Files
computer-playbook/roles/web-app-mediawiki/tasks/04_extensions.yml
Kevin Veen-Birkenbach dd9a9b6d84 feat(mediawiki): Refactor OIDC + debug; install Composer deps in-container; modularize role
Discussion: https://chatgpt.com/share/68b10c0a-c308-800f-93ac-2ffb386cf58b

- Split tasks into 01_install, 02_debug, 03_admin, 04_extensions, 05_oidc.
- Ensure unzip+git+composer on demand in the container; run Composer as www-data with COMPOSER_HOME=/tmp/composer.
- Idempotently unpack/install PluggableAuth & OpenIDConnect; run composer install only if vendor/ is missing.
- Add sanity check for Jumbojett\OpenIDConnectClient.
- Copy oidc.php only when changed and append a single require_once to LocalSettings.php.
- Use REL1_44-compatible numeric array for $wgPluggableAuth_Config; set $wgPluggableAuth_ButtonLabelMessage.
- Debug: add debug.php that logs to STDERR (visible via docker logs); toggle cleanly with MODE_DEBUG.
- Enable OIDC feature in config; add paths/OIDC/extension vars in vars/main.yml.

fix(services): include SYS_SERVICE_GROUP_CLEANUP in StartPre lock (ssd-hdd, docker-hard).

fix(desktop/joomla): simplify MODE_DEBUG templating.

chore: minor cleanups and renames.
2025-08-29 04:10:46 +02:00

148 lines
5.2 KiB
YAML

---
# Install PluggableAuth + OpenIDConnect INTO the running container (idempotent)
# Downloads on host (config dir), copy+extract inside container.
- name: "EXT | Ensure local download dir exists"
file:
path: "{{ MEDIAWIKI_EXT_CFG_BASE }}"
state: directory
mode: "0755"
- name: "EXT | Download extension tarballs ({{ MEDIAWIKI_EXT_BRANCH }})"
get_url:
url: "{{ ext.url }}"
dest: "{{ MEDIAWIKI_EXT_CFG_BASE }}/{{ ext.name }}.tar.gz"
mode: "0644"
loop: "{{ MEDIAWIKI_EXT_LIST }}"
loop_control:
loop_var: ext
label: "{{ ext.name }}"
- name: "EXT | Copy & extract into container if not installed"
shell: >
docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc '
set -e
dst="{{ MEDIAWIKI_HTML_DIR }}/extensions/{{ ext.name }}"
if [ ! -f "$dst/extension.json" ]; then
rm -rf "$dst" && mkdir -p "$dst"
fi
'
&& docker cp "{{ MEDIAWIKI_EXT_CFG_BASE }}/{{ ext.name }}.tar.gz" "{{ MEDIAWIKI_CONTAINER }}:/tmp/{{ ext.name }}.tar.gz"
&& docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc '
set -e
dst="{{ MEDIAWIKI_HTML_DIR }}/extensions/{{ ext.name }}"
if [ ! -f "$dst/extension.json" ]; then
tar -xzf /tmp/{{ ext.name }}.tar.gz -C "$dst" --strip-components=1
chown -R {{ MEDIAWIKI_USER }}:{{ MEDIAWIKI_USER }} "$dst"
rm -f /tmp/{{ ext.name }}.tar.gz
echo INSTALLED:{{ ext.name }}
else
rm -f /tmp/{{ ext.name }}.tar.gz
echo PRESENT:{{ ext.name }}
fi
'
args:
executable: /bin/bash
loop: "{{ MEDIAWIKI_EXT_LIST }}"
loop_control:
loop_var: ext
label: "{{ ext.name }}"
register: _install_results
changed_when: "'INSTALLED:' in (stdout | default(''))"
- name: "EXT | Determine if any extension was installed"
set_fact:
_any_installed: >-
{{ _install_results.results
| map(attribute='stdout')
| select('search', 'INSTALLED:')
| list | length > 0 }}
# Ensure unzip + git are available in the container (idempotent)
- name: "EXT | Ensure unzip+git available in container"
shell: |
docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc '
set -e
need=0
command -v unzip >/dev/null 2>&1 || need=1
command -v git >/dev/null 2>&1 || need=1
if [ "$need" -eq 1 ]; then
export DEBIAN_FRONTEND=noninteractive
apt-get update -y
apt-get install -y --no-install-recommends unzip git ca-certificates
rm -rf /var/lib/apt/lists/*
echo INSTALLED_TOOLS
fi
'
args:
executable: /bin/bash
register: _tools
changed_when: "'INSTALLED_TOOLS' in (_tools.stdout | default(''))"
# Ensure Composer is available inside the container (idempotent)
- name: "EXT | Ensure Composer available in container"
shell: |
docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc '
if ! command -v composer >/dev/null 2>&1; then
php -r "copy(\"https://getcomposer.org/installer\", \"composer-setup.php\");"
php composer-setup.php --install-dir=/usr/local/bin --filename=composer
rm -f composer-setup.php
echo INSTALLED_COMPOSER
fi
'
args:
executable: /bin/bash
register: _composer
changed_when: "'INSTALLED_COMPOSER' in (_composer.stdout | default(''))"
# Install dependencies per extension (only if vendor is missing)
# Use /tmp/composer for HOME/CACHE to avoid /var/www permission issues.
- name: "EXT | composer install in each extension when needed"
shell: |
docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }} bash -lc '
set -e
d="{{ MEDIAWIKI_HTML_DIR }}/extensions/{{ ext.name }}"
if [ -f "$d/composer.json" ] && [ ! -f "$d/vendor/autoload.php" ]; then
install -d -m 0775 /tmp/composer/cache
export COMPOSER_HOME=/tmp/composer
export COMPOSER_CACHE_DIR=/tmp/composer/cache
cd "$d"
composer install --no-dev -n --prefer-dist
echo COMPOSER_INSTALLED:{{ ext.name }}
fi
'
args:
executable: /bin/bash
loop: "{{ MEDIAWIKI_EXT_LIST }}"
loop_control:
loop_var: ext
label: "{{ ext.name }}"
register: _ext_composer
changed_when: "'COMPOSER_INSTALLED:' in (stdout | default(''))"
# Sanity check: Jumbojett OIDC client must be loadable
- name: "EXT | Sanity check: Jumbojett OpenIDConnect client present"
shell: >
docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc
'php -r "(@require \"{{ MEDIAWIKI_HTML_DIR }}/vendor/autoload.php\"); @require \"{{ MEDIAWIKI_HTML_DIR }}/extensions/OpenIDConnect/vendor/autoload.php\"; exit(class_exists(\"Jumbojett\\\\OpenIDConnectClient\")?0:1);"'
args:
executable: /bin/bash
register: _oidc_class
changed_when: false
failed_when: _oidc_class.rc != 0
# Run MediaWiki updates (changed if something installed)
- name: "EXT | Run update.php (safe to run repeatedly)"
shell: >
docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }}
php {{ MEDIAWIKI_HTML_DIR }}/maintenance/update.php --quick
args:
executable: /bin/bash
register: _mw_upd
changed_when: >
(_any_installed) or
(_ext_composer is defined and
(_ext_composer.results | map(attribute='stdout')
| select('search','COMPOSER_INSTALLED:')
| list | length > 0))