diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..77da454 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,66 @@ +# EditorConfig is awesome +# http://EditorConfig.org +# +# This file is based on The Common EditorConfig Template project +# https://github.com/the-common/editorconfig-template +# +# Copyright 2021 林博仁(Buo-ren, Lin) +# SPDX-License-Identifier: WTFPL + +# This is the top-most EditorConfig file +root = true + +# Common settings +[*] +end_of_line = lf +indent_style = space +indent_size = 4 +charset = utf-8 +insert_final_newline = true +trim_trailing_whitespace = true + +# Git configuration files uses tabs as indentation units +[/.git{modules,config}] +indent_style = tab + +# Avoid git patch fail to apply due to stripped unmodified lines that contains only spaces +[/.git/**] +trim_trailing_whitespace = false + +# Makefiles for *Make +[{Makefile,*.mk}] +indent_style = tab + +# Markdown documents +[*.{md,mkd,mkdn,markdown}] +# Trailing whitespace means manual linebreaks +trim_trailing_whitespace = false + +# Don't check indentation size as it can't handle intentional indentation +# in list item after hardbreaks to align with the node markers, use +# Markdownlint to check instead +indent_size = unset + +[*.{diff,patch}] +# Trailing whitespaces are unchanged lines in patch files +trim_trailing_whitespace = false + +# Vagrant configuration file +[Vagrantfile] +indent_size = 2 + +# yamllint configuration files +[.yamllint] +indent_size = 2 + +# YAML documents +[*.{yml,yaml}] +indent_size = 2 + +[.*.{yml,yaml}] +indent_size = 2 + +# Keep the indentation style of the license text verbatim +[/LICENSES/*] +indent_size = unset +indent_style = unset diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..0d66d5e --- /dev/null +++ b/.gitattributes @@ -0,0 +1,18 @@ +# Git path attributes configuration file +# +# References: +# +# * Git - Git Attributes +# https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes +# * Git - gitattributes Documentation +# https://www.git-scm.com/docs/gitattributes +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +# Avoid exporting development files to release archive +/.* export-ignore +/continuous-integration export-ignore + +# Keep editorconfig for ease of editing of product files +/.editorconfig -export-ignore diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 0000000..79eaba7 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,10 @@ +# workflows + +Workflow definition files of the [GitHub Actions Continuous Integration(CI) service](https://github.com/features/actions) + +## Reference + +* [Features • GitHub Actions](https://github.com/features/actions) + Product page +* [GitHub Actions Documentation - GitHub Docs](https://docs.github.com/en/actions) + Official documentation diff --git a/.github/workflows/check-potential-problems.yml b/.github/workflows/check-potential-problems.yml new file mode 100644 index 0000000..d2e1402 --- /dev/null +++ b/.github/workflows/check-potential-problems.yml @@ -0,0 +1,63 @@ +# GitHub Actions workflow for checking potential problems in the project +# +# References: +# +# * Workflow syntax for GitHub Actions - GitHub Docs +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 +name: Check potential problems in the project +on: + push: + branches: + - '**' +jobs: + check-using-precommit: + name: Check potential problems using pre-commit + runs-on: ubuntu-22.04 + env: + PIP_CACHE_DIR: ${{ github.workspace }}/.cache/pip + PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit + SHELLCHECK_DIR: ${{ github.workspace }}/.cache/shellcheck-stable + steps: + - name: Check out content from the Git repository + uses: actions/checkout@v4 + + - name: Configure PyPI data cache to speed up continuous integration + uses: actions/cache@v4 + with: + key: ${{ runner.os }}-pip + path: ${{ env.PIP_CACHE_DIR }} + + - name: >- + Configure pre-commit data cache to speed up continuous integration + uses: actions/cache@v4 + with: + key: pre-commit|${{ env.PY }}|${{ hashFiles('.pre-commit-config.yaml') }} + path: ${{ env.PRE_COMMIT_HOME }} + + - name: >- + Configure pre-built ShellCheck cache to speed up continuous integration + uses: actions/cache@v4 + with: + key: ${{ runner.os }}-${{ runner.arch }}-shellcheck + path: ${{ env.SHELLCHECK_DIR }} + + - name: >- + Patch the sudo security policy so that programs run via sudo + will recognize environment variables predefined by GitHub + run: sudo ./continuous-integration/patch-github-actions-sudo-security-policy.sh + + - name: Run the static analysis programs + run: | + sudo ./continuous-integration/do-static-analysis.install-system-deps.sh + ./continuous-integration/do-static-analysis.sh + + - name: Send CI result notification to the Telegram channel + uses: yanzay/notify-telegram@v0.1.0 + if: always() + with: + chat: '@libre_knowledge_ci' + token: ${{ secrets.telegram_bot_api_token_ci }} + status: ${{ job.status }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..1aae685 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,74 @@ +# Release product and their build aritfacts +# +# References: +# +# * Workflow syntax for GitHub Actions - GitHub Docs +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 +name: Release product and their build aritfacts +on: + push: + tags: + - v*.*.* + +jobs: + release: + name: Release product and their build aritfacts + runs-on: ubuntu-20.04 + steps: + - name: Check out content from the Git repository + uses: actions/checkout@v4 + with: + # Increase fetch depth if you may have more than this amount + # of revisions between releases + fetch-depth: 100 + + # Fetch tags as well to generate detailed changes between two releases + # WORKAROUND: Adding this option triggers actions/checkout#1467 + #fetch-tags: true + + - name: >- + WORKAROUND: Fetch tags that points to the revisions + checked-out(actions/checkout#1467) + run: |- + git fetch \ + --prune \ + --prune-tags \ + --force \ + --depth=100 \ + --no-recurse-submodules + + - name: Determine the project identifier + run: printf "project_id=${GITHUB_REPOSITORY##*/}\\n" >> $GITHUB_ENV + + - name: Determine the name of the Git tag + run: printf "release_tag=${GITHUB_REF##*/}\\n" >> $GITHUB_ENV + + - name: Determine the release version string + run: printf "release_version=${release_tag#v}\\n" >> $GITHUB_ENV + + - name: Determine the release identifier + run: printf "release_id=${project_id}-${release_version}\\n" >> $GITHUB_ENV + + - name: >- + Patch the sudo security policy so that programs run via sudo + will recognize environment variables predefined by GitHub + run: sudo ./continuous-integration/patch-github-actions-sudo-security-policy.sh + + - name: Generate the release archive + run: |- + sudo ./continuous-integration/generate-build-artifacts.install-system-deps.sh + ./continuous-integration/generate-build-artifacts.sh + + - name: Generate the release description + run: ./continuous-integration/generate-release-description.sh + + - name: Publish the release archive to the GitHub Releases + uses: softprops/action-gh-release@v2 + with: + name: ${{ env.project_id }} ${{ env.release_version }} + files: | + ${{ env.release_id }}.tar* + body_path: .detailed_changes diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b26cd36 --- /dev/null +++ b/.gitignore @@ -0,0 +1,90 @@ +# Version Tracking Ignore Rules for Git VCS +# https://git-scm.com/docs/gitignore +# +# Exclude files not suitable for version tracking in Git +# +# This file is based on The Common .gitignore Templates +# https://github.com/the-common/gitignore-templates +# +# Copyright 2022 林博仁(Buo-ren, Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +# Don't track regular Unix hidden files +.