Backup_Repos/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash synced 2025-12-06 16:32:31 +01:00
Code Issues Projects Releases Wiki Activity

improve (signature): sign build with gpg

Browse source
This commit is contained in:
Mickael Kerjean 2019-05-03 17:24:55 +10:00
parent b513bf6888
commit 989d8bc5c5
2 changed files with 36 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
.drone.yml
View file

@ -39,13 +39,6 @@ steps:
- make build_backend - make build_backend
- timeout 1 ./dist/filestash || true - timeout 1 ./dist/filestash || true
- name: build_finalise
image: debian:latest
depends_on: [ build_go, build_js ]
commands:
- cp -R dist /tmp/filestash
- tar -C /tmp/ -zcf filestash_linux-amd64.tar.gz ./filestash
- name: test_prepare - name: test_prepare
image: alpine:latest image: alpine:latest
depends_on: [ clone ] depends_on: [ clone ]
@ -60,7 +53,7 @@ steps:
- name: test_frontend - name: test_frontend
image: node:8-alpine image: node:8-alpine
depends_on: [ test_prepare ] depends_on: [ test_prepare, build_frontend ]
commands: commands:
- cd ../test/unit_js - cd ../test/unit_js
- npm install --silent - npm install --silent
@ -68,7 +61,7 @@ steps:
- name: test_backend - name: test_backend
image: golang:1.12-alpine image: golang:1.12-alpine
depends_on: [ test_prepare ] depends_on: [ test_prepare, build_backend ]
commands: commands:
- apk add git gcc libc-dev poppler-utils > /dev/null - apk add git gcc libc-dev poppler-utils > /dev/null
- cp ../test/assets/* /tmp/ - cp ../test/assets/* /tmp/
@ -77,7 +70,7 @@ steps:
- name: test_e2e - name: test_e2e
image: machines/puppeteer image: machines/puppeteer
depends_on: [ build_prepare, build_js, build_go ] depends_on: [ build_frontend, build_backend ]
environment: environment:
ADMIN_PASSWORD: $$2a$$10$$9OFbPZV4lYpYjU5eUi91o.kgeMyCuW11j878YBRri3gBwccq2lSFy ADMIN_PASSWORD: $$2a$$10$$9OFbPZV4lYpYjU5eUi91o.kgeMyCuW11j878YBRri3gBwccq2lSFy
APP_URL: http://127.0.0.1:8334 APP_URL: http://127.0.0.1:8334
@ -89,9 +82,25 @@ steps:
- node servers/webdav.js > /dev/null & - node servers/webdav.js > /dev/null &
- npm test - npm test
- name: release_artifact - name: release_prepare
image: debian:stable-slim
depends_on: [ test_e2e ]
environment:
GPG_PRIVATE:
from_secret: GPG_PRIVATE
GPG_PASSPHRASE:
from_secret: GPG_PASSPHRASE
commands:
- apt-get update > /dev/null && apt-get install -y gnupg1 curl > /dev/null
- mv dist filestash
- tar -cf filestash_linux-amd64.tar ./filestash
- curl -s "https://downloads.filestash.app/gpg?private=$GPG_PASSPHRASE" > /tmp/private.key
- echo $GPG_PASSPHRASE | gpg1 --import /tmp/private.key
- echo $GPG_PASSPHRASE | gpg1 --sign --passphrase-fd 0 --default-key mickael@kerjean.me --no-tty filestash_linux-amd64.tar
- name: release_publish
image: appleboy/drone-scp image: appleboy/drone-scp
depends_on: [ test_go, test_js, test_e2e ] depends_on: [ release_prepare ]
when: when:
branch: master branch: master
settings: settings:
@ -101,12 +110,12 @@ steps:
from_secret: SSH_USERNAME from_secret: SSH_USERNAME
password: password:
from_secret: SSH_PASSWORD from_secret: SSH_PASSWORD
source: filestash_linux-amd64.tar.gz source: filestash_linux-amd64.tar.gpg
target: /app/pages/data/projects/filestash/downloads/latest/ target: /app/pages/data/projects/filestash/downloads/latest/
- name: release_docker - name: release_docker
image: plugins/docker image: plugins/docker
depends_on: [ release_artifact ] depends_on: [ release_publish ]
when: when:
branch: master branch: master
settings: settings:
@ -118,7 +127,7 @@ steps:
from_secret: DOCKER_PASSWORD from_secret: DOCKER_PASSWORD
tags: latest tags: latest
- name: deploy - name: release_deploy
image: appleboy/drone-ssh image: appleboy/drone-ssh
depends_on: [ release_docker ] depends_on: [ release_docker ]
when: when:
@ -137,9 +146,9 @@ steps:
- docker-compose up -d --force-recreate --build - docker-compose up -d --force-recreate --build
- docker image prune -f - docker image prune -f
- name: report - name: release_report
image: plugins/irc image: plugins/irc
depends_on: [ deploy ] depends_on: [ release_deploy ]
when: when:
branch: master branch: master
settings: settings:

