Add packaging via goreleaser
parent
c6177c4d18
commit
21c2411cf5
@ -0,0 +1,57 @@
|
||||
---
|
||||
project_name: cacert-oidc-demo-app
|
||||
before:
|
||||
hooks:
|
||||
# You may remove this if you don't use go modules.
|
||||
- go mod tidy
|
||||
builds:
|
||||
- id: linux-amd64
|
||||
main: ./cmd/app
|
||||
binary: cacert-oidc-demo-app
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
goos:
|
||||
- linux
|
||||
goarch:
|
||||
- amd64
|
||||
archives:
|
||||
- id: cacert-oidc-demo-app
|
||||
builds:
|
||||
- linux-amd64
|
||||
checksum:
|
||||
name_template: 'checksums.txt'
|
||||
snapshot:
|
||||
name_template: "{{ .Tag }}-next"
|
||||
changelog:
|
||||
sort: asc
|
||||
filters:
|
||||
exclude:
|
||||
- '^docs:'
|
||||
- '^test:'
|
||||
nfpms:
|
||||
-
|
||||
package_name: cacert-oidc-demo-app
|
||||
file_name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Arch }}"
|
||||
maintainer: Jan Dittberner <jandd@cacert.org>
|
||||
homepage: https://code.cacert.org/cacert/oidc-demo-app
|
||||
description: |-
|
||||
OpenID Connect demo application in Go
|
||||
license: Apache 2.0
|
||||
formats:
|
||||
- deb
|
||||
priority: optional
|
||||
bindir: /usr/bin
|
||||
contents:
|
||||
- src: README.md
|
||||
dst: /usr/share/doc/cacert-oidc-demo-app/README.md
|
||||
- src: changelog.md
|
||||
dst: /usr/share/doc/cacert-oidc-demo-app/changelog.md
|
||||
- src: docs/demo-app.toml
|
||||
dst: /usr/share/doc/cacert-oidc-idp/examples/demo-app.toml
|
||||
- src: docs/cacert-oidc-demo-app.service
|
||||
dst: /lib/systemd/system/cacert-oidc-demo-app.service
|
||||
scripts:
|
||||
postinstall: ./debian/postinst
|
||||
gitea_urls:
|
||||
api: https://code.cacert.org/api/v1/
|
||||
download: https://code.cacert.org
|
@ -0,0 +1,10 @@
|
||||
# Changelog
|
||||
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## Unreleased
|
||||
### Changed
|
||||
- initial release
|
@ -0,0 +1,68 @@
|
||||
#!/bin/dash
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
[ -f "/etc/default/cacert-oidc-demo-app" ] && . /etc/default/cacert-oidc-demo-app
|
||||
|
||||
[ -z "$OIDC_DEMO_APP_HOME" ] && OIDC_DEMO_APP_HOME=/var/lib/oidc-demo-app
|
||||
[ -z "$OIDC_DEMO_APP_USER" ] && OIDC_DEMO_APP_USER=cacert-demo
|
||||
[ -z "$OIDC_DEMO_APP_NAME" ] && OIDC_DEMO_APP_NAME="CAcert OIDC Demo"
|
||||
[ -z "$OIDC_DEMO_APP_GROUP" ] && OIDC_DEMO_APP_GROUP=cacert-demo
|
||||
|
||||
# create user to avoid running cacert-oidc-demo-app as root
|
||||
# 1. create group if not existing
|
||||
if ! getent group | grep -q "^$OIDC_DEMO_APP_GROUP" ; then
|
||||
echo -n "Adding group $OIDC_DEMO_APP_GROUP.."
|
||||
addgroup --quiet --system $OIDC_DEMO_APP_GROUP 2>/dev/null || true
|
||||
echo "..done"
|
||||
fi
|
||||
# 2. create homedir if not existing
|
||||
test -d "$OIDC_DEMO_APP_HOME" || mkdir "$OIDC_DEMO_APP_HOME"
|
||||
# 3. create user if not existing
|
||||
if ! getent passwd | grep -q "^$OIDC_DEMO_APP_USER"; then
|
||||
echo -n "Adding system user $OIDC_DEMO_APP_USER.."
|
||||
adduser --quiet \
|
||||
--system \
|
||||
--ingroup $OIDC_DEMO_APP_GROUP \
|
||||
--no-create-home \
|
||||
--disabled-password \
|
||||
$OIDC_DEMO_APP_USER 2>/dev/null || true
|
||||
echo "..done"
|
||||
fi
|
||||
# 4. adjust passwd entry
|
||||
usermod -c "$OIDC_DEMO_APP_NAME" \
|
||||
-d $OIDC_DEMO_APP_HOME \
|
||||
-g $OIDC_DEMO_APP_GROUP \
|
||||
$OIDC_DEMO_APP_USER || true
|
||||
# 5. adjust file and directory permissions
|
||||
if ! dpkg-statoverride --list $OIDC_DEMO_APP_HOME >/dev/null
|
||||
then
|
||||
chown -R $OIDC_DEMO_APP_USER:adm $OIDC_DEMO_APP_HOME
|
||||
chmod u=rwx,g=rxs,o= $OIDC_DEMO_APP_HOME
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
UNIT="cacert-oidc-demo-app.service"
|
||||
|
||||
case "$1" in
|
||||
'configure' | 'abort-upgrade' | 'abort-deconfigure' | 'abort-remove')
|
||||
# systemctl daemon-reload
|
||||
# systemctl --global enable $UNIT
|
||||
# This will only remove masks created by d-s-h on package removal.
|
||||
deb-systemd-helper unmask $UNIT >/dev/null || true
|
||||
|
||||
# was-enabled defaults to true, so new installations run enable.
|
||||
if deb-systemd-helper --quiet was-enabled $UNIT ; then
|
||||
# Enables the unit on first installation, creates new
|
||||
# symlinks on upgrades if the unit file has changed.
|
||||
deb-systemd-helper enable $UNIT >/dev/null || true
|
||||
else
|
||||
# Update the statefile to add new symlinks (if any), which need to be
|
||||
# cleaned up on purge. Also remove old symlinks.
|
||||
deb-systemd-helper update-state $UNIT >/dev/null || true
|
||||
fi
|
||||
;;
|
||||
esac
|
@ -0,0 +1,13 @@
|
||||
[Unit]
|
||||
Description=CAcert OpenID Connect demo application
|
||||
|
||||
[Service]
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
ExecCondition=/bin/sh -c 'test -f /etc/cacert-oidc-demo-app/demo-app.toml'
|
||||
ExecStart=/usr/bin/cacert-oidc-demo-app --conf /etc/cacert-oidc-demo-app/demo-app.toml
|
||||
StateDirectory=cacert-oidc-demo-app
|
||||
User=cacert-demo
|
||||
Group=cacert-demo
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,17 @@
|
||||
[oidc]
|
||||
client-id = "<client-id-from-authserver>"
|
||||
client-secret = "<client-secret-from-authserver>"
|
||||
server = "https://authserver.cacert.org/"
|
||||
|
||||
[session]
|
||||
auth-key = "<64-byte-base64-random-key>"
|
||||
enc-key = "<32-byte-base64-random-key>"
|
||||
path = "/var/lib/cacert-oidc-demo-app/sessions"
|
||||
|
||||
[server]
|
||||
key = "/etc/ssl/private/app.cacert.localhost-key.pem"
|
||||
certificate = "/etc/ssl/public/app.cacert.localhost.pem"
|
||||
|
||||
[log]
|
||||
# default log level is info
|
||||
level = "warn"
|
Loading…
Reference in New Issue