WIP: 📦 Add packaging #35
12 changed files with 174 additions and 44 deletions
2
.env
2
.env
|
@ -1,4 +1,4 @@
|
||||||
PLAKKEN_LISTEN=:5000
|
PLAKKEN_LISTEN=:3000
|
||||||
PLAKKEN_REDIS_ADDRESS=localhost:6379
|
PLAKKEN_REDIS_ADDRESS=localhost:6379
|
||||||
PLAKKEN_REDIS_USER=
|
PLAKKEN_REDIS_USER=
|
||||||
PLAKKEN_REDIS_PASSWORD=
|
PLAKKEN_REDIS_PASSWORD=
|
||||||
|
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -22,3 +22,5 @@ plakken
|
||||||
# Go workspace file
|
# Go workspace file
|
||||||
go.work
|
go.work
|
||||||
.idea/discord.xml
|
.idea/discord.xml
|
||||||
|
|
||||||
|
dist/
|
||||||
|
|
69
.goreleaser.yaml
Normal file
69
.goreleaser.yaml
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
gitea_urls:
|
||||||
|
api: https://git.gnous.eu/api/v1
|
||||||
|
download: https://git.gnous.eu
|
||||||
|
skip_tls_verify: false
|
||||||
|
|
||||||
|
before:
|
||||||
|
hooks:
|
||||||
|
# You may remove this if you don't use go modules.
|
||||||
|
- go mod tidy
|
||||||
|
|
||||||
|
builds:
|
||||||
|
-
|
||||||
|
env:
|
||||||
|
- CGO_ENABLED=0
|
||||||
|
goos:
|
||||||
|
- linux
|
||||||
|
- windows
|
||||||
|
- darwin
|
||||||
|
goarch:
|
||||||
|
- amd64
|
||||||
|
- arm64
|
||||||
|
binary: plakken
|
||||||
|
id: plakken
|
||||||
|
|
||||||
|
archives:
|
||||||
|
- format: tar.gz
|
||||||
|
format_overrides:
|
||||||
|
-
|
||||||
|
goos: windows
|
||||||
|
format: zip
|
||||||
|
|
||||||
|
nfpms:
|
||||||
|
-
|
||||||
|
id: plakken
|
||||||
|
package_name: plakken
|
||||||
|
file_name_template: "{{ .ConventionalFileName }}"
|
||||||
|
vendor: GnousEU
|
||||||
|
homepage: https://git.gnous.eu/plakken/
|
||||||
|
maintainer: GnousEU <contact@gnous.eu>
|
||||||
|
description: A light paste server
|
||||||
|
license: AGPLv3
|
||||||
|
formats:
|
||||||
|
- deb
|
||||||
|
- rpm
|
||||||
|
- archlinux
|
||||||
|
umask: 0o002
|
||||||
|
provides:
|
||||||
|
- plakken
|
||||||
|
suggests:
|
||||||
|
- redis
|
||||||
|
contents:
|
||||||
|
- src: .env
|
||||||
|
dst: /etc/plakken/env
|
||||||
|
- src: plakken.service
|
||||||
|
dst: /usr/lib/systemd/system/plakken.service
|
||||||
|
scripts:
|
||||||
|
preinstall: "deployment/goreleaser/preinstall.sh"
|
||||||
|
preremove: "deployment/goreleaser/preremove.sh"
|
||||||
|
postremove: "deployment/goreleaser/postremove.sh"
|
||||||
|
|
||||||
|
checksum:
|
||||||
|
algorithm: sha256
|
||||||
|
|
||||||
|
changelog:
|
||||||
|
sort: asc
|
||||||
|
filters:
|
||||||
|
exclude:
|
||||||
|
- "^docs:"
|
||||||
|
- "^test:"
|
|
@ -4,9 +4,9 @@ steps:
|
||||||
settings:
|
settings:
|
||||||
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
|
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
|
||||||
dockerfile: deployment/docker/Dockerfile
|
dockerfile: deployment/docker/Dockerfile
|
||||||
platforms: linux/amd64,linux/arm64/v8,linux/arm
|
platforms: linux/amd64,linux/arm64/v8
|
||||||
registry: https://git.gnous.eu
|
registry: https://git.gnous.eu
|
||||||
tag: ${CI_COMMIT}
|
tag: ${CI_COMMIT_SHA}
|
||||||
username:
|
username:
|
||||||
from_secret: docker_username
|
from_secret: docker_username
|
||||||
password:
|
password:
|
||||||
|
@ -14,19 +14,4 @@ steps:
|
||||||
when:
|
when:
|
||||||
branch: ${CI_REPO_DEFAULT_BRANCH}
|
