fix: github workflow

.github/workflows/build-and-release.yml

@@ -5,37 +5,60 @@ on:
     tags:
       - 'v*.*.*'
 
+env:
+  APP_NAME: cidgravity_gateway
+  APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+  APP_PUBLIC_CRT: ${{ secrets.APP_PUBLIC_CRT }}
+
 jobs:
   build:
     runs-on: ubuntu-latest
+    name: "Build, sign and release app"
+    strategy:
+      matrix:
+        php-versions: ['8.1']
+        node-versions: ['20']
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Setup Node.js
+      - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: ${{ matrix.node-versions }}
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@2.31.1
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: gd,zip
+          coverage: none
 
-      - name: Install dependencies and build project
-        run: |
-          npm install
-          npm run build
+      - name: Build app
+        run: make
 
-      - name: Prepare zip folder
-        run: |
-          mkdir cidgravity_gateway
-          rsync -av --progress . ./cidgravity_gateway --exclude node_modules --exclude .git --exclude cidgravity_gateway --exclude .github --exclude .vscode
-          zip -r cidgravity_gateway-${{ github.ref_name }}.zip cidgravity_gateway
+      - name: Create signed release archive
+        run: make appstore
+        env:
+          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          app_public_crt: ${{ secrets.APP_PUBLIC_CRT }}
 
       - name: Create GitHub Release
         id: create_release
         uses: softprops/action-gh-release@v2
         with:
-          files: cidgravity_gateway-${{ github.ref_name }}.zip
           tag_name: ${{ github.ref_name }}
           draft: false
           prerelease: false
           generate_release_notes: true
-
+
+      - name: Upload signed archive to release
+        uses: svenstaro/upload-release-action@2.9.0
+        id: attach_to_release
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: build/artifacts/${{ env.APP_NAME }}.tar.gz
+          asset_name: ${{ env.APP_NAME }}.tar.gz
+          tag: ${{ github.ref_name }}
+          overwrite: true

.github/workflows/publish-to-nextcloud.yml

@@ -1,57 +1,58 @@
-name: Build and publish app release
+name: Publish to Nextcloud store
 
 on:
-  release:
-      types: [published]
+  workflow_run:
+    workflows: ["Build and Release"]
+    types:
+      - completed 
 
 env:
-  APP_NAME: news
+  APP_NAME: cidgravity_gateway
+  APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
+  APPSTORE_TOKEN: ${{ secrets.APPSTORE_TOKEN }}
 
 jobs:
-  build_and_publish:
+  publish_to_nextcloud_store:
+    environment: release
     runs-on: ubuntu-latest
-    name: "Release: build, sign and upload the app"
-    strategy:
-      matrix:
-        php-versions: ['8.1']
+    name: "Upload to Nextcloud App Store"
+
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4.2.2
-
-      - name: Setup PHP
-        uses: shivammathur/setup-php@2.31.1
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: gd,zip
-          coverage: none
-
-      - name: App build
-        run: make
-
-      - name: Create signed release archive
-        run: make appstore
-        env:
-          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
-          app_public_crt: ${{ secrets.APP_PUBLIC_CRT }}
-
-      - name: Upload app tarball to release
-        uses: svenstaro/upload-release-action@2.9.0
-        id: attach_to_release
-        with:
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          file: build/artifacts/${{ env.APP_NAME }}.tar.gz
-          asset_name: ${{ env.APP_NAME }}.tar.gz
-          tag: ${{ github.ref }}
-          overwrite: true
-
-      - name: Upload app to Nextcloud appstore
-        uses: R0Wi/nextcloud-appstore-push-action@v1.0.3
+      - name: Get latest release information
+        id: get_release
+        uses: actions/github-script@v6
         with:
-          app_name: ${{ env.APP_NAME }}
-          appstore_token: ${{ secrets.APPSTORE_TOKEN }}
-          download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
-          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
-          nightly: ${{ github.event.release.prerelease }}
-
-      - name: Delete crt and key from local storage
-        run: rm -f ~/.nextcloud/certificates/*
+          script: |
+            const release = await github.rest.repos.getReleaseByTag({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              tag: context.ref,
+            });
+            const asset = release.data.assets.find(asset => asset.name === `${process.env.APP_NAME}.tar.gz`);
+            if (!asset) throw new Error("Release asset not found for specified version");
+            return {
+              download_url: asset.browser_download_url
+            };
+
+      - name: Download release archive
+        run: |
+          curl -L "${{ steps.get_release.outputs.download_url }}" -o "${{ env.APP_NAME }}.tar.gz"
+
+      - name: Generate signature for release archive
+        id: sign_archive
+        run: |
+          echo "${{ secrets.APP_PRIVATE_KEY }}" > private_key.pem
+          signature=$(openssl dgst -sha512 -sign private_key.pem "${{ env.APP_NAME }}.tar.gz" | openssl base64 -A)
+          echo "::set-output name=signature::$signature"
+          rm -f private_key.pem
+        shell: bash
+
+      - name: Upload app to Nextcloud App Store via API
+        run: |
+          curl -X POST https://apps.nextcloud.com/api/v1/apps/releases \
+            -H "Authorization: Token ${{ secrets.APPSTORE_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d '{
+              "download": "${{ steps.get_release.outputs.download_url }}",
+              "signature": "${{ steps.sign_archive.outputs.signature }}"
+            }'

Makefile

@@ -1,5 +1,5 @@
 app_name=cidgravity_gateway
-project_dir=$(CURDIR)/../$(app_name)
+project_dir=$(CURDIR)
 build_dir=$(CURDIR)/build/artifacts
 appstore_dir=$(build_dir)/appstore
 source_dir=$(build_dir)/source
@@ -85,6 +85,10 @@ appstore:
 	--exclude=vendor \
 	--exclude=webpack.*.js \
 	$(project_dir)/  $(sign_dir)/$(app_name)
+
+	php ./bin/tools/file_from_env.php "APP_PRIVATE_KEY" "$(cert_dir)/$(app_name).key"
+	php ./bin/tools/file_from_env.php "APP_PUBLIC_CRT" "$(cert_dir)/$(app_name).crt"
+
 	@if [ -f $(cert_dir)/$(app_name).key ]; then \
 		echo "Signing app files…"; \
 		php ../../occ integrity:sign-app \

bin/tools/file_from_env.php

@@ -0,0 +1,29 @@
+#!/usr/bin/env php
+<?php
+/**
+* Nextcloud - News
+*
+* This file is licensed under the Affero General Public License version 3 or
+* later. See the COPYING file.
+*
+* @author Benjamin Brahmer <info@b-brahmer.de>
+* @copyright Benjamin Brahmer 2020
+*/
+
+if ($argc < 2) {
+    echo "This script expects two parameters:\n";
+    echo "./file_from_env.php ENV_VAR PATH_TO_FILE\n";
+    exit(1);
+}
+
+# Read environment variable
+$content = getenv($argv[1]);
+
+if (!$content){
+    echo "Variable was empty\n";
+    exit(1);
+}
+
+file_put_contents($argv[2], $content);
+
+echo "Done...\n";