Files
cc-ci/tests/libredesk/install_steps.sh
autonomic-bot e0f2a5d66a
Some checks failed
continuous-integration/drone/push Build is failing
tests: add libredesk (LibreDesk helpdesk) recipe test suite
New recipe recipe-maintainers/Libre-Desk (abra TYPE=libredesk): app libredesk
v2.4.0 on :9000 + postgres:17 + redis:7. Adds:
- recipe_meta.py: /health probe, BACKUP_CAPABLE (backupbot db labels), upgrade
  EXPECTED_NA (only one published version so far), WARM_CANONICAL.
- install_steps.sh: insert format-compliant enc_key (32-hex) + admin_pwd
  (upper+lower+num+special) before deploy — abra's generic generator doesn't
  satisfy LibreDesk's strict secret formats.
- custom/: /health 200 probe + served-shell brand/asset probe (real app, not a
  fallback 200).
2026-07-07 23:07:40 +00:00

50 lines
2.7 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
# libredesk — INSTALL-TIME secret hook.
#
# Runs during the install tier AFTER `abra app new` + EXTRA_ENV + `abra app secret generate --all`
# and BEFORE the single `abra app deploy` (lifecycle.py::_run_install_steps). LibreDesk validates
# two secrets with formats that abra's generic generator does not guarantee, so we insert compliant
# values here (at a bumped version — swarm forbids overwriting a secret at the same version) and
# point the .env at them, so the recipe deploys ONCE, healthy, with no reconverge:
# - enc_key : exactly 32 hex chars (AES-256 encryption_key) → openssl rand -hex 16
# - admin_pwd : 1072 chars incl. upper+lower+number+special (the app rejects weaker "System"
# user passwords, which abra's alphanumeric generator can produce)
# db_password is fine as abra-generated (no special format), so it is left untouched.
#
# Env supplied by the harness:
# CCCI_APP_DOMAIN — the per-run libredesk app domain (== abra app name)
# CCCI_APP_ENV — path to the app's .env (the one `abra app deploy` reads)
set -euo pipefail
: "${CCCI_APP_DOMAIN:?missing}"
ENV_PATH="${CCCI_APP_ENV:?missing}"
# Insert a compliant value for <secret> and repoint SECRET_<VAR>_VERSION at the bumped version.
insert_secret() {
local secret="$1" env_var="$2" value="$3"
local cur new num
cur=$(grep -E "^\s*${env_var}=" "$ENV_PATH" | tail -1 | cut -d= -f2 | tr -d '"\r' || echo "v1")
cur=${cur:-v1}
num=$(( ${cur#v} + 1 )); new="v${num}"
# abra forbids overwriting an existing version; insert at the fresh version. -C creates it, -o
# allows overwrite if a stale one exists, --no-input for non-interactive.
local log
log=$(abra app secret insert "$CCCI_APP_DOMAIN" "$secret" "$new" "$value" --no-input -C -o 2>&1) ||
log=$(script -qec "abra app secret insert $CCCI_APP_DOMAIN $secret $new $value --no-input -C -o" /dev/null 2>&1) ||
{ echo " install_steps: abra app secret insert ${secret}@${new} failed: $log"; exit 1; }
sed -i "s|^\s*${env_var}=.*|${env_var}=${new}|" "$ENV_PATH"
echo " install_steps: ${secret} inserted at ${new} (was ${cur})"
}
# 32 hex chars = 16 bytes (AES-256 key LibreDesk expects for encryption_key).
ENC_KEY=$(openssl rand -hex 16)
# 1072 chars with upper+lower+number+special. Build deterministically-compliant: a fixed
# upper+lower+digit+special prefix plus random hex entropy (lowercase letters + digits).
ADMIN_PWD="Ci$(openssl rand -hex 12)Aa1!"
insert_secret enc_key SECRET_ENC_KEY_VERSION "$ENC_KEY"
insert_secret admin_pwd SECRET_ADMIN_PWD_VERSION "$ADMIN_PWD"
echo " libredesk install_steps: enc_key (32-hex) + admin_pwd (complex) inserted; deploy will use them"