Added - Added optional sensitive-secret import for installer app.ini uploads.
- 1 - I added an explicit installer checkbox for importing sensitive secrets from `app.ini` in `templates/install.tmpl`. - 2 - I extended the installer form, submit pipeline, and final config writer so the optional import reuses `LFS_JWT_SECRET`, `INTERNAL_TOKEN`, and `oauth2.JWT_SECRET` from the uploaded `app.ini` instead of generating new values, including a submit-time fallback that re-reads the uploaded file if the checkbox was enabled after the first auto-import. - 3 - I finalized secret resolution for both direct values and `LFS_JWT_SECRET_URI` / `INTERNAL_TOKEN_URI` / `JWT_SECRET_URI` file-based references, and added regression coverage for direct imports, URI-based imports, the real `POST /import_app_ini` flow, and the persisted `app.ini` output.
This commit is contained in:
Executable
+269
@@ -0,0 +1,269 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Folosește instalarea Go standard dacă există, chiar dacă nu este în PATH.
|
||||
if [ -x "/usr/local/go/bin/go" ]; then
|
||||
export PATH="/usr/local/go/bin:$PATH"
|
||||
fi
|
||||
|
||||
# Încarcă NVM dacă este disponibil
|
||||
export NVM_DIR="$HOME/.nvm"
|
||||
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
|
||||
|
||||
# Forțează folosirea versiunii 22
|
||||
nvm use 22 > /dev/null 2>&1 || echo "⚠️ NVM nu a putut activa Node 22 automatically."
|
||||
|
||||
# --- 1. VERIFICARE INTEGRITATE ȘI CURĂȚARE CACHE INIȚIALĂ ---
|
||||
echo "🔍 Initialization checks..."
|
||||
|
||||
if ! command -v go > /dev/null 2>&1; then
|
||||
echo "❌ Go nu este disponibil în PATH. Instalează Go 1.26.2 sau adaugă binarul go în PATH."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
notify_human_interaction() {
|
||||
local bell_oga="/usr/share/sounds/freedesktop/stereo/bell.oga"
|
||||
local bell_wav="/usr/share/sounds/alsa/Front_Center.wav"
|
||||
local in_vscode_terminal=0
|
||||
local notification_sent=0
|
||||
|
||||
if [ "${TERM_PROGRAM:-}" = "vscode" ] || [ -n "${VSCODE_IPC_HOOK_CLI:-}" ] || [ -n "${VSCODE_GIT_IPC_HANDLE:-}" ]; then
|
||||
in_vscode_terminal=1
|
||||
fi
|
||||
|
||||
if command -v notify-send > /dev/null 2>&1; then
|
||||
notify-send "Gitea smart-build" "Human input required in smart-build.sh" > /dev/null 2>&1 && notification_sent=1
|
||||
fi
|
||||
|
||||
if command -v canberra-gtk-play > /dev/null 2>&1; then
|
||||
canberra-gtk-play -i bell > /dev/null 2>&1 && return
|
||||
fi
|
||||
|
||||
if [ -f "$bell_oga" ] && command -v paplay > /dev/null 2>&1; then
|
||||
paplay "$bell_oga" > /dev/null 2>&1 && return
|
||||
fi
|
||||
|
||||
if [ -f "$bell_wav" ] && command -v aplay > /dev/null 2>&1; then
|
||||
aplay -q "$bell_wav" > /dev/null 2>&1 && return
|
||||
fi
|
||||
|
||||
if [ -f "$bell_wav" ] && command -v play > /dev/null 2>&1; then
|
||||
play -q "$bell_wav" > /dev/null 2>&1 && return
|
||||
fi
|
||||
|
||||
if [ -t 1 ]; then
|
||||
printf '\a'
|
||||
fi
|
||||
|
||||
if [ "$notification_sent" -eq 0 ] && [ "$in_vscode_terminal" -eq 1 ]; then
|
||||
printf '\033[1;33m%s\033[0m\n' ">>> Human input required below <<<"
|
||||
fi
|
||||
}
|
||||
|
||||
apply_moderate_build_limits() {
|
||||
local go_procs="$1"
|
||||
local node_memory="$2"
|
||||
|
||||
export GOMAXPROCS="$go_procs"
|
||||
export MAKEFLAGS="-j1"
|
||||
|
||||
if [[ "$NODE_OPTIONS" != *"--max-old-space-size="* ]]; then
|
||||
export NODE_OPTIONS="${NODE_OPTIONS:+$NODE_OPTIONS }--max-old-space-size=$node_memory"
|
||||
fi
|
||||
}
|
||||
|
||||
echo ""
|
||||
echo "⚙️ Select Build Load Profile:"
|
||||
echo " Normal keeps the default build behavior."
