Prepare deployment: Build basic deb packages

This commit is contained in:
aldrin 2021-04-16 09:23:01 +02:00
parent 87d72be3fa
commit dde639f3d1
17 changed files with 280 additions and 0 deletions

9
.gitignore vendored
View file

@ -23,3 +23,12 @@ node_modules
__pycache__/
/db.sqlite3
/venv/
/debian/*debhelper*
/debian/*.substvars
/debian/files
/debian/python3-userausfall/
/debian/userausfall/
/debian/userausfall-webapp/
/.pybuild/
/build/
/userausfall.egg-info/

13
Makefile Normal file
View file

@ -0,0 +1,13 @@
DIR_BUILD ?= build
.PHONY: default-target
default-target:
@true
.PHONY: clean
clean:
rm -rf "$(DIR_BUILD)"
include make.d/assets.mk
include make.d/deb.mk
include make.d/release.mk

5
debian/changelog vendored Normal file
View file

@ -0,0 +1,5 @@
userausfall (0.0.1-1) unstable; urgency=medium
* Initial release.
-- Robert <rw@roko.li> Fri, 16 Apr 2021 10:00:20 +0200

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
10

36
debian/control vendored Normal file
View file

@ -0,0 +1,36 @@
Source: userausfall
Section: web
Priority: optional
Maintainer: Robert Waltemath <rw@roko.li>
Build-Depends:
debhelper (>= 9),
dh-exec,
dh-python,
python3-all,
python3-django (>= 2.2),
python3-djangorestframework,
# python3-djoser (>= 2.1),
python3-setuptools,
Standards-Version: 4.5.0
Package: userausfall
Architecture: all
Depends:
${misc:Depends},
python3-userausfall,
Description: User account management interface for systemausfall.org
Package: userausfall-webapp
Architecture: all
Description: Frontend assets for userausfall
Package: python3-userausfall
Architecture: all
Depends:
${misc:Depends},
${python3:Depends},
python3-django (>= 2.2),
python3-django-imagekit,
python3-djangorestframework,
python3-djoser (>= 2.1),
Description: Python backend for the userausfall web application

3
debian/copyright vendored Normal file
View file

@ -0,0 +1,3 @@
Files: *
Copyright: 2021 Robert Waltemath
License: AGPL-3+

16
debian/rules vendored Executable file
View file

@ -0,0 +1,16 @@
#!/usr/bin/make -f
export PYBUILD_NAME=userausfall
export PYBUILD_DISABLE=test
%:
dh $@ --package=python3-userausfall --with=python3 --buildsystem=pybuild
dh $@ --package=userausfall
dh $@ --package=userausfall-webapp
.PHONY: override_dh_auto_install
override_dh_auto_install:
dh_auto_install --package=python3-userausfall --destdir=debian/python3-userausfall
if echo "$$DH_INTERNAL_OPTIONS" | sed 's/-O/\n/g' | grep -qF -- '--package=userausfall-webapp'; then \
$(MAKE) assets-install DESTDIR=$$(realpath -m debian/userausfall-webapp/usr/share/userausfall-webapp); \
fi

1
debian/source/format vendored Normal file
View file

@ -0,0 +1 @@
3.0 (git)

1
debian/source/options vendored Normal file
View file

@ -0,0 +1 @@
extend-diff-ignore="/__pycache__/"

37
debian/system-files/userausfall.ini vendored Normal file
View file

@ -0,0 +1,37 @@
[uwsgi]
# basic uwsgi configuration
plugin = python3
plugin = router_redirect
master = True
workers = 4
threads = 2
vacuum = True
# python app configuration
chdir = /var/lib/userausfall
pythonpath = /etc/userausfall
touch-reload = /etc/userausfall/settings.py
for-readline = /etc/default/userausfall
env = %(_)
endfor =
module = userausfall.wsgi:application
# runtime configuration
uid = _userausfall
# socket configuration
chown-socket = www-data:www-data
chmod-socket = 640
# maintenance mode
touch-reload = /etc/userausfall/maintenance_mode
if-exists = /etc/userausfall/maintenance_mode
route = .* break:503
endif =
# Logging will catch a lot of OSErrors if clients prematurely close
# connections before a response was sent. This is not something we want
# to know about.
ignore-sigpipe = true
ignore-write-errors = true
disable-write-exception = true

20
debian/system-files/userausfallctl vendored Executable file
View file

@ -0,0 +1,20 @@
#!/bin/sh
set -eu
EXEC_USER=_userausfall
. /etc/default/userausfall
export PYTHONPATH
export DJANGO_SETTINGS_MODULE
export USERAUSFALL_DATA_DIR
if [ "$(id -nu)" = "$EXEC_USER" ]; then
exec python3 -m django "$@"
elif [ "$(id -u)" = 0 ]; then
exec su -s "$0" "$EXEC_USER" -- "$@"
else
echo "please run $(basename "$0") as root or '$EXEC_USER'" >&2
exit 1
fi

3
debian/userausfall.default vendored Normal file
View file

@ -0,0 +1,3 @@
PYTHONPATH=/etc/userausfall
DJANGO_SETTINGS_MODULE=userausfall_settings
USERAUSFALL_DATA_DIR=/var/lib/userausfall

2
debian/userausfall.install vendored Normal file
View file

@ -0,0 +1,2 @@
debian/system-files/userausfallctl usr/bin
debian/system-files/userausfall.ini etc/uwsgi/apps-available

