From b98b8640ef103b09532b1b31453f843238b0401e Mon Sep 17 00:00:00 2001 From: Ada Date: Sun, 10 Mar 2024 01:19:19 +0100 Subject: [PATCH] :package: Add packaging --- .env | 2 +- .gitignore | 2 + .goreleaser.yaml | 67 +++++++++++++++++++++++ .woodpecker/build.yaml | 21 +------ .woodpecker/lint.yml | 2 +- .woodpecker/release.yaml | 37 +++++++------ deployment/docker/docker-compose.dev.yaml | 6 +- deployment/docker/docker-compose.yaml | 3 - deployment/goreleaser/postremove.sh | 7 +++ deployment/goreleaser/preinstall.sh | 12 ++++ deployment/goreleaser/preremove.sh | 1 + plakken.service | 54 ++++++++++++++++++ 12 files changed, 170 insertions(+), 44 deletions(-) create mode 100644 .goreleaser.yaml create mode 100644 deployment/goreleaser/postremove.sh create mode 100644 deployment/goreleaser/preinstall.sh create mode 100644 deployment/goreleaser/preremove.sh create mode 100644 plakken.service diff --git a/.env b/.env index c92e397..a7c0978 100644 --- a/.env +++ b/.env @@ -1,4 +1,4 @@ -PLAKKEN_LISTEN=:5000 +PLAKKEN_LISTEN=:3000 PLAKKEN_REDIS_ADDRESS=localhost:6379 PLAKKEN_REDIS_USER= PLAKKEN_REDIS_PASSWORD= diff --git a/.gitignore b/.gitignore index 087b7b6..e0c5b7c 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,5 @@ plakken # Go workspace file go.work .idea/discord.xml + +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..70e4edd --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,67 @@ +gitea_urls: + api: https://git.gnous.eu/api/v1 + download: https://git.gnous.eu + skip_tls_verify: false + +before: + hooks: + # You may remove this if you don't use go modules. + - go mod tidy + +builds: + - + env: + - CGO_ENABLED=0 + goos: + - linux + - windows + - darwin + goarch: + - amd64 + - arm64 + +archives: + - format: tar.gz + format_overrides: + - + goos: windows + format: zip + +nfpms: + - + id: plakken + package_name: plakken + file_name_template: "{{ .ConventionalFileName }}" + vendor: GnousEU + homepage: https://git.gnous.eu/plakken/ + maintainer: GnousEU + description: A light paste server + license: AGPLv3 + formats: + - deb + - rpm + - archlinux + umask: 0o002 + provides: + - plakken + suggests: + - redis + contents: + - src: .env + dst: /etc/plakken/env + - src: plakken.service + dst: /usr/lib/systemd/system/plakken.service + scripts: + preinstall: "deployment/goreleaser/preinstall.sh" + preremove: "deployment/goreleaser/preremove.sh" + postremove: "deployment/goreleaser/postremove.sh" + +checksum: + algorithm: sha256 + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml index c1895ba..cfbf55c 100644 --- a/.woodpecker/build.yaml +++ b/.woodpecker/build.yaml @@ -4,9 +4,9 @@ steps: settings: repo: git.gnous.eu/${CI_REPO_OWNER}/plakken dockerfile: deployment/docker/Dockerfile - platforms: linux/amd64,linux/arm64/v8,linux/arm + platforms: linux/amd64,linux/arm64/v8 registry: https://git.gnous.eu - tag: ${CI_COMMIT} + tag: ${CI_COMMIT_SHA} username: from_secret: docker_username password: @@ -14,19 +14,4 @@ steps: when: branch: ${CI_REPO_DEFAULT_BRANCH} event: push - - name: publish_image_tag - image: woodpeckerci/plugin-docker-buildx - settings: - repo: git.gnous.eu/${CI_REPO_OWNER}/plakken - dockerfile: deployment/docker/Dockerfile - platforms: linux/amd64,linux/arm64/v8,linux/arm - registry: https://git.gnous.eu - tags: - - ${CI_COMMIT_TAG##v} # Remove v from tag - - stable - username: - from_secret: docker_username - password: - from_secret: docker_password - when: - event: tag + repo: gnouseu/plakken diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml index ad11d94..b40ef85 100644 --- a/.woodpecker/lint.yml +++ b/.woodpecker/lint.yml @@ -8,4 +8,4 @@ steps: - event: pull_request repo: gnouseu/plakken - event: push - branch: main \ No newline at end of file + branch: ${CI_REPO_DEFAULT_BRANCH} \ No newline at end of file diff --git a/.woodpecker/release.yaml b/.woodpecker/release.yaml index 9c36d4b..4fc52a9 100644 --- a/.woodpecker/release.yaml +++ b/.woodpecker/release.yaml @@ -1,24 +1,27 @@ steps: - - name: Build + - name: Release image: golang:1.22 commands: - - go mod download - - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-linux-amd64 # Enable static binary, target Linux, remove debug information and strip binary - - CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-linux-arm64 - - CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-linux-arm - - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-windows-amd64.exe - - CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-windows-arm64.exe - - CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-windows-arm.exe + - go install github.com/goreleaser/goreleaser@latest + - goreleaser release + secrets: [ gitea_token ] when: event: tag - - name: Release - image: woodpeckerci/plugin-gitea-release + repo: gnouseu/plakken + - name: publish_image_tag + image: woodpeckerci/plugin-docker-buildx settings: - base_url: https://git.gnous.eu - files: - - "plakken*" - api_key: - from_secret: release_token - target: main + repo: git.gnous.eu/${CI_REPO_OWNER}/plakken + dockerfile: deployment/docker/Dockerfile + platforms: linux/amd64,linux/arm64/v8 + registry: https://git.gnous.eu + tags: + - ${CI_COMMIT_TAG##v} # Remove v from tag + - stable + username: + from_secret: docker_username + password: + from_secret: docker_password when: - event: tag \ No newline at end of file + event: tag + repo: gnouseu/plakken \ No newline at end of file diff --git a/deployment/docker/docker-compose.dev.yaml b/deployment/docker/docker-compose.dev.yaml index 7270d45..d9fa1f6 100644 --- a/deployment/docker/docker-compose.dev.yaml +++ b/deployment/docker/docker-compose.dev.yaml @@ -1,5 +1,3 @@ -version: "3" - networks: plakken: external: false @@ -7,8 +5,8 @@ networks: services: server: build: - context: ../ - dockerfile: docker/Dockerfile + context: ../../ + dockerfile: deployment/docker/Dockerfile restart: always container_name: plakken networks: diff --git a/deployment/docker/docker-compose.yaml b/deployment/docker/docker-compose.yaml index aca9237..ee55c06 100644 --- a/deployment/docker/docker-compose.yaml +++ b/deployment/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: "3" - networks: plakken: external: false @@ -20,7 +18,6 @@ services: - "3000:3000" environment: - PLAKKEN_REDIS_ADDRESS=redis:6379 - - POSTGRES_PASSWORD=gitea - PLAKKEN_REDIS_DB=0 - PLAKKEN_URL_LENGTH=5 depends_on: diff --git a/deployment/goreleaser/postremove.sh b/deployment/goreleaser/postremove.sh new file mode 100644 index 0000000..deea28d --- /dev/null +++ b/deployment/goreleaser/postremove.sh @@ -0,0 +1,7 @@ +if getent passwd plakken > /dev/null; then + userdel -r plakken +fi + +if getent group plakken > /dev/null; then + groupdel plakken +fi \ No newline at end of file diff --git a/deployment/goreleaser/preinstall.sh b/deployment/goreleaser/preinstall.sh new file mode 100644 index 0000000..a041ccf --- /dev/null +++ b/deployment/goreleaser/preinstall.sh @@ -0,0 +1,12 @@ +if ! getent group plakken > /dev/null; then + groupadd -r plakken +fi + +if ! getent passwd plakken > /dev/null; then + useradd -r -d /var/lib/plakken -s /sbin/nologin -g plakken -c "Plakken server" plakken +fi +if ! test -d /var/lib/plakken; then + mkdir -p /var/lib/plakken + chmod 0750 /var/lib/plakken + chown -R plakken:plakken /var/lib/plakken +fi diff --git a/deployment/goreleaser/preremove.sh b/deployment/goreleaser/preremove.sh new file mode 100644 index 0000000..95f5448 --- /dev/null +++ b/deployment/goreleaser/preremove.sh @@ -0,0 +1 @@ +systemctl stop plakken \ No newline at end of file diff --git a/plakken.service b/plakken.service new file mode 100644 index 0000000..6427e10 --- /dev/null +++ b/plakken.service @@ -0,0 +1,54 @@ +# /usr/lib/systemd/system/plakken.service +[Unit] +Description=A paste server +After=network.target + +[Service] +Type=simple +User=plakken + +ExecStart=/usr/bin/plakken + + +EnvironmentFile=/etc/plakken/env + +ProtectSystem=strict +ProtectHome=true +NoNewPrivileges=yes +RestrictNamespaces=true +PrivateTmp=true +PrivateDevices=true +PrivateUsers=true +ProtectClock=true +ProtectControlGroups=true +ProtectKernelTunables=true +ProtectKernelLogs=true +ProtectKernelModules=true +LockPersonality=true +RestrictSUIDSGID=true +RemoveIPC=true +RestrictRealtime=true +SystemCallArchitectures=native +MemoryDenyWriteExecute=true +UMask=177 +ProtectProc=invisible +CapabilityBoundingSet= +ProtectHostname=true +RestrictAddressFamilies=~AF_(INET|INET6) +RestrictAddressFamilies=~… +RestrictAddressFamilies=~AF_UNIX +RestrictAddressFamilies=~AF_NETLINK +RestrictAddressFamilies=~AF_PACKET +SystemCallFilter=~@reboot +SystemCallFilter=~@obsolete +SystemCallFilter=~@mount +SystemCallFilter=~@module +SystemCallFilter=~@debug +SystemCallFilter=~@cpu-emulation +SystemCallFilter=~@clock +SystemCallFilter=~@swap +SystemCallFilter=~@privileged +ProcSubset=pid + +[Install] +WantedBy=multi-user.target