From 2fac0c2a726d277bea623c9733de2ad0b3efed36 Mon Sep 17 00:00:00 2001 From: Florian RUEN Date: Mon, 28 Oct 2024 12:37:13 +0100 Subject: [PATCH] fix: github workflow --- .github/workflows/publish-to-nextcloud.yml | 41 +++++++++++++++------- Makefile | 6 +++- bin/tools/file_from_env.php | 29 +++++++++++++++ 3 files changed, 62 insertions(+), 14 deletions(-) create mode 100644 bin/tools/file_from_env.php diff --git a/.github/workflows/publish-to-nextcloud.yml b/.github/workflows/publish-to-nextcloud.yml index bedfb91..318fa19 100644 --- a/.github/workflows/publish-to-nextcloud.yml +++ b/.github/workflows/publish-to-nextcloud.yml @@ -1,14 +1,19 @@ -name: Build and publish app release +name: Publish to Nextcloud store on: - release: - types: [published] + workflow_run: + workflows: ["Build and Release"] + types: + - completed env: - APP_NAME: news + APP_NAME: cidgravity_gateway + APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} + APP_PUBLIC_CRT: ${{ secrets.APP_PUBLIC_CRT }} jobs: - build_and_publish: + publish_to_nextcloud_store: + environment: release runs-on: ubuntu-latest name: "Release: build, sign and upload the app" strategy: @@ -44,14 +49,24 @@ jobs: tag: ${{ github.ref }} overwrite: true - - name: Upload app to Nextcloud appstore - uses: R0Wi/nextcloud-appstore-push-action@v1.0.3 - with: - app_name: ${{ env.APP_NAME }} - appstore_token: ${{ secrets.APPSTORE_TOKEN }} - download_url: ${{ steps.attach_to_release.outputs.browser_download_url }} - app_private_key: ${{ secrets.APP_PRIVATE_KEY }} - nightly: ${{ github.event.release.prerelease }} + - name: Download release archive + run: | + curl -L ${{ steps.attach_to_release.outputs.browser_download_url }} -o ${{ env.APP_NAME }}.tar.gz + + - name: Sign archive + id: sign_archive + run: | + echo "${{ secrets.APP_PRIVATE_KEY }}" > private_key.pem + signature=$(openssl dgst -sha512 -sign private_key.pem "${{ env.APP_NAME }}.tar.gz" | openssl base64 -A) + echo "SIGNATURE=$signature" >> "$GITHUB_OUTPUT" + shell: bash + + - name: Upload app to Nextcloud appstore via API + run: | + curl -X POST https://apps.nextcloud.com/api/v1/apps/releases \ + -H "Authorization: Token ${{ secrets.APPSTORE_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d '{"download": "${{ steps.attach_to_release.outputs.browser_download_url }}", "signature": "${{ steps.sign_archive.outputs.SIGNATURE }}"}' - name: Delete crt and key from local storage run: rm -f ~/.nextcloud/certificates/* diff --git a/Makefile b/Makefile index 12720ea..c0ac8a4 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ app_name=cidgravity_gateway -project_dir=$(CURDIR)/../$(app_name) +project_dir=$(CURDIR) build_dir=$(CURDIR)/build/artifacts appstore_dir=$(build_dir)/appstore source_dir=$(build_dir)/source @@ -85,6 +85,10 @@ appstore: --exclude=vendor \ --exclude=webpack.*.js \ $(project_dir)/ $(sign_dir)/$(app_name) + + php ./bin/tools/file_from_env.php "APP_PRIVATE_KEY" "$(cert_dir)/$(app_name).key" + php ./bin/tools/file_from_env.php "APP_PUBLIC_CRT" "$(cert_dir)/$(app_name).crt" + @if [ -f $(cert_dir)/$(app_name).key ]; then \ echo "Signing app files…"; \ php ../../occ integrity:sign-app \ diff --git a/bin/tools/file_from_env.php b/bin/tools/file_from_env.php new file mode 100644 index 0000000..c4b031e --- /dev/null +++ b/bin/tools/file_from_env.php @@ -0,0 +1,29 @@ +#!/usr/bin/env php + +* @copyright Benjamin Brahmer 2020 +*/ + +if ($argc < 2) { + echo "This script expects two parameters:\n"; + echo "./file_from_env.php ENV_VAR PATH_TO_FILE\n"; + exit(1); +} + +# Read environment variable +$content = getenv($argv[1]); + +if (!$content){ + echo "Variable was empty\n"; + exit(1); +} + +file_put_contents($argv[2], $content); + +echo "Done...\n"; \ No newline at end of file