upgrade

#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# LOAD SETTINGS
#=================================================

app=$YNH_APP_INSTANCE_NAME

domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
app_user=$(ynh_app_setting_get $app app_user)
final_path=$(ynh_app_setting_get $app final_path)
opt_path=$(ynh_app_setting_get $app opt_path)

# There are two ways to get the version:
# - before 0.3.0~ynh1: version is only stored in app settings
# - after 0.3.0~ynh1: version is only stored in the manifest
# We don't use ynh_app_upstream_version, because it would return "null"
# when the version isn't in the manifest
manifest=/etc/yunohost/apps/$app/manifest.json
version=$(jq '.version // empty' -r -e $manifest || ynh_app_setting_get $app version)

#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================

ynh_script_progression "Creating backup..."

ynh_backup_before_upgrade
ynh_clean_setup () {
	# restore it if the upgrade fails
	ynh_restore_upgradebackup
}

# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================

if [[ -z $final_path ]]; then
  if [[ -n "$(ynh_app_setting_get $app www_path)" ]]; then
     final_path=$(ynh_app_setting_get $app www_path)
     ynh_app_setting_delete $app www_path
  else
     final_path=/var/www/$app
  fi
  ynh_app_setting_set $app final_path $final_path

  mkdir -p $final_path
fi

if [[ -z $opt_path ]]; then
  opt_path=/opt/$app
  ynh_app_setting_set $app opt_path $opt_path

  mkdir -p $opt_path
fi

if [[ -z $app_user ]]; then
  app_user=$app
  ynh_app_setting_set $app app_user $app_user
fi

#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# INSTALL DEPENDENCIES
#=================================================

ynh_script_progression "Upgrading dependencies..."

if [[ $version < "0.3.0~ynh1" ]]; then
  ynh_app_setting_delete $app version
  ynh_system_user_create --username $app_user --home_dir $final_path
fi

if [[ $version < "0.3.0~ynh4" ]]; then
  ynh_print_info "Removing old dependencies..."
  ynh_remove_app_dependencies virtualenv python3-venv libssl-dev libffi-dev python3-dev

  ynh_print_info "Upgrading dependencies..."
  ynh_install_app_dependencies python3-openssl python3-requests
fi

#=================================================
# PULL CHANGES AND SPECIFIC SETUP
#=================================================
# REINSTALL STATIC FILES
#=================================================

ynh_script_progression "Installing static site..."

ynh_secure_remove $final_path
mkdir -p $final_path
cp -r ../sources/. $final_path
chown -R $app_user: $final_path

ynh_add_nginx_config

#=================================================
# REINSTALL RENEW CERT
#=================================================

ynh_script_progression "Installing automatic VPN certificate renewal..."

renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert"
renew_cert_cron_script="renew_cert_cron.sh"

if [[ ! -e $renew_cert_path ]]; then
  git clone $renew_cert_repo $renew_cert_path
else
  git -C $renew_cert_path remote set-url origin $renew_cert_repo
  git -C $renew_cert_path fetch -t
fi

git -C $renew_cert_path checkout $renew_cert_version

# We wrap the python3 script that actually renew the VPN certificate
# This wrapper will be used as a daily cron task
cp $renew_cert_cron_script $renew_cert_path/$renew_cert_cron_script

ynh_script_progression "Setting up permissions"
chown -R $app_user: $opt_path

chmod 755 $renew_cert_path/$renew_cert_cron_script
chown root: $renew_cert_path/$renew_cert_cron_script

#=================================================
# SETTING UP CRONTAB
#=================================================

ynh_script_progression "Setting up cron job for renewal..."

cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash
cd $renew_cert_path
$renew_cert_path/$renew_cert_cron_script -q
EOF

chown root:root /etc/cron.daily/$app-renew-cert
chmod 0755 /etc/cron.daily/$app-renew-cert

#=================================================
# FINALIZATION
#=================================================

ynh_script_progression "Checking certificates..."

# (This is expected to fail during CI tests because no credential available)
if [[ ${PACKAGE_CHECK_EXEC:-0} -eq 0 ]]
then
    /etc/cron.daily/$app-renew-cert
fi