shop
254 lines
7.4 KiB
JavaScript
254 lines
7.4 KiB
JavaScript
const { execFile, spawn } = require('child_process');
|
|
const fs = require('fs');
|
|
const path = require('path');
|
|
const { promisify } = require('util');
|
|
|
|
const execFileAsync = promisify(execFile);
|
|
|
|
function resolveShopRoot() {
|
|
const candidates = [
|
|
process.env.SHOP_ROOT,
|
|
path.resolve(__dirname, '../..'),
|
|
'/opt/shop',
|
|
].filter(Boolean);
|
|
|
|
for (const dir of candidates) {
|
|
const resolved = path.resolve(dir);
|
|
if (fs.existsSync(path.join(resolved, 'package.json'))) {
|
|
return resolved;
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
function isUpdateEnabled() {
|
|
if (process.env.ADMIN_UPDATE_ENABLED === '0') return false;
|
|
const root = resolveShopRoot();
|
|
if (!root) return false;
|
|
if (!fs.existsSync(path.join(root, '.git'))) return false;
|
|
if (process.platform === 'win32') return false;
|
|
return fs.existsSync(path.join(root, 'scripts', 'admin-web-update.sh'));
|
|
}
|
|
|
|
function gitEnv(root) {
|
|
const resolved = path.resolve(root);
|
|
return {
|
|
...process.env,
|
|
GIT_TERMINAL_PROMPT: '0',
|
|
GIT_CONFIG_COUNT: '1',
|
|
GIT_CONFIG_KEY_0: 'safe.directory',
|
|
GIT_CONFIG_VALUE_0: resolved,
|
|
};
|
|
}
|
|
|
|
async function getRepoOwner(root) {
|
|
if (process.env.SHOP_GIT_USER) {
|
|
return process.env.SHOP_GIT_USER.trim();
|
|
}
|
|
if (process.platform === 'win32') return null;
|
|
const gitPath = path.join(root, '.git');
|
|
try {
|
|
const target = fs.statSync(gitPath).isDirectory() ? gitPath : root;
|
|
const { stdout } = await execFileAsync('stat', ['-c', '%U', target], { timeout: 5000 });
|
|
const user = stdout.trim();
|
|
return user || null;
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
async function ensureSafeDirectory(root, user) {
|
|
const resolved = path.resolve(root);
|
|
const targets = [{ home: process.env.HOME || '/var/www' }];
|
|
if (user) {
|
|
try {
|
|
const { stdout } = await execFileAsync('getent', ['passwd', user], { timeout: 5000 });
|
|
const home = stdout.split(':')[5];
|
|
if (home) targets.push({ home });
|
|
} catch {
|
|
/* ignore */
|
|
}
|
|
}
|
|
for (const { home } of targets) {
|
|
try {
|
|
await execFileAsync('git', ['config', '--global', '--add', 'safe.directory', resolved], {
|
|
timeout: 15000,
|
|
env: { ...process.env, HOME: home },
|
|
});
|
|
} catch {
|
|
/* ignore */
|
|
}
|
|
}
|
|
}
|
|
|
|
async function execGit(args, cwd, runAs) {
|
|
const root = path.resolve(cwd);
|
|
const gitArgs = ['-c', `safe.directory=${root}`, ...args];
|
|
const opts = {
|
|
cwd: root,
|
|
maxBuffer: 1024 * 1024,
|
|
timeout: 120000,
|
|
env: gitEnv(root),
|
|
};
|
|
|
|
if (runAs && process.env.ADMIN_UPDATE_USE_SUDO === '1') {
|
|
const { stdout, stderr } = await execFileAsync('sudo', ['-n', '-u', runAs, 'git', ...gitArgs], opts);
|
|
return `${stdout}${stderr}`.trim();
|
|
}
|
|
|
|
const { stdout, stderr } = await execFileAsync('git', gitArgs, opts);
|
|
return `${stdout}${stderr}`.trim();
|
|
}
|
|
|
|
async function gitCmd(args, cwd, { needsWrite = false } = {}) {
|
|
const root = path.resolve(cwd);
|
|
const owner = await getRepoOwner(root);
|
|
|
|
try {
|
|
return await execGit(args, root, null);
|
|
} catch (err) {
|
|
const msg = err.message || '';
|
|
const denied = /permission denied|EACCES|FETCH_HEAD/i.test(msg);
|
|
if ((needsWrite || denied) && owner) {
|
|
await ensureSafeDirectory(root, owner);
|
|
return execGit(args, root, owner);
|
|
}
|
|
throw err;
|
|
}
|
|
}
|
|
|
|
/** Сколько коммитов на origin/main без записи в .git (без fetch) */
|
|
async function getCommitsBehind(root) {
|
|
const localHead = (await gitCmd(['rev-parse', 'HEAD'], root)).split('\n')[0].trim();
|
|
const remoteOut = await gitCmd(['ls-remote', 'origin', 'refs/heads/main'], root);
