refactor: simplify startup script and enhance installation process

- Remove auto-update and environment variable handling from the startup script in egg-nemesis.json and egg-nemesis.yml for cleaner execution.
- Update installation script to download release tarballs and verify checksums, ensuring file integrity before extraction.
- Change GitHub branch variable to a tag variable for more flexible versioning during installations.
- Improve dependency installation and environment setup in the installation script for better reliability.

Author: enum314

.github/workflows/release.yml

@@ -0,0 +1,84 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Setup PNPM
+        uses: pnpm/action-setup@v4
+        id: pnpm-install
+
+      - name: Get pnpm store directory
+        id: pnpm-cache
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Build project
+        run: pnpm build
+
+      - name: Get version from tag
+        id: get_version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+
+      - name: Create bot archive
+        run: |
+          # Create a directory for the release files
+          mkdir -p release
+
+          # Create the bot.tar.gz archive excluding src and node_modules
+          tar --exclude='./src' --exclude='./node_modules' --exclude='./.git' --exclude='./release' -czf release/bot.tar.gz .
+
+          # Create checksum file
+          cd release
+          sha256sum bot.tar.gz > checksum.txt
+          cd ..
+
+      - name: Create Release
+        id: create_release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: Release ${{ steps.get_version.outputs.VERSION }}
+          tag_name: ${{ steps.get_version.outputs.VERSION }}
+          draft: false
+          prerelease: false
+          files: |
+            release/bot.tar.gz
+            release/checksum.txt
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create or update 'latest' tag
+        run: |
+          git config --global user.name 'GitHub Actions'
+          git config --global user.email 'actions@github.com'
+          git tag -f latest
+          git push -f origin latest