* + +# Do track Git configuration files +!.git* + +# Do track EditorConfig configuration files +# https://editorconfig.org/ +!.editorconfig + +# Do track pre-commit configuration files +# https://pre-commit.com/ +!.pre-commit-config.yaml + +# Do track Markdownlint configuration files +# https://github.com/DavidAnson/markdownlint +!.markdownlint.* + +# Do track Drone CI configuration files +# https://docs.drone.io/ +!.drone.yml + +# Do track yamllint configuration files +!.yamllint + +# Do track REUSE configuration files +# https://reuse.software/ +!.reuse/ + +# Do track GitLab CI configuration file +!/.gitlab-ci.yml + +# Don't track common backup filename extensions +*~ +*.bak* +*.backup* +*.bk* +*.old* +*.orig* + +## Don't track common archive files +*.7z +*.bz2 +*.gz +*.tar* +*.xz +*.zip + +# Don't track binary image files +*.bmp +*.jpg +*.png + +# Don't track common export formats from Markdown +*.doc? +*.htm? +*.pdf + +# Don't track common program output logs +*.err +*.error +*.log +*.out +*.output + +# Don't track compiled Python code caches +*.pyc + +# Don't track Vagrant runtime directories +.vagrant/ + +# Don't track GNU gettext message catalog template +*.pot + +# Don't track GNU gettext machine-readable message catalogs +*.mo + +# Don't track continuous integration virtual environments +/continuous-integration/venv/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..ff1cf7a --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,66 @@ +# GitLab CI configuration file +# +# References: +# +# * `.gitlab-ci.yml` keyword reference | GitLab +# https://docs.gitlab.com/ee/ci/yaml/ +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 +do-static-analysis: + stage: test + rules: + - if: $CI_COMMIT_TAG == null + needs: [] + image: ubuntu:22.04 + variables: + PIP_CACHE_DIR: ${CI_PROJECT_DIR}/.cache/pip + PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit + SHELLCHECK_DIR: ${CI_PROJECT_DIR}/.cache/shellcheck-stable + cache: + # Enable per-job and per-branch caching + key: $CI_JOB_NAME-$CI_COMMIT_REF_SLUG + paths: + - ${PIP_CACHE_DIR} + - ${PRE_COMMIT_HOME} + - ${SHELLCHECK_DIR} + + script: + - ./continuous-integration/do-static-analysis.install-system-deps.sh + - ./continuous-integration/do-static-analysis.sh + +generate-build-artifacts: + stage: build + rules: + - if: $CI_COMMIT_TAG + needs: [] + image: ubuntu:22.04 + artifacts: + paths: + - ${CI_PROJECT_NAME}-*.tar* + script: + - ./continuous-integration/generate-build-artifacts.install-system-deps.sh + - ./continuous-integration/generate-build-artifacts.sh + +upload-release-assets: + stage: deploy + rules: + - if: $CI_COMMIT_TAG + needs: + - generate-build-artifacts + image: curlimages/curl:latest + script: + - ./continuous-integration/upload-gitlab-generic-packages.sh + +create-release: + stage: deploy + rules: + - if: $CI_COMMIT_TAG + needs: + - generate-build-artifacts + - upload-release-assets + image: registry.gitlab.com/gitlab-org/release-cli:latest + script: + - apk add bash git + - ./continuous-integration/generate-release-description.sh + - ./continuous-integration/create-gitlab-release.sh diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..8b176a4 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,9 @@ +# Git submodule definition file +# +# Reference: +# +# * Git - gitmodules Documentation +# https://git-scm.com/docs/gitmodules +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 diff --git a/.markdownlint.yml b/.markdownlint.yml new file mode 100644 index 0000000..37df8c7 --- /dev/null +++ b/.markdownlint.yml @@ -0,0 +1,46 @@ +# Markdownlint(Node.js variant) configuration file +# https://github.com/igorshubovych/markdownlint-cli#configuration +# +# This file is based on The Common Markdownlint(Node.js variant) +# Configuration Templates project +# https://github.com/the-common/markdownlint-nodejs-config-templates +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +# Inherit Markdownlint rules +default: True + +# Only allow consistent un-ordered list bullet style(allow alternations +# in sub-levels) +ul-style: + style: sublist + +# Only allow 4 spaces as indentation of lists +ul-indent: + indent: 4 + +# Only allow 2 spaces as linebreak sequence +no-trailing-spaces: + br_spaces: 2 + +# Disable line length limitation(not suitable with CJK context) +line-length: False + +# Allow missing padding blank line between the heading markup and the context +blanks-around-headings: False + +# Allow duplicated non-sibling heading text +no-duplicate-heading: + siblings_only: True + +# Allow missing padding blank line between a list and its context +blanks-around-lists: False + +# Allow using raw HTML markups as workarounds of deficiencies of Markdown +no-inline-html: False + +# Allow using YAML front matter, while not require the definition of the +# `title` property +first-line-h1: + front_matter_title: '.*' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..4bf1d9c --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,75 @@ +# Pre-commit framework Configuration +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +# +# This file is based on The Common Pre-commit Framework Configuration Template +# https://github.com/Lin-Buo-Ren/common-precommit-config-template +# +# Copyright 2021 林博仁(Buo-ren, Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +repos: + # Some out-of-the-box hooks for pre-commit + # https://github.com/pre-commit/pre-commit-hooks + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.3.0 + hooks: + - id: check-added-large-files + - id: check-case-conflict + - id: check-executables-have-shebangs + - id: check-merge-conflict + - id: check-symlinks + - id: check-vcs-permalinks + - id: check-yaml + - id: detect-aws-credentials + args: + - --allow-missing-credentials + - id: detect-private-key + - id: end-of-file-fixer + - id: fix-byte-order-marker + - id: mixed-line-ending + - id: trailing-whitespace + args: + - --markdown-linebreak-ext=md + + # Check Markdown documents with Markdownlint(Node.js variant) + # https://github.com/DavidAnson/markdownlint + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.34.0 + hooks: + - id: markdownlint + + # Check REUSE compliance + # https://reuse.software/ + - repo: https://github.com/fsfe/reuse-tool + rev: v4.0.3 + hooks: + - id: reuse + + # Check shell scripts with ShellCheck + # NOTE: ShellCheck must be available in the command search PATHs + # https://www.shellcheck.net/ + # https://github.com/jumanjihouse/pre-commit-hooks#shellcheck + - repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 3.0.0 + hooks: + - id: shellcheck + + # Check YAML files + # https://github.com/adrienverge/yamllint + - repo: https://github.com/adrienverge/yamllint + rev: v1.30.0 + hooks: + - id: yamllint + + # Check EditorConfig style compliance + # https://github.com/editorconfig-checker/editorconfig-checker.python + - repo: https://github.com/editorconfig-checker/editorconfig-checker.python + rev: 2.7.3 + hooks: + - id: editorconfig-checker + alias: ec + exclude: | + (?ix)^( + LICENSES/.