diff --git a/.forgejo/bin/build.sh b/.forgejo/bin/build.sh new file mode 100755 index 0000000..d9e327f --- /dev/null +++ b/.forgejo/bin/build.sh @@ -0,0 +1,260 @@ +#!/bin/sh +# shellcheck disable=SC3043 + +. /usr/local/lib/functions.sh + +# shellcheck disable=SC3040 +set -eu -o pipefail + +readonly APORTSDIR=$CI_PROJECT_DIR +readonly REPOS="backports user" +readonly ALPINE_REPOS="main community testing" +readonly ARCH=$(apk --print-arch) +# gitlab variables +readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME + +: "${REPODEST:=$HOME/packages}" +: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}" +: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" +: "${MAX_ARTIFACT_SIZE:=300000000}" #300M +: "${CI_DEBUG_BUILD:=}" + +: "${CI_ALPINE_BUILD_OFFSET:=0}" +: "${CI_ALPINE_BUILD_LIMIT:=9999}" + +msg() { + local color=${2:-green} + case "$color" in + red) color="31";; + green) color="32";; + yellow) color="33";; + blue) color="34";; + *) color="32";; + esac + printf "\033[1;%sm>>>\033[1;0m %s\n" "$color" "$1" | xargs >&2 +} + +verbose() { + echo "> " "$@" + # shellcheck disable=SC2068 + $@ +} + +debugging() { + [ -n "$CI_DEBUG_BUILD" ] +} + +debug() { + if debugging; then + verbose "$@" + fi +} + +die() { + msg "$1" red + exit 1 +} + +capture_stderr() { + "$@" 2>&1 +} + +report() { + report=$1 + + reportsdir=$APORTSDIR/logs/ + mkdir -p "$reportsdir" + + tee -a "$reportsdir/$report.log" +} + +get_release() { + case $BASEBRANCH in + v*) echo "$BASEBRANCH";; + edge) echo edge;; + *) die "Branch \"$BASEBRANCH\" not supported!" + esac +} + +build_aport() { + local repo="$1" aport="$2" + cd "$APORTSDIR/$repo/$aport" + if abuild -r 2>&1 | report "build-$aport"; then + checkapk 2>&1 | report "checkapk-$aport" || true + aport_ok="$aport_ok $repo/$aport" + else + aport_ng="$aport_ng $repo/$aport" + fi +} + +check_aport() { + local repo="$1" aport="$2" + cd "$APORTSDIR/$repo/$aport" + if ! abuild check_arch 2>/dev/null; then + aport_na="$aport_na $repo/$aport" + return 1 + fi +} + +set_repositories_for() { + local target_repo="$1" repos='' repo='' + local release + + release=$(get_release) + for repo in $REPOS; do + [ "$repo" = "non-free" ] && continue + [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue + repos="$repos $MIRROR/$release/$repo $REPODEST/$repo" + [ "$repo" = "$target_repo" ] && break + done + doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories" + doas apk update || true +} + +apply_offset_limit() { + start=$1 + limit=$2 + end=$((start+limit)) + + sed -n "$((start+1)),${end}p" +} + +setup_system() { + local repos='' repo='' + local release + + release=$(get_release) + for repo in $ALPINE_REPOS; do + [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue + repos="$repos $ALPINE_MIRROR/$release/$repo" + done + doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" + doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system" + abuild-keygen -ain + doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf + ( . /etc/abuild.conf && echo "Building with $JOBS jobs" ) + mkdir -p "$REPODEST" + git config --global init.defaultBranch master +} + +sysinfo() { + printf ">>> Host system information (arch: %s, release: %s) <<<\n" "$ARCH" "$(get_release)" + printf "- Number of Cores: %s\n" "$(nproc)" + printf "- Memory: %s Gb\n" "$(awk '/^MemTotal/ {print ($2/1024/1024)}' /proc/meminfo)" + printf "- Free space: %s\n" "$(df -hP / | awk '/\/$/ {print $4}')" +} + +copy_artifacts() { + cd "$APORTSDIR" + + packages_size="$(du -sk "$REPODEST" | awk '{print $1 * 1024}')" + if [ -z "$packages_size" ]; then + return + fi + + echo "Artifact