egg-nemesis.json

@@ -16,7 +16,7 @@
         "Node 20": "ghcr.io/parkervcp/yolks:nodejs_20"
     },
     "file_denylist": [],
-    "startup": "if [[ -d .git ]] && [[ {{AUTO_UPDATE}} == \"1\" ]]; then git pull; fi; if [[ ! -z ${NODE_PACKAGES} ]]; then pnpm add -g ${NODE_PACKAGES}; fi; if [[ ! -d node_modules ]]; then pnpm install; fi; if [[ -f build.sh ]]; then chmod +x build.sh && ./build.sh; fi; if [[ ! -z ${ENVIRONMENT} ]]; then export NODE_ENV=${ENVIRONMENT}; fi; {{STARTUP_CMD}}",
+    "startup": "{{STARTUP_CMD}}",
     "config": {
         "files": "{}",
         "startup": "{\r\n    \"done\": \"Done!\"\r\n}",
@@ -25,7 +25,7 @@
     },
     "scripts": {
         "installation": {
-            "script": "#!\/bin\/bash\r\n# Nemesis Node.js Template Install Script\r\n#\r\n# Server Files: \/mnt\/server\r\napt update\r\napt install -y git curl\r\ncurl -fsSL https:\/\/get.pnpm.io\/install.sh | sh -\r\n\r\n# Set repository variables from egg\r\nGITHUB_USER=\"${GITHUB_USERNAME:-enum314}\"\r\nREPOSITORY=\"${GITHUB_REPOSITORY:-nemesis}\"\r\nBRANCH=\"${GITHUB_BRANCH:-main}\"\r\nTOKEN=\"${GITHUB_TOKEN}\"\r\n\r\n# Construct the repository URL\r\nif [ -z \"$TOKEN\" ]; then\r\n    # Public repository\r\n    SOURCE=\"https://github.com/${GITHUB_USER}/${REPOSITORY}.git\"\r\nelse\r\n    # Private repository with token\r\n    SOURCE=\"https://${TOKEN}@github.com/${GITHUB_USER}/${REPOSITORY}.git\"\r\nfi\r\n\r\nDEPLOY_DIR=\"/mnt/server\"\r\n\r\n# Make sure pterodactyl user can use pnpm\r\nexport PNPM_HOME=\"/usr/local/pnpm\"\r\nexport PATH=\"$PNPM_HOME:$PATH\"\r\npnpm config set store-dir /mnt/server/.pnpm-store\r\n\r\necho \"Cloning from: ${GITHUB_USER}/${REPOSITORY} (branch: ${BRANCH})\"\r\n\r\n# Clone or update repository\r\nif [ -d \"$DEPLOY_DIR/.git\" ]; then\r\n    cd \"$DEPLOY_DIR\"\r\n    git fetch origin\r\n    git reset --hard \"origin/$BRANCH\"\r\nelse\r\n    if [ -d \"$DEPLOY_DIR\" ]; then\r\n        if [ \"$(ls -A \"$DEPLOY_DIR\")\" ]; then\r\n            echo \"WARNING: Directory $DEPLOY_DIR is not empty\"\r\n            if [ \"$WIPE\" = \"1\" ]; then\r\n                echo \"Wiping directory...\"\r\n                rm -rf \"$DEPLOY_DIR\"\r\n                mkdir -p \"$DEPLOY_DIR\"\r\n            fi\r\n        fi\r\n    else\r\n        mkdir -p \"$DEPLOY_DIR\"\r\n    fi\r\n    \r\n    cd /tmp\r\n    git clone -b \"$BRANCH\" \"$SOURCE\" \"$DEPLOY_DIR\"\r\n    cd \"$DEPLOY_DIR\"\r\nfi\r\n\r\n# Setup environment\r\nif [ ! -f \"$DEPLOY_DIR/.env\" ]; then\r\n    if [ -f \"$DEPLOY_DIR/.env.example\" ]; then\r\n        cp \"$DEPLOY_DIR/.env.example\" \"$DEPLOY_DIR/.env\"\r\n        echo \"Created .env file from .env.example\"\r\n        # Update port in .env to match Pterodactyl's allocated port\r\n        sed -i \"s/PORT=.*/PORT={{server.build.default.port}}/g\" \"$DEPLOY_DIR/.env\"\r\n        echo \"Updated PORT in .env to {{server.build.default.port}}\"\r\n    else\r\n        echo \"Warning: No .env.example file found. Creating minimal .env file.\"\r\n        echo \"PORT={{server.build.default.port}}\" > \"$DEPLOY_DIR/.env\"\r\n        echo \"NODE_ENV=production\" >> \"$DEPLOY_DIR/.env\"\r\n    fi\r\nfi\r\n\r\n# Install dependencies\r\ncd \"$DEPLOY_DIR\"\r\npnpm install\r\n\r\n# Build the application\r\nif [ -f \"$DEPLOY_DIR/build.sh\" ]; then\r\n    chmod +x \"$DEPLOY_DIR/build.sh\"\r\n    ./build.sh\r\nelse\r\n    pnpm build\r\nfi\r\n\r\necho \"Installation complete.\"\r\necho \"Project has been installed from ${GITHUB_USER}/${REPOSITORY}.\"\r\necho \"Server will start on port {{server.build.default.port}} as configured in .env\"",
