diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index 918cd8f..40fd31e 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -2,10 +2,10 @@ name: Build and Release on: push: - branches: [ main ] + branches: [ main, dev ] tags: [ 'v*' ] pull_request: - branches: [ main ] + branches: [ main, dev ] workflow_dispatch: env: @@ -81,7 +81,7 @@ jobs: id: server-info run: | cd server - echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT + echo "version=$(git log -1 --format=%cs | tr '-' '.')" >> $GITHUB_OUTPUT - name: Upload server artifacts uses: actions/upload-artifact@v4 @@ -135,7 +135,7 @@ jobs: context: . file: server/test/e2e/Dockerfile.server platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name != 'pull_request' }} + push: ${{ github.event_name != 'pull_request' && github.ref != 'refs/heads/dev' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha @@ -145,9 +145,6 @@ jobs: name: Build Distribution Packages runs-on: ubuntu-latest needs: [build-core, build-server] - strategy: - matrix: - arch: [amd64, arm64] steps: - name: Checkout repository uses: actions/checkout@v4 @@ -176,48 +173,33 @@ jobs: name: server-artifacts path: ./ - - name: Update nfpm config for architecture - run: | - # Create arch-specific config - sed 's/arch: "amd64"/arch: "${{ matrix.arch }}"/' nfpm/nfpm.yaml > nfpm-${{ matrix.arch }}.yaml - - # Debug: show the config - echo "Generated nfpm config for ${{ matrix.arch }}:" - cat nfpm-${{ matrix.arch }}.yaml - - - name: Build deb package + - name: Build packages + env: + VERSION: ${{ needs.build-server.outputs.server-version }} run: | mkdir -p dist/packages nfpm package \ - --config nfpm-${{ matrix.arch }}.yaml \ + --config nfpm/nfpm.yaml \ --packager deb \ - --target dist/packages/ldap-gateway_${{ needs.build-server.outputs.server-version }}_${{ matrix.arch }}.deb - - - name: Build rpm package - run: | - mkdir -p dist/packages + --target dist/packages/ldap-gateway_${VERSION}-1_all.deb nfpm package \ - --config nfpm-${{ matrix.arch }}.yaml \ + --config nfpm/nfpm.yaml \ --packager rpm \ - --target dist/packages/ldap-gateway-${{ needs.build-server.outputs.server-version }}-1.${{ matrix.arch }}.rpm + --target dist/packages/ldap-gateway-${VERSION}-1.noarch.rpm - name: Verify packages run: | echo "Built packages:" ls -lh dist/packages/ - - # Basic validation for amd64 (can't validate arm64 on x86_64 runner) - if [ "${{ matrix.arch }}" = "amd64" ]; then - echo "Package info for .deb:" - dpkg-deb --info dist/packages/*.deb || true - echo "Package info for .rpm:" - rpm -qip dist/packages/*.rpm || true - fi + echo "Package info for .deb:" + dpkg-deb --info dist/packages/*.deb || true + echo "Package info for .rpm:" + rpm -qip dist/packages/*.rpm || true - name: Upload packages uses: actions/upload-artifact@v4 with: - name: packages-${{ matrix.arch }} + name: packages path: dist/packages/ retention-days: 30 @@ -247,8 +229,7 @@ jobs: mkdir -p dist # Copy packages - cp artifacts/packages-amd64/* dist/ 2>/dev/null || echo "No amd64 packages" - cp artifacts/packages-arm64/* dist/ 2>/dev/null || echo "No arm64 packages" + cp artifacts/packages/* dist/ 2>/dev/null || echo "No packages" # Copy binary if needed for tarball creation cp artifacts/server-artifacts/dist/ldap-gateway dist/ 2>/dev/null || echo "No binary" @@ -268,9 +249,6 @@ jobs: run: | cd dist sha256sum *.deb *.rpm > checksums.txt 2>/dev/null || echo "No packages to checksum" - if [ -f *.tar.gz ]; then - sha256sum *.tar.gz >> checksums.txt - fi cat checksums.txt - name: Extract version @@ -285,11 +263,8 @@ jobs: draft: false prerelease: ${{ contains(steps.version.outputs.version, '-') }} files: | - dist/ldap-gateway-*.tar.gz - dist/ldap-gateway_*_amd64.deb - dist/ldap-gateway_*_arm64.deb - dist/ldap-gateway-*-1.amd64.rpm - dist/ldap-gateway-*-1.arm64.rpm + dist/ldap-gateway_*.deb + dist/ldap-gateway-*.rpm dist/checksums.txt body: | ## LDAP Gateway ${{ steps.version.outputs.version }} @@ -306,24 +281,86 @@ jobs: **Ubuntu/Debian:** ```bash - curl -LO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/ldap-gateway_${{ steps.version.outputs.version }}_amd64.deb - sudo dpkg -i ldap-gateway_${{ steps.version.outputs.version }}_amd64.deb + curl -LO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/ldap-gateway_${{ steps.version.outputs.version }}-1_all.deb + sudo dpkg -i ldap-gateway_${{ steps.version.outputs.version }}-1_all.deb ``` **RHEL/CentOS/Fedora:** ```bash - curl -LO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/ldap-gateway-${{ steps.version.outputs.version }}-1.amd64.rpm - sudo rpm -i ldap-gateway-${{ steps.version.outputs.version }}-1.amd64.rpm + curl -LO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/ldap-gateway-${{ steps.version.outputs.version }}-1.noarch.rpm + sudo rpm -i ldap-gateway-${{ steps.version.outputs.version }}-1.noarch.rpm ``` - **ARM64 packages are also available** - replace `amd64` with `arm64` in the URLs above. - ### Changes See [CHANGELOG.md](CHANGELOG.md) for detailed changes. ### Verification All release assets include SHA256 checksums in `checksums.txt`. + dev-release: + name: Dev Pre-Release + runs-on: ubuntu-latest + needs: [build-core, build-server, build-packages] + if: github.ref == 'refs/heads/dev' && github.event_name == 'push' + permissions: + contents: write + steps: + - name: Download all artifacts + uses: actions/download-artifact@v4 + with: + path: ./artifacts + + - name: Organize dev release assets + run: | + mkdir -p dist + cp artifacts/packages/*.deb dist/ 2>/dev/null || true + cp artifacts/packages/*.rpm dist/ 2>/dev/null || true + + # Rename packages with dev- prefix for clarity + cd dist + for f in *.deb *.rpm; do + [ -f "$f" ] && mv "$f" "dev-${f}" + done + + echo "Dev release assets:" + ls -lh + + - name: Generate checksums + run: | + cd dist + sha256sum * > checksums.txt 2>/dev/null || true + cat checksums.txt + + - name: Update dev-latest release + uses: softprops/action-gh-release@v1 + with: + tag_name: dev-latest + name: "Dev Build (latest from dev branch)" + draft: false + prerelease: true + make_latest: false + files: | + dist/* + body: | + ## Dev Build — ${{ github.sha }} + + **This is an automated pre-release from the `dev` branch.** + Updated on every push to `dev`. Not for production use. + + Commit: ${{ github.sha }} + Date: ${{ github.event.head_commit.timestamp }} + + ### Install on Proxmox (Debian/Ubuntu) + ```bash + ldap-gateway-upgrade --dev + ``` + + Or manually: + ```bash + curl -LO https://github.com/${{ github.repository }}/releases/download/dev-latest/dev-ldap-gateway_${{ needs.build-server.outputs.server-version }}-1_all.deb + sudo dpkg -i dev-ldap-gateway_*_all.deb + ``` + publish-npm: name: Publish to npm runs-on: ubuntu-latest @@ -385,4 +422,4 @@ jobs: "version": "${{ steps.release-info.outputs.version }}", "url": "https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/ldap-gateway-${{ steps.release-info.outputs.version }}.tar.gz", "sha256": "${{ steps.release-info.outputs.sha256 }}" - } \ No newline at end of file + } diff --git a/nfpm/nfpm.yaml b/nfpm/nfpm.yaml index 58d4d9c..2ef385a 100644 --- a/nfpm/nfpm.yaml +++ b/nfpm/nfpm.yaml @@ -1,10 +1,11 @@ name: "ldap-gateway" -arch: "amd64" +arch: "all" platform: "linux" -version: "v1.0.0" +version: "${VERSION}" +release: 1 section: "default" priority: "extra" -maintainer: "MieWeb " +maintainer: "MIEWeb " description: | LDAP Gateway Server - A bridge between LDAP authentication and various backends @@ -21,7 +22,7 @@ description: | - Comprehensive audit logging - POSIX account and group support - Easy configuration via environment variables -vendor: "MieWeb" +vendor: "MIEWeb" homepage: "https://github.com/mieweb/LDAPServer" license: "MIT" diff --git a/nfpm/systemd/ldap-gateway.service b/nfpm/systemd/ldap-gateway.service index 517b4c1..6d4ab69 100644 --- a/nfpm/systemd/ldap-gateway.service +++ b/nfpm/systemd/ldap-gateway.service @@ -17,7 +17,7 @@ Environment=NODE_ENV=production EnvironmentFile=-/etc/default/ldap-gateway # Start the server -ExecStart=/usr/bin/env node /opt/ldap-gateway/server/index.js +ExecStart=/usr/bin/env node /opt/ldap-gateway/index.js # Security settings NoNewPrivileges=yes @@ -26,7 +26,11 @@ ProtectSystem=strict ProtectHome=yes # Allow creating self-signed certs on startup -ReadWritePaths=/opt/ldap-gateway/server/cert +ReadWritePaths=/opt/ldap-gateway/cert + +# Allow reading Proxmox config files (if using proxmox backend) +# Prefixed with - so the service starts even if these paths don't exist +ReadOnlyPaths=-/mnt/pve -/mnt/priv # Capabilities AmbientCapabilities=CAP_NET_BIND_SERVICE diff --git a/scripts/proxmox-upgrade.sh b/scripts/proxmox-upgrade.sh new file mode 100755 index 0000000..9aa1021 --- /dev/null +++ b/scripts/proxmox-upgrade.sh @@ -0,0 +1,150 @@ +#!/bin/bash +# proxmox-upgrade.sh — Upgrade ldap-gateway on a Proxmox LXC container +# +# Usage: +# ldap-gateway-upgrade # upgrade to latest stable release +# ldap-gateway-upgrade --dev # upgrade to latest dev build +# ldap-gateway-upgrade v1.2.0 # upgrade to a specific version +# +# Install this script on your Proxmox container: +# sudo cp scripts/proxmox-upgrade.sh /usr/local/bin/ldap-gateway-upgrade +# sudo chmod +x /usr/local/bin/ldap-gateway-upgrade + +set -euo pipefail + +# Must run as root for dpkg/apt-get +if [ "$(id -u)" -ne 0 ]; then + echo "ERROR: This script must be run as root (use sudo)." >&2 + exit 1 +fi + +REPO="mieweb/LDAPServer" +# Packages are architecture-independent (noarch/all) since the server is pure Node.js +DEV_MODE=false +TMP_DIR=$(mktemp -d) + +cleanup() { rm -rf "$TMP_DIR"; } +trap cleanup EXIT + +# --- Parse arguments ---------------------------------------------------------- + +if [ "${1:-}" = "--dev" ] || [ "${1:-}" = "-d" ]; then + DEV_MODE=true + shift +fi + +# --- Determine version ------------------------------------------------------- + +if [ "$DEV_MODE" = true ]; then + TAG="dev-latest" + VERSION="dev-latest" + echo "Fetching latest dev build..." + + # Find the .deb filename from the dev-latest release assets + DEB_FILE=$(curl -sS "https://api.github.com/repos/${REPO}/releases/tags/dev-latest" \ + | grep -o "\"name\": *\"dev-ldap-gateway_[^\"]*_all\\.deb\"" \ + | head -1 | cut -d'"' -f4) + + if [ -z "$DEB_FILE" ]; then + echo "ERROR: Could not find dev .deb asset. Has the dev CI pipeline run?" >&2 + exit 1 + fi + +elif [ -n "${1:-}" ]; then + VERSION="$1" + TAG="$VERSION" + [[ "$TAG" != v* ]] && TAG="v$TAG" + VERSION="${TAG#v}" +else + echo "Fetching latest stable release from GitHub..." + TAG=$(curl -sS "https://api.github.com/repos/${REPO}/releases/latest" \ + | grep '"tag_name"' | head -1 | cut -d'"' -f4) + + if [ -z "$TAG" ]; then + echo "ERROR: Could not determine latest release. Check network or GitHub API limits." >&2 + exit 1 + fi + VERSION="${TAG#v}" +fi + +# --- Show current vs target -------------------------------------------------- + +CURRENT=$(dpkg-query -W -f='${Version}' ldap-gateway 2>/dev/null || echo "not installed") +echo "" +echo " Current version : ${CURRENT}" +if [ "$DEV_MODE" = true ]; then + echo " Target : dev-latest (rolling dev build)" +else + echo " Target version : ${VERSION} (${TAG})" +fi +echo "" + +if [ "$DEV_MODE" = false ] && [ "$CURRENT" = "$VERSION" ]; then + echo "Already at version ${VERSION}. Pass a different version to upgrade." + exit 0 +fi + +# --- Download .deb ------------------------------------------------------------ + +if [ "$DEV_MODE" = true ]; then + DEB_URL="https://github.com/${REPO}/releases/download/dev-latest/${DEB_FILE}" +else + DEB_FILE="ldap-gateway_${VERSION}-1_all.deb" + DEB_URL="https://github.com/${REPO}/releases/download/${TAG}/${DEB_FILE}" +fi + +echo "Downloading ${DEB_FILE}..." +if ! curl -fSL -o "${TMP_DIR}/${DEB_FILE}" "$DEB_URL"; then + echo "ERROR: Failed to download ${DEB_URL}" >&2 + echo "Check that the release and architecture exist." >&2 + exit 1 +fi + +# --- Verify checksum (optional) ----------------------------------------------- + +CHECKSUM_TAG="${TAG}" +[ "$DEV_MODE" = true ] && CHECKSUM_TAG="dev-latest" +CHECKSUM_URL="https://github.com/${REPO}/releases/download/${CHECKSUM_TAG}/checksums.txt" +if curl -fsSL -o "${TMP_DIR}/checksums.txt" "$CHECKSUM_URL" 2>/dev/null; then + echo "Verifying checksum..." + cd "$TMP_DIR" + if grep -q "$DEB_FILE" checksums.txt; then + if grep "$DEB_FILE" checksums.txt | sha256sum -c --status 2>/dev/null; then + echo " Checksum OK" + else + echo "ERROR: Checksum verification FAILED for ${DEB_FILE}. Aborting." >&2 + exit 1 + fi + else + echo " WARNING: No checksum entry found for ${DEB_FILE}. Skipping verification." + fi + cd - >/dev/null +fi + +# --- Install ------------------------------------------------------------------ + +echo "Installing ${DEB_FILE}..." +if ! apt-get install -y --no-install-recommends "${TMP_DIR}/${DEB_FILE}"; then + echo "ERROR: Failed to install ${DEB_FILE}. See apt-get output above for details." >&2 + exit 1 +fi + +# --- Verify ------------------------------------------------------------------- + +NEW_VERSION=$(dpkg-query -W -f='${Version}' ldap-gateway 2>/dev/null || echo "unknown") +echo "" +echo "Upgrade complete!" +echo " Installed version : ${NEW_VERSION}" +echo "" + +# Show service status +if systemctl is-active --quiet ldap-gateway 2>/dev/null; then + echo " Service status: running" +else + echo " Service status: NOT running" + echo " Start with: systemctl start ldap-gateway" +fi + +echo "" +echo " View logs : journalctl -fu ldap-gateway" +echo " Edit config: nano /etc/default/ldap-gateway"