size: $packages_size bytes" + + mkdir -p keys/ packages/ + + if [ "$packages_size" -lt $MAX_ARTIFACT_SIZE ]; then + msg "Copying packages for artifact upload" + cp -ar "$REPODEST"/* packages/ 2>/dev/null + cp ~/.abuild/*.rsa.pub keys/ + else + msg "Artifact size $packages_size larger than max ($MAX_ARTIFACT_SIZE), skipping uploading them" yellow + fi +} + +section_start setup "Setting up the system" collapse + +if debugging; then + set -x +fi + +aport_ok= +aport_na= +aport_ng= +failed= + +sysinfo || true +setup_system || die "Failed to setup system" + +# git no longer allows to execute in repositories owned by different users +doas chown -R buildozer: . + +fetch_flags="-qn" +debugging && fetch_flags="-v" + +git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \ + "+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH" + +if debugging; then + merge_base=$(git merge-base "$BASEBRANCH" HEAD) || echo "Could not determine merge-base" + echo "Merge base: $merge_base" + git --version + git config -l + [ -n "$merge_base" ] && git tag -f merge-base "$merge_base" + git --no-pager log -200 --oneline --graph --decorate --all +fi + +section_end setup + +build_start=$CI_ALPINE_BUILD_OFFSET +build_limit=$CI_ALPINE_BUILD_LIMIT + +for repo in $(changed_repos); do + set_repositories_for "$repo" + built_aports=0 + changed_aports_in_repo=$(changed_aports "$repo") + changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l) + changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit") + + msg "Changed aports in $repo:" + # shellcheck disable=SC2086 # Splitting is expected here + printf " - %s\n" $changed_aports_to_build + for pkgname in $changed_aports_to_build; do + section_start "build_$pkgname" "Building package $pkgname" + built_aports=$((built_aports+1)) + if check_aport "$repo" "$pkgname"; then + build_aport "$repo" "$pkgname" + fi + section_end "build_$pkgname" + done + + build_start=$((build_start-(changed_aports_in_repo_count-built_aports))) + build_limit=$((build_limit-built_aports)) + + if [ $build_limit -le 0 ]; then + msg "Limit reached, breaking" + break + fi +done + +section_start artifacts "Handeling artifacts" collapse +copy_artifacts || true +section_end artifacts + +section_start summary "Build summary" + +echo "### Build summary ###" + +for ok in $aport_ok; do + msg "$ok: build succesfully" +done + +for na in $aport_na; do + msg "$na: disabled for $ARCH" yellow +done + +for ng in $aport_ng; do + msg "$ng: build failed" red + failed=true +done +section_end summary + +if [ "$failed" = true ]; then + exit 1 +elif [ -z "$aport_ok" ]; then + msg "No packages found to be built." yellow +fi + diff --git a/.forgejo/bin/deploy.sh b/.forgejo/bin/deploy.sh index 3138b69..3a4fb0a 100755 --- a/.forgejo/bin/deploy.sh +++ b/.forgejo/bin/deploy.sh @@ -14,6 +14,14 @@ for apk in $apkgs; do arch=$(echo $apk | awk -F '/' '{print $3}') name=$(echo $apk | awk -F '/' '{print $4}') + if [ "$(curl -s $GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/pulls/$GITHUB_EVENT_NUMBER | jq .draft)" == "true" ]; then + # if draft, send to -testing branch + branch="$branch-testing" + else + # if not draft, assume that this was sent to $branch-testing and nuke it + curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/$branch-testing/$arch/$name + fi + echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/$branch" return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/$branch 2>&1) echo $return diff --git a/.forgejo/patches/build.patch b/.forgejo/patches/build.patch deleted file mode 100644 index 842dd75..0000000 --- a/.forgejo/patches/build.