+            "script": "#!\/bin\/bash\r\n# Nemesis Node.js Template Install Script\r\n#\r\n# Server Files: \/mnt\/server\r\napt update\r\napt install -y curl wget tar jq file unzip make gcc g++ python3 python3-dev python3-pip libtool\r\ncurl -fsSL https:\/\/get.pnpm.io\/install.sh | sh -\r\n\r\n# Set repository variables from egg\r\nGITHUB_USER=\"${GITHUB_USERNAME:-enum314}\"\r\nREPOSITORY=\"${GITHUB_REPOSITORY:-nemesis}\"\r\nTAG=\"${GITHUB_TAG:-latest}\"\r\nTOKEN=\"${GITHUB_TOKEN}\"\r\n\r\nDEPLOY_DIR=\"/mnt/server\"\r\n\r\n# Make sure pterodactyl user can use pnpm\r\nexport PNPM_HOME=\"/usr/local/pnpm\"\r\nexport PATH=\"$PNPM_HOME:$PATH\"\r\npnpm config set store-dir /mnt/server/.pnpm-store\r\n\r\n# Ensure deployment directory exists\r\nif [ ! -d \"$DEPLOY_DIR\" ]; then\r\n    mkdir -p \"$DEPLOY_DIR\"\r\nfi\r\n\r\n# Download release tarball and checksum file\r\ncd /tmp\r\n\r\n# Construct the base release URL with token if provided\r\nif [ -z \"$TOKEN\" ]; then\r\n    # Public repository\r\n    BASE_URL=\"https://github.com/${GITHUB_USER}/${REPOSITORY}/releases/download/${TAG}\"\r\n    RELEASE_URL=\"${BASE_URL}/bot.tar.gz\"\r\n    CHECKSUM_URL=\"${BASE_URL}/checksum.txt\"\r\nelse\r\n    # Private repository with token\r\n    BASE_URL=\"https://${TOKEN}@github.com/${GITHUB_USER}/${REPOSITORY}/releases/download/${TAG}\"\r\n    RELEASE_URL=\"${BASE_URL}/bot.tar.gz\"\r\n    CHECKSUM_URL=\"${BASE_URL}/checksum.txt\"\r\nfi\r\n\r\necho \"Downloading from: ${GITHUB_USER}/${REPOSITORY} (tag: ${TAG})\"\r\n\r\n# Download checksum file\r\necho \"Downloading checksum file...\"\r\nwget -q --show-progress --header=\"Authorization: token ${TOKEN}\" \"$CHECKSUM_URL\" -O checksum.txt\r\nif [ $? -ne 0 ]; then\r\n    echo \"Failed to download checksum file. Aborting installation.\"\r\n    exit 1\r\nfi\r\n\r\n# Download tarball\r\necho \"Downloading release tarball...\"\r\nwget -q --show-progress --header=\"Authorization: token ${TOKEN}\" \"$RELEASE_URL\" -O bot.tar.gz\r\nif [ $? -ne 0 ]; then\r\n    echo \"Failed to download release tarball. Aborting installation.\"\r\n    exit 1\r\nfi\r\n\r\n# Verify checksum\r\necho \"Verifying file integrity...\"\r\nCOMPUTED_CHECKSUM=$(sha256sum bot.tar.gz | awk '{print $1}')\r\nEXPECTED_CHECKSUM=$(cat checksum.txt | awk '{print $1}')\r\n\r\nif [ \"$COMPUTED_CHECKSUM\" != \"$EXPECTED_CHECKSUM\" ]; then\r\n    echo \"Checksum verification failed!\"\r\n    echo \"Expected: $EXPECTED_CHECKSUM\"\r\n    echo \"Got: $COMPUTED_CHECKSUM\"\r\n    echo \"The downloaded file may be corrupted or tampered with. Aborting installation.\"\r\n    rm bot.tar.gz checksum.txt\r\n    exit 1\r\nfi\r\n\r\necho \"Checksum verification successful!\"\r\n\r\n# Extract to server directory\r\necho \"Extracting files...\"\r\ntar -xzf bot.tar.gz -C \"$DEPLOY_DIR\"\r\nrm bot.tar.gz checksum.txt\r\n\r\n# Setup environment file\r\nif [ ! -f \"$DEPLOY_DIR/.env\" ]; then\r\n    if [ -f \"$DEPLOY_DIR/.env.example\" ]; then\r\n        cp \"$DEPLOY_DIR/.env.example\" \"$DEPLOY_DIR/.env\"\r\n        echo \"Created .env file from .env.example\"\r\n        # Update port in .env to match Pterodactyl's allocated port\r\n        sed -i \"s/PORT=.*/PORT={{server.build.default.port}}/g\" \"$DEPLOY_DIR/.env\"\r\n        echo \"Updated PORT in .env to {{server.build.default.port}}\"\r\n    else\r\n        echo \"Warning: No .env.example file found. Creating minimal .env file.\"\r\n        echo \"PORT={{server.build.default.port}}\" > \"$DEPLOY_DIR/.env\"\r\n        echo \"NODE_ENV=production\" >> \"$DEPLOY_DIR/.env\"\r\n    fi\r\nfi\r\n\r\necho \"Release has been installed from ${GITHUB_USER}/${REPOSITORY} (tag: ${TAG}).\"\r\necho \"Server will start on port {{server.build.default.port}} as configured in .env\"",
