From f0fdfafaede34ac2c6cd7bb9068c341f62e3e7ae Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 22 Dec 2022 10:41:07 +0100 Subject: [PATCH] added basic debian package setup and pipeline --- .gitlab-ci.yml | 44 +++++++++++++++++++++++-- DEBIAN/conffiles | 8 +++++ DEBIAN/control | 9 +++++ DEBIAN/postinst | 85 ++++++++++++++++++++++++++++++++++++++++++++++++ DEBIAN/postrm | 8 +++++ DEBIAN/prerm | 5 +++ 6 files changed, 156 insertions(+), 3 deletions(-) create mode 100644 DEBIAN/conffiles create mode 100644 DEBIAN/control create mode 100644 DEBIAN/postinst create mode 100755 DEBIAN/postrm create mode 100755 DEBIAN/prerm diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c24c913..9d529ae 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,28 @@ cache: key: one-key-to-rule-them-all -build: +build:debian: + # debian:bullseye-slim + image: debian:bookworm-slim # just to get "python3-jose" working + stage: build + before_script: + - apt-get update -qq && apt-get install -qq -y build-essential + - chmod 0755 -R . + # create build directory for .deb sources + - mkdir build + # copy install instructions + - cp -r DEBIAN build/ + # copy app + - mkdir -p build/usr/share/ + - cp -r app build/usr/share/fastapi-dls + script: + - dpkg -b . build.deb + artifacts: + expire_in: 1 week + paths: + - build.deb + +build:docker: image: docker:dind interruptible: true stage: build @@ -15,10 +36,27 @@ build: - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF} - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF} -test: +test:debian: + image: debian:bookworm-slim stage: test + needs: + - job: build:debian + artifacts: true + before_script: + - apt-get update -qq && apt-get install -qq -y jq # systemd script: - - echo "Nothing to do ..." + # test installation + - apt-get install -q -y ./build.deb --fix-missing + # copy example config from GitLab-CI-Variables + #- cat ${EXAMPLE_CONFIG} > /etc/fastapi-dls/env + #- systemctl daemon-reload + #- systemctl enable fastapi-dls.service + #- systemctl start fastapi-dls.service + #- if [ "`curl --insecure -s https://localhost:8000/status | jq .status`" != "up" ]; then exit 2; fi + #- systemctl stop fastapi-dls.service + #- systemctl disable fastapi-dls.service + - apt-get purge -qq -y fastapi-dls + - apt-get autoremove -qq -y && apt-get clean -qq deploy: stage: deploy diff --git a/DEBIAN/conffiles b/DEBIAN/conffiles new file mode 100644 index 0000000..02e3534 --- /dev/null +++ b/DEBIAN/conffiles @@ -0,0 +1,8 @@ +/etc/systemd/system/fastapi-dls.service +/etc/fastapi-dls/env +/etc/fastapi-dls/instance.private.pem +/etc/fastapi-dls/instance.public.pem +/etc/fastapi-dls/webserver.key +/etc/fastapi-dls/webserver.crt + +# todo diff --git a/DEBIAN/control b/DEBIAN/control new file mode 100644 index 0000000..b7495d8 --- /dev/null +++ b/DEBIAN/control @@ -0,0 +1,9 @@ +Package: fastapi-dls +Version: 0.5 +Architecture: all +Maintainer: Oscar Krause oscar.krause@collinwebdesigns.de +Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-jose, uvicorn, openssl +Recommends: curl +Installed-Size: 10240 +Homepage: https://git.collinwebdesigns.de/oscar.krause/fastapi-dls +Description: Minimal Delegated License Service (DLS). diff --git a/DEBIAN/postinst b/DEBIAN/postinst new file mode 100644 index 0000000..dc5ee05 --- /dev/null +++ b/DEBIAN/postinst @@ -0,0 +1,85 @@ +#!/bin/bash + +echo "> Install service ..." +echo </etc/systemd/system/fastapi-dls.service +[Unit] +Description=Service for fastapi-dls +After=network.target + +[Service] +User=www-data +Group=www-data +WorkingDirectory=/usr/share/fastapi-dls +ExecStart=uvicorn \ + --host $DLS_URL --port $DLS_PORT \ + --app-dir /usr/share/fastapi-dls/app \ + --ssl-keyfile /etc/fastapi-dls/webserver.key \ + --ssl-certfile /opt/fastapi-dls/webserver.crt \ + --proxy-headers +EnvironmentFile=/etc/fastapi-dls.env +Restart=always +KillSignal=SIGQUIT +Type=notify +StandardError=syslog +NotifyAccess=all + +[Install] +WantedBy=multi-user.target +EOF + +CONFIG_DIR=/etc/fastapi-dls + +echo "> Create config directory ..." +mkdir -p $CONFIG_DIR + +echo "> Writing default config parameters ..." +touch $CONFIG_DIR/fastapi-dls.env +echo <$CONFIG_DIR +DLS_URL=127.0.0.1 +DLS_PORT=443 +LEASE_EXPIRE_DAYS=90 +DATABASE=sqlite:////usr/share/fastapi-dls/db.sqlite +EOF + +echo "> Create dls-instance keypair ..." +openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048 +openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem + +while true; do + read -p "> Do you wish to create self-signed webserver certificate? [y/n]" yn + case $yn in + [Yy]*) + openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt + break + ;; + [Nn]*) break ;; + *) echo "Please answer [y] or [n]." ;; + esac +done + +if [[ -f $CONFIG_DIR/webserver.key ]]; then + echo "> Starting service ..." + systemctl start fastapi-dls.service + + if [ -x "$(command -v curl)" ]; then + echo "> Testing API ..." + curl --insecure -X GET https://127.0.0.1/status + else + echo "> Testing API failed, curl not available. Please test manually!" + fi +fi + +cat < Removing config directory." + rm -r /etc/fastapi-dls +fi + +# todo diff --git a/DEBIAN/prerm b/DEBIAN/prerm new file mode 100755 index 0000000..296c995 --- /dev/null +++ b/DEBIAN/prerm @@ -0,0 +1,5 @@ +#!/bin/bash + +echo -e "> Starting uninstallation of 'fastapi-dls'!" + +# todo