* + )$ diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..2c9c514 --- /dev/null +++ b/.yamllint @@ -0,0 +1,137 @@ +%YAML 1.2 +--- +# Configuration File of yamllint +# https://yamllint.readthedocs.io +# +# This file is in YAML Ain’t Markup Language (YAML™) +# http://yaml.org/ +# +# This file is based on the `default` pre-defined configuration from yamllint with documentation copied from its documentation +# https://yamllint.readthedocs.io/en/stable/configuration.html#default-configuration +# +# This file is based on The Unofficial yamllint Configuration Templates +# https://github.com/Lin-Buo-Ren/yamllint-configuration-templates +# +# Copyright 2021 林博仁(Buo-ren, Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 +rules: + # Use this rule to control the number of spaces inside braces (`{` and `}`). + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.braces + braces: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + + # Use this rule to control the number of spaces inside brackets (`[` and `]`). + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.brackets + brackets: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + + # Use this rule to control the number of spaces before and after colons (`:`). + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.colons + colons: + max-spaces-before: 0 + max-spaces-after: 1 + + # Use this rule to control the number of spaces before and after commas (`,`). + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.commas + commas: + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + + # Use this rule to control the position and formatting of comments. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.comments + comments: + level: warning + # PATCHED: Comments without separate space are disabled content + require-starting-space: false + # PATCHED: We're good with 1 + min-spaces-from-content: 1 + + # Use this rule to force comments to be indented like content. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.comments_indentation + # PATCHED: False positives, disabled + comments-indentation: disable + #level: warning + + # Use this rule to require or forbid the use of document end marker (`...`). + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.document_end + document-end: disable + + # Use this rule to require or forbid the use of document start marker (`---`). + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.document_start + # PATCHED: Some config allows, while some config rejects document start markers + document-start: disable + #level: warning + #present: true + + # Use this rule to set a maximal number of allowed consecutive blank lines. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.empty_lines + empty-lines: + max: 2 + max-start: 0 + max-end: 0 + + # Use this rule to prevent nodes with empty content, that implicitly result in null values. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.empty_values + empty-values: + forbid-in-block-mappings: false + forbid-in-flow-mappings: false + + # Use this rule to control the number of spaces after hyphens (`-`). + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.hyphens + hyphens: + max-spaces-after: 1 + + # Use this rule to control the indentation. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.indentation + indentation: + spaces: consistent + indent-sequences: true + check-multi-line-strings: false + + # Use this rule to prevent multiple entries with the same key in mappings. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.key_duplicates + key-duplicates: enable + + # Use this rule to enforce alphabetical ordering of keys in mappings. The sorting order uses the Unicode code point number. As a result, the ordering is case-sensitive and not accent-friendly (see examples below). + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.key_ordering + key-ordering: disable + + # Use this rule to set a limit to lines length. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.line_length + line-length: + # PATCHED: Modern text editors handle long lines nicely + max: 99999 + allow-non-breakable-words: true + allow-non-breakable-inline-mappings: false + + # Use this rule to require a new line character (`\n`) at the end of files. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.new_line_at_end_of_file + new-line-at-end-of-file: enable + + # Use this rule to force the type of new line characters. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.new_lines + new-lines: + type: unix + + # Use this rule to prevent values with octal numbers. In YAML, numbers that start with `0` are interpreted as octal, but this is not always wanted. For instance `010` is the city code of Beijing, and should not be converted to `8`. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.octal_values + octal-values: + forbid-implicit-octal: false + forbid-explicit-octal: false + + # Use this rule to forbid trailing spaces at the end of lines. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.trailing_spaces + trailing-spaces: enable + + # Use this rule to forbid non-explictly typed truthy values other than `true` and `false`, for example `YES`, `False` and `off`. + # https://yamllint.readthedocs.io/en/stable/rules.html#module-yamllint.rules.truthy + truthy: + level: warning +... diff --git a/LICENSES/CC-BY-SA-4.0.txt b/LICENSES/CC-BY-SA-4.0.txt new file mode 100644 index 0000000..835a683 --- /dev/null +++ b/LICENSES/CC-BY-SA-4.0.txt @@ -0,0 +1,170 @@ +Creative Commons Attribution-ShareAlike 4.0 International + + Creative Commons Corporation (“Creative Commons”) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an “as-is” basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses. + +Considerations for licensors: Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC-licensed material, or material used under an exception or limitation to copyright. More considerations for licensors. + +Considerations for the public: By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensor’s permission is not necessary for any reason–for example, because of any applicable exception or limitation to copyright–then that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. + +Although not required by our licenses, you are encouraged to respect those requests where reasonable. More considerations for the public. + +Creative Commons Attribution-ShareAlike 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-ShareAlike 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions. + +Section 1 – Definitions. + + a. Adapted Material means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License. + + c. BY-SA Compatible License means a license listed at creativecommons.org/compatiblelicenses, approved by Creative Commons as essentially the equivalent of this Public License. + + d. Copyright and Similar Rights means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights. + + e. Effective Technological Measures means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements. + + f. Exceptions and Limitations means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material. + + g. License Elements means the license attributes listed in the name of a Creative Commons Public License. The License Elements of this Public License are Attribution and ShareAlike. + + h. Licensed Material means the artistic or literary work, database, or other material to which the Licensor applied this Public License. + + i. Licensed Rights means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license. + + j. Licensor means the individual(s) or entity(ies) granting rights under this Public License. + + k. Share means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them. + + l. Sui Generis Database Rights means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world. + + m. You means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning. + +Section 2 – Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to: + + A. reproduce and Share the Licensed Material, in whole or in part; and + + B. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions. + + 3. Term. The term of this Public License is specified in Section 6(a). + + 4. Media and formats; technical modifications allowed. The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material. + + 5. Downstream recipients. + + A. Offer from the Licensor – Licensed Material. Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License. + + B. Additional offer from the Licensor – Adapted Material. Every recipient of Adapted Material from You automatically receives an offer from the Licensor to exercise the Licensed Rights in the Adapted Material under the conditions of the Adapter’s License You apply. + + C. No downstream restrictions. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material. + + 6. No endorsement. Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this Public License. + + 3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties. + +Section 3 – License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified form), You must: + + A. retain the following if it is supplied by the Licensor with the Licensed Material: + + i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of warranties; + + v. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; + + B. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and + + C. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information. + + 3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable. + + b. ShareAlike.In addition to the conditions in Section 3(a), if You Share Adapted Material You produce, the following conditions also apply. + + 1. The Adapter’s License You apply must be a Creative Commons license with the same License Elements, this version or later, or a BY-SA Compatible License. + + 2. You must include the text of, or the URI or hyperlink to, the Adapter's License You apply. You may satisfy this condition in any reasonable manner based on the medium, means, and context in which You Share Adapted Material. + + 3. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, Adapted Material that restrict exercise of the rights granted under the Adapter's License You apply. + +Section 4 – Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database; + + b. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material, including for purposes of Section 3(b); and + + c. You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database. +For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights. + +Section 5 – Disclaimer of Warranties and Limitation of Liability. + + a. Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You. + + b. To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You. + + c. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. + +Section 6 – Term and Termination. + + a. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or + + 2. upon express reinstatement by the Licensor. + + c. For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License. + + d. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License. + + e. Sections 1, 5, 6, 7, and 8 survive termination of this Public License. + +Section 7 – Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License. + +Section 8 – Interpretation. + + a. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions. + + c. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor. + + d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority. + +Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the “Licensor.” Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at creativecommons.org/policies, Creative Commons does not authorize the use of the trademark “Creative Commons” or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses. + +Creative Commons may be contacted at creativecommons.org. diff --git a/LICENSES/WTFPL.txt b/LICENSES/WTFPL.txt new file mode 100644 index 0000000..7a3094a --- /dev/null +++ b/LICENSES/WTFPL.txt @@ -0,0 +1,11 @@ +DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE +Version 2, December 2004 + +Copyright (C) 2004 Sam Hocevar + +Everyone is permitted to copy and distribute verbatim or modified copies of this license document, and changing it is allowed as long as the name is changed. + +DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/README.md b/README.md index 1a9de17..8892c62 100644 --- a/README.md +++ b/README.md @@ -1,93 +1,19 @@ -# 軟體散布 Software distribution +# 軟體散布
Software distribution +將軟體交付給終端使用者(enduser)的過程 + +[![GitLab CI 持續整合流程狀態標章](https://gitlab.com/libre-knowledge/software-distribution/badges/main/pipeline.svg?ignore_skipped=true "點擊查看 GitLab CI 持續整合流程的運行狀態")](https://gitlab.com/libre-knowledge/software-distribution/-/commits/main) [![「檢查專案中的潛在問題」GitHub Actions 作業流程狀態標章](https://github.com/libre-knowledge/software-distribution/actions/workflows/check-potential-problems.yml/badge.svg "本專案使用 GitHub Actions 自動化檢查專案中的潛在問題")](https://github.com/libre-knowledge/software-distribution/actions/workflows/check-potential-problems.yml) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white "本專案使用 pre-commit 檢查專案中的潛在問題")](https://github.com/pre-commit/pre-commit) [![REUSE 規範遵從狀態標章](https://api.reuse.software/badge/gitlab.com/libre-knowledge/software-distribution "本專案遵從 REUSE 規範降低軟體授權合規成本")](https://api.reuse.software/info/gitlab.com/libre-knowledge/software-distribution) -## Getting started +## 參考資料 -To make it easy for you to get started with GitLab, here's a list of recommended next steps. +以下列舉撰寫本主題內容時所參考的第三方資源: -Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)! +* [Software distribution - Wikipedia](https://en.wikipedia.org/wiki/Software_distribution) + 說明軟體散布的基本概念 -## Add your files +--- -- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files -- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command: +本主題為[自由知識協作平台](https://gitlab.com/libre-knowledge/libre-knowledge)的一部分,除部份特別標註之經合理使用(fair use)原則使用的內容外允許公眾於授權範圍內自由使用 -``` -cd existing_repo -git remote add origin https://gitlab.com/libre-knowledge/software-distribution.git -git branch -M main -git push -uf origin main -``` - -## Integrate with your tools - -- [ ] [Set up project integrations](https://gitlab.com/libre-knowledge/software-distribution/-/settings/integrations) - -## Collaborate with your team - -- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/) -- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html) -- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically) -- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/) -- [ ] [Set auto-merge](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html) - -## Test and Deploy - -Use the built-in continuous integration in GitLab. - -- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html) -- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/user/application_security/sast/) -- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html) -- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/) -- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html) - -*** - -# Editing this README - -When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thanks to [makeareadme.com](https://www.makeareadme.com/) for this template. - -## Suggestions for a good README - -Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information. - -## Name -Choose a self-explaining name for your project. - -## Description -Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors. - -## Badges -On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge. - -## Visuals -Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method. - -## Installation -Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection. - -## Usage -Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README. - -## Support -Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc. - -## Roadmap -If you have ideas for releases in the future, it is a good idea to list them in the README. - -## Contributing -State if you are open to contributions and what your requirements are for accepting