             "container": "ghcr.io/parkervcp/installer:debian",
             "entrypoint": "bash"
         }
@@ -40,45 +40,9 @@
             "user_editable": true,
             "rules": "required|string"
         },
-        {
-            "name": "Auto Update",
-            "description": "Pull the latest changes from Git on startup.",
-            "env_variable": "AUTO_UPDATE",
-            "default_value": "1",
-            "user_viewable": true,
-            "user_editable": true,
-            "rules": "required|boolean"
-        },
-        {
-            "name": "Node Environment",
-            "description": "The Node environment to use.",
-            "env_variable": "ENVIRONMENT",
-            "default_value": "production",
-            "user_viewable": true,
-            "user_editable": true,
-            "rules": "required|string|in:production,development,staging,test"
-        },
-        {
-            "name": "Additional Node Packages",
-            "description": "Additional Node packages to install globally. Separate with spaces.",
-            "env_variable": "NODE_PACKAGES",
-            "default_value": "",
-            "user_viewable": true,
-            "user_editable": true,
-            "rules": "nullable|string"
-        },
-        {
-            "name": "Wipe Directory on Install",
-            "description": "Whether to wipe the directory when installing.",
-            "env_variable": "WIPE",
-            "default_value": "0",
-            "user_viewable": true,
-            "user_editable": true,
-            "rules": "required|boolean"
-        },
         {
             "name": "GitHub Username",
-            "description": "The GitHub username for the repository to clone (leave default for template repository).",
+            "description": "The GitHub username for the repository.",
             "env_variable": "GITHUB_USERNAME",
             "default_value": "enum314",
             "user_viewable": true,
@@ -87,18 +51,18 @@
         },
         {
             "name": "GitHub Repository",
-            "description": "The GitHub repository name to clone (leave default for template repository).",
+            "description": "The GitHub repository name.",
             "env_variable": "GITHUB_REPOSITORY",
             "default_value": "nemesis",
             "user_viewable": true,
             "user_editable": true,
             "rules": "required|string"
         },
         {
-            "name": "GitHub Branch",
-            "description": "The branch to clone from the repository.",
-            "env_variable": "GITHUB_BRANCH",
-            "default_value": "main",
+            "name": "GitHub Tag",
+            "description": "The release tag to install (use 'latest' for the most recent release).",
+            "env_variable": "GITHUB_TAG",
+            "default_value": "latest",
             "user_viewable": true,
             "user_editable": true,
             "rules": "required|string"

