diff options
| author | Andrew Dolgov <fox@fakecake.org> | 2025-07-04 09:46:46 +0300 |
|---|---|---|
| committer | Andrew Dolgov <fox@fakecake.org> | 2025-07-04 09:46:46 +0300 |
| commit | 629535329df916ac76359a334b21933be75d80e4 (patch) | |
| tree | e201b36dfb43041a4e0dfd312ab38954c6095a72 /.docker/app | |
| parent | 50eff08fcb48ec517e9d6ad01bd4498c51af86c7 (diff) | |
add separate script that invokes update.php with args, add basic info blurbs to other scripts
Diffstat (limited to '.docker/app')
| -rw-r--r-- | .docker/app/Dockerfile | 1 | ||||
| -rw-r--r-- | .docker/app/startup.sh | 5 | ||||
| -rw-r--r-- | .docker/app/update.sh | 86 | ||||
| -rw-r--r-- | .docker/app/updater.sh | 4 |
4 files changed, 96 insertions, 0 deletions
diff --git a/.docker/app/Dockerfile b/.docker/app/Dockerfile index 902a49c30..d5d5c32a7 100644 --- a/.docker/app/Dockerfile +++ b/.docker/app/Dockerfile @@ -47,6 +47,7 @@ ARG CI_COMMIT_SHA ENV CI_COMMIT_SHA=${CI_COMMIT_SHA} ADD .docker/app/startup.sh ${SCRIPT_ROOT} +ADD .docker/app/update.sh ${SCRIPT_ROOT} ADD .docker/app/updater.sh ${SCRIPT_ROOT} ADD .docker/app/dcron.sh ${SCRIPT_ROOT} ADD .docker/app/backup.sh /etc/periodic/weekly/backup diff --git a/.docker/app/startup.sh b/.docker/app/startup.sh index 767ea786e..dbe6331b9 100644 --- a/.docker/app/startup.sh +++ b/.docker/app/startup.sh @@ -1,5 +1,9 @@ #!/bin/sh -e +# +# this script initializes the working copy on a persistent volume and starts PHP FPM +# +# TODO this should do a reasonable amount of attempts and terminate with an error while ! pg_isready -h $TTRSS_DB_HOST -U $TTRSS_DB_USER -p $TTRSS_DB_PORT; do echo waiting until $TTRSS_DB_HOST is ready... sleep 3 @@ -61,6 +65,7 @@ done # - fatal error: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied chown -R app:app /root # /.postgresql +# TODO chown -R app:app should be enough (?) for d in cache lock feed-icons; do chmod 777 $DST_DIR/$d find $DST_DIR/$d -type f -exec chmod 666 {} \; diff --git a/.docker/app/update.sh b/.docker/app/update.sh new file mode 100644 index 000000000..366b600a0 --- /dev/null +++ b/.docker/app/update.sh @@ -0,0 +1,86 @@ +#!/bin/sh -e +# +# this script kickstarts a minimal working environment and runs update.php, could be used as an entrypoint for a cronjob +# which doesn't share a volume with FPM/updater +# + +# We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures) +unset HTTP_PORT +unset HTTP_HOST + +if ! id app >/dev/null 2>&1; then + addgroup -g $OWNER_GID app + adduser -D -h $APP_INSTALL_BASE_DIR -G app -u $OWNER_UID app +fi + +update-ca-certificates || true + +DST_DIR=$APP_INSTALL_BASE_DIR/tt-rss + +if [ -z $SKIP_RSYNC_ON_STARTUP ]; then + if [ ! -d $DST_DIR ]; then + mkdir -p $DST_DIR + chown $OWNER_UID:$OWNER_GID $DST_DIR + + sudo -u app rsync -a --no-owner \ + $SRC_DIR/ $DST_DIR/ + else + chown -R $OWNER_UID:$OWNER_GID $DST_DIR + + sudo -u app rsync -a --no-owner --delete \ + --exclude /cache \ + --exclude /lock \ + --exclude /feed-icons \ + --exclude /plugins/af_comics/filters.local \ + --exclude /plugins.local \ + --exclude /templates.local \ + --exclude /themes.local \ + $SRC_DIR/ $DST_DIR/ + + sudo -u app rsync -a --no-owner --delete \ + $SRC_DIR/plugins.local/nginx_xaccel \ + $DST_DIR/plugins.local/nginx_xaccel + fi +else + echo "warning: working copy in $DST_DIR won't be updated, make sure you know what you're doing." +fi + +for d in cache lock feed-icons plugins.local themes.local templates.local cache/export cache/feeds cache/images cache/upload; do + sudo -u app mkdir -p $DST_DIR/$d +done + +# this is some next level bullshit +# - https://stackoverflow.com/questions/65622914/why-would-i-get-a-php-pdoexception-complaining-that-it-cant-make-a-postgres-con +# - fatal error: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied +chown -R app:app /root # /.postgresql + +for d in cache lock feed-icons; do + chmod 777 $DST_DIR/$d + find $DST_DIR/$d -type f -exec chmod 666 {} \; +done + +sudo -u app cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php +chmod 644 $DST_DIR/config.php + +if [ ! -z "${TTRSS_XDEBUG_ENABLED}" ]; then + if [ -z "${TTRSS_XDEBUG_HOST}" ]; then + export TTRSS_XDEBUG_HOST=$(ip ro sh 0/0 | cut -d " " -f 3) + fi + echo enabling xdebug with the following parameters: + env | grep TTRSS_XDEBUG + cat > /etc/php${PHP_SUFFIX}/conf.d/50_xdebug.ini <<EOF +zend_extension=xdebug.so +xdebug.mode=debug +xdebug.start_with_request = yes +xdebug.client_port = ${TTRSS_XDEBUG_PORT} +xdebug.client_host = ${TTRSS_XDEBUG_HOST} +EOF +fi + +sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \ + /etc/php${PHP_SUFFIX}/php.ini + +sed -i.bak "s/^\(pm.max_children\) = \(.*\)/\1 = ${PHP_WORKER_MAX_CHILDREN}/" \ + /etc/php${PHP_SUFFIX}/php-fpm.d/www.conf + +sudo -Eu app php${PHP_SUFFIX} $DST_DIR/update.php "$@" diff --git a/.docker/app/updater.sh b/.docker/app/updater.sh index 8bca0413d..561f390d7 100644 --- a/.docker/app/updater.sh +++ b/.docker/app/updater.sh @@ -1,4 +1,7 @@ #!/bin/sh -e +# +# this scripts waits for startup.sh to finish (implying a shared volume) and runs multiprocess daemon when working copy is available +# # We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures) unset HTTP_PORT @@ -15,6 +18,7 @@ if ! id app; then adduser -D -h $APP_INSTALL_BASE_DIR -G app -u $OWNER_UID app fi +# TODO this should do a reasonable amount of attempts and terminate with an error while ! pg_isready -h $TTRSS_DB_HOST -U $TTRSS_DB_USER -p $TTRSS_DB_PORT; do echo waiting until $TTRSS_DB_HOST is ready... sleep 3 |