|
||||
echo " Moderate limits parallel jobs and keeps CPU/RAM usage lower."
|
||||
echo " Low Resource is slower, but safest for weaker machines."
|
||||
notify_human_interaction
|
||||
load_options=("Normal" "Moderate (GOMAXPROCS=2, make -j1)" "Low Resource (GOMAXPROCS=1, make -j1)" "Quit")
|
||||
select opt in "${load_options[@]}"
|
||||
do
|
||||
case $opt in
|
||||
"Normal")
|
||||
echo "✅ Selected: Normal build profile."
|
||||
break
|
||||
;;
|
||||
"Moderate (GOMAXPROCS=2, make -j1)")
|
||||
apply_moderate_build_limits 2 2048
|
||||
echo "✅ Selected: Moderate build profile."
|
||||
echo " GOMAXPROCS=$GOMAXPROCS MAKEFLAGS=\"$MAKEFLAGS\" NODE_OPTIONS=\"$NODE_OPTIONS\""
|
||||
break
|
||||
;;
|
||||
"Low Resource (GOMAXPROCS=1, make -j1)")
|
||||
apply_moderate_build_limits 1 2048
|
||||
echo "✅ Selected: Low Resource build profile."
|
||||
echo " GOMAXPROCS=$GOMAXPROCS MAKEFLAGS=\"$MAKEFLAGS\" NODE_OPTIONS=\"$NODE_OPTIONS\""
|
||||
break
|
||||
;;
|
||||
"Quit")
|
||||
exit 0
|
||||
;;
|
||||
*) echo "Opțiune invalidă $REPLY";;
|
||||
esac
|
||||
done
|
||||
|
||||
# Dacă compilarea anterioară a fost întreruptă, ștergem binarul parțial
|
||||
if [ -f "gitea" ] || [ -f "gitea.exe" ]; then
|
||||
echo "🧹 Garbages found. Cleanning..."
|
||||
rm -f gitea gitea.exe
|
||||
fi
|
||||
|
||||
# Verificăm dacă node_modules există. Dacă nu, forțăm pnpm install
|
||||
if [ ! -d "node_modules" ]; then
|
||||
echo "⚠️ node_modules missing. Instaling..."
|
||||
if ! pnpm install --frozen-lockfile; then
|
||||
echo "❌ Fail to install frontend dependencies."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# --- 2. LOGICĂ FRONTEND (CHECKSUM) ---
|
||||
CHECKSUM_FILE=".frontend.hash"
|
||||
CURRENT_HASH=$(find web_src package.json tailwind.config.js -type f -print0 2>/dev/null | xargs -0 sha1sum | sha1sum | awk '{print $1}')
|
||||
|
||||
if [ -f "$CHECKSUM_FILE" ] && [ "$CURRENT_HASH" == "$(cat $CHECKSUM_FILE)" ]; then
|
||||
echo "✅ Frontend is unchanged."
|
||||
else
|
||||
echo "🚀 Code changes detected. Running frontend build..."
|
||||
if ! make frontend; then
|
||||
echo "❌ Fail to build frontend assets."