egg-nemesis.yml

@@ -5,23 +5,7 @@ exported_at: "2025-03-26T00:00:00+00:00"
 docker_image: ghcr.io/parkervcp/yolks:nodejs_22
 features:
   - docker
-startup: |
-  if [[ -d .git ]] && [[ {{AUTO_UPDATE}} == "1" ]]; then 
-    git pull; 
-  fi; 
-  if [[ ! -z ${NODE_PACKAGES} ]]; then 
-    pnpm add -g ${NODE_PACKAGES}; 
-  fi; 
-  if [[ ! -d node_modules ]]; then 
-    pnpm install; 
-  fi; 
-  if [[ -f build.sh ]]; then 
-    chmod +x build.sh && ./build.sh; 
-  fi; 
-  if [[ ! -z ${ENVIRONMENT} ]]; then 
-    export NODE_ENV=${ENVIRONMENT}; 
-  fi; 
-  {{STARTUP_CMD}}
+startup: "{{STARTUP_CMD}}"
 config:
   files: {}
   startup:
@@ -36,52 +20,24 @@ variables:
     user_viewable: true
     user_editable: true
     rules: required|string
-  - name: Auto Update
-    description: Pull the latest changes from Git on startup.
-    env_variable: AUTO_UPDATE
-    default_value: "1"
-    user_viewable: true
-    user_editable: true
-    rules: required|boolean
-  - name: Node Environment
-    description: The Node environment to use.
-    env_variable: ENVIRONMENT
-    default_value: production
-    user_viewable: true
-    user_editable: true
-    rules: required|string|in:production,development,staging,test
-  - name: Additional Node Packages
-    description: Additional Node packages to install globally. Separate with spaces.
-    env_variable: NODE_PACKAGES
-    default_value: ""
-    user_viewable: true
-    user_editable: true
-    rules: nullable|string
-  - name: Wipe Directory on Install
-    description: Whether to wipe the directory when installing.
-    env_variable: WIPE
-    default_value: "0"
-    user_viewable: true
-    user_editable: true
-    rules: required|boolean
   - name: GitHub Username
-    description: The GitHub username for the repository to clone (leave default for template repository).
+    description: The GitHub username for the repository.
     env_variable: GITHUB_USERNAME
     default_value: "enum314"
     user_viewable: true
     user_editable: true
     rules: required|string
   - name: GitHub Repository
-    description: The GitHub repository name to clone (leave default for template repository).
+    description: The GitHub repository name.
     env_variable: GITHUB_REPOSITORY
     default_value: "nemesis"
     user_viewable: true
     user_editable: true
     rules: required|string
-  - name: GitHub Branch
-    description: The branch to clone from the repository.
-    env_variable: GITHUB_BRANCH
-    default_value: "main"
+  - name: GitHub Tag
+    description: The release tag to install (use 'latest' for the most recent release).
+    env_variable: GITHUB_TAG
+    default_value: "latest"
     user_viewable: true
     user_editable: true
     rules: required|string
@@ -99,58 +55,83 @@ install:
     #
     # Server Files: /mnt/server
     apt update
-    apt install -y git curl
+    apt install -y curl wget tar jq file unzip make gcc g++ python3 python3-dev python3-pip libtool
     curl -fsSL https://get.pnpm.io/install.sh | sh -
 
     # Set repository variables from egg
     GITHUB_USER="${GITHUB_USERNAME:-enum314}"
     REPOSITORY="${GITHUB_REPOSITORY:-nemesis}"
-    BRANCH="${GITHUB_BRANCH:-main}"
+    TAG="${GITHUB_TAG:-latest}"
     TOKEN="${GITHUB_TOKEN}"
 
-    # Construct the repository URL
-    if [ -z "$TOKEN" ]; then
-        # Public repository
-        SOURCE="https://github.com/${GITHUB_USER}/${REPOSITORY}.git"
-    else
-        # Private repository with token
-        SOURCE="https://${TOKEN}@github.com/${GITHUB_USER}/${REPOSITORY}.git"
-    fi
-
     DEPLOY_DIR="/mnt/server"
 
     # Make sure pterodactyl user can use pnpm
     export PNPM_HOME="/usr/local/pnpm"
     export PATH="$PNPM_HOME:$PATH"
     pnpm config set store-dir /mnt/server/.pnpm-store
 
-    echo "Cloning from: ${GITHUB_USER}/${REPOSITORY} (branch: ${BRANCH})"
+    # Ensure deployment directory exists
+    if [ ! -d "$DEPLOY_DIR" ]; then
+        mkdir -p "$DEPLOY_DIR"
+    fi
+
+    # Download release tarball and checksum file
+    cd /tmp
 
