added basic debian package setup and pipeline
This commit is contained in:
parent
d6d4cbc74a
commit
f0fdfafaed
@ -1,7 +1,28 @@
|
||||
cache:
|
||||
key: one-key-to-rule-them-all
|
||||
|
||||
build:
|
||||
build:debian:
|
||||
# debian:bullseye-slim
|
||||
image: debian:bookworm-slim # just to get "python3-jose" working
|
||||
stage: build
|
||||
before_script:
|
||||
- apt-get update -qq && apt-get install -qq -y build-essential
|
||||
- chmod 0755 -R .
|
||||
# create build directory for .deb sources
|
||||
- mkdir build
|
||||
# copy install instructions
|
||||
- cp -r DEBIAN build/
|
||||
# copy app
|
||||
- mkdir -p build/usr/share/
|
||||
- cp -r app build/usr/share/fastapi-dls
|
||||
script:
|
||||
- dpkg -b . build.deb
|
||||
artifacts:
|
||||
expire_in: 1 week
|
||||
paths:
|
||||
- build.deb
|
||||
|
||||
build:docker:
|
||||
image: docker:dind
|
||||
interruptible: true
|
||||
stage: build
|
||||
@ -15,10 +36,27 @@ build:
|
||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
||||
- docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
||||
|
||||
test:
|
||||
test:debian:
|
||||
image: debian:bookworm-slim
|
||||
stage: test
|
||||
needs:
|
||||
- job: build:debian
|
||||
artifacts: true
|
||||
before_script:
|
||||
- apt-get update -qq && apt-get install -qq -y jq # systemd
|
||||
script:
|
||||
- echo "Nothing to do ..."
|
||||
# test installation
|
||||
- apt-get install -q -y ./build.deb --fix-missing
|
||||
# copy example config from GitLab-CI-Variables
|
||||
#- cat ${EXAMPLE_CONFIG} > /etc/fastapi-dls/env
|
||||
#- systemctl daemon-reload
|
||||
#- systemctl enable fastapi-dls.service
|
||||
#- systemctl start fastapi-dls.service
|
||||
#- if [ "`curl --insecure -s https://localhost:8000/status | jq .status`" != "up" ]; then exit 2; fi
|
||||
#- systemctl stop fastapi-dls.service
|
||||
#- systemctl disable fastapi-dls.service
|
||||
- apt-get purge -qq -y fastapi-dls
|
||||
- apt-get autoremove -qq -y && apt-get clean -qq
|
||||
|
||||
deploy:
|
||||
stage: deploy
|
||||
|
8
DEBIAN/conffiles
Normal file
8
DEBIAN/conffiles
Normal file
@ -0,0 +1,8 @@
|
||||
/etc/systemd/system/fastapi-dls.service
|
||||
/etc/fastapi-dls/env
|
||||
/etc/fastapi-dls/instance.private.pem
|
||||
/etc/fastapi-dls/instance.public.pem
|
||||
/etc/fastapi-dls/webserver.key
|
||||
/etc/fastapi-dls/webserver.crt
|
||||
|
||||
# todo
|
9
DEBIAN/control
Normal file
9
DEBIAN/control
Normal file
@ -0,0 +1,9 @@
|
||||
Package: fastapi-dls
|
||||
Version: 0.5
|
||||
Architecture: all
|
||||
Maintainer: Oscar Krause oscar.krause@collinwebdesigns.de
|
||||
Depends: python3, python3-fastapi, python3-uvicorn, python3-dotenv, python3-dateutil, python3-jose, uvicorn, openssl
|
||||
Recommends: curl
|
||||
Installed-Size: 10240
|
||||
Homepage: https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
|
||||
Description: Minimal Delegated License Service (DLS).
|
85
DEBIAN/postinst
Normal file
85
DEBIAN/postinst
Normal file
@ -0,0 +1,85 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "> Install service ..."
|
||||
echo <<EOF >/etc/systemd/system/fastapi-dls.service
|
||||
[Unit]
|
||||
Description=Service for fastapi-dls
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=www-data
|
||||
Group=www-data
|
||||
WorkingDirectory=/usr/share/fastapi-dls
|
||||
ExecStart=uvicorn \
|
||||
--host $DLS_URL --port $DLS_PORT \
|
||||
--app-dir /usr/share/fastapi-dls/app \
|
||||
--ssl-keyfile /etc/fastapi-dls/webserver.key \
|
||||
--ssl-certfile /opt/fastapi-dls/webserver.crt \
|
||||
--proxy-headers
|
||||
EnvironmentFile=/etc/fastapi-dls.env
|
||||
Restart=always
|
||||
KillSignal=SIGQUIT
|
||||
Type=notify
|
||||
StandardError=syslog
|
||||
NotifyAccess=all
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
CONFIG_DIR=/etc/fastapi-dls
|
||||
|
||||
echo "> Create config directory ..."
|
||||
mkdir -p $CONFIG_DIR
|
||||
|
||||
echo "> Writing default config parameters ..."
|
||||
touch $CONFIG_DIR/fastapi-dls.env
|
||||
echo <<EOF >$CONFIG_DIR
|
||||
DLS_URL=127.0.0.1
|
||||
DLS_PORT=443
|
||||
LEASE_EXPIRE_DAYS=90
|
||||
DATABASE=sqlite:////usr/share/fastapi-dls/db.sqlite
|
||||
EOF
|
||||
|
||||
echo "> Create dls-instance keypair ..."
|
||||
openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
|
||||
openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
|
||||
|
||||
while true; do
|
||||
read -p "> Do you wish to create self-signed webserver certificate? [y/n]" yn
|
||||
case $yn in
|
||||
[Yy]*)
|
||||
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt
|
||||
break
|
||||
;;
|
||||
[Nn]*) break ;;
|
||||
*) echo "Please answer [y] or [n]." ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -f $CONFIG_DIR/webserver.key ]]; then
|
||||
echo "> Starting service ..."
|
||||
systemctl start fastapi-dls.service
|
||||
|
||||
if [ -x "$(command -v curl)" ]; then
|
||||
echo "> Testing API ..."
|
||||
curl --insecure -X GET https://127.0.0.1/status
|
||||
else
|
||||
echo "> Testing API failed, curl not available. Please test manually!"
|
||||
fi
|
||||
fi
|
||||
|
||||
cat <<EOF
|
||||
|
||||
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
||||
# #
|
||||
# fastapi-dls is now installed. #
|
||||
# #
|
||||
# Service should be up and running. #
|
||||
# Webservice is listen to https://localhost #
|
||||
# #
|
||||
# Configuration is stored in ${CONFIG_DIR}/env #
|
||||
# #
|
||||
# #
|
||||
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
||||
EOF
|
8
DEBIAN/postrm
Executable file
8
DEBIAN/postrm
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [[ -d /etc/fastapi-dls ]]; then
|
||||
echo "> Removing config directory."
|
||||
rm -r /etc/fastapi-dls
|
||||
fi
|
||||
|
||||
# todo
|
5
DEBIAN/prerm
Executable file
5
DEBIAN/prerm
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo -e "> Starting uninstallation of 'fastapi-dls'!"
|
||||
|
||||
# todo
|
Loading…
Reference in New Issue
Block a user