IONOS(occ): hide sensitive data while config:app:set #294
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: HiDrive Next Build | |
| # SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors | |
| # SPDX-FileCopyrightText: 2024 STRATO AG | |
| # SPDX-License-Identifier: AGPL-3.0-or-later | |
| # The HiDrive Next source is packaged as a container image. | |
| # This is a workaround because releases can not be created without tags | |
| # and we want to be able to create snapshots from branches. | |
| on: | |
| pull_request: | |
| paths: | |
| - '.github/workflows/**' | |
| - 'src/**' | |
| - 'custom-npms/**' | |
| - 'apps/**' | |
| - 'apps/**/appinfo/info.xml' | |
| - 'apps-custom/**' | |
| - 'apps-external/**' | |
| - 'IONOS' | |
| - 'package.json' | |
| - 'package-lock.json' | |
| - 'themes/**' | |
| - 'tsconfig.json' | |
| - '**.js' | |
| - '**.ts' | |
| - '**.vue' | |
| push: | |
| branches: | |
| - ionos-dev | |
| - ionos-stable | |
| env: | |
| TARGET_PACKAGE_NAME: hidrive-next.zip | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| ARTIFACTORY_REPOSITORY_SNAPSHOT: ionos-productivity-hdnext-snapshot | |
| permissions: | |
| contents: read | |
| jobs: | |
| hidrive-next-build: | |
| runs-on: self-hosted | |
| permissions: | |
| contents: read | |
| outputs: | |
| NC_VERSION: ${{ steps.get_nc_version.outputs.NC_VERSION }} | |
| name: hidrive-next-build | |
| steps: | |
| - name: Checkout server | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 | |
| with: | |
| submodules: true | |
| - name: Set up node with version from package.json's engines | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version-file: "package.json" | |
| - name: Install Dependencies | |
| run: sudo apt-get update && sudo apt-get install -y make zip unzip | |
| - name: Print dependencies versions | |
| run: make --version && node --version && npm --version | |
| - name: Setup PHP with PECL extension | |
| uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1 | |
| with: | |
| tools: composer:v2 | |
| extensions: gd, zip, curl, xml, xmlrpc, mbstring, sqlite, xdebug, pgsql, intl, imagick, gmp, apcu, bcmath, redis, soap, imap, opcache | |
| env: | |
| runner: self-hosted | |
| - name: Print PHP install | |
| run: php -i && php -m | |
| - name: Build Nextcloud | |
| run: make -f IONOS/Makefile build_nextcloud FONTAWESOME_PACKAGE_TOKEN=${{ secrets.FONTAWESOME_PACKAGE_TOKEN }} | |
| - name: Install dependencies & build simplesettings app | |
| env: | |
| CYPRESS_INSTALL_BINARY: 0 | |
| PUPPETEER_SKIP_DOWNLOAD: true | |
| run: make -f IONOS/Makefile build_dep_simplesettings_app | |
| - name: Install dependencies & build viewer app | |
| env: | |
| CYPRESS_INSTALL_BINARY: 0 | |
| PUPPETEER_SKIP_DOWNLOAD: true | |
| run: make -f IONOS/Makefile build_dep_viewer_app | |
| - name: Install dependencies & build user_oidc app | |
| env: | |
| CYPRESS_INSTALL_BINARY: 0 | |
| PUPPETEER_SKIP_DOWNLOAD: true | |
| run: make -f IONOS/Makefile build_dep_user_oidc_app | |
| - name: Install dependencies for external apps nc_ionos_processes | |
| run: make -f IONOS/Makefile build_dep_nc_ionos_processes_app | |
| - name: Build Custom CSS | |
| run: make -f IONOS/Makefile build_dep_theming_app | |
| - name: Install dependencies & build IONOS theme custom elements | |