-    # Clone or update repository
-    if [ -d "$DEPLOY_DIR/.git" ]; then
-        cd "$DEPLOY_DIR"
-        git fetch origin
-        git reset --hard "origin/$BRANCH"
+    # Construct the base release URL with token if provided
+    if [ -z "$TOKEN" ]; then
+        # Public repository
+        BASE_URL="https://github.com/${GITHUB_USER}/${REPOSITORY}/releases/download/${TAG}"
+        RELEASE_URL="${BASE_URL}/bot.tar.gz"
+        CHECKSUM_URL="${BASE_URL}/checksum.txt"
     else
-        if [ -d "$DEPLOY_DIR" ]; then
-            if [ "$(ls -A "$DEPLOY_DIR")" ]; then
-                echo "WARNING: Directory $DEPLOY_DIR is not empty"
-                if [ "$WIPE" = "1" ]; then
-                    echo "Wiping directory..."
-                    rm -rf "$DEPLOY_DIR"
-                    mkdir -p "$DEPLOY_DIR"
-                fi
-            fi
-        else
-            mkdir -p "$DEPLOY_DIR"
-        fi
-        
-        cd /tmp
-        git clone -b "$BRANCH" "$SOURCE" "$DEPLOY_DIR"
-        cd "$DEPLOY_DIR"
+        # Private repository with token
+        BASE_URL="https://${TOKEN}@github.com/${GITHUB_USER}/${REPOSITORY}/releases/download/${TAG}"
+        RELEASE_URL="${BASE_URL}/bot.tar.gz"
+        CHECKSUM_URL="${BASE_URL}/checksum.txt"
+    fi
+
+    echo "Downloading from: ${GITHUB_USER}/${REPOSITORY} (tag: ${TAG})"
+
+    # Download checksum file
+    echo "Downloading checksum file..."
+    wget -q --show-progress --header="Authorization: token ${TOKEN}" "$CHECKSUM_URL" -O checksum.txt
+    if [ $? -ne 0 ]; then
+        echo "Failed to download checksum file. Aborting installation."
+        exit 1
+    fi
+
+    # Download tarball
+    echo "Downloading release tarball..."
+    wget -q --show-progress --header="Authorization: token ${TOKEN}" "$RELEASE_URL" -O bot.tar.gz
+    if [ $? -ne 0 ]; then
+        echo "Failed to download release tarball. Aborting installation."
+        exit 1
     fi
 
-    # Setup environment
+    # Verify checksum
+    echo "Verifying file integrity..."
+    COMPUTED_CHECKSUM=$(sha256sum bot.tar.gz | awk '{print $1}')
+    EXPECTED_CHECKSUM=$(cat checksum.txt | awk '{print $1}')
+
+    if [ "$COMPUTED_CHECKSUM" != "$EXPECTED_CHECKSUM" ]; then
+        echo "Checksum verification failed!"
+        echo "Expected: $EXPECTED_CHECKSUM"
+        echo "Got: $COMPUTED_CHECKSUM"
+        echo "The downloaded file may be corrupted or tampered with. Aborting installation."
+        rm bot.tar.gz checksum.txt
+        exit 1
+    fi
+
+    echo "Checksum verification successful!"
+
+    # Extract to server directory
+    echo "Extracting files..."
+    tar -xzf bot.tar.gz -C "$DEPLOY_DIR"
+    rm bot.tar.gz checksum.txt
+
+    # Setup environment file
     if [ ! -f "$DEPLOY_DIR/.env" ]; then
         if [ -f "$DEPLOY_DIR/.env.example" ]; then
             cp "$DEPLOY_DIR/.env.example" "$DEPLOY_DIR/.env"
@@ -165,18 +146,5 @@ install:
         fi
     fi
 
-    # Install dependencies
-    cd "$DEPLOY_DIR"
-    pnpm install
-
-    # Build the application
-    if [ -f "$DEPLOY_DIR/build.sh" ]; then
-        chmod +x "$DEPLOY_DIR/build.sh"
-        ./build.sh
-    else
-        pnpm build
-    fi
-
-    echo "Installation complete."
-    echo "Project has been installed from ${GITHUB_USER}/${REPOSITORY}."
+    echo "Release has been installed from ${GITHUB_USER}/${REPOSITORY} (tag: ${TAG})."
     echo "Server will start on port {{server.build.default.port}} as configured in .env"