branch: ${CI_REPO_DEFAULT_BRANCH}
|
||||||
event: push
|
event: push
|
||||||
- name: publish_image_tag
|
repo: gnouseu/plakken
|
||||||
image: woodpeckerci/plugin-docker-buildx
|
|
||||||
settings:
|
|
||||||
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
|
|
||||||
dockerfile: deployment/docker/Dockerfile
|
|
||||||
platforms: linux/amd64,linux/arm64/v8,linux/arm
|
|
||||||
registry: https://git.gnous.eu
|
|
||||||
tags:
|
|
||||||
- ${CI_COMMIT_TAG##v} # Remove v from tag
|
|
||||||
- stable
|
|
||||||
username:
|
|
||||||
from_secret: docker_username
|
|
||||||
password:
|
|
||||||
from_secret: docker_password
|
|
||||||
when:
|
|
||||||
event: tag
|
|
||||||
|
|
|
@ -8,4 +8,4 @@ steps:
|
||||||
- event: pull_request
|
- event: pull_request
|
||||||
repo: gnouseu/plakken
|
repo: gnouseu/plakken
|
||||||
- event: push
|
- event: push
|
||||||
branch: main
|
branch: ${CI_REPO_DEFAULT_BRANCH}
|
|
@ -1,24 +1,29 @@
|
||||||
steps:
|
steps:
|
||||||
- name: Build
|
- name: Release
|
||||||
image: golang:1.22
|
image: golang:1.22
|
||||||
commands:
|
commands:
|
||||||
- go mod download
|
- go install github.com/goreleaser/goreleaser@latest
|
||||||
- CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-linux-amd64 # Enable static binary, target Linux, remove debug information and strip binary
|
- goreleaser release
|
||||||
- CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-linux-arm64
|
secrets: [ gitea_token ]
|
||||||
- CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-linux-arm
|
|
||||||
- CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-windows-amd64.exe
|
|
||||||
- CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-windows-arm64.exe
|
|
||||||
- CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-windows-arm.exe
|
|
||||||
when:
|
when:
|
||||||
event: tag
|
event: tag
|
||||||
- name: Release
|
repo: gnouseu/plakken
|
||||||
image: woodpeckerci/plugin-gitea-release
|
depends_on: []
|
||||||
|
- name: publish_image_tag
|
||||||
|
image: woodpeckerci/plugin-docker-buildx
|
||||||
settings:
|
settings:
|
||||||
base_url: https://git.gnous.eu
|
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
|
||||||
files:
|
dockerfile: deployment/docker/Dockerfile
|
||||||
- "plakken*"
|
platforms: linux/amd64,linux/arm64/v8
|
||||||
api_key:
|
registry: https://git.gnous.eu
|
||||||
from_secret: release_token
|
tags:
|
||||||
target: main
|
- ${CI_COMMIT_TAG##v} # Remove v from tag
|
||||||
|
- stable
|
||||||
|
username:
|
||||||
|
from_secret: docker_username
|
||||||
|
password:
|
||||||
|
from_secret: docker_password
|
||||||
when:
|
when:
|
||||||
event: tag
|
event: tag
|
||||||
|
repo: gnouseu/plakken
|
||||||
|
depends_on: []
|
|
@ -1,5 +1,3 @@
|
||||||
version: "3"
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
plakken:
|
plakken:
|
||||||
external: false
|
external: false
|
||||||
|
@ -7,8 +5,8 @@ networks:
|
||||||
services:
|
services:
|
||||||
server:
|
server:
|
||||||
build:
|
build:
|
||||||
context: ../
|
context: ../../
|
||||||
dockerfile: docker/Dockerfile
|
dockerfile: deployment/docker/Dockerfile
|
||||||
restart: always
|
restart: always
|
||||||
container_name: plakken
|
container_name: plakken
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