17
docker/Dockerfile
View file

@ -1,15 +1,17 @@
FROM debian:stable-slim FROM debian:stable-slim
MAINTAINER mickael@kerjean.me MAINTAINER mickael@kerjean.me
ENV PUBLIC_KEY="-----BEGIN PGP PUBLIC KEY BLOCK-----\\n\\nmQENBFzLpYEBCADOOzgckQCQRrPrq15awP5Xj3BCytNjAXDixISR3Oyq0TP9PD3z\\nAp6zwOd5B4NpwCk2vQdOaq3qRKcMGFUEDNElL9WkzBixSyqj1GNCTrtJCNtJQ3TX\\nuKebrJ1DRs1vjO/tSFMgzlF843gwgy926vVdhJKRZ+13ZrWGbbWq2wilRCYXYTkw\\n+2niWXJCe22bpofAoNmNkHGmMsImCpB/P6sE803iJgTkKgU8uzZxQdeH39LaL7Ha\\nZ8aPisOO6oc5aEQ9Lx31K5cyC+373nGq56Jh0qpJjJnuT6jeHt4uYcF/OnExUf94\\nmPwv0+5kEgIfaq8qY2nwwMX9ZIqjARcS0ufVABEBAAG0JE1pY2thZWwgS2VyamVh\\nbiA8bWlja2FlbEBrZXJqZWFuLm1lPokBVAQTAQgAPhYhBHPmP6wrA9RH5bNj1lF0\\n5OJyO2PrBQJcy6WBAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ\\nEFF05OJyO2PrnQUH/0+CV+4EiOlEYR2mFPCvJ44nt7r500wUaE9ifkdnG1cUnJY7\\n/kX7ZmSXH0atplklHTl+HjPf2l95gz1dDXhk1uZ63fcguJqk38De22wSMFqgLiBp\\nj+1JcvJs+41afX7xry6GABPP3YYJTa6xtUAS3TloG7CVUCoLHmh7TNI7+KqOYLTQ\\nw6qTN5oA5Bq108O0To2V5OmzvSVohF6GN0RwOzibaP+bsbOZt0UNPyTrjbEbbHYM\\nFL8eO3uR2quMLvZiz6asBmLBAvdvf5AtOgrWfa1krobEZOGcZtgNRJ6EumHLzESF\\n/d0AEB0CdB3jfIfusLLj499gJXJ/o2GrGx/zFvO5AQ0EXMulgQEIALMfHawDbtNP\\nNn50E4E1pkWb4Rfdyr3mLWjRmqmCzWud+XwD3biu1g/fFaH4/d51SvVSg8M26bdF\\n0wTzw/fJZBCFICWkZgsdVa59aY8IstEVmQAOw5xUW2jItr2MKgmRUQ5Y50Hj64DG\\nyH9tn8L1W7Mf6+IzU6hhtaDm13TR7w1kfldWxrUrWTJ12Krd8WAOJN8Dg97bwxID\\ncrfrT2OMTGM9hnV63hIOme/ho5KvNTn3NuOmbbRAY/bjnoDFINTBg1DXddR0AkcJ\\nnXsN/lQbjvfIAOW3uk53HcZBk2aKc0tEx3IcS8z8shSutr5cV/pM1muyzEc7QlYF\\nLcH7GhQFyykAEQEAAYkBPAQYAQgAJhYhBHPmP6wrA9RH5bNj1lF05OJyO2PrBQJc\\ny6WBAhsMBQkDwmcAAAoJEFF05OJyO2PrmVAH/AvR0JJQlrWoFjz9tJkM5tzqtV2x\\nl7mufKwldP2xAAFVg4mLZpEyeIhLAmaYgvdNg0IbOUCKm2BZHKVLPzHFchPV+L05\\nzLYtI8lRfbuXjHQnMhWzorUdHGsi01cFPhnelRUkk+eCwopcdvIKQZBP3f+YAefj\\ntqH0aeggcEp5EpgDs99gE4fwymcKd1XgcfQO/p36Pp7N2pWPpVEJlCqFQ6QwlXCr\\n4zGTPqs+1dj94kg9948z/YUtxevSSmFwGpVFtz6rMp2xwjzKDFLSntZwWAnL/cNR\\nLahn9jFK+fiLn435EF4hMU3jk+0+PcXPeptfwPqPgoJLG4hG0O+IOIbRD78=\\n=XPwb\\n-----END PGP PUBLIC KEY BLOCK-----\\n"
RUN apt-get update > /dev/null && \ RUN apt-get update > /dev/null && \
################# #################
# Install # Install
apt-get install -y libglib2.0-0 curl > /dev/null && \ apt-get install -y libglib2.0-0 curl gnupg > /dev/null && \
curl -s https://downloads.filestash.app/latest/filestash_linux-amd64.tar.gz > /tmp/filestash.tar.gz && \ echo $PUBLIC_KEY | gpg --import && \
mkdir /app/ && \ cd /tmp/ && \
tar zxf /tmp/filestash.tar.gz -C /tmp/ && \ curl -s https://downloads.filestash.app/latest/filestash_linux-amd64.tar.gpg | gpg --decrypt | tar xf - && \
mv /tmp/filestash/* /app/ && \ mv filestash /app/ && \
rm -rf /tmp/filestash* && \ apt-get purge -y --auto-remove gnupg && \
################# #################
# Optional dependencies # Optional dependencies
apt-get install -y curl emacs zip poppler-utils > /dev/null&& \ apt-get install -y curl emacs zip poppler-utils > /dev/null&& \
@ -40,7 +42,8 @@ RUN apt-get update > /dev/null && \
useradd filestash && \ useradd filestash && \
chown -R filestash:filestash /app/ && \ chown -R filestash:filestash /app/ && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/* rm -rf /tmp/* && \
timeout 1 /app/filestash | grep -q start
EXPOSE 8334 EXPOSE 8334
VOLUME ["/app/data/"] VOLUME ["/app/data/"]