| env: | |
| CYPRESS_INSTALL_BINARY: 0 | |
| PUPPETEER_SKIP_DOWNLOAD: true | |
| run: make -f IONOS/Makefile build_dep_ionos_theme | |
| - name: Add config partials | |
| run: make -f IONOS/Makefile add_config_partials | |
| - name: Zip dependencies | |
| run: make -f IONOS/Makefile zip_dependencies TARGET_PACKAGE_NAME=${{ env.TARGET_PACKAGE_NAME }} | |
| - name: Get NC version | |
| id: get_nc_version | |
| continue-on-error: false | |
| run: | | |
| NC_VERSION=$(jq -r '.ncVersion' version.json) | |
| echo "NC_VERSION: $NC_VERSION" | |
| if [ -z "$NC_VERSION" ]; then | |
| echo "NC_VERSION is empty" | |
| exit 1 | |
| fi | |
| echo "NC_VERSION=$NC_VERSION" >> $GITHUB_OUTPUT | |
| - name: Upload artifact result for job hidrive-next-build | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| retention-days: 30 | |
| name: hidrive_next_build_artifact | |
| path: ${{ env.TARGET_PACKAGE_NAME }} | |
| - name: Show changes on failure | |
| if: failure() | |
| run: | | |
| git status | |
| git --no-pager diff | |
| exit 1 # make it red to grab attention | |
| upload-to-artifactory: | |
| runs-on: self-hosted | |
| # Upload the artifact to the Artifactory repository on PR *OR* on "ionos-dev|ionos-stable" branch push defined in the on:push:branches | |
| if: github.event_name == 'pull_request' || github.ref_name == 'ionos-dev' || github.ref_name == 'ionos-stable' | |
| name: Push to artifactory | |
| needs: hidrive-next-build | |
| outputs: | |
| ARTIFACTORY_LAST_BUILD_PATH: ${{ steps.artifactory_upload.outputs.ARTIFACTORY_LAST_BUILD_PATH }} | |
| env: | |
| BUILD_NAME: "hidrive_next-snapshot" | |
| steps: | |
| - name: Download artifact zip | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: hidrive_next_build_artifact | |
| # This action sets up the JFrog CLI with the Artifactory URL and access token | |
| - uses: jfrog/setup-jfrog-cli@v4 | |
| env: | |
| JF_URL: ${{ secrets.JF_ARTIFACTORY_URL }} | |
| JF_USER: ${{ secrets.JF_ARTIFACTORY_USER }} | |
| JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} | |
| - name: Ping the JF server | |
| run: | | |
| # Ping the server | |
| jf rt ping | |
| - name: Upload build to artifactory | |
| id: artifactory_upload | |
| run: | | |
| # PR builds are stored in a separate directory as "dev/pr/hidrive-next-pr-<number>.zip" | |
| # Push to "ionos-dev" branch is stored as "dev/hidrive-next-<ncVersion>.zip" | |
| ARTIFACTORY_STAGE_PREFIX="dev" | |
| # set ARTIFACTORY_STAGE_PREFIX=stable on ionos-stable branch | |
| if [ ${{ github.ref_name }} == "ionos-stable" ]; then | |
| ARTIFACTORY_STAGE_PREFIX="stable" | |
| fi | |
| export PATH_TO_DIRECTORY="${{ env.ARTIFACTORY_REPOSITORY_SNAPSHOT }}/${ARTIFACTORY_STAGE_PREFIX}" | |
| PATH_TO_FILE="pr/hidrive-next-pr-${{ github.event.pull_request.number }}.zip" | |
| if [ -z "${{ github.event.pull_request.number }}" ]; then | |
| PATH_TO_FILE="hidrive-next-${{ needs.hidrive-next-build.outputs.NC_VERSION }}.zip" | |
| fi | |
| export PATH_TO_LATEST_ARTIFACT="${PATH_TO_DIRECTORY}/${PATH_TO_FILE}" | |
| # Promote current build to the "latest" dev build | |
| jf rt upload "${{ env.TARGET_PACKAGE_NAME }}" \ | |
| --build-name "${{ env.BUILD_NAME }}" \ | |
| --build-number ${{ github.run_number }} \ | |