them. - -For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self. - -You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser. - -## Authors and acknowledgment -Show your appreciation to those who have contributed to the project. - -## License -For open source projects, say how it is licensed. - -## Project status -If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers. +如有任何問題,歡迎於本主題的[議題追蹤系統](https://gitlab.com/libre-knowledge/software-distribution/-/issues)創建新議題反饋 diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 0000000..557d181 --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,19 @@ +# REUSE licensing information association file +# +# References: +# +# * REUSE.toml | REUSE Specification – Version 3.2 | REUSE +# https://reuse.software/spec-3.2/#reusetoml +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0+ + +version = 1 + +[[annotations]] +path = [ + "*.README.md", + "**/README.md" +] +SPDX-FileCopyrightText = '2024 自由知識協作平台貢獻者 ' +SPDX-License-Identifier = 'CC-BY-SA-4.0+' diff --git a/continuous-integration/create-gitlab-release.sh b/continuous-integration/create-gitlab-release.sh new file mode 100755 index 0000000..03820a8 --- /dev/null +++ b/continuous-integration/create-gitlab-release.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash +# Create GitLab project release +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +set \ + -o errexit \ + -o nounset + +if ! test -v CI_PROJECT_ID; then + printf \ + 'Error: This program should be run under a GitLab CI environment.\n' \ + 1>&2 + exit 1 +fi + +printf \ + 'Info: Determining release version...\n' +release_version="${CI_COMMIT_TAG#v}" + +# bash - How to get script directory in POSIX sh? - Stack Overflow +# https://stackoverflow.com/questions/29832037/how-to-get-script-directory-in-posix-sh +script_dir="$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd)" +project_dir="${script_dir%/*}" + +printf \ + 'Info: Determining release details...\n' +detailed_changes_file="${project_dir}/.detailed_changes" +if ! test -e "${detailed_changes_file}"; then + printf \ + 'Error: The detailed changes file "%s" does not exist.\n' \ + "${detailed_changes_file}" \ + 1>&2 + exit 2 +fi + +release_cli_create_opts=( + --name "${CI_PROJECT_TITLE} ${release_version}" + --tag-name "${CI_COMMIT_TAG}" + + # WORKAROUND: Absolute path is not accepted as file input + --description "${detailed_changes_file##*/}" +) + +shopt -s nullglob +for file in "${project_dir}/${CI_PROJECT_NAME}-"*; do + filename="${file##*/}" + package_registry_url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${release_version}/${filename}" + + release_cli_create_opts+=( + --assets-link "{\"name\": \"${filename}\", \"url\": \"${package_registry_url}\"}" + ) +done + +printf \ + 'Info: Creating the GitLab release...\n' +if ! \ + release-cli create \ + "${release_cli_create_opts[@]}"; then + printf \ + 'Error: Unable to create the GitLab release.\n' \ + 1>&2 + exit 2 +fi + +printf \ + 'Info: Operation completed without errors.\n' diff --git a/continuous-integration/do-static-analysis.install-system-deps.sh b/continuous-integration/do-static-analysis.install-system-deps.sh new file mode 100755 index 0000000..7f73c59 --- /dev/null +++ b/continuous-integration/do-static-analysis.install-system-deps.sh @@ -0,0 +1,334 @@ +#!/usr/bin/env bash +# System dependency installation logic for the static analysis program +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 +set \ + -o errexit \ + -o nounset + +if test -v BASH_SOURCE; then + # Convenience variables + # shellcheck disable=SC2034 + { + script="$( + realpath \ + --strip \ + "${BASH_SOURCE[0]}" + )" + script_dir="${script%/*}" + script_filename="${script##*/}" + script_name="${script_filename%%.*}" + } +fi + +trap_exit(){ + if test -v temp_dir \ + && test -e "${temp_dir}"; then + rm -rf "${temp_dir}" + fi +} +trap trap_exit EXIT + +if test "${EUID}" -ne 0; then + printf \ + 'Error: This program should be run as the superuser(root) user.\n' \ + 1>&2 + exit 1 +fi + +project_dir="$(dirname "${script_dir}")" +cache_dir="${project_dir}/.cache" + +if ! test -e "${cache_dir}"; then + install_opts=( + --directory + ) + if test -v SUDO_USER; then + # Configure same user as the running environment to avoid access + # problems afterwards + install_opts+=( + --owner "${SUDO_USER}" + --group "${SUDO_GID}" + ) + fi + if ! install "${install_opts[@]}" "${cache_dir}"; then + printf \ + 'Error: Unable to create the cache directory.\n' \ + 1>&2 + exit 2 + fi +fi + +apt_archive_cache_mtime_epoch="$( + stat \ + --format=%Y \ + /var/cache/apt/archives +)" +current_time_epoch="$( + date +%s +)" +if test "$((current_time_epoch - apt_archive_cache_mtime_epoch))" -ge 86400; then + printf \ + 'Info: Refreshing the APT local package cache...\n' + if ! apt-get update; then + printf \ + 'Error: Unable to refresh the APT local package cache.\n' \ + 1>&2 + fi +fi + +# Silence warnings regarding unavailable debconf frontends +export DEBIAN_FRONTEND=noninteractive + +base_runtime_dependency_pkgs=( + wget +) +if ! dpkg -s "${base_runtime_dependency_pkgs[@]}" &>/dev/null; then + printf \ + 'Info: Installing base runtime dependency packages...\n' + if ! \ + apt-get install \ + -y \ + "${base_runtime_dependency_pkgs[@]}"; then + printf \ + 'Error: Unable to install the base runtime dependency packages.\n' \ + 1>&2 + exit 2 + fi +fi + +if ! test -v CI; then + printf \ + 'Info: Detecting local region code...\n' + wget_opts=( + # Output to the standard output device + --output-document=- + + # Don't output debug messages + --quiet + ) + if ip_reverse_lookup_service_response="$( + wget \ + "${wget_opts[@]}" \ + https://ipinfo.io/json + )"; then + grep_opts=( + --perl-regexp + --only-matching + ) + if ! region_code="$( + grep \ + "${grep_opts[@]}" \ + '(?<="country": ")[[:alpha:]]+' \ + <<<"${ip_reverse_lookup_service_response}" + )"; then + printf \ + 'Warning: Unable to query the local region code, falling back to default.\n' \ + 1>&2 + region_code= + else + printf \ + 'Info: Local region code determined to be "%s"\n' \ + "${region_code}" + fi + else + printf \ + 'Warning: Unable to detect the local region code(IP address reverse lookup service not available), falling back to default.\n' \ + 1>&2 + region_code= + fi + + if test -n "${region_code}"; then + # The returned region code is capitalized, fixing it. + region_code="${region_code,,*}" + + printf \ + 'Info: Checking whether the local Ubuntu archive mirror exists...\n' + if ! \ + getent hosts \ + "${region_code}.archive.ubuntu.com" \ + >/dev/null; then + printf \ + "Warning: The local Ubuntu archive mirror doesn't seem to exist, falling back to default...\\n" + region_code= + fi + fi + + if test -n "${region_code}" \ + && ! grep -q "${region_code}.archive.u" /etc/apt/sources.list; then + printf \ + 'Info: Switching to use the local APT software repository mirror...\n' + if ! \ + sed \ + --in-place \ + "s@//archive.u@//${region_code}.archive.u@g" \ + /etc/apt/sources.list; then + printf \ + 'Error: Unable to switch to use the local APT software repository mirror.\n' \ + 1>&2 + exit 2 + fi + + printf \ + 'Info: Refreshing the local APT software archive cache...\n' + if ! apt-get update; then + printf \ + 'Error: Unable to refresh the local APT software archive cache.\n' \ + 1>&2 + exit 2 + fi + fi +fi + +runtime_dependency_pkgs=( + # For matching the ShellCheck version string + grep + + git + + python3-minimal + python3-pip + python3-venv + + # For extracting prebuilt ShellCheck software archive + tar + xz-utils +) +if ! dpkg -s "${runtime_dependency_pkgs[@]}" &>/dev/null; then + printf \ + 'Info: Installing the runtime dependency packages...\n' + if ! apt-get install -y \ + "${runtime_dependency_pkgs[@]}"; then + printf \ + 'Error: Unable to install the runtime dependency packages.