Feature/automated installers #34
Conversation
- Windows installer with Inno Setup - Linux DEB and AppImage packages - Universal tarball distribution - Automated GitHub Actions workflow
There was a problem hiding this comment.
Pull Request Overview
This PR implements automated installer support for MarkAPI across multiple platforms, providing universal deployment capabilities and cross-platform compatibility for the SciELO XML processor.
- Creates a universal bash script CLI that handles Docker setup and service management
- Implements automated installer builds for Windows, Linux, and universal platforms
- Adds GitHub Actions workflow for continuous integration of installer packages
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| distribution/universal/markapi | Universal CLI script for cross-platform MarkAPI management |
| distribution/universal/docker-compose.yml | Simplified Docker Compose configuration for universal deployment |
| distribution/universal/.env.example | Environment configuration template |
| distribution/linux/build-deb.sh | Debian package build script for Linux distribution |
| .github/workflows/build-installers.yml | GitHub Actions workflow for automated installer builds |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| # Fallback simples | ||
| date +%s | sha256sum | head -c 32 |
There was a problem hiding this comment.
The fallback password generation method uses predictable timestamp and is not cryptographically secure. Consider using /dev/urandom or requiring openssl/python3 for secure password generation.
| # Fallback simples | |
| date +%s | sha256sum | head -c 32 | |
| # Fallback seguro usando /dev/urandom | |
| head -c 16 /dev/urandom | xxd -p |
| # Atualizar .env com senhas geradas | ||
| sed -i.bak "s/DB_PASSWORD=.*/DB_PASSWORD=$db_password/" .env | ||
| sed -i.bak "s/SECRET_KEY=.*/SECRET_KEY=$secret_key/" .env |
There was a problem hiding this comment.
The sed commands could fail if the generated passwords contain special regex characters (/, &, etc.). Use a more robust method to replace these values or escape the variables properly.
| # Atualizar .env com senhas geradas | |
| sed -i.bak "s/DB_PASSWORD=.*/DB_PASSWORD=$db_password/" .env | |
| sed -i.bak "s/SECRET_KEY=.*/SECRET_KEY=$secret_key/" .env | |
| # Função para escapar caracteres especiais para sed replacement | |
| escape_sed_replacement() { | |
| printf '%s' "$1" | sed 's/[\/&\\]/\\&/g' | |
| } | |
| # Atualizar .env com senhas geradas (usando | como delimitador) | |
| db_password_escaped=$(escape_sed_replacement "$db_password") | |
| secret_key_escaped=$(escape_sed_replacement "$secret_key") | |
| sed -i.bak "s|DB_PASSWORD=.*|DB_PASSWORD=$db_password_escaped|" .env | |
| sed -i.bak "s|SECRET_KEY=.*|SECRET_KEY=$secret_key_escaped|" .env |
| # Remove docker volumes (optional) | ||
| docker volume prune -f 2>/dev/null || true |
There was a problem hiding this comment.
Running 'docker volume prune -f' in the package removal script could delete unrelated Docker volumes from other applications. This should be more specific to MarkAPI volumes only.
| # Remove docker volumes (optional) | |
| docker volume prune -f 2>/dev/null || true | |
| # Remove MarkAPI docker volumes only (optional) | |
| for v in $(docker volume ls -q --filter name=markapi); do | |
| docker volume rm "$v" 2>/dev/null || true | |
| done |
| $url = "https://files.jrsoftware.org/is/6/innosetup-6.2.2.exe" | ||
| Invoke-WebRequest -Uri $url -OutFile "innosetup.exe" |
There was a problem hiding this comment.
Downloading and executing software from external URLs without checksum verification poses a security risk. Consider verifying the installer's hash or using a GitHub Actions marketplace action for Inno Setup.
| $url = "https://files.jrsoftware.org/is/6/innosetup-6.2.2.exe" | |
| Invoke-WebRequest -Uri $url -OutFile "innosetup.exe" | |
| $url = "https://files.jrsoftware.org/is/6/innosetup-6.2.2.exe" | |
| $expectedHash = "b7e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2" # Replace with actual SHA256 from vendor | |
| Invoke-WebRequest -Uri $url -OutFile "innosetup.exe" | |
| $actualHash = (Get-FileHash "innosetup.exe" -Algorithm SHA256).Hash.ToLower() | |
| if ($actualHash -ne $expectedHash) { | |
| Write-Error "Installer hash mismatch! Aborting." | |
| exit 1 | |
| } |
| docker run --rm -v $(pwd):/backup -v markapi_markapi_media:/media \ | ||
| alpine tar czf /backup/$backup_dir/media.tar.gz /media 2>/dev/null |
There was a problem hiding this comment.
The hardcoded volume name 'markapi_markapi_media' may not match the actual volume name used by the Docker Compose setup. Consider dynamically detecting the volume name or making it configurable.
| default: '1.0.0' | ||
|
|
||
| env: | ||
| APP_VERSION: ${{ github.event.inputs.version || '1.0.0' }} |
There was a problem hiding this comment.
@Rossi-Luciano pesquise como usar uma versão de forma variável (consulte o repositório scms-upload (há o arquivo VERSION)
|
|
||
| - name: Build Windows installer | ||
| run: | | ||
| $inno = "C:\Program Files (x86)\Inno Setup 6\ISCC.exe" |
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: markapi-windows-installer | ||
| path: distribution/windows/Output/MarkAPI-Setup-*.exe |
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| sed -i.bak "s/DB_PASSWORD=.*/DB_PASSWORD=$db_password/" .env | ||
| sed -i.bak "s/SECRET_KEY=.*/SECRET_KEY=$secret_key/" .env | ||
| rm -f .env.bak |
There was a problem hiding this comment.
The sed -i.bak syntax is BSD/macOS specific. On Linux (GNU sed), this will fail. Use sed -i on Linux or create a cross-platform solution with explicit backup file extension: sed -i.bak for macOS and sed -i'' -e for portability.
| sed -i.bak "s/DB_PASSWORD=.*/DB_PASSWORD=$db_password/" .env | |
| sed -i.bak "s/SECRET_KEY=.*/SECRET_KEY=$secret_key/" .env | |
| rm -f .env.bak | |
| if [ "$PLATFORM" = "mac" ]; then | |
| sed -i.bak "s/DB_PASSWORD=.*/DB_PASSWORD=$db_password/" .env | |
| sed -i.bak "s/SECRET_KEY=.*/SECRET_KEY=$secret_key/" .env | |
| rm -f .env.bak | |
| else | |
| sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=$db_password/" .env | |
| sed -i "s/SECRET_KEY=.*/SECRET_KEY=$secret_key/" .env | |
| fi |
2 participants
No description provided.