From fd07fe7f3e36ee33983b5968d293e55533c21b13 Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Mon, 31 Jul 2023 21:24:46 +0200 Subject: [PATCH] Release 1.20.2-0 --- .gitignore | 3 ++ .woodpecker.yml | 55 ++++++++++++++++++++++++++ build.sh | 85 +++++++++++++++++++++++++++++++++++++++++ debian/compat | 1 + debian/control | 13 +++++++ debian/copyright | 31 +++++++++++++++ debian/forgejo.install | 2 + debian/forgejo.postinst | 29 ++++++++++++++ debian/forgejo.preinst | 44 +++++++++++++++++++++ debian/forgejo.service | 43 +++++++++++++++++++++ debian/rules | 5 +++ debian/source/format | 1 + 12 files changed, 312 insertions(+) create mode 100644 .gitignore create mode 100644 .woodpecker.yml create mode 100755 build.sh create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/forgejo.install create mode 100644 debian/forgejo.postinst create mode 100644 debian/forgejo.preinst create mode 100644 debian/forgejo.service create mode 100644 debian/rules create mode 100644 debian/source/format diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1be693d --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*~ +.*.swp +/dist diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..b77338e --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,55 @@ +clone: + git: + image: woodpeckerci/plugin-git + tags: true + +pipeline: + build: + image: brenard/debian-python-deb + when: + event: tag + commands: + - echo "$GPG_KEY"|base64 -d|gpg --import + - ./build.sh --quiet + secrets: [ maintainer_name, maintainer_email, gpg_key, debian_codename ] + + publish-dryrun: + group: publish + image: alpine + when: + event: tag + commands: + - ls dist/* + + publish-gitea: + group: publish + image: plugins/gitea-release + when: + event: tag + settings: + api_key: + from_secret: gitea_token + base_url: https://gitea.zionetrix.net + note: dist/release_notes.md + files: + - dist/*.deb + checksum: + - md5 + - sha512 + + publish-apt: + group: publish + image: brenard/aptly-publish + when: + event: tag + settings: + api_url: + from_secret: apt_api_url + api_username: + from_secret: apt_api_username + api_password: + from_secret: apt_api_password + repo_name: + from_secret: apt_repo_name + path: dist + source_name: forgejo diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..d740f74 --- /dev/null +++ b/build.sh @@ -0,0 +1,85 @@ +#!/bin/bash + +QUIET_ARG="" +[ "$1" == "--quiet" ] && QUIET_ARG="--quiet" + +# Enter source directory +cd $( dirname $0 ) + +echo "Clean previous build..." +rm -fr dist + +echo "Detect version using git describe..." +VERSION="$( git describe --tags|sed 's/^[^0-9]*//' )" + +echo "Create building environemt..." +BDIR=dist/forgejo-$VERSION +mkdir -p $BDIR +[ -z "$QUIET_ARG" ] && RSYNC_ARG="-v" || RSYNC_ARG="" +rsync -a $RSYNC_ARG debian/ $BDIR/debian/ + +echo "Download forgejo binary..." +[ -n "$QUIET_ARG" ] && CURL_ARG="--silent" || CURL_ARG="" +curl $CURL_ARG --location -o $BDIR/forgejo \ + https://codeberg.org/forgejo/forgejo/releases/download/v$VERSION/forgejo-$VERSION-linux-amd64 + +echo "Download forgejo configuration example file..." +curl $CURL_ARG --location -o $BDIR/app.ini \ + https://codeberg.org/forgejo/forgejo/raw/tag/v$VERSION/custom/conf/app.example.ini + +echo "Adjust forgejo configuration file..." +sed -i 's#^[; ]*APP_NAME *=.*#APP_NAME = Forgejo: Beyond coding. We forge.#' $BDIR/app.ini +sed -i 's#^[; ]*RUN_USER *=.*#RUN_USER = git#' $BDIR/app.ini +sed -i 's#^[; ]*RUN_MODE *=.*#RUN_MODE = prod#' $BDIR/app.ini +sed -i 's#^[; ]*WORK_PATH *=.*#WORK_PATH = /var/lib/forgejo/#' $BDIR/app.ini +sed -i 's#^[; ]*MODE *= *\(console|file|conn\).*#MODE = console#' $BDIR/app.ini +sed -i 's#^[; ]*SECRET_KEY *=.