|
|
const remoteSha = remoteOut.split(/\s+/)[0]?.trim();
|
|
if (!remoteSha) {
|
|
throw new Error('Не найден refs/heads/main на origin');
|
|
}
|
|
if (remoteSha === localHead) return 0;
|
|
const count = await gitCmd(['rev-list', '--count', `${localHead}..${remoteSha}`], root);
|
|
return parseInt(count, 10) || 0;
|
|
}
|
|
|
|
async function getGitInfo({ fetchRemote = false } = {}) {
|
|
const root = resolveShopRoot();
|
|
const pkg = root ? JSON.parse(fs.readFileSync(path.join(root, 'package.json'), 'utf8')) : null;
|
|
const repoOwner = root ? await getRepoOwner(root) : null;
|
|
|
|
if (!root || !fs.existsSync(path.join(root, '.git'))) {
|
|
return {
|
|
available: false,
|
|
packageVersion: pkg?.version || null,
|
|
shopRoot: root,
|
|
reason: 'Каталог не является git-репозиторием. Задайте SHOP_ROOT в .env.',
|
|
};
|
|
}
|
|
|
|
const info = {
|
|
available: true,
|
|
shopRoot: root,
|
|
repoOwner,
|
|
packageVersion: pkg?.version || null,
|
|
branch: null,
|
|
commit: null,
|
|
commitShort: null,
|
|
commitSubject: null,
|
|
commitDate: null,
|
|
dirty: false,
|
|
dirtyHint: null,
|
|
behind: null,
|
|
updateEnabled: isUpdateEnabled(),
|
|
platform: process.platform,
|
|
};
|
|
|
|
try {
|
|
await ensureSafeDirectory(root, repoOwner);
|
|
info.branch = await gitCmd(['branch', '--show-current'], root);
|
|
if (!info.branch) {
|
|
info.branch = '(detached)';
|
|
info.commitShort = await gitCmd(['rev-parse', '--short', 'HEAD'], root);
|
|
}
|
|
info.commit = await gitCmd(['rev-parse', 'HEAD'], root);
|
|
info.commitShort = info.commitShort || (await gitCmd(['rev-parse', '--short', 'HEAD'], root));
|
|
info.commitSubject = await gitCmd(['log', '-1', '--pretty=%s'], root);
|
|
info.commitDate = await gitCmd(['log', '-1', '--pretty=%ci'], root);
|
|
try {
|
|
const status = await gitCmd(['status', '--porcelain'], root);
|
|
info.dirty = status.length > 0;
|
|
if (info.dirty) {
|
|
info.dirtyHint =
|
|
'На сервере есть локальные изменения. Обновление может их перезаписать; при ошибке выполните git stash или git reset --hard с машины администратора.';
|
|
}
|
|
} catch {
|
|
info.dirty = null;
|
|
info.dirtyHint = 'Не удалось прочитать статус (права на .git).';
|
|
}
|
|
} catch (err) {
|
|
info.available = false;
|
|
info.reason = err.message;
|
|
return info;
|
|
}
|
|
|
|
if (fetchRemote) {
|
|
try {
|
|
info.behind = await getCommitsBehind(root);
|
|
} catch (err) {
|
|
info.fetchError = err.message;
|
|
if (repoOwner) {
|
|
info.fetchError += ` Владелец репозитория: ${repoOwner}. Задайте SHOP_GIT_USER=${repoOwner} и ADMIN_UPDATE_USE_SUDO=1 в .env.`;
|
|
}
|
|
}
|
|
}
|
|
|
|
return info;
|
|
}
|
|
|
|
function runDeployUpdate() {
|
|
const root = resolveShopRoot();
|
|
const scriptPath = path.join(root, 'scripts', 'admin-web-update.sh');
|
|
|
|
return new Promise((resolve) => {
|
|
const useSudo = process.env.ADMIN_UPDATE_USE_SUDO === '1';
|
|
const cmd = useSudo ? 'sudo' : 'bash';
|
|
const args = useSudo ? ['-n', scriptPath] : [scriptPath];
|
|
|
|
const child = spawn(cmd, args, {
|
|
cwd: root,
|
|
env: { ...gitEnv(root), SHOP_ROOT: root },
|
|
timeout: 300000,
|
|
});
|
|
|
|
let output = '';
|
|
child.stdout.on('data', (chunk) => {
|
|
output += chunk.toString();
|
|
});
|
|
child.stderr.on('data', (chunk) => {
|
|
output += chunk.toString();
|
|
});
|
|
|
|
child.on('error', (err) => {
|
|
resolve({
|
|
ok: false,
|
|
code: -1,
|
|
output: `${output}\n${err.message}`.trim(),
|
|
});
|
|
});
|
|
|
|
child.on('close', (code) => {
|
|
resolve({
|
|
ok: code === 0,
|
|
code: code ?? 1,
|
|
output: output.trim() || '(нет вывода)',
|
|
});
|
|
});
|
|
});
|
|
}
|
|
|
|
module.exports = {
|
|
resolveShopRoot,
|
|
isUpdateEnabled,
|
|
getGitInfo,
|
|
runDeployUpdate,
|
|
getRepoOwner,
|
|
};
|