|
| 1 | +#!/usr/bin/env bash |
| 2 | +set -euo pipefail |
| 3 | + |
| 4 | +# This is an update script for gitea installed via the binary distribution |
| 5 | +# from dl.gitea.io on linux as systemd service. It performs a backup and updates |
| 6 | +# Gitea in place. |
| 7 | +# NOTE: This adds the GPG Signing Key of the Gitea maintainers to the keyring. |
| 8 | +# Depends on: bash, curl, xz, sha256sum, gpg. optionally jq. |
| 9 | +# Usage: [environment vars] upgrade.sh [version] |
| 10 | +# See section below for available environment vars. |
| 11 | +# When no version is specified, updates to the latest release. |
| 12 | +# Examples: |
| 13 | +# upgrade.sh 1.15.10 |
| 14 | +# giteahome=/opt/gitea giteaconf=$giteahome/app.ini upgrade.sh |
| 15 | + |
| 16 | +# apply variables from environment |
| 17 | +: "${giteabin:="/usr/local/bin/gitea"}" |
| 18 | +: "${giteahome:="/var/lib/gitea"}" |
| 19 | +: "${giteaconf:="/etc/gitea/app.ini"}" |
| 20 | +: "${giteauser:="git"}" |
| 21 | +: "${sudocmd:="sudo"}" |
| 22 | +: "${arch:="linux-amd64"}" |
| 23 | +: "${backupopts:=""}" # see `gitea dump --help` for available options |
| 24 | + |
| 25 | +function giteacmd { |
| 26 | + "$sudocmd" --user "$giteauser" "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@" |
| 27 | +} |
| 28 | + |
| 29 | +function require { |
| 30 | + for exe in "$@"; do |
| 31 | + command -v "$exe" &>/dev/null || (echo "missing dependency '$exe'"; exit 1) |
| 32 | + done |
| 33 | +} |
| 34 | +require systemctl curl xz sha256sum gpg "$sudocmd" |
| 35 | + |
| 36 | +# select version to install |
| 37 | +if [[ -z "${1:-}" ]]; then |
| 38 | + require jq |
| 39 | + giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.io/gitea/version.json | jq -r .latest.version) |
| 40 | +else |
| 41 | + giteaversion="$1" |
| 42 | +fi |
| 43 | + |
| 44 | +# confirm update |
| 45 | +current=$(giteacmd --version | cut --delimiter=' ' --fields=3) |
| 46 | +[[ "$current" == "$giteaversion" ]] && echo "$current is already installed, stopping." && exit 1 |
| 47 | +echo "Make sure to read the changelog first: https://github.com/go-gitea/gitea/blob/main/CHANGELOG.md" |
| 48 | +echo "Are you ready to update Gitea from ${current} to ${giteaversion}? (y/N)" |
| 49 | +read -r confirm |
| 50 | +[[ "$confirm" == "y" ]] || [[ "$confirm" == "Y" ]] || exit 1 |
| 51 | + |
| 52 | +pushd "$(pwd)" &>/dev/null |
| 53 | +cd "$giteahome" # needed for gitea dump later |
| 54 | + |
| 55 | +# download new binary |
| 56 | +binname="gitea-${giteaversion}-${arch}" |
| 57 | +binurl="https://dl.gitea.io/gitea/${giteaversion}/${binname}.xz" |
| 58 | +echo "Downloading $binurl..." |
| 59 | +curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.sha256,.asc}" |
| 60 | + |
| 61 | +# validate checksum & gpg signature (exit script if error) |
| 62 | +sha256sum --check "${binname}.xz.sha256" |
| 63 | +gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2 |
| 64 | +gpg --verify "${binname}.xz.asc" "${binname}.xz" || { echo 'Signature does not match'; exit 1; } |
| 65 | +rm "${binname}".xz.{sha256,asc} |
| 66 | + |
| 67 | +# unpack binary + make executable |
| 68 | +xz --decompress "${binname}.xz" |
| 69 | +chown "$giteauser" "$binname" |
| 70 | +chmod +x "$binname" |
| 71 | + |
| 72 | +# stop gitea, create backup, replace binary, restart gitea |
| 73 | +echo "Stopping gitea at $(date)" |
| 74 | +giteacmd manager flush-queues |
| 75 | +$sudocmd systemctl stop gitea |
| 76 | +echo "Creating backup in $giteahome" |
| 77 | +giteacmd dump $backupopts |
| 78 | +echo "Updating binary at $giteabin" |
| 79 | +mv --force --backup "$binname" "$giteabin" |
| 80 | +$sudocmd systemctl start gitea |
| 81 | +$sudocmd systemctl status gitea |
| 82 | + |
| 83 | +popd |
0 commit comments