continuous deployment (#2485)

* continuous deployment

* fix

* escape braces in format string

* Update upload-ota.sh

* curl fail on http error

build/registry/downloadIndexActionResult

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -e
+
+RUN_ID=$1
+
+if [ -z "$RUN_ID" ]; then
+        >&2 echo usage: $0 '<run-id>'
+        exit 1
+fi
+
+TMP_DIR=/var/tmp/action-run-results/$RUN_ID
+
+rm -rf $TMP_DIR
+mkdir -p $TMP_DIR
+
+cd $TMP_DIR
+
+for arch in x86_64 x86_64-nonfree aarch64 aarch64-nonfree raspberrypi; do
+        gh run download -R Start9Labs/start-os $RUN_ID -n $arch.squashfs
+done
+
+VERSION=
+HASH=
+for file in $(ls *.squashfs); do
+        if [[ $file =~ ^startos-([0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?)-([a-f0-9]{7}(~[a-z-]+)?|unknown)_([a-z0-9_-]+).squashfs$ ]]; then
+                if [ -n "$VERSION" ] && [ "$VERSION" != "${BASH_REMATCH[1]}" ]; then
+                        >&2 echo "VERSION MISMATCH: expected $VERSION got ${BASH_REMATCH[1]}"
+                        exit 2
+                fi
+                if [ -n "$HASH" ] && [ "$HASH" != "${BASH_REMATCH[3]}" ]; then
+                        >&2 echo "HASH MISMATCH: expected $HASH got ${BASH_REMATCH[3]}"
+                        exit 3
+                fi
+                VERSION="${BASH_REMATCH[1]}"
+                HASH="${BASH_REMATCH[3]}"
+        fi
+done
+
+mkdir -p /root/resources/eos/$VERSION
+rm -rf /root/resources/eos/$VERSION/$HASH
+mv $TMP_DIR /root/resources/eos/$VERSION/$HASH
+
+cd /root/resources/eos/$VERSION
+setOsCommitHash $HASH

build/registry/resync.cgi

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+declare -A params
+while IFS='=' read -r -d '&' key value && [[ -n "$key" ]]; do
+    params["$key"]=$value
+done <<<"${QUERY_STRING}&"
+
+index_key="${params['key']}"
+if [ -z "$index_key" ] || [ "$index_key" != "$(cat /var/www/index_key.txt)" ]; then
+    echo "HTTP/1.1 401 UNAUTHORIZED"
+    echo "Content-Type: text/html"
+    echo
+    echo "UNAUTHORIZED"
+    exit
+fi
+
+touch /tmp/resync
+
+echo "HTTP/1.1 200 OK"
+echo "Content-Type: text/html"
+echo
+echo "OK: Upload successful"

build/registry/resyncRsyncRegistry

@@ -6,12 +6,14 @@
 # Then we are going to make sure that each of these files is then put on the rsyncd server
 # so the embassies can pull them down
 
+date >> /var/log/resyncRsyncRegistry.runlog
+
 
 cat > /etc/rsyncd.conf << RD
 uid = root
 gid = root
 use chroot = yes
-max connections = 50
+max connections = 4
 pid file = /var/run/rsyncd.pid
 exclude = lost+found/
 timeout = 900
@@ -27,7 +29,7 @@ do
     filename=${dir##*/}
     version=$(echo $directory | sed -r 's/.*\///')
     version_dir="/srv/rsync/$version"
-    type=$(echo "$filename" | sed -r "s/^.*?\.(\w+)\.squashfs$/\1/")
+    type=$(echo "$filename" | sed -r "s/^.*?\.([a-z0-9_-]+)\.squashfs$/\1/")
     new_dir="$version_dir/$type"
 
 
@@ -51,4 +53,4 @@ INSERTING
 done 
 
 echo "Created rsyncd.conf file, restarting service"
-systemctl restart rsync
+systemctl restart rsync

build/registry/setOsCommitHash

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Get the current directory
+PWD=$(pwd)
+HASH=$1
+
+if [ -z "$HASH" ]; then
+  >&2 echo "usage: setOsCommitHash <hash>"
+  exit 1
+fi
+
+# Define the expected pattern for the directory
+pattern="/root/resources/eos/"
+
+# Check if the current directory matches the pattern
+if [[ $PWD =~ ^$pattern([0-9.]+)$ ]]; then
+  # Extract the version number from the directory path
+  version="${BASH_REMATCH[1]}"
+else
+  >&2 echo "MUST BE IN OS VERSION DIRECTORY"
+  exit 1
+fi
+
+if ! [ -d "$HASH" ]; then
+  >&2 echo "$HASH: No such directory"
+  exit 1
+fi
+
+for file in $(ls $HASH/startos-$version-${HASH}_*.squashfs); do
+  if [[ $file =~ ^$HASH/startos-$version-${HASH}_([a-z0-9_-]+).squashfs$ ]]; then
+    arch="${BASH_REMATCH[1]}"
+    echo "Found arch $arch"
+    umount /srv/rsync/$version/$arch
+    rm eos.$arch.squashfs
+    ln -s $file eos.$arch.squashfs
+  fi
+done
+
+resyncRsyncRegistry

build/registry/upload.cgi

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+declare -A params
+while IFS='=' read -r -d '&' key value && [[ -n "$key" ]]; do
+    params["$key"]=$value
+done <<<"${QUERY_STRING}&"
+
+index_key="${params['key']}"
+if [ -z "$index_key" ] || [ "$index_key" != "$(cat /var/www/index_key.txt)" ]; then
+    echo "HTTP/1.1 401 UNAUTHORIZED"
+    echo "Content-Type: text/html"
+    echo
+    echo "UNAUTHORIZED"
+    exit
+fi
+
+git_hash="${params['gitHash']}"
+version="${params['version']}"
+platform="${params['platform']}"
+shasum="${params['shasum']}"
+if [ -z "$git_hash" ] || [ -z "$version" ] || [ -z "$platform" ] || [ -z "$shasum" ]; then
+    echo "HTTP/1.1 400 BAD REQUEST"
+    echo "Content-Type: text/html"
+    echo
+    echo "BAD REQUEST: missing param"
+    exit
+fi
+
+tmp_file=$(mktemp /var/tmp/tmp.XXXXXXXXXX.squashfs)
+cat > $tmp_file
+
+if ! sha256sum $tmp_file | grep "$shasum"; then
+    rm $tmp_file
+    echo "HTTP/1.1 400 BAD REQUEST"
+    echo "Content-Type: text/html"
+    echo
+    echo "BAD REQUEST: shasum mismatch"
+fi
+
+mkdir -p /var/www/resources/eos/${version}/${git_hash}
+mv $tmp_file /var/www/resources/eos/${version}/${git_hash}/startos-${version}-${git_hash}_${platform}.squashfs
+rm /var/www/resources/eos/${version}/eos.${platform}.squashfs
+ln -rs /var/www/resources/eos/${version}/${git_hash}/startos-${version}-${git_hash}_${platform}.squashfs /var/www/resources/eos/${version}/eos.${platform}.squashfs
+
+echo "HTTP/1.1 200 OK"
+echo "Content-Type: text/html"
+echo
+echo "OK: Upload successful"