59
debian/userausfall.postinst vendored Normal file
View file

@ -0,0 +1,59 @@
#!/bin/sh
set -eu
APP_NAME=userausfall
APP_USER=_$APP_NAME
APP_HOME=/var/lib/$APP_NAME
APP_ETC=/etc/$APP_NAME
APP_SETTINGS=$APP_ETC/settings.py
APP_PID=/var/run/uwsgi/app/$APP_NAME/pid
APP_UWSGI_CONFIG=/etc/uwsgi/apps-enabled/$APP_NAME.ini
APP_BACKUPS=/var/backups/$APP_NAME
APP_MEDIA=$APP_HOME/media
APP_CTL_SCRIPT="$APP_NAME"ctl
if [ "$1" = "configure" ]; then
if ! getent passwd "$APP_USER" >/dev/null; then
# adduser still recognizes usernames with leading underscores as bad name
# even though the current debian packaging guidelines enforces this.
adduser --quiet --system --group --disabled-password --force-badname \
--home "$APP_HOME" "$APP_USER"
fi
if [ -f "$APP_UWSGI_CONFIG" ]; then
if "$APP_CTL_SCRIPT" migrate --no-input >/dev/null; then
rm -f "$APP_ETC/maintenance_mode"
else
echo "error while executing $APP_USER migrations. maintenance mode still active" >&2
fi
fi
if [ -f "$APP_SETTINGS" ]; then
chown "$APP_USER:" "$APP_SETTINGS"
fi
# create secure user dirs
install -d -o "$APP_USER" -g nogroup -m 700 "$APP_BACKUPS"
install -d -o "$APP_USER" -g "$APP_USER" -m 755 "$APP_MEDIA"
"$APP_CTL_SCRIPT" collectstatic --no-input --clear
if [ -f "$APP_PID" ]; then
printf "reloading $APP_USER app server... "
kill -HUP "$(cat "$APP_PID")" 2>/dev/null && echo "ok" || echo "failed"
fi
fi
if [ "$1" = "triggered" ]; then
"$APP_CTL_SCRIPT" collectstatic --no-input --clear
fi
set +eu
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0

48
make.d/assets.mk Normal file
View file

@ -0,0 +1,48 @@
DIR_ASSETS = .
DIR_NODE = $(DIR_ASSETS)/node_modules
DIR_NODE_BIN = $(DIR_NODE)/.bin
BIN_NODE_PKG = npm --prefix "$(DIR_ASSETS)"
BIN_VUE_CLI = $(DIR_NODE_BIN)/vue-cli-service
OUTPUT_DIR_STATIC = $(DIR_BUILD)/webapp
OUTPUT_ASSET_TEMPLATE = $(OUTPUT_DIR_STATIC)/index.html
DEPS_ASSETS = $(shell find "$(DIR_ASSETS)" -type f -not -path "$(DIR_ASSETS)/node_modules/*" -not -path "$(DIR_ASSETS)/venv/*")
# dpkg-buildpackage and related tools may interface with
# proxy settings to prevent internet access during package builds.
# We dont care about that.
undefine no_proxy
undefine http_proxy
undefine https_proxy
$(DIR_NODE): $(DIR_ASSETS)/package.json $(DIR_ASSETS)/package-lock.json
ADBLOCK=true $(BIN_NODE_PKG) ci --no-progress
@touch -c $(DIR_NODE)
$(BIN_VUE_CLI): $(DIR_NODE)
$(OUTPUT_ASSET_TEMPLATE): $(BIN_VUE_CLI) $(DEPS_ASSETS)
$(BIN_NODE_PKG) run build
.PHONY: lint-js
lint-js: $(BIN_VUE_CLI)
$(BIN_NODE_PKG) run lint
lint: lint-js
.PHONY: clean-assets
clean-assets:
rm -rf \
$(DIR_NODE) \
$(OUTPUT_DIR_STATIC)
clean: clean-assets
.PHONY: assets
assets: $(OUTPUT_ASSET_TEMPLATE)
.PHONY: assets-install
assets-install: assets
(cd "$(OUTPUT_DIR_STATIC)"; find * -type f -print0 | xargs -0 -I '{}' install -D '{}' "$(DESTDIR)/public/{}")

5
make.d/deb.mk Normal file
View file

@ -0,0 +1,5 @@
PHONY: dist-deb
dist-deb:
dpkg-buildpackage --no-sign
mkdir -p "$(DIR_BUILD)/deb"
mv ../*.deb ../*.changes ../*.buildinfo ../*.git ../*.dsc build/deb

21
make.d/release.mk Normal file
View file

@ -0,0 +1,21 @@
.PHONY: release-ready
release-ready:
@[ -n "$$(git status --porcelain)" ] && echo "working directory must be clean for release" >&2 && exit 1
true
# $(MAKE) test
release-major: BUMP=major
release-minor: BUMP=minor
release-patch: BUMP=patch
.PHONY: release-major release-minor release-patch
release-major release-minor release-patch: release-generic
.PHONY: release-generic
.ONESHELL:
release-generic: release-ready
CURRENT_VERSION="$$(bumpversion --no-commit --no-tag $(BUMP) && cat VERSION)"
debchange --newversion "$${CURRENT_VERSION}-1" "New upstream release"
debchange --release ""
git commit -a -m "Release $${CURRENT_VERSION}"
git tag -m "Release $${CURRENT_VERSION}" "v$${CURRENT_VERSION}"