fix: github workflow

.github/workflows/publish-to-nextcloud.yml

@@ -1,14 +1,19 @@
-name: Build and publish app release
+name: Publish to Nextcloud store
 
 on:
-  release:
-      types: [published]
+  workflow_run:
+    workflows: ["Build and Release"] 
+    types:
+      - completed 
 
 env:
-  APP_NAME: news
+  APP_NAME: cidgravity_gateway
+  APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+  APP_PUBLIC_CRT: ${{ secrets.APP_PUBLIC_CRT }}
 
 jobs:
-  build_and_publish:
+  publish_to_nextcloud_store:
+    environment: release
     runs-on: ubuntu-latest
     name: "Release: build, sign and upload the app"
     strategy:
@@ -44,14 +49,24 @@ jobs:
           tag: ${{ github.ref }}
           overwrite: true
 
-      - name: Upload app to Nextcloud appstore
-        uses: R0Wi/[email protected]
-        with:
-          app_name: ${{ env.APP_NAME }}
-          appstore_token: ${{ secrets.APPSTORE_TOKEN }}
-          download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
-          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
-          nightly: ${{ github.event.release.prerelease }}
+      - name: Download release archive
+        run: |
+          curl -L ${{ steps.attach_to_release.outputs.browser_download_url }} -o ${{ env.APP_NAME }}.tar.gz
+  
+      - name: Sign archive
+        id: sign_archive
+        run: |
+            echo "${{ secrets.APP_PRIVATE_KEY }}" > private_key.pem
+            signature=$(openssl dgst -sha512 -sign private_key.pem "${{ env.APP_NAME }}.tar.gz" | openssl base64 -A)
+            echo "SIGNATURE=$signature" >> "$GITHUB_OUTPUT"
+        shell: bash
+
+      - name: Upload app to Nextcloud appstore via API
+        run: |
+          curl -X POST https://apps.nextcloud.com/api/v1/apps/releases \
+            -H "Authorization: Token ${{ secrets.APPSTORE_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d '{"download": "${{ steps.attach_to_release.outputs.browser_download_url }}", "signature": "${{ steps.sign_archive.outputs.SIGNATURE }}"}'
 
       - name: Delete crt and key from local storage
         run: rm -f ~/.nextcloud/certificates/*

Makefile

@@ -1,5 +1,5 @@
 app_name=cidgravity_gateway
-project_dir=$(CURDIR)/../$(app_name)
+project_dir=$(CURDIR)
 build_dir=$(CURDIR)/build/artifacts
 appstore_dir=$(build_dir)/appstore
 source_dir=$(build_dir)/source
@@ -85,6 +85,10 @@ appstore:
 	--exclude=vendor \
 	--exclude=webpack.*.js \
 	$(project_dir)/  $(sign_dir)/$(app_name)
+
+	php ./bin/tools/file_from_env.php "APP_PRIVATE_KEY" "$(cert_dir)/$(app_name).key"
+	php ./bin/tools/file_from_env.php "APP_PUBLIC_CRT" "$(cert_dir)/$(app_name).crt"
+
 	@if [ -f $(cert_dir)/$(app_name).key ]; then \
 		echo "Signing app files…"; \
 		php ../../occ integrity:sign-app \

bin/tools/file_from_env.php

@@ -0,0 +1,29 @@
+#!/usr/bin/env php
+<?php
+/**
+* Nextcloud - News
+*
+* This file is licensed under the Affero General Public License version 3 or
+* later. See the COPYING file.
+*
+* @author Benjamin Brahmer <[email protected]>
+* @copyright Benjamin Brahmer 2020
+*/
+
+if ($argc < 2) {
+    echo "This script expects two parameters:\n";
+    echo "./file_from_env.php ENV_VAR PATH_TO_FILE\n";
+    exit(1);
+}
+
+# Read environment variable
+$content = getenv($argv[1]);
+
+if (!$content){
+    echo "Variable was empty\n";
+    exit(1);
+}
+
+file_put_contents($argv[2], $content);
+
+echo "Done...\n";