158 lines
5 KiB
Bash
Executable file
158 lines
5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# shellcheck disable=SC2164,SC2181
|
|
#
|
|
# Upgrade forgejo binary
|
|
# - run this under sudo as it optionally replaces and restarts forgejo
|
|
# - "forgejo" is a symlink to the numbered codeberg download binary
|
|
# - allows for quick rollback if needed
|
|
# - e.g.: 'ln -s forgejo-7.0.5-linux-amd64 forgejo'
|
|
#
|
|
# Exit codes
|
|
# 0 = Success (already newest or upgrade worked)
|
|
# 1 = curl failed to download new version
|
|
# 2 = sha256sum check failed on download
|
|
# 3 = "forgejo" wasn't a symlink
|
|
# 4 = upgrade version check failed, forgejo not restarted
|
|
# 5 = could not change directory to run sha256sum
|
|
# 6 = cannot determine forgejo version info
|
|
# 20 = not running under sudo (see FJO_SUDO)
|
|
# 21 = forgejo upgraded but not restarted (see FJO_HUP)
|
|
# 22 = forgejo upgrade downloaded only (see FJO_LINK)
|
|
#
|
|
# Requires: curl, awk, grep, sha256sum
|
|
# Debug: bash -x /path/to/script.sh
|
|
#
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
_VERSION="0.0.1"
|
|
|
|
# symlink name used to run forgejo (e.g. "forgejo")
|
|
FJO_SYM="forgejo"
|
|
# where the binary is located (e.g. "/usr/local/bin")
|
|
FJO_DIR="/var/xyzzy/bin"
|
|
# 0 = verbose status, 1 = silent and rely on exit codes
|
|
FJO_QUIET=0
|
|
|
|
# require running this script under sudo, 0 to disable
|
|
FJO_SUDO=1
|
|
# restart forgejo using FJO_CMD, 0 to disable
|
|
FJO_HUP=0
|
|
# replace symlink, 0 to disable (download only, implies FJO_HUP=0)
|
|
FJO_LINK=1
|
|
# command to restart forgejo (e.g. "systemctl restart forgejo")
|
|
FJO_CMD="systemctl restart forgejo"
|
|
|
|
# codeberg API endpoint to get latest version
|
|
FJO_API="https://codeberg.org/api/v1/repos/forgejo/forgejo/releases/latest"
|
|
# codeberg download base URL to prepend with version info
|
|
FJO_DLB="https://codeberg.org/forgejo/forgejo/releases/download"
|
|
# architecture being used, matches download name
|
|
FJO_ARCH="linux-amd64"
|
|
|
|
function noise() {
|
|
if [[ ${FJO_QUIET} -eq 0 ]]; then
|
|
echo "$*"
|
|
fi
|
|
}
|
|
|
|
if [[ ${FJO_SUDO} -eq 1 ]]; then
|
|
if [[ $(id -u) -ne 0 ]]; then
|
|
noise "Run this script as root (sudo)"
|
|
exit 20
|
|
fi
|
|
fi
|
|
|
|
# disable curl download progress if in quiet mode
|
|
_COPT=""
|
|
if [[ ${FJO_QUIET} -eq 1 ]]; then
|
|
_COPT+="-s"
|
|
fi
|
|
|
|
noise "Checking forgejo..."
|
|
|
|
# get installed version
|
|
_LOCAL=""
|
|
if [[ -L "${FJO_DIR}/${FJO_SYM}" ]]; then
|
|
# The version is reported with the gitea base, e.g. "7.0.4+gitea-1.21.11"
|
|
# The API / downloads do not include this extra metadata
|
|
_LOCAL=$("${FJO_DIR}/${FJO_SYM}" -version | awk '{print $3}')
|
|
_LOCAL=${_LOCAL%+*}
|
|
else
|
|
noise "Forgejo symlink is missing"