*#;; SECRET_KEY = #' $BDIR/app.ini +sed -i 's#^[; ]*SECRET_KEY_URI *=.*#SECRET_KEY_URI = file:/var/lib/forgejo/secret#' $BDIR/app.ini +sed -i 's#^[; ]*INTERNAL_TOKEN *=.*#;; INTERNAL_TOKEN = #' $BDIR/app.ini +sed -i 's#^[; ]*INTERNAL_TOKEN_URI *=.*#INTERNAL_TOKEN_URI = file:/var/lib/forgejo/internal_token#' $BDIR/app.ini + +if [ -z "$DEBIAN_CODENAME" ] +then + echo "Retreive debian codename using lsb_release..." + DEBIAN_CODENAME=$( lsb_release -c -s ) +else + echo "Use debian codename from environment ($DEBIAN_CODENAME)" +fi + +echo "Generate debian changelog using gitdch..." +GITDCH_ARGS=('--verbose') +[ -n "$QUIET_ARG" ] && GITDCH_ARGS=('--warning') +if [ -n "$MAINTAINER_NAME" ] +then + echo "Use maintainer name from environment ($MAINTAINER_NAME)" + GITDCH_ARGS+=("--maintainer-name" "${MAINTAINER_NAME}") +fi +if [ -n "$MAINTAINER_EMAIL" ] +then + echo "Use maintainer email from environment ($MAINTAINER_EMAIL)" + GITDCH_ARGS+=("--maintainer-email" "$MAINTAINER_EMAIL") +fi +gitdch \ + --package-name forgejo \ + --version "${VERSION}" \ + --code-name $DEBIAN_CODENAME \ + --output $BDIR/debian/changelog \ + --release-notes dist/release_notes.md \ + "${GITDCH_ARGS[@]}" + +if [ -n "$MAINTAINER_NAME" -a -n "$MAINTAINER_EMAIL" ] +then + echo "Set Maintainer field in debian control file ($MAINTAINER_NAME <$MAINTAINER_EMAIL>)..." + sed -i "s/^Maintainer: .*$/Maintainer: $MAINTAINER_NAME <$MAINTAINER_EMAIL>/" $BDIR/debian/control +fi + +echo "Build debian package..." +BUILD_ARGS="" +if [ -z "$MAINTAINER_EMAIL" ] +then + echo "Maintainer email not found in environment, disable signing." + BUILD_ARGS="--no-sign" +fi +cd $BDIR +dpkg-buildpackage $BUILD_ARGS + diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +11 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..af2cd73 --- /dev/null +++ b/debian/control @@ -0,0 +1,13 @@ +Source: forgejo +Section: admin +Priority: optional +Maintainer: Debian Zionetrix - forgejo +Build-Depends: debhelper (>> 11.0.0), wget, lsb-release, git, rsync, gitdch, sed +Standards-Version: 3.9.6 + +Package: forgejo +Architecture: amd64 +Depends: ${misc:Depends} +Description: Self-hosted lightweight software forge + Forgejo is a self-hosted lightweight software forge. + Easy to install and low maintenance, it just does the job. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..e976a92 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,31 @@ +This package was debianized by Benjamin Renard +on Mon, 31 Jul 2023 21:02:34 +0200. + +Copyright: + + Copyright (c) 2022 The Forgejo Authors + Copyright (c) 2016 The Gitea Authors + Copyright (c) 2015 The Gogs Authors + +License: + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +The Debian packaging is (C) 2023, Benjamin Renard and +is licensed under the GPL version 3, see '/usr/share/common-licenses/GPL-3'. diff --git a/debian/forgejo.install b/debian/forgejo.install new file mode 100644 index 0000000..a1293c7 --- /dev/null +++ b/debian/forgejo.install @@ -0,0 +1,2 @@ +forgejo usr/bin/ +app.ini etc/forgejo/ diff --git a/debian/forgejo.postinst b/debian/forgejo.postinst new file mode 100644 index 0000000..db0b69e --- /dev/null +++ b/debian/forgejo.postinst @@ -0,0 +1,29 @@ +#!/bin/bash + +SECRET_PATH=/var/lib/forgejo/secret +INTERNAL_TOKEN_PATH=/var/lib/forgejo/internal_token + +case "$1" in + configure) + + if [ ! -e "$SECRET_PATH" ] + then + echo -n "Generating secret file..." + cat /dev/urandom | tr -dc '[:alpha:]' | fold -w 100 | head -n 1 > $SECRET_PATH + chown git:git "$SECRET_PATH" + chmod 0400 "$SECRET_PATH" + echo " done." + fi + + if [ ! -e "$INTERNAL_TOKEN_PATH" ] + then + echo -n "Generating internal token file..." + cat /dev/urandom | tr -dc '[:alpha:]' | fold -w 100 | head -n 1 > $INTERNAL_TOKEN_PATH + chown git:git "$INTERNAL_TOKEN_PATH" + chmod 0400 "$INTERNAL_TOKEN_PATH" + echo " done." + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/forgejo.preinst b/debian/forgejo.preinst new file mode 100644 index 0000000..fa87bf2 --- /dev/null +++ b/debian/forgejo.preinst @@ -0,0 +1,44 @@ +#!