\n' \ + 1>&2 + exit 2 + fi +fi + +shellcheck_dir="${cache_dir}/shellcheck-stable" + +if ! test -e "${shellcheck_dir}/shellcheck"; then + printf \ + "Info: Determining the host machine's hardware architecture...\\n" + if ! arch="$(arch)"; then + printf \ + "Error: Unable to determine the host machine's hardware architecture.\\n" \ + 1>&2 + exit 1 + fi + + printf \ + 'Info: Checking ShellCheck architecure availability...\n' + case "${arch}" in + x86_64|armv6hf|aarch64) + # Assuming the ShellCheck architecture is the same, which + # is probably incorrect... + shellcheck_arch="${arch}" + ;; + *) + printf \ + 'Error: Unsupported ShellCheck architecture "%s".\n' \ + "${arch}" \ + 1>&2 + exit 1 + ;; + esac + + printf \ + 'Info: Determining the ShellCheck prebuilt archive details...\n' + prebuilt_shellcheck_archive_url="https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.linux.${shellcheck_arch}.tar.xz" + prebuilt_shellcheck_archive_filename="${prebuilt_shellcheck_archive_url##*/}" + + printf \ + 'Info: Creating the temporary directory for storing downloaded files...\n' + mktemp_opts=( + --directory + --tmpdir + ) + if ! temp_dir="$( + mktemp \ + "${mktemp_opts[@]}" \ + "${script_name}.XXXXXX" + )"; then + printf \ + 'Error: Unable to create the temporary directory for storing downloaded files.\n' \ + 1>&2 + exit 2 + fi + + printf \ + 'Info: Downloading the prebuilt ShellCheck software archive...\n' + downloaded_prebuilt_shellcheck_archive="${temp_dir}/${prebuilt_shellcheck_archive_filename}" + wget_opts=( + --output-document "${downloaded_prebuilt_shellcheck_archive}" + ) + if ! \ + wget \ + "${wget_opts[@]}" \ + "${prebuilt_shellcheck_archive_url}"; then + printf \ + 'Error: Unable to download the prebuilt ShellCheck software archive...\n' \ + 1>&2 + exit 2 + fi + + printf \ + 'Info: Extracting the prebuilt ShellCheck software archive...\n' + tar_opts=( + --extract + --verbose + --directory="${cache_dir}" + --file="${downloaded_prebuilt_shellcheck_archive}" + ) + if test -v SUDO_USER; then + # Configure same user as the running environment to avoid access + # problems afterwards + tar_opts+=( + --owner="${SUDO_USER}" + --group="${SUDO_GID}" + ) + fi + if ! tar "${tar_opts[@]}"; then + printf \ + 'Error: Unable to extract the prebuilt ShellCheck software archive.\n' \ + 1>&2 + exit 2 + fi +fi + +printf \ + 'Info: Setting up the command search PATHs so that the locally installed shellcheck command can be located...\n' +PATH="${shellcheck_dir}:${PATH}" + +printf \ + 'Info: Querying the ShellCheck version...\n' +if ! shellcheck_version_raw="$(shellcheck --version)"; then + printf \ + 'Error: Unable to query the ShellCheck version.\n' \ + 1>&2 + exit 2 +fi + +grep_opts=( + --perl-regexp + --only-matching +) +if ! shellcheck_version="$( + grep \ + "${grep_opts[@]}" \ + '(?<=version: ).*' \ + <<<"${shellcheck_version_raw}" + )"; then + printf \ + 'Error: Unable to parse out the ShellCheck version string.\n' \ + 1>&2 +fi + +printf \ + 'Info: ShellCheck version is "%s".\n' \ + "${shellcheck_version}" + +printf \ + 'Info: Operation completed without errors.\n' diff --git a/continuous-integration/do-static-analysis.sh b/continuous-integration/do-static-analysis.sh new file mode 100755 index 0000000..1711b25 --- /dev/null +++ b/continuous-integration/do-static-analysis.sh @@ -0,0 +1,75 @@ +#!/usr/bin/env bash +# Check potential problems in the project +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 +set \ + -o errexit \ + -o nounset + +script="${BASH_SOURCE[0]}" +if ! script="$( + realpath \ + --strip \ + "${script}" + )"; then + printf \ + 'Error: Unable to determine the absolute path of the program.\n' \ + 1>&2 + exit 1 +fi + +script_dir="${script%/*}" +project_dir="$(dirname "${script_dir}")" +cache_dir="${project_dir}/.cache" + +if ! test -e "${script_dir}/venv"; then + printf \ + 'Info: Initializing the Python virtual environment...\n' + if ! python3 -m venv "${script_dir}/venv"; then + printf \ + 'Error: Unable to initialize the Python virtual environment.\n' \ + 1>&2 + exit 2 + fi +fi + +printf \ + 'Info: Activating the Python virtual environment...\n' +# Out of scope +# shellcheck source=/dev/null +if ! source "${script_dir}/venv/bin/activate"; then + printf \ + 'Error: Unable to activate the Python virtual environment.\n' \ + 1>&2 + exit 2 +fi + +printf \ + 'Info: Installing pre-commit...\n' +if ! pip show pre-commit &>/dev/null; then + if ! pip install pre-commit; then + printf \ + 'Error: Unable to install pre-commit.\n' \ + 1>&2 + exit 2 + fi +fi + +printf \ + 'Info: Setting up the command search PATHs so that the installed shellcheck command can be located...\n' +PATH="${cache_dir}/shellcheck-stable:${PATH}" + +printf \ + 'Info: Running pre-commit...\n' +if ! \ + pre-commit run \ + --all-files \ + --color always; then + printf \ + 'Error: pre-commit check has failed, please verify.\n' \ + 1>&2 + exit 3 +fi + +printf \ + 'Info: Operation completed without errors.\n' diff --git a/continuous-integration/generate-build-artifacts.install-system-deps.sh b/continuous-integration/generate-build-artifacts.install-system-deps.sh new file mode 100755 index 0000000..da29dc5 --- /dev/null +++ b/continuous-integration/generate-build-artifacts.install-system-deps.sh @@ -0,0 +1,200 @@ +#!/usr/bin/env bash +# Install system dependencies required for generating the project +# build artifacts +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +set \ + -o errexit \ + -o errtrace \ + -o nounset + +required_commands=( + realpath +) +flag_dependency_check_failed=false +for command in "${required_commands[@]}"; do + if ! command -v "${command}" >/dev/null; then + flag_dependency_check_failed=true + printf \ + 'Error: Unable to locate the "%s" command in the command search PATHs.\n' \ + "${command}" \ + 1>&2 + fi +done +if test "${flag_dependency_check_failed}" == true; then + printf \ + 'Error: Dependency check failed, please check your installation.\n' \ + 1>&2 +fi + +if test -v BASH_SOURCE; then + # Convenience variables + # shellcheck disable=SC2034 + { + script="$( + realpath \ + --strip \ + "${BASH_SOURCE[0]}" + )" + script_dir="${script%/*}" + script_filename="${script##*/}" + script_name="${script_filename%%.*}" + } +fi + +if test "${EUID}" -ne 0; then + printf \ + 'Error: This program should be run as the superuser(root) user.\n' \ + 1>&2 + exit 1 +fi + +apt_archive_cache_mtime_epoch="$( + stat \ + --format=%Y \ + /var/cache/apt/archives +)" +current_time_epoch="$( + date +%s +)" +if test "$((current_time_epoch - apt_archive_cache_mtime_epoch))" -ge 86400; then + printf \ + 'Info: Refreshing the APT local package cache...\n' + if ! apt-get update; then + printf \ + 'Error: Unable to refresh the APT local package cache.\n' \ + 1>&2 + fi +fi + +# Silence warnings regarding unavailable debconf frontends +export DEBIAN_FRONTEND=noninteractive + +if ! test -v CI; then + base_runtime_dependency_pkgs=( + curl + grep + sed + ) + if ! dpkg -s "${base_runtime_dependency_pkgs[@]}" &>/dev/null; then + printf \ + 'Info: Installing base runtime dependency packages...\n' + if ! \ + apt-get install \ + -y \ + "${base_runtime_dependency_pkgs[@]}"; then + printf \ + 'Error: Unable to install the base runtime dependency packages.\n' \ + 1>&2 + exit 2 + fi + fi + + printf \ + 'Info: Detecting local region code...\n' + curl_opts=( + # Don't output debug messages + --silent + --show-error + ) + if ip_reverse_lookup_service_response="$( + curl \ + "${curl_opts[@]}" \ + https://ipinfo.io/json + )"; then + grep_opts=( + --perl-regexp + --only-matching + ) + if ! region_code="$( + grep \ + "${grep_opts[@]}" \ + '(?