Add packaging via goreleaser

9 months ago · 21c2411cf5
parent c6177c4d18
commit 21c2411cf5
5 changed files with 165 additions and 0 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -0,0 +1,57 @@
+---
+project_name: cacert-oidc-demo-app
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+builds:
+  - id: linux-amd64
+    main: ./cmd/app
+    binary: cacert-oidc-demo-app
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    goarch:
+      - amd64
+archives:
+  - id: cacert-oidc-demo-app
+    builds:
+      - linux-amd64
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ .Tag }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+nfpms:
+  -
+    package_name: cacert-oidc-demo-app
+    file_name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Arch }}"
+    maintainer: Jan Dittberner <jandd@cacert.org>
+    homepage: https://code.cacert.org/cacert/oidc-demo-app
+    description: |-
+      OpenID Connect demo application in Go
+    license: Apache 2.0
+    formats:
+      - deb
+    priority: optional
+    bindir: /usr/bin
+    contents:
+      - src: README.md
+        dst: /usr/share/doc/cacert-oidc-demo-app/README.md
+      - src: changelog.md
+        dst: /usr/share/doc/cacert-oidc-demo-app/changelog.md
+      - src: docs/demo-app.toml
+        dst: /usr/share/doc/cacert-oidc-idp/examples/demo-app.toml
+      - src: docs/cacert-oidc-demo-app.service
+        dst: /lib/systemd/system/cacert-oidc-demo-app.service
+    scripts:
+      postinstall: ./debian/postinst
+gitea_urls:
+  api: https://code.cacert.org/api/v1/
+  download: https://code.cacert.org
--- a/changelog.md
+++ b/changelog.md
@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## Unreleased
+### Changed
+- initial release
--- a/debian/postinst
+++ b/debian/postinst
@ -0,0 +1,68 @@
+#!/bin/dash
+
+set -e
+
+case "$1" in
+  configure)
+    [ -f "/etc/default/cacert-oidc-demo-app" ] && . /etc/default/cacert-oidc-demo-app
+
+    [ -z "$OIDC_DEMO_APP_HOME" ] && OIDC_DEMO_APP_HOME=/var/lib/oidc-demo-app
+    [ -z "$OIDC_DEMO_APP_USER" ] && OIDC_DEMO_APP_USER=cacert-demo
+    [ -z "$OIDC_DEMO_APP_NAME" ] && OIDC_DEMO_APP_NAME="CAcert OIDC Demo"
+    [ -z "$OIDC_DEMO_APP_GROUP" ] && OIDC_DEMO_APP_GROUP=cacert-demo
+
+    # create user to avoid running cacert-oidc-demo-app as root
+    # 1. create group if not existing
+    if ! getent group | grep -q "^$OIDC_DEMO_APP_GROUP" ; then
+      echo -n "Adding group $OIDC_DEMO_APP_GROUP.."
+      addgroup --quiet --system $OIDC_DEMO_APP_GROUP 2>/dev/null || true
+      echo "..done"
+    fi
+    # 2. create homedir if not existing
+    test -d "$OIDC_DEMO_APP_HOME" || mkdir "$OIDC_DEMO_APP_HOME"
+    # 3. create user if not existing
+    if ! getent passwd | grep -q "^$OIDC_DEMO_APP_USER"; then
+      echo -n "Adding system user $OIDC_DEMO_APP_USER.."
+      adduser --quiet \
+              --system \
+              --ingroup $OIDC_DEMO_APP_GROUP \
+              --no-create-home \
+              --disabled-password \
+              $OIDC_DEMO_APP_USER 2>/dev/null || true
+      echo "..done"
+    fi
+    # 4. adjust passwd entry
+    usermod -c "$OIDC_DEMO_APP_NAME" \
+            -d $OIDC_DEMO_APP_HOME \
+            -g $OIDC_DEMO_APP_GROUP \
+               $OIDC_DEMO_APP_USER || true
+    # 5. adjust file and directory permissions
+    if ! dpkg-statoverride --list $OIDC_DEMO_APP_HOME >/dev/null
+    then
+      chown -R $OIDC_DEMO_APP_USER:adm $OIDC_DEMO_APP_HOME
+      chmod u=rwx,g=rxs,o= $OIDC_DEMO_APP_HOME
+    fi
+    ;;
+esac
+
+UNIT="cacert-oidc-demo-app.service"
+
+case "$1" in
+  'configure' | 'abort-upgrade' | 'abort-deconfigure' | 'abort-remove')
+    # systemctl daemon-reload
+    # systemctl --global enable $UNIT
+    # This will only remove masks created by d-s-h on package removal.
+    deb-systemd-helper unmask $UNIT >/dev/null || true
+
+    # was-enabled defaults to true, so new installations run enable.
+    if deb-systemd-helper --quiet was-enabled $UNIT ; then
+      # Enables the unit on first installation, creates new
+      # symlinks on upgrades if the unit file has changed.
+      deb-systemd-helper enable $UNIT >/dev/null || true
+    else
+      # Update the statefile to add new symlinks (if any), which need to be
+      # cleaned up on purge. Also remove old symlinks.
+      deb-systemd-helper update-state $UNIT >/dev/null || true
+    fi
+    ;;
+esac
--- a/docs/cacert-oidc-demo-app.service
+++ b/docs/cacert-oidc-demo-app.service
@ -0,0 +1,13 @@
+[Unit]
+Description=CAcert OpenID Connect demo application
+
+[Service]
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+ExecCondition=/bin/sh -c 'test -f /etc/cacert-oidc-demo-app/demo-app.toml'
+ExecStart=/usr/bin/cacert-oidc-demo-app --conf /etc/cacert-oidc-demo-app/demo-app.toml
+StateDirectory=cacert-oidc-demo-app
+User=cacert-demo
+Group=cacert-demo
+
+[Install]
+WantedBy=multi-user.target
--- a/docs/demo-app.toml
+++ b/docs/demo-app.toml
@ -0,0 +1,17 @@
+[oidc]
+client-id = "<client-id-from-authserver>"
+client-secret = "<client-secret-from-authserver>"
+server = "https://authserver.cacert.org/"
+
+[session]
+auth-key = "<64-byte-base64-random-key>"
+enc-key = "<32-byte-base64-random-key>"
+path = "/var/lib/cacert-oidc-demo-app/sessions"
+
+[server]
+key = "/etc/ssl/private/app.cacert.localhost-key.pem"
+certificate = "/etc/ssl/public/app.cacert.localhost.pem"
+
+[log]
+# default log level is info
+level = "warn"