refactoring and versioning fix

2020-02-21 23:54:20 +01:00 · 2020-02-21 23:54:20 +01:00 · aac70254e2
parent 5a7b6255c7
commit aac70254e2
5 changed files with 94 additions and 95 deletions
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@ -1,44 +1,43 @@
-local PipelineBuild(os='linux', arch='amd64') = {
-  local tag = os + '-' + arch,
-  local version_tag = os + '-' + arch,
-  local file_suffix = std.strReplace(version_tag, '-', '.'),
-  kind: "pipeline",
-  name: version_tag,
+local PipelineBuild(arch='amd64') = {
+  kind: 'pipeline',
+  name: 'build-' + arch,
  platform: {
-    os: os,
+    os: 'linux',
    arch: arch,
  },
  steps: [
    {
      name: 'dryrun',
-      image: 'plugins/docker:' + tag,
-      pull: 'always',
+      image: 'plugins/docker',
      settings: {
        dry_run: true,
-        tags: version_tag,
-        dockerfile: './Dockerfile.' + file_suffix,
+        dockerfile: 'Dockerfile',
        repo: 'xoxys/freshrss',
-        username: { from_secret: "docker_username" },
-        password: { from_secret: "docker_password" },
-        build_args: {
-          FRESHRSS_VERSION: "${DRONE_TAG%-*}",
-        },
+        username: { from_secret: 'docker_username' },
+        password: { from_secret: 'docker_password' },
+        build_args: [
+          'FRESHRSS_VERSION=${DRONE_TAG%-*}',
+        ],
+      },
+      when: {
+        ref: [
+          'refs/pull/**',
+        ],
      },
    },
    {
      name: 'publish',
-      image: 'plugins/docker:' + tag,
-      pull: 'always',
+      image: 'plugins/docker',
      settings: {
        auto_tag: true,
-        auto_tag_suffix: version_tag,
-        dockerfile: './Dockerfile.' + file_suffix,
+        auto_tag_suffix: arch,
+        dockerfile: 'Dockerfile',
        repo: 'xoxys/freshrss',
-        username: { from_secret: "docker_username" },
-        password: { from_secret: "docker_password" },
-        build_args: {
-          FRESHRSS_VERSION: "${DRONE_TAG%-*}",
-        },
+        username: { from_secret: 'docker_username' },
+        password: { from_secret: 'docker_password' },
+        build_args: [
+          'FRESHRSS_VERSION=${DRONE_TAG%-*}',
+        ],
      },
      when: {
        ref: [
@ -48,15 +47,14 @@ local PipelineBuild(os='linux', arch='amd64') = {
      },
    },
    {
-      name: "publish-gitea",
-      image: "plugins/gitea-release",
-      pull: "always",
+      name: 'publish-gitea',
+      image: 'plugins/gitea-release',
      settings: {
-        api_key: { "from_secret": "gitea_token" },
-        base_url: "https://gitea.rknet.org",
+        api_key: { from_secret: 'gitea_token' },
+        base_url: 'https://gitea.rknet.org',
        overwrite: true,
-        title: "${DRONE_TAG}",
-        note: "CHANGELOG.md",
+        title: '${DRONE_TAG}',
+        note: 'CHANGELOG.md',
      },
      when: {
        ref: ['refs/tags/**'],
@ -66,83 +64,85 @@ local PipelineBuild(os='linux', arch='amd64') = {
 };

 local PipelineNotifications(depends_on=[]) = {
-  kind: "pipeline",
-  name: "notifications",
+  kind: 'pipeline',
+  name: 'notifications',
  platform: {
-    os: "linux",
-    arch: "amd64",
+    os: 'linux',
+    arch: 'amd64',
  },
  steps: [
    {
-      image: "plugins/manifest",
-      name: "manifest",
-      pull: "always",
+      image: 'plugins/manifest',
+      name: 'manifest',
      settings: {
        ignore_missing: true,
-        tags: ["${DRONE_TAG}", "${DRONE_TAG%-*}", "${DRONE_TAG%.*}", "${DRONE_TAG%%.*}"],
-        username: { from_secret: "docker_username" },
-        password: { from_secret: "docker_password" },
-        spec: "./manifest.tmpl",
+        tags: [
+          '${DRONE_TAG}',
+          '${DRONE_TAG%-*}',
+          '${DRONE_TAG%.*}',
+          '${DRONE_TAG%%.*}',
+        ],
+        username: { from_secret: 'docker_username' },
+        password: { from_secret: 'docker_password' },
+        spec: 'manifest.tmpl',
      },
      when: {
-        ref: [
-          'refs/heads/master',
-          'refs/tags/**',
+        status: [
+          'success',
        ],
      },
    },
    {
-      name: "readme",
-      image: "sheogorath/readme-to-dockerhub",
-      pull: "always",
+      name: 'readme',
+      image: 'sheogorath/readme-to-dockerhub',
      environment: {
-        DOCKERHUB_USERNAME: { from_secret: "docker_username" },
-        DOCKERHUB_PASSWORD: { from_secret: "docker_password" },
-        DOCKERHUB_REPO_PREFIX: "xoxys",
-        DOCKERHUB_REPO_NAME: "freshrss",
-        README_PATH: "README.md",
-        SHORT_DESCRIPTION: "Rootless FreshRSS - Self-hosted RSS feed aggregator"
+        DOCKERHUB_USERNAME: { from_secret: 'docker_username' },
+        DOCKERHUB_PASSWORD: { from_secret: 'docker_password' },
+        DOCKERHUB_REPO_PREFIX: 'xoxys',
+        DOCKERHUB_REPO_NAME: 'freshrss',
+        README_PATH: 'README.md',
+        SHORT_DESCRIPTION: 'Rootless FreshRSS - Self-hosted RSS feed aggregator',
      },
      when: {
-        ref: [
-          'refs/heads/master',
-          'refs/tags/**',
+        status: [
+          'success',
        ],
      },
    },
    {
-      name: "microbadger",
-      image: "plugins/webhook",
-      pull: "always",
+      name: 'matrix',
+      image: 'plugins/matrix',
      settings: {
-        urls: { from_secret: "microbadger_url" },
-      },
-    },
-    {
-      image: "plugins/matrix",
-      name: "matrix",
-      pull: 'always',
-      settings: {
-        homeserver: "https://matrix.rknet.org",
-        roomid: "MtidqQXWWAtQcByBhH:rknet.org",
-        template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}",
-        username: { from_secret: "matrix_username" },
-        password: { from_secret: "matrix_password" },
+        homeserver: { from_secret: 'matrix_homeserver' },
+        roomid: { from_secret: 'matrix_roomid' },
+        template: 'Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}',
+        username: { from_secret: 'matrix_username' },
+        password: { from_secret: 'matrix_password' },
      },
      when: {
-        status: [ "success", "failure" ],
+        status: [
+          'success',
+          'failure',
+        ],
      },
    },
  ],
  trigger: {
-    status: [ "success", "failure" ],
+    ref: [
+      'refs/heads/master',
+      'refs/tags/**',
+    ],
+    status: [
+      'success',
+      'failure',
+    ],
  },
  depends_on: depends_on,
 };

