: -1' >> /etc/yunohost/settings.yml
echo 'user_strength: -1' >> /etc/yunohost/settings.yml
yunohost domain add "$SUBDOMAIN"
}
function core_tests()
{
# Reneable default password strength check
sed -i '/admin_strength/d' /etc/yunohost/settings.yml
sed -i '/user_strength/d' /etc/yunohost/settings.yml
CORE_TESTS_APT_DEPENDENCIES=(
python3-pip python3-packaging python3-openssl
python3-mock python3-requests-mock
python3-pytest python3-pytest-cov python3-pytest-mock python3-pytest-sugar
)
# CORE_TESTS_PIP_DEPENCENDIES=( )
case "$DEBIAN_VERSION" in
bookworm)
# We add php8.2-cli, mariadb-client and mariadb-server to the dependencies for test_app_resources
CORE_TESTS_APT_DEPENDENCIES+=(php8.2-cli mariadb-client mariadb-server)
;;
trixie)
# We add php8.2-cli, mariadb-client and mariadb-server to the dependencies for test_app_resources
CORE_TESTS_APT_DEPENDENCIES+=(php8.2-cli mariadb-client mariadb-server)
;;
esac
apt_yes update
apt_yes install "${CORE_TESTS_APT_DEPENDENCIES[@]}"
# python3 -m pip install -U "${CORE_TESTS_PIP_DEPENCENDIES[@]}"
}
function demo()
{
DOMAIN="demo.yunohost.org"
INSTALL_SCRIPT="https://raw.githubusercontent.com/YunoHost/install_script/main/$DEBIAN_VERSION"
curl -L -s "$INSTALL_SCRIPT" -o install.sh
chmod +x install.sh
./install.sh -a -d "$RELEASE"
rm install.sh
# Disable password strength check for convenience on the app CI
echo 'admin_strength: -1' >> /etc/yunohost/settings.yml
echo 'user_strength: -1' >> /etc/yunohost/settings.yml
yunohost tools postinstall --domain "$DOMAIN" --password "demo" --username "demo" --fullname "Demo user"
APPS=(hextris nextcloud opensondage roundcube wallabag2 wordpress etherpad_mypads vaultwarden my_webapp freshrss yeswiki diagramsnet)
for APP in "${APPS[@]}"; do
yunohost app install "$APP" --force --args "domain=$DOMAIN&init_main_permission=visitors&admin=demo&path=/$APP&password=demo" || true
done
sed -i 's@<head>@<head><style>main > form::before { content: "Login: demo\\APassword: demo"; display: block; text-align: center; white-space: break-spaces; margin-bottom: 1em; }</style>@g' /usr/share/yunohost/portal/{index.html,login/index.html}
sed -i 's@<head>@<head><style>#login-form::before { content: "Login: demo\\APassword: demo"; display: block; text-align: center; white-space: break-spaces; margin-bottom: 1em; }</style>@g' /usr/share/yunohost/admin/index.html
touch /etc/yunohost/keep_yunohost_api
}
function slimify()
{
apt_yes clean
# Disable mandb because zzzzz: https://stackoverflow.com/questions/69974259/fully-disable-man-db
mv /usr/bin/mandb /usr/bin/mandb-OFF || true
cp -p /bin/true /usr/bin/mandb
rm -rf /var/cache/man
rm -f /var/lib/man-db/auto-update
apt-mark hold man-db || true
# Other tricks to save up space (at least 100MB or even 200MB wtf?!)
# https://stackoverflow.com/questions/59794891/how-does-debian-differ-from-debian-slim
# We don't want to delete /usr/share/doc/yunohost tho because it contains the changelog which is needed to compute the version
find /usr/share/doc -mindepth 1 -maxdepth 1 -type d -not \( -name "yunohost*" -or -name moulinette -or -name ssowat \) \
-exec rm -rf {} \;
rm -rf /usr/share/info
rm -rf /usr/share/i18n
rm -rf /usr/share/locale
rm -rf /usr/share/man
rm -rf /var/lib/apt/lists/*
apt remove vim --purge --autoremove --assume-yes || true
# Disable apt annoyances
systemctl -q disable apt-daily.timer --now
systemctl -q disable apt-daily-upgrade.timer --now
systemctl -q disable apt-daily.service --now
systemctl -q disable apt-daily-upgrade.service --now
rm -f /etc/cron.daily/apt-compat
cp /bin/true /usr/lib/apt/apt.systemd.daily
# Disable services that are useless in the vast majority of cases to try to improve perfs
systemctl -q disable rspamd --now || true
systemctl -q disable dovecot --now || true
systemctl -q disable postsrsd --now || true
systemctl -q disable metronome --now || true
systemctl -q disable opendkim --now || true
systemctl -q disable fake-hwclock.service --now || true
systemctl -q disable haveged.service --now || true
systemctl -q disable unattended-upgrades.service --now || true
systemctl -q disable e2scrub_all.timer --now || true
systemctl -q disable logrotate.timer --now || true
systemctl -q disable phpsessionclean.timer --now || true
systemctl -q disable systemd-tmpfiles-clean.timer --now || true
systemctl -q disable yunoprompt --now || true
# Ugly hack for demo
if [ -e /etc/yunohost/keep_yunohost_api ];
then
rm /etc/yunohost/keep_yunohost_api
else
systemctl -q disable yunohost-api --now || true
fi
}
"$1"