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh -old mode 100644 -new mode 100755 -index c3b8f7a..f609018 ---- a/usr/local/bin/build.sh.orig -+++ b/usr/local/bin/build.sh -@@ -7,13 +7,15 @@ - set -eu -o pipefail - - readonly APORTSDIR=$CI_PROJECT_DIR --readonly REPOS="main community testing non-free" -+readonly REPOS="backports user" -+readonly ALPINE_REPOS="main community testing" - readonly ARCH=$(apk --print-arch) - # gitlab variables - readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME - - : "${REPODEST:=$HOME/packages}" --: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}" -+: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}" -+: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}" - : "${MAX_ARTIFACT_SIZE:=300000000}" #300M - : "${CI_DEBUG_BUILD:=}" - -@@ -68,8 +70,8 @@ report() { - - get_release() { - case $BASEBRANCH in -- *-stable) echo v"${BASEBRANCH%-*}";; -- master) echo edge;; -+ v*) echo "$BASEBRANCH";; -+ edge) echo edge;; - *) die "Branch \"$BASEBRANCH\" not supported!" - esac - } -@@ -101,11 +103,11 @@ set_repositories_for() { - release=$(get_release) - for repo in $REPOS; do - [ "$repo" = "non-free" ] && continue -- [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue -+ [ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue - repos="$repos $MIRROR/$release/$repo $REPODEST/$repo" - [ "$repo" = "$target_repo" ] && break - done -- doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" -+ doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories" - doas apk update - } - -@@ -118,7 +120,15 @@ apply_offset_limit() { - } - - setup_system() { -- doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories" -+ local repos='' repo='' -+ local release -+ -+ release=$(get_release) -+ for repo in $ALPINE_REPOS; do -+ [ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue -+ repos="$repos $ALPINE_MIRROR/$release/$repo" -+ done -+ doas sh -c "printf '%s\n' $repos > /etc/apk/repositories" - doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system" - abuild-keygen -ain - doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf diff --git a/.forgejo/workflows/build-aarch64.yaml b/.forgejo/workflows/build-aarch64.yaml index d6738b2..885560f 100644 --- a/.forgejo/workflows/build-aarch64.yaml +++ b/.forgejo/workflows/build-aarch64.yaml @@ -2,6 +2,10 @@ on: pull_request: types: [ assigned, opened, synchronize, reopened ] +concurrency: + group: ${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + jobs: build-aarch64: runs-on: aarch64 @@ -23,9 +27,7 @@ jobs: with: fetch-depth: 500 - name: Package build - run: | - doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch - build.sh + run: ${{ github.workspace }}/.forgejo/bin/build.sh - name: Package upload uses: forgejo/upload-artifact@v3 with: @@ -41,9 +43,10 @@ jobs: CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} + GITHUB_EVENT_NUMBER: ${{ github.event.number }} steps: - name: Setting up environment - run: apk add nodejs curl findutils git gawk + run: apk add nodejs curl findutils git gawk jq - name: Repo pull uses: actions/checkout@v4 - name: Package download diff --git a/.forgejo/workflows/build-x86_64.yaml b/.forgejo/workflows/build-x86_64.yaml index 8731799..6451bf7 100644 --- a/.forgejo/workflows/build-x86_64.yaml +++ b/.forgejo/workflows/build-x86_64.yaml @@ -2,6 +2,10 @@ on: pull_request: types: [ assigned, opened, synchronize, reopened ] +concurrency: + group: ${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + jobs: build-x86_64: runs-on: x86_64 @@ -23,9 +27,7 @@ jobs: with: fetch-depth: 500 - name: Package build - run: | - doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch - build.sh + run: ${{ github.workspace }}/.forgejo/bin/build.sh - name: Package upload uses: forgejo/upload-artifact@v3 with: @@ -41,9 +43,10 @@ jobs: CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine' FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }} FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }} + GITHUB_EVENT_NUMBER: ${{ github.event.number }} steps: - name: Setting up environment - run: apk add nodejs curl findutils git gawk + run: apk add nodejs curl findutils git gawk jq - name: Repo pull uses: actions/checkout@v4 - name: Package download diff --git a/user/codeberg-pages-server/APKBUILD b/user/codeberg-pages-server/APKBUILD new file mode 100644 index 0000000..5eab680 --- /dev/null +++ b/user/codeberg-pages-server/APKBUILD @@ -0,0 +1,45 @@ +# Contributor: Antoine Martin (ayakael) +# Maintainer: Antoine Martin (ayakael) +pkgname=codeberg-pages-server +pkgver=5.1 +pkgrel=0 +pkgdesc="The Codeberg Pages Server – with custom domain support, per-repo pages using the "pages" branch, caching and more." +url="https://codeberg.org/Codeberg/pages-server" +arch="all" +license="EUPL-1.2" +depends="nginx" +makedepends="go just" +# tests disabled for now +options="!check" +install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-install" +source=" + $pkgname-$pkgver.tar.gz::https://codeberg.org/Codeberg/pages-server/archive/v$pkgver.tar.gz + codeberg-pages-server.openrc + upgrade-go-sqlite3-to-1.14.19.patch + " +builddir="$srcdir/"pages-server +subpackages="$pkgname-openrc" +pkgusers="git" +pkggroups="www-data" + +export GOPATH=$srcdir/go +export GOCACHE=$srcdir/go-build +export GOTMPDIR=$srcdir + +build() { + just build +} + +package() { + msg "Packaging $pkgname" + install -Dm755 "$builddir"/build/codeberg-pages-server "$pkgdir"/usr/bin/codeberg-pages-server + + install -Dm755 "$srcdir"/$pkgname.openrc \ + "$pkgdir"/etc/init.d/$pkgname +} + +sha512sums=" +55a1dd5ed0f1cb2aaad1066eca8bfbd1d537169ed3712c748163ebff64edc45d05ac1f6f062433e232e2638a790232438282f96dd7410eb4cbaff7208f5f2427 codeberg-pages-server-5.1.tar.gz +4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 codeberg-pages-server.openrc +895f1c8d22fcf1d5491a6fe0ce5d93201f83b6dd5fc81b24016b609988fb6c66fdde75bb3830f385a5c83d96366ca3a5f4f9524f52058b6c5dfd8b80d14bac5b upgrade-go-sqlite3-to-1.14.19.patch +" diff --git a/user/codeberg-pages-server/codeberg-pages-server.openrc b/user/codeberg-pages-server/codeberg-pages-server.openrc new file mode 100644 index 0000000..a036393 --- /dev/null +++ b/user/codeberg-pages-server/codeberg-pages-server.openrc @@ -0,0 +1,30 @@ +#!/sbin/openrc-run + +name="$RC_SVCNAME" +cfgfile="/etc/conf.d/$RC_SVCNAME.conf" +pidfile="/run/$RC_SVCNAME.pid" +working_directory="/usr/share/webapps/authentik" +command="/usr/share/webapps/authentik/server" +command_user="authentik" +command_group="authentik" +start_stop_daemon_args="" +command_background="yes" +output_log="/var/log/authentik/$RC_SVCNAME.log" +error_log="/var/log/authentik/$RC_SVCNAME.err" + +depend() { + need redis + need postgresql +} + +start_pre() { + cd "$working_directory" + checkpath --directory --owner $command_user:$command_group --mode 0775 \ + /var/log/authentik \ + /var/lib/authentik/certs +} + +stop_pre() { + ebegin "Killing child processes" + kill $(ps -o pid= --ppid $(cat $pidfile)) || true +} diff --git a/user/codeberg-pages-server/codeberg-pages-server.post-install b/user/codeberg-pages-server/codeberg-pages-server.post-install new file mode 100755 index 0000000..a715d20 --- /dev/null +++ b/user/codeberg-pages-server/codeberg-pages-server.post-install @@ -0,0 +1,39 @@ +#!