 [
-  PipelineBuild(os='linux', arch='amd64'),
+  PipelineBuild(arch='amd64'),
  PipelineNotifications(depends_on=[
-    "linux-amd64",
-  ])
+    'build-amd64',
+  ]),
 ]
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,8 +1,4 @@
+> __WARNING:__ Versionning was not working due to a bug in CI pipeline. You may run a developent version of FreshRSS currently!
+
 * BUGFIX
-  * fix init error if DB not available
-* ENHANCEMENT
-  * remove stdout redirect for the supercronic main process
-  * remove log redirect from cron scripts
-  * remove `FRESHRSS_LIMITS_MAX_INACTIVITY`
-* SECURITY
-  * update PHP to address [CVE-2019-11043](https://de.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx)
+  * fix versioning
--- a/Dockerfile.linux.amd64
+++ b/Dockerfile.linux.amd64
@ -2,7 +2,7 @@ FROM xoxys/nginx:latest

 LABEL maintainer="Robert Kaussow <mail@geeklabor.de>" \
    org.label-schema.name="FreshRSS" \
-    org.label-schema.version="1.2" \
+    org.label-schema.vcs-url="https://gitea.rknet.org/docker/freshrss" \
    org.label-schema.vendor="Robert Kaussow" \
    org.label-schema.schema-version="1.0"

@ -18,6 +18,7 @@ RUN apk --update add --virtual .build-deps tar curl && \
    rm -f /etc/php7/php-fpm.d/www.conf && \
    mkdir -p /var/www/app && \
    mkdir /var/www/.postgresql && \
+    echo "Installing FreshRSS '$FRESHRSS_VERSION' ..." && \
    curl -SsL ${FRESHRSS_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \
    curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \
    apk del .build-deps && \
@ -45,7 +46,7 @@ USER nginx

 STOPSIGNAL SIGTERM

-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck.sh
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck
 WORKDIR /var/www/app
 CMD []
--- a/overlay/usr/local/bin/entrypoint.sh
+++ b/overlay/usr/local/bin/entrypoint.sh
@ -1,17 +1,18 @@
-#!/bin/sh
+#!/usr/bin/env sh
+set -eo pipefail

 /usr/local/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl
 /usr/local/bin/gomplate -V -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl
 /usr/local/bin/gomplate -V -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl

-if [ "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then
+if [ -n "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then
    ln -s "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" /var/www/.postgresql/root.crt
 fi

 printf "\nPrepare FreshRSS...\n"
 PREP=$(/usr/bin/php -f ./cli/prepare.php)
 if [ $? -ne 0 ]; then
-    echo $PREP
+    echo "$PREP"
    exit 1
 fi

@ -22,12 +23,12 @@ if [ "${FRESHRSS_DEFAULT_USER}" ]; then
        case "$UCREATE" in
          *"username already taken"*) ;;
          *)
-          echo $UCREATE
+          echo "$UCREATE"
          rm -rf "/var/www/app/data/users/$FRESHRSS_DEFAULT_USER"
          exit 1
          ;;
        esac
-    fi 
+    fi
    printf "Result: success\n\n"
 fi

--- a/overlay/usr/local/bin/healthcheck.sh
+++ b/overlay/usr/local/bin/healthcheck.sh
@ -1,3 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
+set -eo pipefail

 (php -r "readfile('http://localhost:8080/i/');" | grep -q 'jsonVars') || exit 1