fix: github workflow

CIDgravity · Oct 28, 2024 · 19d82e2 · 19d82e2
1 parent e0fc1f1
commit 19d82e2
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 25 deletions.
diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
@@ -5,9 +5,18 @@ on:
     tags:
       - 'v*.*.*'
 
+env:
+  APP_NAME: cidgravity_gateway
+  APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+  APP_PUBLIC_CRT: ${{ secrets.APP_PUBLIC_CRT }}
+
 jobs:
   build:
     runs-on: ubuntu-latest
+    name: "Build, sign and release app"
+    strategy:
+      matrix:
+        php-versions: ['8.1']
 
     steps:
       - name: Checkout code
@@ -18,24 +27,37 @@ jobs:
         with:
           node-version: '20'
 
-      - name: Install dependencies and build project
-        run: |
-          npm install
-          npm run build
+      - name: Setup PHP
+        uses: shivammathur/setup-php@2.31.1
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: gd,zip
+          coverage: none
+
+      - name: Build app
+        run: make
 
-      - name: Prepare zip folder
-        run: |
-          mkdir cidgravity_gateway
-          rsync -av --progress . ./cidgravity_gateway --exclude node_modules --exclude .git --exclude cidgravity_gateway --exclude .github --exclude .vscode
-          zip -r cidgravity_gateway-${{ github.ref_name }}.zip cidgravity_gateway
+      - name: Create signed release archive
+        run: make appstore
+        env:
+          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          app_public_crt: ${{ secrets.APP_PUBLIC_CRT }}
 
       - name: Create GitHub Release
         id: create_release
         uses: softprops/action-gh-release@v2
         with:
-          files: cidgravity_gateway-${{ github.ref_name }}.zip
           tag_name: ${{ github.ref_name }}
           draft: false
           prerelease: false
           generate_release_notes: true
-
+
+      - name: Upload signed archive to release
+        uses: svenstaro/upload-release-action@2.9.0
+        id: attach_to_release
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: build/artifacts/${{ env.APP_NAME }}.tar.gz
+          asset_name: cidgravity_gateway-${{ github.ref_name }}.tar.gz
+          tag: ${{ github.ref_name }}
+          overwrite: true
diff --git a/.github/workflows/publish-to-nextcloud.yml b/.github/workflows/publish-to-nextcloud.yml
@@ -1,14 +1,19 @@
-name: Build and publish app release
+name: Publish to Nextcloud store
 
 on:
-  release:
-      types: [published]
+  workflow_run:
+    workflows: ["Build and Release"] 
+    types:
+      - completed 
 
 env:
-  APP_NAME: news
+  APP_NAME: cidgravity_gateway
+  APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+  APP_PUBLIC_CRT: ${{ secrets.APP_PUBLIC_CRT }}
 
 jobs:
-  build_and_publish:
+  publish_to_nextcloud_store:
+    environment: release
     runs-on: ubuntu-latest
     name: "Release: build, sign and upload the app"
     strategy:
@@ -44,14 +49,24 @@ jobs:
           tag: ${{ github.ref }}
           overwrite: true
 
-      - name: Upload app to Nextcloud appstore
-        uses: R0Wi/nextcloud-appstore-push-action@v1.0.3
-        with:
-          app_name: ${{ env.APP_NAME }}
-          appstore_token: ${{ secrets.APPSTORE_TOKEN }}
-          download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
-          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
-          nightly: ${{ github.event.release.prerelease }}
+      - name: Download release archive
+        run: |
+          curl -L ${{ steps.attach_to_release.outputs.browser_download_url }} -o ${{ env.APP_NAME }}.tar.gz
+  
+      - name: Sign archive
+        id: sign_archive
+        run: |
+            echo "${{ secrets.APP_PRIVATE_KEY }}" > private_key.pem
+            signature=$(openssl dgst -sha512 -sign private_key.pem "${{ env.APP_NAME }}.tar.gz" | openssl base64 -A)
+            echo "SIGNATURE=$signature" >> "$GITHUB_OUTPUT"
+        shell: bash
+
+      - name: Upload app to Nextcloud appstore via API
+        run: |
+          curl -X POST https://apps.nextcloud.com/api/v1/apps/releases \
+            -H "Authorization: Token ${{ secrets.APPSTORE_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d '{"download": "${{ steps.attach_to_release.outputs.browser_download_url }}", "signature": "${{ steps.sign_archive.outputs.SIGNATURE }}"}'
 
       - name: Delete crt and key from local storage
         run: rm -f ~/.nextcloud/certificates/*
diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 app_name=cidgravity_gateway
-project_dir=$(CURDIR)/../$(app_name)
+project_dir=$(CURDIR)
 build_dir=$(CURDIR)/build/artifacts
 appstore_dir=$(build_dir)/appstore
 source_dir=$(build_dir)/source
@@ -85,6 +85,10 @@ appstore:
 	--exclude=vendor \
 	--exclude=webpack.*.js \
 	$(project_dir)/  $(sign_dir)/$(app_name)
+
+	php ./bin/tools/file_from_env.php "APP_PRIVATE_KEY" "$(cert_dir)/$(app_name).key"
+	php ./bin/tools/file_from_env.php "APP_PUBLIC_CRT" "$(cert_dir)/$(app_name).crt"
+
 	@if [ -f $(cert_dir)/$(app_name).key ]; then \
 		echo "Signing app files…"; \
 		php ../../occ integrity:sign-app \

diff --git a/bin/tools/file_from_env.php b/bin/tools/file_from_env.php
@@ -0,0 +1,29 @@
+#!/usr/bin/env php
+<?php
+/**
+* Nextcloud - News
+*
+* This file is licensed under the Affero General Public License version 3 or
+* later. See the COPYING file.
+*
+* @author Benjamin Brahmer <info@b-brahmer.de>
+* @copyright Benjamin Brahmer 2020
+*/
+
+if ($argc < 2) {
+    echo "This script expects two parameters:\n";
+    echo "./file_from_env.php ENV_VAR PATH_TO_FILE\n";
+    exit(1);
+}
+
+# Read environment variable
+$content = getenv($argv[1]);
+
+if (!$content){
+    echo "Variable was empty\n";
+    exit(1);
+}
+
+file_put_contents($argv[2], $content);
+
+echo "Done...\n";