cedricAbonnel/folio
1
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

feat : UpdateChecker délègue la mise à jour à un script sudo externe

Browse Source 
Le bouton "Mettre à jour" appelle désormais `sudo /usr/local/bin/folio-upgrade.sh`
via exec() plutôt que d'exécuter git pull + composer + migrations directement en PHP.
Le script shell (template dans scripts/server/) gère la séquence complète : clone fresh,
permissions www-data, restauration .env, composer install, migrations SQL, .sessions,
safe.directory. Le journal de la dernière mise à jour est conservé dans DATA_PATH/.upgrade-log
et affiché en <details> dans l'admin.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Cédric Abonnel
2026-05-15 15:46:26 +02:00
parent 53dbce5bb0
commit af0a0bb9d5
4 changed files with 121 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/index.php
+12 -66
View File
@@ -45,7 +45,7 @@ $action = $_GET['action'] ?? 'list';
$uuid = $_GET['uuid'] ?? '';
$slug = $_GET['slug'] ?? '';
$_noindexActions = ['create', 'edit', 'admin', 'categories', 'diff', 'add_files', 'import_image', 'import_image_step2', 'sources', 'profile', 'delete_file', 'delete_external_link', 'rename_category', 'delete_category', 'toggle_private_category', 'admin_save_site', 'not_found', 'add_feed', 'delete_feed', 'add_link', 'delete_link', 'reorder_links', 'react', 'comment', 'verify_comment', 'comment_moderate', 'comment_delete', 'comment_resend', 'create_tag_type', 'delete_tag_type', 'edit_tags', 'book_save', 'book_delete', 'admin_save_as_groups', 'admin_save_folio_config', 'run_engine_update'];
$_noindexActions = ['create', 'edit', 'admin', 'categories', 'diff', 'add_files', 'import_image', 'import_image_step2', 'sources', 'profile', 'delete_file', 'delete_external_link', 'rename_category', 'delete_category', 'toggle_private_category', 'admin_save_site', 'not_found', 'add_feed', 'delete_feed', 'add_link', 'delete_link', 'reorder_links', 'react', 'comment', 'verify_comment', 'comment_moderate', 'comment_delete', 'comment_resend', 'create_tag_type', 'delete_tag_type', 'edit_tags', 'book_save', 'book_delete', 'admin_save_as_groups', 'admin_save_folio_config', 'run_engine_update', 'run_content_migrations'];
$metaRobots = in_array($action, $_noindexActions, true) ? 'noindex, nofollow' : null;
unset($_noindexActions);
@@ -2823,74 +2823,20 @@ switch ($action) {
exit;
}
// 1. git pull — vérifier que origin pointe vers le dépôt folio configuré
$_folioRepo = rtrim(folioRepoUrl(), '/');
exec('git -C ' . escapeshellarg(BASE_PATH) . ' remote get-url origin 2>&1', $_originOut, $_originCode);
$_originUrl = rtrim(trim(implode('', $_originOut)), '/');
// Normaliser : supprimer les credentials éventuels de l'URL (token@host → host)
$_originNorm = preg_replace('#https?://[^@]+@#', 'https://', $_originUrl);
$_repoNorm = preg_replace('#https?://[^@]+@#', 'https://', $_folioRepo);
if ($_originCode !== 0 || $_originNorm !== $_repoNorm) {
$_SESSION['_update_log'] = "Le remote git 'origin' (" . $_originUrl . ") ne correspond pas à FOLIO_REPO_URL (" . $_folioRepo . "). git pull annulé.";
header('Location: /admin?tab=dashboard&notice=update_git_error');
exit;
}
exec('cd ' . escapeshellarg(BASE_PATH) . ' && git pull origin main 2>&1', $_gitOut, $_gitCode);
if ($_gitCode !== 0) {
$_SESSION['_update_log'] = implode("\n", $_gitOut);
header('Location: /admin?tab=dashboard&notice=update_git_error');
exit;
}
set_time_limit(0);
ignore_user_abort(true);
// 2. composer install (non-bloquant si absent)
exec('which composer 2>/dev/null', $_composerPath);
if (!empty($_composerPath)) {
exec('cd ' . escapeshellarg(BASE_PATH) . ' && composer install --no-dev --optimize-autoloader -q 2>&1');
}
// 3. Migrations SQL
$pdo->exec('CREATE TABLE IF NOT EXISTS schema_migrations (name TEXT NOT NULL PRIMARY KEY, applied_at TIMESTAMP NOT NULL DEFAULT NOW())');
$_sqlApplied = array_flip($pdo->query('SELECT name FROM schema_migrations ORDER BY name')->fetchAll(PDO::FETCH_COLUMN));
$_sqlFiles = glob(BASE_PATH . '/database/migration_*.sql') ?: [];
sort($_sqlFiles);
foreach ($_sqlFiles as $_sqlFile) {
$_sqlName = basename($_sqlFile);
if (isset($_sqlApplied[$_sqlName])) {
continue;
}
$pdo->exec((string) file_get_contents($_sqlFile));
$pdo->prepare('INSERT INTO schema_migrations (name) VALUES (:n)')->execute([':n' => $_sqlName]);
}
// 4. Migrations de contenu
$_cmDataDir = DATA_PATH;
$_cmTrack = $_cmDataDir . '/.content_migrations.json';
$_cmFlag = $_cmDataDir . '/.maintenance';
$_cmApplied = file_exists($_cmTrack) ? (json_decode((string) file_get_contents($_cmTrack), true) ?? []) : [];
$_cmFiles = glob(BASE_PATH . '/scripts/content/migration_*.php') ?: [];
sort($_cmFiles);
$_cmPending = array_values(array_filter($_cmFiles, fn ($f) => !isset($_cmApplied[basename($f)])));
$_cmErrors = 0;
if (!empty($_cmPending)) {
file_put_contents($_cmFlag, date('Y-m-d H:i:s'));
$dataDir = $_cmDataDir;
foreach ($_cmPending as $_cmFile) {
try {
require $_cmFile;
$_cmApplied[basename($_cmFile)] = date('Y-m-d H:i:s');
file_put_contents($_cmTrack, json_encode($_cmApplied, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE) . "\n");
} catch (Throwable $_cmEx) {
$_cmErrors++;
break;
}
}
if (file_exists($_cmFlag)) {
unlink($_cmFlag);
}
}
exec('sudo /usr/local/bin/folio-upgrade.sh ' . escapeshellarg(folioUpdateBranch()) . ' 2>&1', $_upgradeOut, $_upgradeCode);
$_updateChecker->clearCache();
header('Location: /admin?tab=dashboard&notice=' . ($_cmErrors ? 'update_content_error' : 'engine_updated'));
if ($_upgradeCode !== 0) {
$_SESSION['_upgrade_log'] = implode("\n", $_upgradeOut);
header('Location: /admin?tab=dashboard&notice=upgrade_error');
exit;
}
header('Location: /admin?tab=dashboard&notice=engine_updated');
exit;
case 'force_update_check':