Enable web updater and automate Hub updates

Co-Authored-By: Oz <oz-agent@warp.dev>
2026-04-17 10:33:46 +05:30
parent 69b7f7a849
commit bb2136aad5
6 changed files with 163 additions and 29 deletions
--- a/scripts/setup-hub-update-cron.sh
+++ b/scripts/setup-hub-update-cron.sh
@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+# scripts/setup-hub-update-cron.sh
+# Installs/updates a cron entry for automated Nextcloud Hub updates.
+
+set -euo pipefail
+
+REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+HUB_ENV_FILE="${REPO_DIR}/.hub-update.env"
+LOG_DIR="${REPO_DIR}/logs"
+LOG_FILE="${LOG_DIR}/hub-update.log"
+CRON_MARKER="# nextcloud-docker hub update"
+CRON_SCHEDULE="${HUB_UPDATE_CRON_SCHEDULE:-30 2 * * 0}"
+
+if [ -f "${HUB_ENV_FILE}" ]; then
+  # shellcheck disable=SC1090
+  set -a
+  source "${HUB_ENV_FILE}"
+  set +a
+fi
+
+RUN_APP_UPDATES="${RUN_APP_UPDATES:-1}"
+STRICT_TLS="${STRICT_TLS:-0}"
+ENABLE_WEB_UPDATER="${ENABLE_WEB_UPDATER:-1}"
+UPDATER_RELEASE_CHANNEL="${UPDATER_RELEASE_CHANNEL:-stable}"
+
+mkdir -p "${LOG_DIR}"
+chmod 700 "${LOG_DIR}"
+
+cat > "${HUB_ENV_FILE}" <<ENVFILE
+RUN_APP_UPDATES=${RUN_APP_UPDATES}
+STRICT_TLS=${STRICT_TLS}
+ENABLE_WEB_UPDATER=${ENABLE_WEB_UPDATER}
+UPDATER_RELEASE_CHANNEL=${UPDATER_RELEASE_CHANNEL}
+ENVFILE
+chmod 600 "${HUB_ENV_FILE}"
+
+CRON_COMMAND="cd ${REPO_DIR} && /usr/bin/env bash ${REPO_DIR}/scripts/update-nextcloud-hub.sh >> ${LOG_FILE} 2>&1"
+CRON_LINE="${CRON_SCHEDULE} ${CRON_COMMAND} ${CRON_MARKER}"
+
+{
+  crontab -l 2>/dev/null | grep -v "${CRON_MARKER}" || true
+  echo "${CRON_LINE}"
+} | crontab -
+
+echo "==> Installed Hub update cron job:"
+echo "    ${CRON_LINE}"
+echo "==> Stored update defaults in ${HUB_ENV_FILE}"
+echo "==> Logs will be written to ${LOG_FILE}"
--- a/scripts/update-nextcloud-hub.sh
+++ b/scripts/update-nextcloud-hub.sh
@ -9,6 +9,17 @@ REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 COMPOSE_FILE="${REPO_DIR}/docker-compose.yml"
 APP_CONTAINER="${NEXTCLOUD_APP_CONTAINER:-nextcloud-app}"
 RUN_APP_UPDATES="${RUN_APP_UPDATES:-1}"
+STRICT_TLS="${STRICT_TLS:-0}"
+ENABLE_WEB_UPDATER="${ENABLE_WEB_UPDATER:-1}"
+UPDATER_RELEASE_CHANNEL="${UPDATER_RELEASE_CHANNEL:-stable}"
+HUB_ENV_FILE="${HUB_ENV_FILE:-${REPO_DIR}/.hub-update.env}"
+
+if [ -f "${HUB_ENV_FILE}" ]; then
+  # shellcheck disable=SC1090
+  set -a
+  source "${HUB_ENV_FILE}"
+  set +a
+fi

 compose() {
  if docker compose version >/dev/null 2>&1; then
@ -26,12 +37,16 @@ require_command() {
  fi
 }

