BurgerGames/NetBirdMSP-Appliance
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add update management system with version check and one-click update

Browse Source 
- Bake version info (commit, branch, date) into /app/version.json at build time
  via Docker ARG GIT_COMMIT/GIT_BRANCH/GIT_COMMIT_DATE
- Mount source directory as /app-source for in-container git operations
- Add git config safe.directory for /app-source (ownership mismatch fix)
- Add SystemConfig fields: git_repo_url, git_branch, git_token_encrypted
- Add DB migrations for the three new columns
- Add git_token encryption in update_settings() handler
- New endpoints:
    GET  /api/settings/version  — current version + latest from Gitea API
    POST /api/settings/update   — DB backup + git pull + docker compose rebuild
- New service: app/services/update_service.py
    get_current_version()  — reads /app/version.json
    check_for_updates()    — queries Gitea API for latest commit on branch
    backup_database()      — timestamped SQLite copy to /app/backups/
    trigger_update()       — git pull + fire-and-forget compose rebuild
- New script: update.sh — SSH-based manual update with health check

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sascha Lustenberger
2026-02-21 21:33:43 +01:00
parent 7793ca3666
commit f92cdfbbef
9 changed files with 376 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/utils/config.py
View File

@@ -50,6 +50,10 @@ class AppConfig:
ldap_base_dn: str = ""
ldap_user_filter: str = "(sAMAccountName={username})"
ldap_group_dn: str = ""
# Update management
git_repo_url: str = ""
git_branch: str = "main"
git_token: str = "" # decrypted
# ---------------------------------------------------------------------------
@@ -117,6 +121,10 @@ def get_system_config(db: Session) -> Optional[AppConfig]:
ldap_bind_password = decrypt_value(row.ldap_bind_password_encrypted) if row.ldap_bind_password_encrypted else ""
except Exception:
ldap_bind_password = ""
try:
git_token = decrypt_value(row.git_token_encrypted) if row.git_token_encrypted else ""
except Exception:
git_token = ""
return AppConfig(
base_domain=row.base_domain,
@@ -149,4 +157,7 @@ def get_system_config(db: Session) -> Optional[AppConfig]:
ldap_base_dn=getattr(row, "ldap_base_dn", "") or "",
ldap_user_filter=getattr(row, "ldap_user_filter", "(sAMAccountName={username})") or "(sAMAccountName={username})",
ldap_group_dn=getattr(row, "ldap_group_dn", "") or "",
git_repo_url=getattr(row, "git_repo_url", "") or "",
git_branch=getattr(row, "git_branch", "main") or "main",
git_token=git_token,
)

4
app/utils/validators.py
View File

@@ -154,6 +154,10 @@ class SystemConfigUpdate(BaseModel):
ldap_base_dn: Optional[str] = Field(None, max_length=500)
ldap_user_filter: Optional[str] = Field(None, max_length=255)
ldap_group_dn: Optional[str] = Field(None, max_length=500)
# Update management
git_repo_url: Optional[str] = Field(None, max_length=500)
git_branch: Optional[str] = Field(None, max_length=100)
git_token: Optional[str] = None # plaintext, encrypted before storage
@field_validator("ssl_mode")
@classmethod