|
|
exit 3
|
|
fi
|
|
# get latest version, strip leading "v" (v1.55.1 -> 1.55.1)
|
|
## payload example: {"id":2149345,"tag_name":"v7.0.5",...
|
|
_REMOTE=$(curl -X 'GET' -H 'accept: application/json' -s "${FJO_API}" \
|
|
| grep -Po '"tag_name":"\K.*?(?=")')
|
|
_REMOTE=${_REMOTE#v}
|
|
|
|
# API failed, can't run local binary, etc. - something went wrong
|
|
if [[ -z "${_LOCAL}" || -z "${_REMOTE}" ]]; then
|
|
noise "Cannot determine forgejo version information"
|
|
exit 6
|
|
fi
|
|
|
|
# bash doesn't see versions as numbers, but as strings
|
|
if [[ "${_LOCAL}" != "${_REMOTE}" ]]; then
|
|
_FJO_NAME="forgejo-${_REMOTE}-${FJO_ARCH}"
|
|
noise "Upgrading forgejo - installed ${_LOCAL}, latest ${_REMOTE}"
|
|
# curl will handle a failure being able to write to output dir, etc.
|
|
# shellcheck disable=SC2086
|
|
curl ${_COPT} -f -L --output-dir "${FJO_DIR}" --remote-name-all \
|
|
"${FJO_DLB}/v${_REMOTE}/${_FJO_NAME}" \
|
|
"${FJO_DLB}/v${_REMOTE}/${_FJO_NAME}.sha256"
|
|
if [[ $? -eq 0 ]]; then
|
|
# downloads were successful and written to disk
|
|
pushd "$(pwd)" >/dev/null
|
|
cd "${FJO_DIR}" || (noise "Cannot cd to ${FJO_DIR}"; exit 5)
|
|
noise "Checking sha256sum..."
|
|
sha256sum --status -c "${_FJO_NAME}.sha256"
|
|
if [[ $? -eq 0 ]]; then
|
|
# sha256sum check passed
|
|
chmod +x "${_FJO_NAME}"
|
|
if [[ ${FJO_LINK} -eq 1 ]]; then
|
|
# user requested replacing symlink
|
|
if [[ -h "${FJO_SYM}" ]]; then
|
|
noise "Replacing symlink..."
|
|
rm -f "${FJO_SYM}"
|
|
ln -s "${_FJO_NAME}" "${FJO_SYM}"
|
|
# trust, but verify
|
|
_FJO_NEW=$("${FJO_DIR}/${FJO_SYM}" -version | awk '{print $3}')
|
|
_FJO_NEW=${_FJO_NEW%+*}
|
|
if [[ "${_FJO_NEW}" == "${_REMOTE}" ]]; then
|
|
noise "Forgejo binary/symlink upgraded to ${_FJO_NEW}"
|
|
if [[ ${FJO_HUP} -eq 1 ]]; then
|
|
# user requested restart
|
|
noise "Restarting forgejo..."
|
|
${FJO_CMD}
|
|
else
|
|
noise "Forgejo needs restarted"
|
|
exit 21
|
|
fi
|
|
else
|
|
noise "Upgrade failed, not restarting forgejo"
|
|
exit 4
|
|
fi
|
|
else
|
|
noise "${FJO_SYM} is not a symlink, not overwriting"
|
|
exit 3
|
|
fi
|
|
else
|
|
noise "Forgejo ${_FJO_NAME} downloaded, ready to upgrade"
|
|
exit 22
|
|
fi
|
|
else
|
|
noise "Download of ${_FJO_NAME} failed sha256sum, not upgrading"
|
|
exit 2
|
|
fi
|
|
popd >/dev/null
|
|
else
|
|
# curl -f exits with 22 if HTTP response is 400+
|
|
noise "Download of ${_FJO_NAME} and sha256 failed, not upgrading"
|
|
exit 1
|
|
fi
|
|
else
|
|
noise "Installed forgejo is the latest - ${_LOCAL}"
|
|
fi
|
|
|