<="country": ")[[:alpha:]]+' \ + <<<"${ip_reverse_lookup_service_response}" + )"; then + printf \ + 'Warning: Unable to query the local region code, falling back to default.\n' \ + 1>&2 + region_code= + else + printf \ + 'Info: Local region code determined to be "%s"\n' \ + "${region_code}" + fi + else + printf \ + 'Warning: Unable to detect the local region code(IP address reverse lookup service not available), falling back to default.\n' \ + 1>&2 + region_code= + fi + + if test -n "${region_code}"; then + # The returned region code is capitalized, fixing it. + region_code="${region_code,,*}" + + printf \ + 'Info: Checking whether the local Ubuntu archive mirror exists...\n' + if ! \ + getent hosts \ + "${region_code}.archive.ubuntu.com" \ + >/dev/null; then + printf \ + "Warning: The local Ubuntu archive mirror doesn't seem to exist, falling back to default...\\n" + region_code= + fi + fi + + if test -n "${region_code}" \ + && ! grep -q "${region_code}.archive.u" /etc/apt/sources.list; then + printf \ + 'Info: Switching to use the local APT software repository mirror...\n' + if ! \ + sed \ + --in-place \ + "s@//archive.u@//${region_code}.archive.u@g" \ + /etc/apt/sources.list; then + printf \ + 'Error: Unable to switch to use the local APT software repository mirror.\n' \ + 1>&2 + exit 2 + fi + + printf \ + 'Info: Refreshing the local APT software archive cache...\n' + if ! apt-get update; then + printf \ + 'Error: Unable to refresh the local APT software archive cache.\n' \ + 1>&2 + exit 2 + fi + fi +fi + +runtime_dependency_pkgs=( + # project archive compression dependencies + #bzip2 + gzip + #xz + + git + + python3-minimal + python3-pip + python3-venv +) +if ! dpkg -s "${runtime_dependency_pkgs[@]}" &>/dev/null; then + printf \ + 'Info: Installing the runtime dependency packages...\n' + if ! apt-get install -y \ + "${runtime_dependency_pkgs[@]}"; then + printf \ + 'Error: Unable to install the runtime dependency packages.\n' \ + 1>&2 + exit 2 + fi +fi + +printf \ + 'Info: Operation completed without errors.\n' diff --git a/continuous-integration/generate-build-artifacts.sh b/continuous-integration/generate-build-artifacts.sh new file mode 100755 index 0000000..bb3e95e --- /dev/null +++ b/continuous-integration/generate-build-artifacts.sh @@ -0,0 +1,107 @@ +#!/usr/bin/env bash +# Generate the project build artifacts +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 +set \ + -o errexit \ + -o nounset + +script="${BASH_SOURCE[0]}" +if ! script="$( + realpath \ + --strip \ + "${script}" + )"; then + printf \ + 'Error: Unable to determine the absolute path of the program.\n' \ + 1>&2 + exit 1 +fi + +script_dir="${script%/*}" +project_dir="${script_dir%/*}" +project_dirname="${project_dir##*/}" + +if ! test -e "${script_dir}/venv"; then + printf \ + 'Info: Initializing the Python virtual environment...\n' + if ! python3 -m venv "${script_dir}/venv"; then + printf \ + 'Error: Unable to initialize the Python virtual environment.\n' \ + 1>&2 + exit 2 + fi +fi + +printf \ + 'Info: Activating the Python virtual environment...\n' +# Out of scope +# shellcheck source=/dev/null +if ! source "${script_dir}/venv/bin/activate"; then + printf \ + 'Error: Unable to activate the Python virtual environment.\n' \ + 1>&2 + exit 2 +fi + +printf \ + 'Info: Installing git-archive-all...\n' +if ! pip show git-archive-all &>/dev/null; then + if ! pip install git-archive-all; then + printf \ + 'Error: Unable to install git-archive-all.\n' \ + 1>&2 + exit 2 + fi +fi + +printf \ + 'Info: Determining the build datestamp...\n' +if ! datestamp="$(date +%Y%m%d-%H%M%S)"; then + printf \ + 'Error: Unable to determine the build datestamp.\n' \ + 1>&2 + exit 2 +fi + +printf \ + 'Info: Determining the project version...\n' +git_describe_opts=( + --always + --dirty + --tags +) +if ! version_describe="$( + git describe \ + "${git_describe_opts[@]}" + )"; then + version_describe="unknown-${datestamp}" + printf \ + 'Warning: Unable to determine the project version, will use "%s" as a fallback.\n' \ + "${version_describe}" \ + 1>&2 +fi +project_version="${version_describe#v}" + +printf \ + 'Info: Generating the project archive...\n' +project_id="${CI_PROJECT_NAME:-"${PROJECT_ID:-"${project_dirname}"}"}" +release_id="${project_id}-${project_version}" +git_archive_all_opts=( + # Add an additional layer of folder for containing the archive + # contents + --prefix="${release_id}/" +) +if ! \ + git-archive-all \ + "${git_archive_all_opts[@]}" \ + "${release_id}.tar.gz"; then + printf \ + 'Error: Unable to generate the project archive.\n' \ + 1>&2 + exit 2 +fi + +printf \ + 'Info: Operation completed without errors.\n' diff --git a/continuous-integration/generate-release-description.sh b/continuous-integration/generate-release-description.sh new file mode 100755 index 0000000..337ff2e --- /dev/null +++ b/continuous-integration/generate-release-description.sh @@ -0,0 +1,141 @@ +#!/usr/bin/env bash +# Generate release description text to explain the changes between the +# previous release +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +set \ + -o errexit \ + -o nounset + +if ! test -v CI; then + printf \ + 'Error: This program should be run under a GitLab CI/GitHub Actions environment.\n' \ + 1>&2 + exit 1 +fi + +# bash - How to get script directory in POSIX sh? - Stack Overflow +# https://stackoverflow.com/questions/29832037/how-to-get-script-directory-in-posix-sh +script_dir="$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd)" +project_dir="${script_dir%/*}" + +printf 'Info: Querying the list of the release tag(s)...\n' +if ! git_tag_list="$(git tag --list 'v*')"; then + printf \ + 'Error: Unable to query the list of the release tag(s).\n' \ + 1>&2 + exit 2 +fi + +printf 'Info: Counting the release tags...\n' +if ! git_tag_count="$(wc -l <<<"${git_tag_list}")"; then + printf \ + 'Error: Unable to count the release tags.\n' \ + 1>&2 + exit 2 +fi + +detailed_changes_markup="## Detailed changes"$'\n\n' + +if test -v CI_COMMIT_TAG; then + release_tag="${CI_COMMIT_TAG}" +fi + +git_log_opts=( + --format='format:* %s (%h) - %an' +) +if test "${git_tag_count}" -eq 1; then + printf \ + 'Info: Only one release tag was detected, generating the release description text from the very beginning to the "%s" release tag...\n' \ + "${release_tag}" + if ! detailed_changes_markup+="$( + git log \ + "${git_log_opts[@]}" \ + "${release_tag}" + )"; then + printf \ + 'Error: Unable to generate the release description text from Git.\n' \ + 1>&2 + exit 2 + fi +else + printf \ + 'Info: Multiple release tags were detected, determining the previous release tag...\n' + printf \ + 'Info: Version-sorting the release tag list...\n' + if ! sorted_git_tag_list="$( + sort \ + -V \ + <<<"${git_tag_list}" + )"; then + printf \ + 'Error: Unable to version-sort the release tag list.\n' \ + 1>&2 + exit 2 + fi + + printf \ + 'Info: Filtering out the two latest release tags from the release tag list...\n' + if ! latest_two_git_tags="$( + tail \ + -n 2 \ + <<<"${sorted_git_tag_list}" + )"; then + printf \ + 'Error: Unable to filter out the two latest release tags from the release tag list.\n' \ + 1>&2 + exit 2 + fi + + printf \ + 'Info: Filtering out the previous release tag from the two latest release tags...\n' + if ! previous_git_tag="$( + head \ + -n 1 \ + <<<"${latest_two_git_tags}" + )"; then + printf \ + 'Error: Unable to filter out the previous release tag from the two latest release tags.\n' \ + 1>&2 + exit 2 + fi + + printf \ + 'Info: Generating the release description text from the previous release tag(%s) to the current release tag(%s)...