+occ_cmd() {
+  docker exec --user www-data "${APP_CONTAINER}" php occ "$@"
+}
+
 wait_for_occ() {
  local max_attempts=45
  local attempt=1

  while [ "${attempt}" -le "${max_attempts}" ]; do
-    if docker exec --user www-data "${APP_CONTAINER}" php occ status >/dev/null 2>&1; then
+    if occ_cmd status >/dev/null 2>&1; then
      return 0
    fi

@ -43,6 +58,20 @@ wait_for_occ() {
  return 1
 }

+enable_web_updater() {
+  echo "==> Enabling Nextcloud web updater"
+  docker exec "${APP_CONTAINER}" sh -lc "cat > /var/www/html/config/upgrade-disable-web.config.php <<'PHP'
+<?php
+\$CONFIG = array (
+  'upgrade.disable-web' => false,
+);
+PHP
+chown www-data:www-data /var/www/html/config/upgrade-disable-web.config.php
+chmod 640 /var/www/html/config/upgrade-disable-web.config.php"
+
+  occ_cmd config:system:set updater.release.channel --value="${UPDATER_RELEASE_CHANNEL}"
+}
+
 require_command docker
 require_command curl

@ -67,47 +96,40 @@ if ! wait_for_occ; then
  exit 1
 fi

-maintenance_enabled=0
-cleanup() {
-  if [ "${maintenance_enabled}" -eq 1 ]; then
-    docker exec --user www-data "${APP_CONTAINER}" php occ maintenance:mode --off >/dev/null 2>&1 || true
-  fi
-}
-trap cleanup EXIT
+if [ "${ENABLE_WEB_UPDATER}" = "1" ]; then
+  enable_web_updater
+else
+  echo "==> Skipping web-updater enablement (ENABLE_WEB_UPDATER=${ENABLE_WEB_UPDATER})"
+fi

-echo "==> Enabling maintenance mode"
-docker exec --user www-data "${APP_CONTAINER}" php occ maintenance:mode --on
-maintenance_enabled=1
+echo "==> Ensuring maintenance mode is off before upgrade"
+occ_cmd maintenance:mode --off >/dev/null 2>&1 || true

 echo "==> Running Nextcloud upgrade"
-docker exec --user www-data "${APP_CONTAINER}" php occ upgrade
+occ_cmd upgrade

 if [ "${RUN_APP_UPDATES}" = "1" ]; then
  echo "==> Updating installed apps"
-  docker exec --user www-data "${APP_CONTAINER}" php occ app:update --all
+  occ_cmd app:update --all
 else
  echo "==> Skipping app:update --all (RUN_APP_UPDATES=${RUN_APP_UPDATES})"
 fi

 echo "==> Running database/schema remediation commands"
-docker exec --user www-data "${APP_CONTAINER}" php occ db:add-missing-columns || true
-docker exec --user www-data "${APP_CONTAINER}" php occ db:add-missing-indices || true
-docker exec --user www-data "${APP_CONTAINER}" php occ db:add-missing-primary-keys || true
+occ_cmd db:add-missing-columns || true
+occ_cmd db:add-missing-indices || true
+occ_cmd db:add-missing-primary-keys || true

 echo "==> Running maintenance repair"
-docker exec --user www-data "${APP_CONTAINER}" php occ maintenance:repair
-
-echo "==> Disabling maintenance mode"
-docker exec --user www-data "${APP_CONTAINER}" php occ maintenance:mode --off
-maintenance_enabled=0
+occ_cmd maintenance:repair

 echo "==> Running post-update checks"
-docker exec --user www-data "${APP_CONTAINER}" php occ status
-docker exec --user www-data "${APP_CONTAINER}" php occ setupchecks || true
+occ_cmd status
+occ_cmd setupchecks || true

 if [ -x "${REPO_DIR}/scripts/test.sh" ]; then
  echo "==> Running endpoint smoke tests"
-  STRICT_TLS="${STRICT_TLS:-0}" "${REPO_DIR}/scripts/test.sh"
+  STRICT_TLS="${STRICT_TLS}" "${REPO_DIR}/scripts/test.sh"
 else
  echo "WARN: scripts/test.sh is not executable; skipping smoke tests."
 fi