diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index dc4c85a..a31e123 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -9,18 +9,12 @@ jobs: build_n_upload: runs-on: linux steps: - - name: Git checkout - uses: actions/checkout@v6 + - uses: actions/checkout@v6 with: + detch-depth: 0 fetch-tags: true - - name: Build tarball - run: make tarball + - run: make tarball + - run: rpmbuild -ba "$(make name).spec" + - run: make upload env: - GIT_REFERENCE: ${{ github.ref }} - - name: Build rpm package - run: rpmbuild -ba "$(make name).spec" - - name: Upload rpm package - run: make upload - env: - GIT_PACKAGES_USERNAME: ${{ vars.GIT_PACKAGES_USERNAME }} - GIT_PACKAGES_TOKEN: ${{ secrets.GIT_PACKAGES_TOKEN }} + PKG_TOKEN: ${{ secrets.PKG_TOKEN }} diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index fc23cbd..a9909aa 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -9,12 +9,9 @@ jobs: lint_n_build: runs-on: linux steps: - - name: Git checkout - uses: actions/checkout@v6 + - uses: actions/checkout@v6 with: fetch-depth: 0 fetch-tags: true - - name: Build tarball - run: make tarball - - name: Build rpm file - run: rpmbuild -ba "$(make name).spec" + - run: make tarball + - run: rpmbuild -ba "$(make name).spec" diff --git a/Makefile b/Makefile index 544b0fa..995542a 100644 --- a/Makefile +++ b/Makefile @@ -1,50 +1,86 @@ NAME = netoik-db VERSION = $(shell git describe --abbrev=0) RELEASE = $(shell git rev-parse --short HEAD) -REFERENCE = $(if $(GIT_REFERENCE),$(GIT_REFERENCE),$(shell git branch --show-current)) -BUILD_ARCH = noarch +ARCH = noarch +OWNER = samuel +SUMMARY = "Netoïk Database Management System" +LICENSE = "MIT" +URL = "https://git.netoik.io/$(OWNER)/$(NAME)" +SOURCE0 = "$(NAME)-$(VERSION)-$(RELEASE).tar.gz" RPM_RPMDIR = $(shell rpm --eval '%{_rpmdir}') RPM_SBINDIR = $(shell rpm --eval '%{_sbindir}') RPM_SOURCEDIR = $(shell rpm --eval '%{_sourcedir}') RPM_SYSCONFDIR = $(shell rpm --eval '%{_sysconfdir}') RPM_UNITDIR = $(shell rpm --eval '%{_unitdir}') -RPM_TARBALL_PATH = $(RPM_SOURCEDIR)/$(NAME)-$(VERSION).tar.gz -RPM_BUILD_PATH = $(RPM_RPMDIR)/$(BUILD_ARCH)/$(NAME)-$(VERSION)-$(RELEASE).$(BUILD_ARCH).rpm + +RPM_TARBALL_PATH = $(RPM_SOURCEDIR)/$(SOURCE0) +RPM_BUILD_PATH = $(RPM_RPMDIR)/$(ARCH)/$(NAME)-$(VERSION)-$(RELEASE).$(ARCH).rpm + +.PHONY: help +help: + @grep -E '^[a-zA-Z0-9_-]+:.*?## .*' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' .PHONY: name -name: +name: ## Show project name @echo "$(NAME)" .PHONY: version -version: +version: ## Show current project version @echo "$(VERSION)" .PHONY: release -release: +release: ## Show current project release @echo "$(RELEASE)" -.PHONY: build_arch -build_arch: - @echo "$(BUILD_ARCH)" +.PHONY: arch +arch: ## Show rpm arch target + @echo "$(ARCH)" -.PHONY: install -install: - install --mode=755 --directory $(DESTDIR)$(RPM_SYSCONFDIR)/postgres $(DESTDIR)$(RPM_UNITDIR)/postgresql.service.d - install --mode=644 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/postgres files/postgres/postgresql.conf files/postgres/pg_hba.conf - install --mode=644 --target-directory=$(DESTDIR)$(RPM_UNITDIR)/postgresql.service.d files/systemd/postgres.conf +.PHONY: owner +owner: ## Show project owner name + @echo "$(OWNER)" + +.PHONY: summary +summary: ## Show project summary + @echo "$(SUMMARY)" + +.PHONY: license +license: ## Show project license + @echo "$(LICENSE)" + +.PHONY: url +url: ## Show project homepage URL + @echo "$(URL)" + +.PHONY: source0 +source0: ## Show rpm source0 file name + @echo "$(SOURCE0)" $(RPM_TARBALL_PATH): * git archive --format=tar.gz \ --output="$@" \ --prefix="$(NAME)-$(VERSION)/" \ --verbose \ - "$(REFERENCE)" + HEAD .PHONY: tarball -tarball: $(RPM_TARBALL_PATH) +tarball: $(RPM_TARBALL_PATH) ## Build rpm tarball + +.PHONY: install +install: ## Install files into rpm dest (requires env var DESTDIR) + @if [ -z "$(DESTDIR)" ]; then \ + printf "[CRITICAL] Missing env var DESTDIR\n[CRITICAL] This command is designed to be called by rpmbuild only!