version: "3"
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
plakken:
|
plakken:
|
||||||
external: false
|
external: false
|
||||||
|
@ -20,7 +18,6 @@ services:
|
||||||
- "3000:3000"
|
- "3000:3000"
|
||||||
environment:
|
environment:
|
||||||
- PLAKKEN_REDIS_ADDRESS=redis:6379
|
- PLAKKEN_REDIS_ADDRESS=redis:6379
|
||||||
- POSTGRES_PASSWORD=gitea
|
|
||||||
- PLAKKEN_REDIS_DB=0
|
- PLAKKEN_REDIS_DB=0
|
||||||
- PLAKKEN_URL_LENGTH=5
|
- PLAKKEN_URL_LENGTH=5
|
||||||
depends_on:
|
depends_on:
|
||||||
|
|
7
deployment/goreleaser/postremove.sh
Normal file
7
deployment/goreleaser/postremove.sh
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
if getent passwd plakken > /dev/null; then
|
||||||
|
userdel -r plakken
|
||||||
|
fi
|
||||||
|
|
||||||
|
if getent group plakken > /dev/null; then
|
||||||
|
groupdel plakken
|
||||||
|
fi
|
12
deployment/goreleaser/preinstall.sh
Normal file
12
deployment/goreleaser/preinstall.sh
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
if ! getent group plakken > /dev/null; then
|
||||||
|
groupadd -r plakken
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! getent passwd plakken > /dev/null; then
|
||||||
|
useradd -r -d /var/lib/plakken -s /sbin/nologin -g plakken -c "Plakken server" plakken
|
||||||
|
fi
|
||||||
|
if ! test -d /var/lib/plakken; then
|
||||||
|
mkdir -p /var/lib/plakken
|
||||||
|
chmod 0750 /var/lib/plakken
|
||||||
|
chown -R plakken:plakken /var/lib/plakken
|
||||||
|
fi
|
1
deployment/goreleaser/preremove.sh
Normal file
1
deployment/goreleaser/preremove.sh
Normal file
|
@ -0,0 +1 @@
|
||||||
|
systemctl stop plakken
|
54
plakken.service
Normal file
54
plakken.service
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
# /usr/lib/systemd/system/plakken.service
|
||||||
|
[Unit]
|
||||||
|
Description=A paste server
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=plakken
|
||||||
|
|
||||||
|
ExecStart=/usr/bin/plakken
|
||||||
|
|
||||||
|
|
||||||
|
EnvironmentFile=/etc/plakken/env
|
||||||
|
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=true
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
RestrictNamespaces=true
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
PrivateUsers=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
LockPersonality=true
|
||||||
|
RestrictSUIDSGID=true
|
||||||
|
RemoveIPC=true
|
||||||
|
RestrictRealtime=true
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
UMask=177
|
||||||
|
ProtectProc=invisible
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
ProtectHostname=true
|
||||||
|
RestrictAddressFamilies=~AF_(INET|INET6)
|
||||||
|
RestrictAddressFamilies=~…
|
||||||
|
RestrictAddressFamilies=~AF_UNIX
|
||||||
|
RestrictAddressFamilies=~AF_NETLINK
|
||||||
|
RestrictAddressFamilies=~AF_PACKET
|
||||||
|
SystemCallFilter=~@reboot
|
||||||
|
SystemCallFilter=~@obsolete
|
||||||
|
SystemCallFilter=~@mount
|
||||||
|
SystemCallFilter=~@module
|
||||||
|
SystemCallFilter=~@debug
|
||||||
|
SystemCallFilter=~@cpu-emulation
|
||||||
|
SystemCallFilter=~@clock
|
||||||
|
SystemCallFilter=~@swap
|
||||||
|
SystemCallFilter=~@privileged
|
||||||
|
ProcSubset=pid
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in a new issue