build: give more context to github actions

utilities/build/stage-solar/00-install-solar-protocol/01-run.sh

@@ -1,34 +1,39 @@
-on_chroot <<EOF
+function info() {
+  [[ "$CI" = true ]] && echo "::group::$*" || >&2 echo "$*"
+}
+
+function endinfo() {
+  [[ "$CI" = true ]] && echo "::endgroup::" || true
+}
+
+info "installing the latest version of solar-protocol"
+on_chroot << EOF
 git clone https://github.com/alexnathanson/solar-protocol --depth 1 /home/pi/solar-protocol
-a2enmod headers
-a2enmod rewrite
-a2enmod userdir
-a2enmod ssl
-adduser pi www-data
 chown -R pi:pi /home/pi/solar-protocol
 chown -R www-data:www-data /home/pi/solar-protocol/frontend
 chmod 755 /home/pi
+chown -R pi:pi /home/pi
+cd /home/pi/solar-protocol
+python -m venv .venv
+. .venv/bin/activate
+python -m pip install -r requirements.txt
+cp -r local ../
+cp utilities/build/installation.md /home/pi/readme.md
+cp backend/data/deviceListTemplate.json backend/data/deviceList.json
+cd
 EOF
 
-cat > ${ROOTFS_DIR}/etc/fail2ban/jail.local <<EOF
-[sshd]
-enabled = true
-filter = sshd
-backend = systemd
-logpath = /var/log/auth.log
-maxretry = 5
-bantime = 3600
-EOF
-
-# this is needed to make sure php has the correct timezone
-sed -i \
-  -e "s|;date.timezone.*|date.timezone = ${TIMEZONE_DEFAULT}|" \
-  ${ROOTFS_DIR}/etc/php/8.2/apache2/php.ini
-
-# TODO: check if needed or install to @reboot cron
-# sh /home/pi/solar-protocol/utilities/setAllPermissions.sh
+echo "::warning file={utilities/setAllPermissions.sh},title={skipping permissions fix}::{skipping running the permissions fixing script}"
+endinfo
 
-echo 'PubkeyAcceptedAlgorithms +ssh-rsa' >> ${ROOTFS_DIR}/etc/ssh/sshd_config
+info "setting up apache web server"
+on_chroot <<EOF
+a2enmod headers
+a2enmod rewrite
+a2enmod userdir
+a2enmod ssl
+adduser pi www-data
+EOF
 
 sed -i \
   -e 's|DocumentRoot /var/www/html|DocumentRoot /home/pi/solar-protocol/frontend|' \
@@ -47,7 +52,31 @@ cat >> ${ROOTFS_DIR}/etc/apache2/apache2.conf <<EOF
     Header set Access-Control-Allow-Origin "*"
 </Directory>
 EOF
+endinfo
+
+info "setting up fail2ban to protect against bots"
+cat > ${ROOTFS_DIR}/etc/fail2ban/jail.local <<EOF
+[sshd]
+enabled = true
+filter = sshd
+backend = systemd
+logpath = /var/log/auth.log
+maxretry = 5
+bantime = 3600
+EOF
+endinfo
+
+info "fixing php timezone"
+sed -i \
+  -e "s|;date.timezone.*|date.timezone = ${TIMEZONE_DEFAULT}|" \
+  ${ROOTFS_DIR}/etc/php/*/apache2/php.ini
+endinfo
+
+info "enabling less secure ssh keys for network admins"
+echo 'PubkeyAcceptedAlgorithms +ssh-rsa' >> ${ROOTFS_DIR}/etc/ssh/sshd_config
+endinfo
 
+info "updating the login screen and message of the day"
 export VERSION
 rm ${ROOTFS_DIR}/etc/motd
 rm ${ROOTFS_DIR}/etc/update-motd.d/10-uname
@@ -56,7 +85,9 @@ chmod a+x ${ROOTFS_DIR}/etc/update-motd.d/10-hello
 
 rm ${ROOTFS_DIR}/etc/issue
 envsubst < files/etc/issue.template > ${ROOTFS_DIR}/etc/issue
+endinfo
 
+info "add post-install password change tool"
 install -d "${ROOTFS_DIR}/etc/systemd/system"
 install -m 644 files/etc/systemd/system/userpass.service "${ROOTFS_DIR}/etc/systemd/system/userpass.service"
 install -d "${ROOTFS_DIR}/usr/lib/userpass-pi"
@@ -67,14 +98,4 @@ on_chroot << EOF
 EOF
 
 install files/home/pi/disable-ssh-password-auth "${ROOTFS_DIR}/home/pi/"
-
-on_chroot << EOF
-  pushd /home/pi/solar-protocol
-  python -m venv .venv
-  . .venv/bin/activate
-  python -m pip install -r requirements.txt
-  cp -r local ../
-  cp utilities/build/installation.md /home/pi/readme.md
-  cp backend/data/deviceListTemplate.json backend/data/deviceList.json
-  chown -R pi:pi /home/pi
-EOF
+endinfo