fix: signing dependencies at deploy to Nextcloud app store

Signed-off-by: Vitor Mattos <[email protected]>
LibreSign · Jun 27, 2024 · ac62885 · ac62885
1 parent 789712b
commit ac62885
Show file tree

Hide file tree

Showing 10 changed files with 605 additions and 29 deletions.
diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml
@@ -20,10 +20,10 @@ jobs:
     # if: ${{ github.repository_owner == 'nextcloud-releases' }}
 
     steps:
-      # - name: Check actor permission
-      #   uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
-      #   with:
-      #     require: write
+      - name: Check actor permission
+        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
+        with:
+          require: write
 
       - name: Set app env
         run: |
@@ -75,7 +75,6 @@ jobs:
         uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761 # v2
         with:
           php-version: ${{ steps.php-versions.outputs.php-min }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
           coverage: none
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -142,34 +141,15 @@ jobs:
           repository: nextcloud/server
           path: nextcloud
 
-      - name: Set up Nextcloud
-        env:
-          DB_PORT: 4444
-        run: |
-          ln -s `pwd`/${{ env.APP_NAME }}/build/artifacts/sign/${{ env.APP_NAME }} nextcloud/apps/${{ env.APP_NAME }}
-          php nextcloud/occ maintenance:install \
-            --verbose \
-            --database=sqlite \
-            --database-name=nextcloud \
-            --database-host=127.0.0.1 \
-            --database-port=$DB_PORT \
-            --database-user=root \
-            --database-pass=rootpassword \
-            --admin-user admin \
-            --admin-pass admin
-          php nextcloud/occ --version
-          php nextcloud/occ app:enable --force ${{ env.APP_NAME }}
-
       - name: Sign app
         run: |
+          # Extracting release
+          cd ${{ env.APP_NAME }}/build/artifacts
+          tar -xvf ${{ env.APP_NAME }}.tar.gz
+          cd ../../../
           # Setting up keys
           echo '${{ secrets.APP_PRIVATE_KEY }}' > ${{ env.APP_NAME }}.key
           wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"
-          # Signing dependencies
-          php nextcloud/occ libresign:install --all --architecture aarch64
-          php nextcloud/occ libresign:install --all --architecture x86_64
-          php nextcloud/occ config:system:set debug --value true --type boolean
-          php nextcloud/occ libresign:developer:sign-setup --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt
           # Signing
           php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}
           # Rebuilding archive

