Conversation
Package FreshRSS (1.29.1) as a Syncloud snap: bundled php-fpm + nginx via ld-linux loader wrappers, SQLite storage under DATA_PATH, Go/Cobra installer hooks, form auth with a provisioned admin user, and a feed-refresh cron daemon. Integration tests + Drone CI (amd64, bookworm/buster).
Avoids fragile dind in CI; build PHP-FPM + extensions directly in the php:8.3-fpm-bookworm step and bundle via cp, mirroring the wordpress app. Make freshrss.sh self-contained so provisioning does not rely on sudo env passthrough.
…cloud-lib 367 (no selenium)
nginx access_log and php-fpm error_log opening /dev/stdout / /dev/stderr as files fails with ENXIO under systemd, crash-looping both daemons. Use syslog to /dev/log (journald ingests it), mirroring owncast/wordpress.
|
✅ CI is fully green on Fix history to green: executable bits on scripts → drop |
Auth: delegate to the platform. nginx gates access via Authelia authrequest and passes Remote-User to php-fpm (auth_type=http_auth); FreshRSS auto-provisions the account (http_auth_auto_register via config.custom.php). No local users/passwords. FreshRSS token APIs under /api/ bypass the SSO gate. CI: 3 archs (amd64/arm64/arm); per-distro binary smoke tests (nginx/php/cli on bookworm+buster); pytest device test on both distros; Playwright UI (amd64) logging in via SSO. No version step (package.sh writes it); no inline commands (ci-test.sh, freshrss/build.sh); refresh.hold on platform services. cron: replace shell loop with a Go service (pihole gravity pattern).
…rtion
FreshRSS <title> is the configured app title ('Syncloud'), not 'FreshRSS';
#stream visibility already proves the reader loaded. Keep screenshot filenames
as their short labels (reader/landing/auth/config) instead of Playwright's long
test-results dir name.
…g-user.custom.php
|
✅ Fully green (build #25) on amd64 + arm64: per-distro binary tests (nginx/php/cli on bookworm+buster), pytest device tests on both distros, and Playwright UI (login + settings) via Syncloud SSO. Auth reworked to delegate to the platform — Authelia |
…he sidebar and subscription page
…alize path; re-enable armhf
Cron pointed at a non-existent cli/actualize-script.php; the actualize entrypoint is
app/actualize_script.php. The feed test now triggers actualize over ssh after login and
asserts a rendered article (#stream .flux). armhf runner is back, so re-enable build('arm').
…ia UI #actualize button, not ssh Real users fetch feeds via the header refresh button (or the background cron), so the feed test clicks #actualize instead of ssh-ing an actualize script. env() helper throws on any missing PLAYWRIGHT_* var instead of falling back to a hardcoded default.
…-user.custom.php, opml.xml) Ship them as reviewable files copied into DATA_PATH at install instead of Go string literals. Drop dead getOrCreateUuid/uuid (leftover from form-auth).
…hRssCli, drop freshrss.go)
…pty system Users add feeds via the FreshRSS UI (+ button → paste URL → submit), which fetches entries immediately. Drop the shipped example opml.xml; the test now exercises that real flow and reads the resulting articles.
…n mgmt), not unread-stream articles
The main stream is unread-only, so freshly-imported articles don't appear there; the
correct, retry-safe signal that add-via-UI worked is the feed listed in subscription
management ('Release notes from FreshRSS').
…ion box FreshRSS displays the feed as 'FreshRSS releases' (not the atom <title> 'Release notes from FreshRSS'); assert a feed link containing FreshRSS inside .box, excluding the header logo.
|
✅ Fully green on amd64, arm64, and armhf (build #43). Since the last summary: Syncloud SSO via Authelia |
… read it Navigate to /i/?state=3 (STATE_ALL) to list the fetched articles, then click a summary to expand an article into .flux_content — the real read flow.
…IPs, imported 0 articles)
Packages FreshRSS 1.29.1 as a Syncloud snap, following the 2026 porting guide (owncast/paperless/games shape).
What's here
ld-linuxloader wrapper so it runs on both bookworm and busterCGO_ENABLED=0DATA_PATHpointed at the Syncloud storage diradminuser is provisioned at install (password at<storage>/admin.password)Notes
mod_auth_openidc, incompatible with nginx+php-fpm, so platform SSO is left as a future enhancement.wipbranch.