/bin/bash + +SERVER_HOME=/var/lib/forgejo +SERVER_USER=git +SERVER_NAME="Git" +SERVER_GROUP=git + +case "$1" in + install|upgrade) + + # Create group if not existing + if ! getent group | grep -q "^$SERVER_GROUP:" ; then + echo -n "Adding group $SERVER_GROUP..." + addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true + echo " done." + fi + + # Create homedir if not existing + test -d $SERVER_HOME || mkdir $SERVER_HOME + + # Create user if not existing + if ! getent passwd | grep -q "^$SERVER_USER:"; then + echo -n "Adding system user $SERVER_USER..." + adduser --quiet \ + --system \ + --ingroup $SERVER_GROUP \ + --home $SERVER_HOME \ + --no-create-home \ + --disabled-password \ + $SERVER_USER 2>/dev/null || true + echo " done." + fi + + # Adjust file and directory permissions + if ! dpkg-statoverride --list $SERVER_HOME >/dev/null + then + chown -R $SERVER_USER:adm $SERVER_HOME + chmod u=rwx,g=rxs,o= $SERVER_HOME + fi + + ;; +esac + +#DEBHELPER# diff --git a/debian/forgejo.service b/debian/forgejo.service new file mode 100644 index 0000000..ad09c4d --- /dev/null +++ b/debian/forgejo.service @@ -0,0 +1,43 @@ +[Unit] +Description=Forgejo (Beyond coding. We forge.) +After=syslog.target +After=network.target +Wants=mysql.service mariadb.service postgresql.service memcached.service redis.service +After=mysql.service mariadb.service postgresql.service memcached.service redis.service + +[Service] +# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that +# LimitNOFILE=524288:524288 +RestartSec=2s +Type=simple +User=git +Group=git +WorkingDirectory=/var/lib/forgejo/ +# If using Unix socket: tells systemd to create the /run/forgejo folder, which will contain the forgejo.sock file +# (manually creating /run/forgejo doesn't work, because it would not persist across reboots) +#RuntimeDirectory=forgejo +ExecStart=/usr/bin/forgejo web --config /etc/forgejo/app.ini +Restart=always +Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/forgejo +# If you install Git to directory prefix other than default PATH (which happens +# for example if you install other versions of Git side-to-side with +# distribution version), uncomment below line and add that prefix to PATH +# Don't forget to place git-lfs binary on the PATH below if you want to enable +# Git LFS support +#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin +# If you want to bind Forgejo to a port below 1024, uncomment +# the two values below, or use socket activation to pass Forgejo its ports as above +### +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_BIND_SERVICE +### +# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to +# set the following value to false to allow capabilities to be applied on Forgejo process. The following +# value if set to true sandboxes Forgejo service and prevent any processes from running with privileges +# in the host user namespace. +### +#PrivateUsers=false +### + +[Install] +WantedBy=multi-user.target diff --git a/debian/rules b/debian/rules new file mode 100644 index 0000000..e793b4a --- /dev/null +++ b/debian/rules @@ -0,0 +1,5 @@ +#!/usr/bin/make -f +#export DH_VERBOSE=1 +%: + dh $@ + diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..d3827e7 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +1.0