diff --git a/.gitignore b/.gitignore
@@ -12,4 +12,3 @@ node_modules/
 .phpunit.result.cache
 *.phar
 /src/__test__/coverage
-/appinfo/install-*.json
diff --git a/appinfo/install-aarch64-cfssl.json b/appinfo/install-aarch64-cfssl.json
@@ -0,0 +1,8 @@
+{
+    "hashes": {
+        "cfssl": "1737a048e0b428672600f703319f5effd65715f9f327db792155be320a10577a3aacbd70a14a4849100a42ee038ef9e661e369811dc0a69cf0ff00075559b4c2",
+        "cfssljson": "acc13de845f25dffc400c67a3e28a7698a5a6d3c6fbbff1d85c69addce40f71ad38a5efce50818cc774f5f922f377d433ebab5183b5ecdaaed55b6b2a13168dd"
+    },
+    "signature": "fSEXW3coozh9NkaYAGQYWah9x5k9\/ZgeQyvaN4Qiuy2Ob6qXc\/QJHxf4ReoV2u9UEuj0qZ8pGqkiqyfzoVcgp0hFJOq0AT14y3lAfMzJtX3bPcz6x9+mhaoJtBK8cLsBmvUdxymCB0vuSInjfmClQ4O3QQhFNATq4ACgjFPS2DgX5STsEVaN8yxMDV03kgu\/MQfWDDdvRP9WHREFpyTY4GRavi+rbdinLbHuj7gi3BYVz0cMdxzOhpaz0uBYXATXVsgjdNnNZinm9\/JU0WroKq7d72IYb1jw6kiO61wKt5B6iERb4RZwqQoLogiD\/KDuZA\/B8Q2hXEJz47swwEFK3X8ZxAB1Zgi6C7+T7agoFn8M7tpfuBHFuNl12EQ6jWWok3Bfnx4rKhQfhr\/OpCTVPi4wxIkst6geJbux7Tzqfh1+\/K6HlNpN5ZdDErR3VYDVb7ZiKSz\/8pgzugEUvUjSgE6ERX30e7Hjh2Vy4LdXf\/B1kZDiqGPA6NOvmAyrikVsJAnPgqGeBxIPFdcO8OYIPZdoKYjK+ruqlNznhdTQz7m6Z94HmrnUQIXf\/lWx88NHvhwDByT7hmvCphWJf0jMtHMn21h9Flx8JQGs9YeTzUbO70SLzRw913qfDKGlAarA2TNoZO+4cjLgszcbAcRW+pfHAMn855OOb9zot0xS8hk=",
+    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIEBDCCAuwCAhF4MA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNVBAYTAkRFMRswGQYD\r\nVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxFzAVBgNVBAoMDk5leHRjbG91ZCBHbWJI\r\nMTYwNAYDVQQDDC1OZXh0Y2xvdWQgQ29kZSBTaWduaW5nIEludGVybWVkaWF0ZSBB\r\ndXRob3JpdHkwHhcNMjEwMzA0MTk1NzQ1WhcNMzEwNjEwMTk1NzQ1WjAUMRIwEAYD\r\nVQQDDAlsaWJyZXNpZ24wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDq\r\nNU7W4kX445A4yMlADzxuNCouzzIYJBDRZXrKuz5OtbApKY5mPqfXGEpc8N04+eAJ\r\n5EJz5f9r0WxVcWGtyFN1sPObAsoMGyhOzNvAGaveL40xBsc7LdQgCR2JraInHH\/e\r\nMNtkgHQcWL5nihqYIEWvMeVt3uMTiI05F3SjW4+u\/NaRRw\/5y5l5W4Fy6VPzPW0P\r\n22Wmllkb3BFG16C6hHG\/+qE8pf12AcxQZ3B21MbPkHjOjxSz6NS74jGIVRtcn6dO\r\ny26XZ1XoeNUPZDyLFluYCBw5fgTIIU+721mkkA7EjP9RighygVGk4WII7l9Pc+Sf\r\nNwcxQykNdEnZ67ETSr4v1CpArAeXZ2dEZ\/b9QqI\/MCGw0Aa\/Pv2vDc8McFFBBTrt\r\nPDvn0TG0RdfuFAkYdOpFjH3urGUEvcJ\/+lFvRVUu203PHLfx72zNI3XVXui\/slf3\r\noK4LsQrbvj+heYnNXyr5UQAzgXW9JDiXE0sBxfzUz2XKlbuuNpLLE9EkFFQ5LyZJ\r\nG3l1f\/yO3CvGLancbhCvRjo6Lts38GjmkWQT+0BNBpwYhoAd4wopnMYphI9qldbp\r\n1XPWBqb+0w1p6bkIHmci8D\/whC0\/BEHoCs+DpRciRZM0FqW7frZcEGeO6YOoDWJ2\r\nCAhwXGodT4iV8RtVUC6\/arGGUal\/YqBk2M\/9zK6eMwIDAQABMA0GCSqGSIb3DQEB\r\nCwUAA4IBAQBWMFEq++xjRqFsWNPpoTtkfuj0PUajfRHBGzSUXccz0hw8kdR4C2xx\r\nhkYlJ9kqyWNxO1h4urQL5cM1sbl4xf5CI9xf7iuOcB06\/kn3umLmruRec32WG2bS\r\nqAWnnljGCX4sVY8oSbdaUopXE9o9pl966XQ5858c+w9ydkjMDnfOmzrCpgHrJefN\r\n94hIttjJsV8te15VcKoNUxsrZBlPIrpueUQRc13Z9CWp8eRXl4J4CZfVFSY7T4ho\r\nBlNtdPas2R9HJJDYEGS+fg5dfLLvTL4qPSxLjm753pJprfrDxfE9qQl0xtIe8aaw\r\nKFJ\/AK3JTRBkBwsgAE5OYEXTUV9oNS2j\r\n-----END CERTIFICATE-----"
+}