\n" 1>&2; \ + exit 1; \ + fi + install --mode=755 --directory $(DESTDIR)$(RPM_SYSCONFDIR)/postgres $(DESTDIR)$(RPM_UNITDIR)/postgresql.service.d + install --mode=644 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/postgres files/postgres/postgresql.conf files/postgres/pg_hba.conf + install --mode=644 --target-directory=$(DESTDIR)$(RPM_UNITDIR)/postgresql.service.d files/systemd/postgres.conf .PHONY: upload -upload: - curl --fail-with-body --upload-file "$(RPM_BUILD_PATH)" --user "$(GIT_PACKAGES_USERNAME):$(GIT_PACKAGES_TOKEN)" https://git.netoik.io/api/packages/$(GIT_PACKAGES_USERNAME)/rpm/upload - +upload: ## Upload rpm package to Gitea repository (requires env var PKG_TOKEN) + @if [ -z "$(PKG_TOKEN)" ]; then \ + printf "[CRITICAL] Missing env var PKG_TOKEN\n[CRITICAL] This command is designed to be called by Gitea Actions only!\n" 1>&2; \ + exit 1; \ + fi + curl --fail-with-body --upload-file "$(RPM_BUILD_PATH)" --user "$(OWNER):$(PKG_TOKEN)" https://git.netoik.io/api/packages/$(OWNER)/rpm/upload diff --git a/README.md b/README.md index 034f5c3..75d8d27 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,83 @@ # Netoïk Database ![badge](https://git.netoik.io/samuel/netoik-db/actions/workflows/ci.yaml/badge.svg) Build an RPM package which will install the DBMS called Postgresql with custom configuration. + +- listen only on a unix socket +- each user is authentified by its unix account + + +# Development + +A `Makefile` is integrated to let you run some basic commands. + +- Display some information about the project + ```shell + make help + make name + make version + make release + make arch + ``` + +- Build a tarball: + ```shell + make tarball + ``` + +- Build an rpm package: + ```shell + rpmbuild -ba netoik-db.spec + ``` + +- Upload rpm package to Gitea repository (env var `PKG_TOKEN` is required): + ```shell + make upload + ``` + + +# CI / CD + +Two workflows are set up. + +- Continuous Integration: + - triggered by each push event on branch `main` + - builds tarball + - builds rpm package + +- Continuous Delivery: + - triggered by each tag push event + - builds tarball + - builds rpm package + - uploads rpm package to repository + + +# Deployment + +Some commands to deploy the RPM package on server + +- Add Gitea repo to your repo list: + ```shell + dnf config-manager --add-repo https://git.netoik.io/api/packages/samuel/rpm.repo + dnf repolist | grep gitea-samuel + ``` + +- Show available versions: + ```shell + dnf --showduplicates netoik-db + ``` + +- Install or upgrade package: + ```shell + set -a + source ~/.netoik-db.env + dnf --nogpgcheck --refresh --assumeyes --best install netoik-db + set +a + ``` + + +# Security Notes + +For security reasons, act runners does not have sudo privileges and so there is: +- **no** Continuous Deployment because act runners cannot use `dnf` +- **no** GPG signing because act runners cannot use `gpg` + diff --git a/netoik-db.spec b/netoik-db.spec index ee89982..fdb4902 100644 --- a/netoik-db.spec +++ b/netoik-db.spec @@ -3,12 +3,12 @@ Name: %(make name) Version: %(make version) Release: %(make release) -Summary: Netoik Reverse Proxy -License: MIT -URL: https://git.netoik.io/samuel/%(make name) +Summary: %(make summary) +License: %(make license) +URL: %(make url) -Source0: %{name}-%{version}.tar.gz -Buildarch: %(make build_arch) +Source0: %(make source0) +Buildarch: %(make arch) BuildRequires: make Requires: postgresql-server postgresql @@ -31,16 +31,6 @@ systemctl daemon-reload systemctl reenable postgresql.service systemctl restart postgresql.service -# Create databases and users from DB_USERS variable (separator is ",") if not existing -IFS="," read -ra users <<< "$DB_USERS"; -for user in "${users[@]}"; do - usermod --append --groups postgres "$user"; - if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet "$user"; then - runuser --user=postgres -- createuser "$user" - runuser --user=postgres -- createdb --owner="$user" "$user" - fi -done - %files %dir %attr(755, root, root) %{_sysconfdir}/postgres %attr(644, root, root) %{_sysconfdir}/postgres/postgresql.conf