\n' \ + "${previous_git_tag}" \ + "${release_tag}" \ + 1>&2 + if ! detailed_changes_markup+="$( + git log \ + "${git_log_opts[@]}" \ + "${previous_git_tag}..${release_tag}" + )"; then + printf \ + 'Error: Unable to generate the release description text from the previous release tag(%s) to the current release tag(%s).\n' \ + "${previous_git_tag}" \ + "${release_tag}" \ + 1>&2 + exit 2 + fi +fi + +detailed_changes_file="${project_dir}/.detailed_changes" +printf \ + 'Info: Writing the detailed changes markup to the "%s" file...\n' \ + "${detailed_changes_file}" +if ! \ + printf \ + '%s\n' \ + "${detailed_changes_markup}" \ + | tee "${detailed_changes_file}"; then + printf \ + 'Error: Unable to write the detailed changes markup to the "%s" file.\n' \ + "${detailed_changes_file}" \ + 1>&2 + exit 2 +fi + +printf \ + 'Info: Operation completed without errors.\n' diff --git a/continuous-integration/patch-github-actions-sudo-security-policy.sh b/continuous-integration/patch-github-actions-sudo-security-policy.sh new file mode 100755 index 0000000..d9b2bcc --- /dev/null +++ b/continuous-integration/patch-github-actions-sudo-security-policy.sh @@ -0,0 +1,143 @@ +#!/usr/bin/env bash +# Patch the sudo security policy so that the environment variables +# defined in the GitHub Actions CI environment would be inherited in +# processes run using sudo +# +# References: +# +# * Including other files from within sudoers | Sudoers Manual | Sudo +# https://www.sudo.ws/docs/man/sudoers.man/#Including_other_files_from_within_sudoers +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +# Configure the interpreter behavior to bail out during problematic +# situations +set \ + -o errexit \ + -o nounset + +required_commands=( + install + realpath + + # For checking the validity of the sudoers file + visudo +) +flag_dependency_check_failed=false +for required_command in "${required_commands[@]}"; do + if ! command -v "${required_command}" >/dev/null; then + flag_dependency_check_failed=true + printf \ + 'Error: Unable to locate the "%s" command in the command search PATHs.\n' \ + "${required_command}" \ + 1>&2 + fi +done +if test "${flag_dependency_check_failed}" == true; then + printf \ + 'Error: Dependency check failed, please check your installation.\n' \ + 1>&2 + exit 1 +fi + +if test "${EUID}" -ne 0; then + printf \ + 'Error: This program is required to be run as the superuser(root).\n' \ + 1>&2 + exit 1 +fi + +if test -v BASH_SOURCE; then + # Convenience variables + # shellcheck disable=SC2034 + { + script="$( + realpath \ + --strip \ + "${BASH_SOURCE[0]}" + )" + script_dir="${script%/*}" + } +fi + +ci_dir="${script_dir}" +sudoers_dropin_dir="${ci_dir}/sudoers.d" + +sudoers_dropin_dir_system=/etc/sudoers.d +if ! test -e "${sudoers_dropin_dir_system}"; then + printf \ + 'Info: Creating the sudoers drop-in directory...\n' + install_opts=( + --directory + --owner=root + --group=root + --mode=0755 + --verbose + ) + if ! \ + install \ + "${install_opts[@]}" \ + "${sudoers_dropin_dir_system}"; then + printf \ + 'Error: Unable to create the sudoers drop-in directory.\n' \ + 1>&2 + exit 2 + fi +fi + +for dropin_file in "${sudoers_dropin_dir}/"*.sudoers; do + dropin_filename="${dropin_file##*/}" + + printf \ + 'Info: Validating the "%s" sudoers drop-in file...\n' \ + "${dropin_filename}" + visudo_opts=( + # Enable check-only mode + --check + + # Specify an alternate sudoers file location + --file="${dropin_file}" + + # NOTE: We don't use --quiet as it will also inhibit the syntax + # error messages, dump the stdout stream instead + #--quiet + ) + if ! visudo "${visudo_opts[@]}" >/dev/null; then + printf \ + 'Error: Syntax validation failed for the "%s" sudoers drop-in file.\n' \ + "${dropin_filename}" \ + 1>&2 + exit 2 + fi + + printf \ + 'Info: Installing the "%s" sudoers drop-in file...\n' \ + "${dropin_filename}" + + # sudo will not accept filename with the period symbol in the + # filename, strip the convenicence filename suffix + dropin_filename_without_suffix="${dropin_filename%.sudoers}" + + installed_dropin_file="${sudoers_dropin_dir_system}/${dropin_filename_without_suffix}" + install_opts=( + --owner=root + --group=root + --mode=0644 + --verbose + ) + if ! \ + install \ + "${install_opts[@]}" \ + "${dropin_file}" \ + "${installed_dropin_file}"; then + printf \ + 'Error: Unable to install the sudoers drop-in configuration file "%s".\n' \ + "${dropin_filename}" \ + 1>&2 + exit 2 + fi +done + +printf \ + 'Info: Operation completed without errors.\n' diff --git a/continuous-integration/sudoers.d/90_allow_github_actions_default_envvars.sudoers b/continuous-integration/sudoers.d/90_allow_github_actions_default_envvars.sudoers new file mode 100644 index 0000000..9ac950d --- /dev/null +++ b/continuous-integration/sudoers.d/90_allow_github_actions_default_envvars.sudoers @@ -0,0 +1,20 @@ +# Allow exposing GitHub Actions default environment variables to the invoked superuser processes +# +# References: +# +# * Command environment | Sudoers Manual | Sudo +# https://www.sudo.ws/docs/man/sudoers.man/#Command_environment +# * Default environment - variablesVariables - GitHub Docs +# https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +# Whether we are in an CI environment +Defaults env_keep += "CI" + +# Variables defined by GitHub +Defaults env_keep += "GITHUB_*" + +# Variables defined by the GitHub Action runners +Defaults env_keep += "RUNNER_*" diff --git a/continuous-integration/sudoers.d/README.md b/continuous-integration/sudoers.d/README.md new file mode 100644 index 0000000..87dffa0 --- /dev/null +++ b/continuous-integration/sudoers.d/README.md @@ -0,0 +1,8 @@ +# sudoers.d + +The drop-in configuration files for [the Sudoers configuration file](https://www.sudo.ws/docs/man/sudoers.man/) + +## References + +* [Sudoers Manual | Sudo](https://www.sudo.ws/docs/man/sudoers.man/) +* [Including other files from within sudoers | Sudoers Manual | Sudo](https://www.sudo.ws/docs/man/sudoers.man/#Including_other_files_from_within_sudoers) diff --git a/continuous-integration/upload-gitlab-generic-packages.sh b/continuous-integration/upload-gitlab-generic-packages.sh new file mode 100755 index 0000000..64c318b --- /dev/null +++ b/continuous-integration/upload-gitlab-generic-packages.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env sh +# Upload release packages as GitLab generic packages +# +# Copyright 2024 林博仁(Buo-ren Lin) +# SPDX-License-Identifier: CC-BY-SA-4.0 + +set \ + -o errexit \ + -o nounset + +if ! test CI_PROJECT_ID; then + printf \ + 'Error: This program should be run under a GitLab CI environment.\n' \ + 1>&2 + exit 1 +fi + +printf \ + 'Info: Determining release version...\n' +release_version="${CI_COMMIT_TAG#v}" + +# bash - How to get script directory in POSIX sh? - Stack Overflow +# https://stackoverflow.com/questions/29832037/how-to-get-script-directory-in-posix-sh +script_dir="$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd)" +project_dir="${script_dir%/*}" + +for file in "${project_dir}/${CI_PROJECT_NAME}-"*; do + if test "${file}" = "${project_dir}/${CI_PROJECT_NAME}-*"; then + # No release packages are found, avoid missing file error + break + fi + + printf \ + 'Info: Uploading the "%s" file to the GitLab generic packages registry...\n' \ + "${file}" + + filename="${file##*/}" + package_registry_url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${release_version}/${filename}" + + if ! \ + curl \ + --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \ + --upload-file "${file}" \ + "${package_registry_url}"; then + printf \ + 'Error: Unable to upload the "%s" file to the GitLab generic packages registry.\n' \ + "${file}" \ + 1>&2 + exit 2 + fi +done + +printf \ + 'Info: Operation completed without errors.\n'