| --target-props "hdnext.nc_version=${{ needs.hidrive-next-build.outputs.NC_VERSION }};vcs.branch=${{ github.ref }};vcs.revision=${{ github.sha }}" \ | |
| $PATH_TO_LATEST_ARTIFACT | |
| echo "ARTIFACTORY_LAST_BUILD_PATH=${PATH_TO_LATEST_ARTIFACT}" >> $GITHUB_OUTPUT | |
| - name: Show changes on failure | |
| if: failure() | |
| run: | | |
| git status | |
| git --no-pager diff | |
| exit 1 # make it red to grab attention | |
| hidirve-next-artifact-to-ghcr_io: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| name: Push artifact to ghcr.io | |
| needs: hidrive-next-build | |
| steps: | |
| - name: Download artifact zip | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: hidrive_next_build_artifact | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | |
| with: | |
| images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" | |
| - name: Create Dockerfile | |
| run: | | |
| cat >Dockerfile << EOF | |
| FROM busybox as builder | |
| COPY ./${{ env.TARGET_PACKAGE_NAME }} / | |
| WORKDIR /builder | |
| RUN unzip /${{ env.TARGET_PACKAGE_NAME }} -d /builder | |
| FROM scratch | |
| WORKDIR /app | |
| VOLUME /app | |
| COPY --from=builder /builder /app | |
| EOF | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Show changes on failure | |
| if: failure() | |
| run: | | |
| exit 1 # make it red to grab attention | |
| trigger-remote-dev-worflow: | |
| runs-on: self-hosted | |
| name: Trigger remote workflow | |
| needs: [ hidrive-next-build, upload-to-artifactory ] | |
| # Trigger remote build on "ionos-dev|ionos-stable" branch *push* defined in the on:push:branches | |
| if: github.event_name == 'push' && ( github.ref_name == 'ionos-dev' || github.ref_name == 'ionos-stable' ) | |
| steps: | |
| - name: Trigger remote workflow | |
| run: | | |
| # Enable command echo | |
| set -x | |
| # The 'ionos-dev' branch will trigger remote "dev" branch workflow | |
| GITLAB_BRANCH="dev" | |
| # set ARTIFACTORY_STAGE_PREFIX=stable on ionos-stable branch | |
| if [ ${{ github.ref_name }} == "ionos-stable" ]; then | |
| GITLAB_BRANCH="stable" | |
| fi | |
| # Call webhook | |
| curl \ | |
| --silent \ | |
| --insecure \ | |
| --request POST \ | |
| --fail-with-body \ | |
| -o response.json \ | |
| --form token=${{ secrets.GITLAB_TOKEN }} \ | |
| --form ref="${GITLAB_BRANCH}" \ | |
| --form "variables[GITHUB_SHA]=${{ github.sha }}" \ | |
| --form "variables[ARTIFACTORY_LAST_BUILD_PATH]=${{ needs.upload-to-artifactory.outputs.ARTIFACTORY_LAST_BUILD_PATH }}" \ | |
| --form "variables[NC_VERSION]=${{ needs.hidrive-next-build.outputs.NC_VERSION }}" \ | |
| --form "variables[BUILD_ID]=${{ github.run_id }}" \ | |
| "${{ secrets.GITLAB_TRIGGER_URL }}" || ( RETCODE="$?"; jq . response.json; exit "$RETCODE" ) | |
| # Disable command echo | |
| set +x | |
| # Print and parse json | |
| # jq . response.json | |
| echo "json<<END" >> $GITHUB_OUTPUT | |
| cat response.json >> $GITHUB_OUTPUT | |
| echo "END" >> $GITHUB_OUTPUT | |
| echo "web_url<<END" >> $GITHUB_OUTPUT | |
| cat response.json | jq --raw-output '.web_url' >> $GITHUB_OUTPUT | |
| echo "END" >> $GITHUB_OUTPUT | |
| - name: Show changes on failure | |
| if: failure() | |
| run: | | |
| git status | |
| git --no-pager diff | |
| exit 1 # make it red to grab attention |