dc08375ad0
- teardown_all.sh: replace `yes |` pipeline with `< <(yes)` process
substitution to avoid SIGPIPE (exit 141) false failures under pipefail
- phase6_teardown.sh: extract push mirror `.id` instead of `.remote_name`
to match the DELETE /push_mirrors/{id} API contract
- phase5_migrate_pipelines.sh: expand sed regex from `[a-z_]*` to
`[a-z_.]*` to handle nested GitHub contexts like
`github.event.pull_request.number`
- lib/common.sh: render_template now requires explicit variable list to
prevent envsubst from eating Nginx variables ($host, $proxy_add_...)
- backup scripts: remove MacBook relay, use direct Unraid↔Fedora SCP;
fix dump path to write to /data/ (mounted volume) instead of /tmp/
(container-only); add unzip -t integrity verification
- preflight.sh: add --skip-port-checks flag for resuming with
--start-from (ports already bound by earlier phases)
- run_all.sh: update run_step to pass extra args; use --skip-port-checks
when --start-from > 1
- post-checks (phase4/7/9): wrap API calls in helper functions with
>/dev/null redirection instead of passing -o /dev/null as API data
- phase8: replace GitHub archiving with [MIRROR] description marking
and disable wiki/projects/Pages (archived repos reject push mirrors)
- restore_to_primary.sh: add require_vars for Fedora SSH variables
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
106 lines
4.2 KiB
Bash
Executable File
106 lines
4.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# =============================================================================
|
|
# phase8_teardown.sh — Reverse the cutover: remove HTTPS, restore GitHub repos
|
|
# Steps:
|
|
# 1. Remove Nginx gitea.conf + reload
|
|
# 2. Remove cert renewal cron
|
|
# 3. Optionally remove SSL certificates
|
|
# 4. Restore GitHub repo descriptions, re-enable wiki/projects
|
|
# =============================================================================
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
source "${SCRIPT_DIR}/lib/common.sh"
|
|
|
|
load_env
|
|
require_vars UNRAID_IP UNRAID_SSH_USER \
|
|
GITEA_DOMAIN NGINX_CONTAINER_NAME NGINX_CONF_PATH \
|
|
SSL_MODE GITHUB_USERNAME GITHUB_TOKEN \
|
|
REPO_1_NAME REPO_2_NAME REPO_3_NAME
|
|
|
|
log_warn "=== Phase 8 Teardown: Cutover ==="
|
|
|
|
REPOS=("$REPO_1_NAME" "$REPO_2_NAME" "$REPO_3_NAME")
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Step 1: Remove Nginx config and reload
|
|
# ---------------------------------------------------------------------------
|
|
if ssh_exec UNRAID "test -f '${NGINX_CONF_PATH}/gitea.conf'" 2>/dev/null; then
|
|
printf 'Remove Nginx config for %s? [y/N] ' "$GITEA_DOMAIN"
|
|
read -r confirm
|
|
if [[ "$confirm" =~ ^[Yy]$ ]]; then
|
|
ssh_exec UNRAID "rm -f '${NGINX_CONF_PATH}/gitea.conf'"
|
|
ssh_exec UNRAID "docker exec ${NGINX_CONTAINER_NAME} nginx -s reload" || true
|
|
log_success "Nginx config removed and reloaded"
|
|
else
|
|
log_info "Nginx config preserved"
|
|
fi
|
|
else
|
|
log_info "Nginx config already removed"
|
|
fi
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Step 2: Remove cert renewal cron
|
|
# ---------------------------------------------------------------------------
|
|
if ssh_exec UNRAID "crontab -l 2>/dev/null | grep -q certbot" 2>/dev/null; then
|
|
ssh_exec UNRAID "crontab -l 2>/dev/null | grep -v certbot | crontab -"
|
|
log_success "Certbot renewal cron removed"
|
|
else
|
|
log_info "No certbot cron found"
|
|
fi
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Step 3: Optionally remove SSL certificates (letsencrypt only)
|
|
# ---------------------------------------------------------------------------
|
|
if [[ "$SSL_MODE" == "letsencrypt" ]]; then
|
|
if ssh_exec UNRAID "test -d '/etc/letsencrypt/live/${GITEA_DOMAIN}'" 2>/dev/null; then
|
|
printf 'Remove SSL certificates for %s? [y/N] ' "$GITEA_DOMAIN"
|
|
read -r confirm
|
|
if [[ "$confirm" =~ ^[Yy]$ ]]; then
|
|
ssh_exec UNRAID "rm -rf '/etc/letsencrypt/live/${GITEA_DOMAIN}' '/etc/letsencrypt/archive/${GITEA_DOMAIN}' '/etc/letsencrypt/renewal/${GITEA_DOMAIN}.conf'"
|
|
log_success "SSL certificates removed"
|
|
else
|
|
log_info "SSL certificates preserved"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Step 4: Restore GitHub repos — description, wiki, projects
|
|
# The mirror description format is: "[MIRROR] ... — was: ORIGINAL_DESC"
|
|
# We parse the original description from after "— was: " to restore it.
|
|
# ---------------------------------------------------------------------------
|
|
printf 'Restore GitHub repo descriptions and re-enable wiki/projects? [y/N] '
|
|
read -r confirm
|
|
if [[ "$confirm" =~ ^[Yy]$ ]]; then
|
|
for repo in "${REPOS[@]}"; do
|
|
CURRENT_DESC=$(github_api GET "/repos/${GITHUB_USERNAME}/${repo}" 2>/dev/null | jq -r '.description // ""')
|
|
if [[ "$CURRENT_DESC" != "[MIRROR]"* ]]; then
|
|
log_info "GitHub repo ${repo} not marked as mirror — skipping"
|
|
continue
|
|
fi
|
|
|
|
# Extract original description from the mirror description
|
|
ORIGINAL_DESC=""
|
|
if [[ "$CURRENT_DESC" == *" — was: "* ]]; then
|
|
ORIGINAL_DESC="${CURRENT_DESC##* — was: }"
|
|
fi
|
|
|
|
# Restore description, homepage, and re-enable wiki/projects
|
|
RESTORE_PAYLOAD=$(jq -n \
|
|
--arg description "$ORIGINAL_DESC" \
|
|
'{description: $description, homepage: "", has_wiki: true, has_projects: true}')
|
|
|
|
if github_api PATCH "/repos/${GITHUB_USERNAME}/${repo}" "$RESTORE_PAYLOAD" >/dev/null 2>&1; then
|
|
log_success "Restored GitHub repo: ${repo}"
|
|
else
|
|
log_error "Failed to restore GitHub repo: ${repo}"
|
|
fi
|
|
done
|
|
else
|
|
log_info "GitHub repos left as-is"
|
|
fi
|
|
|
|
log_success "Phase 8 teardown complete"
|