/bin/sh +set -eu + +group=authentik +config_file='/etc/authentik/config.yml' + +setcap 'cap_net_bind_service=+ep' /usr/share/webapps/authentik/server + +if [ $(grep '@@SECRET_KEY@@' "$config_file") ]; then + echo "* Generating random secret in $config_file" >&2 + + secret_key="$(pwgen -s 50 1)" + sed -i "s|@@SECRET_KEY@@|$secret_key|" "$config_file" + chown root:$group "$config_file" +fi + +if [ "${0##*.}" = 'post-upgrade' ]; then + cat >&2 <<-EOF + * + * To finish Authentik upgrade run: + * + * authentik-manage migrate + * + EOF +else + cat >&2 <<-EOF + * + * 1. Adjust settings in /etc/authentik/config.yml. + * + * 2. Create database for Authentik: + * + * psql -c "CREATE ROLE authentik PASSWORD 'top-secret' INHERIT LOGIN;" + * psql -c "CREATE DATABASE authentik OWNER authentik ENCODING 'UTF-8';" + * + * 3. Run "authentik-manage migrate" + * 4. Setup admin user at https:///if/flow/initial-setup/ + * + EOF +fi diff --git a/user/codeberg-pages-server/codeberg-pages-server.post-upgrade b/user/codeberg-pages-server/codeberg-pages-server.post-upgrade new file mode 120000 index 0000000..d7ffea2 --- /dev/null +++ b/user/codeberg-pages-server/codeberg-pages-server.post-upgrade @@ -0,0 +1 @@ +codeberg-pages-server.post-install \ No newline at end of file diff --git a/user/codeberg-pages-server/codeberg-pages-server.pre-install b/user/codeberg-pages-server/codeberg-pages-server.pre-install new file mode 100644 index 0000000..792f304 --- /dev/null +++ b/user/codeberg-pages-server/codeberg-pages-server.pre-install @@ -0,0 +1,26 @@ +#!/bin/sh +# It's very important to set user/group correctly. + +authentik_dir='/var/lib/authentik' + +if ! getent group authentik 1>/dev/null; then + echo '* Creating group authentik' 1>&2 + + addgroup -S authentik +fi + +if ! id authentik 2>/dev/null 1>&2; then + echo '* Creating user authentik' 1>&2 + + adduser -DHS -G authentik -h "$authentik_dir" -s /bin/sh \ + -g "added by apk for authentik" authentik + passwd -u authentik 1>/dev/null # unlock +fi + +if ! id -Gn authentik | grep -Fq redis; then + echo '* Adding user authentik to group redis' 1>&2 + + addgroup authentik redis +fi + +exit 0 diff --git a/user/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch b/user/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch new file mode 100644 index 0000000..fabb214 --- /dev/null +++ b/user/codeberg-pages-server/upgrade-go-sqlite3-to-1.14.19.patch @@ -0,0 +1,26 @@ +diff --git a/go.mod.orig b/go.mod +index eba292e..00310e5 100644 +--- a/go.mod.orig ++++ b/go.mod +@@ -11,7 +11,7 @@ require ( + github.com/go-sql-driver/mysql v1.6.0 + github.com/joho/godotenv v1.4.0 + github.com/lib/pq v1.10.7 +- github.com/mattn/go-sqlite3 v1.14.16 ++ github.com/mattn/go-sqlite3 v1.14.19 + github.com/microcosm-cc/bluemonday v1.0.26 + github.com/reugn/equalizer v0.0.0-20210216135016-a959c509d7ad + github.com/rs/zerolog v1.27.0 +diff --git a/go.sum.orig b/go.sum +index 7ea8b78..19145ea 100644 +--- a/go.sum.orig ++++ b/go.sum +@@ -479,6 +479,8 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m + github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= + github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= + github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= ++github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI= ++github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= + github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE= + github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0= + github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=