fix: github workflow

CIDgravity · Oct 28, 2024 · 8a48e28 · 8a48e28
1 parent e0fc1f1
commit 8a48e28
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 69 deletions.
diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
@@ -5,37 +5,78 @@ on:
     tags:
       - 'v*.*.*'
 
+env:
+  APP_NAME: cidgravity_gateway
+  APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+  APP_PUBLIC_CRT: ${{ secrets.APP_PUBLIC_CRT }}
+
 jobs:
   build:
     runs-on: ubuntu-latest
+    name: "Release: build, sign, release and publish to store"
+    strategy:
+      matrix:
+        php-versions: ['8.1']
+        node-versions: ['20']
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Setup Node.js
+      - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: ${{ matrix.node-versions }}
 
-      - name: Install dependencies and build project
-        run: |
-          npm install
-          npm run build
+      - name: Setup PHP
+        uses: shivammathur/[email protected]
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: gd,zip
+          coverage: none
+
+      - name: Build app
+        run: make
 
-      - name: Prepare zip folder
+      - name: Create signed release archive
+        run: make appstore
+        env:
+          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          app_public_crt: ${{ secrets.APP_PUBLIC_CRT }}
+
+      - name: Generate signature
+        id: sign_archive
         run: |
-          mkdir cidgravity_gateway
-          rsync -av --progress . ./cidgravity_gateway --exclude node_modules --exclude .git --exclude cidgravity_gateway --exclude .github --exclude .vscode
-          zip -r cidgravity_gateway-${{ github.ref_name }}.zip cidgravity_gateway
+          echo "${{ secrets.APP_PRIVATE_KEY }}" > private_key.pem
+          signature=$(openssl dgst -sha512 -sign private_key.pem "build/artifacts/${{ env.APP_NAME }}.tar.gz" | openssl base64 -A)
+          echo "SIGNATURE=$signature" >> "$GITHUB_OUTPUT"
 
       - name: Create GitHub Release
         id: create_release
         uses: softprops/action-gh-release@v2
         with:
-          files: cidgravity_gateway-${{ github.ref_name }}.zip
           tag_name: ${{ github.ref_name }}
           draft: false
           prerelease: false
           generate_release_notes: true
+
+      - name: Upload signed archive to release
+        uses: svenstaro/[email protected]
+        id: attach_to_release
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: build/artifacts/${{ env.APP_NAME }}.tar.gz
+          asset_name: ${{ env.APP_NAME }}.tar.gz
+          tag: ${{ github.ref_name }}
+          overwrite: true
+
+      - name: Publish to Nextcloud appstore
+        run: |
+            curl -X POST https://apps.nextcloud.com/api/v1/apps/releases \
+              -H "Content-Type: application/json" \
+              -H "Authorization: Token ${{ secrets.APPSTORE_TOKEN }}" \
+              -d '{"download": "${{ steps.attach_to_release.outputs.browser_download_url }}", "signature": "${{ steps.sign_archive.outputs.SIGNATURE }}"}'
+  
 
+      - name: Clean certificates
+        run: rm -f ~/.nextcloud/certificates/*
diff --git a/.github/workflows/publish-to-nextcloud.yml b/.github/workflows/publish-to-nextcloud.yml
diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 app_name=cidgravity_gateway
-project_dir=$(CURDIR)/../$(app_name)
+project_dir=$(CURDIR)
 build_dir=$(CURDIR)/build/artifacts
 appstore_dir=$(build_dir)/appstore
 source_dir=$(build_dir)/source
@@ -85,6 +85,10 @@ appstore:
 	--exclude=vendor \
 	--exclude=webpack.*.js \
 	$(project_dir)/  $(sign_dir)/$(app_name)
+
+	php ./bin/tools/file_from_env.php "APP_PRIVATE_KEY" "$(cert_dir)/$(app_name).key"
+	php ./bin/tools/file_from_env.php "APP_PUBLIC_CRT" "$(cert_dir)/$(app_name).crt"
+
 	@if [ -f $(cert_dir)/$(app_name).key ]; then \
 		echo "Signing app files…"; \
 		php ../../occ integrity:sign-app \

diff --git a/bin/tools/file_from_env.php b/bin/tools/file_from_env.php
@@ -0,0 +1,29 @@
+#!/usr/bin/env php
+<?php
+/**
+* Nextcloud - News
+*
+* This file is licensed under the Affero General Public License version 3 or
+* later. See the COPYING file.
+*
+* @author Benjamin Brahmer <[email protected]>
+* @copyright Benjamin Brahmer 2020
+*/
+
+if ($argc < 2) {
+    echo "This script expects two parameters:\n";
+    echo "./file_from_env.php ENV_VAR PATH_TO_FILE\n";
+    exit(1);
+}
+
+# Read environment variable
+$content = getenv($argv[1]);
+
+if (!$content){
+    echo "Variable was empty\n";
+    exit(1);
+}
+
+file_put_contents($argv[2], $content);
+
+echo "Done...\n";