|
||||
exit 1
|
||||
fi
|
||||
echo "$CURRENT_HASH" > "$CHECKSUM_FILE"
|
||||
fi
|
||||
|
||||
# --- 3. MENIU INTERACTIV PENTRU ARHITECTURĂ ---
|
||||
echo ""
|
||||
echo "🎯 Select Arch to build:"
|
||||
notify_human_interaction
|
||||
arch_options=("linux-amd64" "linux-armv7" "windows-amd64" "All Arch" "Quit")
|
||||
select opt in "${arch_options[@]}"
|
||||
do
|
||||
case $opt in
|
||||
"linux-amd64")
|
||||
TARGETS=("linux/amd64")
|
||||
break
|
||||
;;
|
||||
"linux-armv7")
|
||||
TARGETS=("linux/arm/7")
|
||||
break
|
||||
;;
|
||||
"windows-amd64")
|
||||
TARGETS=("windows/amd64")
|
||||
break
|
||||
;;
|
||||
"All Arch")
|
||||
TARGETS=("linux/amd64" "linux/arm/7" "windows/amd64")
|
||||
break
|
||||
;;
|
||||
"Quit")
|
||||
exit 0
|
||||
;;
|
||||
*) echo "Opțiune invalidă $REPLY";;
|
||||
esac
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "🏷️ Select Build Tags:"
|
||||
notify_human_interaction
|
||||
tag_options=("bindata" "bindata sqlite sqlite_unlock_notify" "Quit")
|
||||
select opt in "${tag_options[@]}"
|
||||
do
|
||||
case $opt in
|
||||
"bindata")
|
||||
BUILD_TAGS="bindata"
|
||||
break
|
||||
;;
|
||||
"bindata sqlite sqlite_unlock_notify")
|
||||
BUILD_TAGS="bindata sqlite sqlite_unlock_notify"
|
||||
BUILD_VARIANT="sqlite"
|
||||
break
|
||||
;;
|
||||
"Quit")
|
||||
exit 0
|
||||
;;
|
||||
*) echo "Opțiune invalidă $REPLY";;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "$BUILD_VARIANT" ]; then
|
||||
BUILD_VARIANT="default"
|
||||
fi
|
||||
|
||||
bindata_needs_update() {
|
||||
local source_dir="$1"
|
||||
local bindata_file="$2"
|
||||
|
||||
if [ ! -f "$bindata_file" ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
find "$source_dir" -type f -newer "$bindata_file" -print -quit 2>/dev/null | grep -q .
|
||||
}
|
||||
|
||||
ensure_bindata_asset() {
|
||||
local label="$1"
|
||||
local source_dir="$2"
|
||||
local go_package="$3"
|
||||
local bindata_file="$4"
|
||||
|
||||
if bindata_needs_update "$source_dir" "$bindata_file"; then
|
||||
echo "♻️ Regenerating $label bindata..."
|
||||
if ! CC= GOOS= GOARCH= CGO_ENABLED=0 go generate -tags bindata "$go_package"; then
|
||||
echo "❌ Failed to regenerate $label bindata."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "✅ $label bindata is up to date."
|
||||
fi
|
||||
}
|
||||
|
||||
ensure_bindata_assets() {
|
||||
if [[ " $BUILD_TAGS " != *" bindata "* ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
echo "🔎 Checking embedded bindata assets..."
|
||||
ensure_bindata_asset "templates" "templates" "./modules/templates" "modules/templates/bindata.dat"
|
||||
ensure_bindata_asset "options" "options" "./modules/options" "modules/options/bindata.dat"
|
||||
ensure_bindata_asset "public" "public" "./modules/public" "modules/public/bindata.dat"
|
||||
ensure_bindata_asset "migration schemas" "modules/migration/schemas" "./modules/migration" "modules/migration/bindata.dat"
|
||||
}
|
||||
|
||||
ensure_bindata_assets
|
||||
|
||||
# --- 4. COMPILARE ---
|
||||
mkdir -p dist
|
||||
for TARGET in "${TARGETS[@]}"; do
|
||||
IFS="/" read -r OS ARCH ARM_VER <<< "$TARGET"
|
||||
|
||||
EXT="" && [ "$OS" == "windows" ] && EXT=".exe"
|
||||
SUFFIX="-$OS-$ARCH" && [ ! -z "$ARM_VER" ] && SUFFIX="-$OS-armv$ARM_VER"
|
||||
VARIANT_SUFFIX="" && [ "$BUILD_VARIANT" == "sqlite" ] && VARIANT_SUFFIX="-sqlite"
|
||||
OUTPUT="dist/gitea$SUFFIX$VARIANT_SUFFIX$EXT"
|
||||
|
||||
echo "📦 Building for $OS/$ARCH ${ARM_VER:+(v$ARM_VER) }with TAGS=\"$BUILD_TAGS\"..."
|
||||
|
||||
export GOOS=$OS
|
||||
export GOARCH=$ARCH
|
||||
export GOARM=$ARM_VER
|
||||
export CGO_ENABLED=0
|
||||
if [ "$BUILD_VARIANT" == "sqlite" ]; then
|
||||
export CGO_ENABLED=1
|
||||
fi
|
||||
|
||||
if make build TAGS="$BUILD_TAGS"; then
|
||||
mv "gitea$EXT" "$OUTPUT"
|
||||
echo "✅ Created: $OUTPUT"
|
||||
else
|
||||
echo "❌ Fail to build for $TARGET"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
unset GOOS GOARCH GOARM
|
||||
done
|
||||
|
||||
echo "✨ Buid finished. Get file(s) from /dist"
|
||||
go clean -cache # || true
|
||||
Reference in New Issue
Block a user