-
Notifications
You must be signed in to change notification settings - Fork 263
162 lines (141 loc) Β· 6.46 KB
/
appstore-conventional-build-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# This workflow is provided via the organization template repository
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
#
# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
name: Build and publish app release conventionally
on:
workflow_dispatch:
branches: stable*
env:
PHP_VERSION: 8.2
jobs:
build_and_publish:
runs-on: [ubuntu-latest, self-hosted]
environment: release
steps:
- name: Check actor permission
uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
with:
require: write
- name: Set app env
run: |
# Split and keep last
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ secrets.RELEASE_PAT }}
fetch-depth: 0
- name: Conventional Changelog Action
id: changelog
uses: TriPSs/conventional-changelog-action@v3
with:
github-token: ${{ secrets.RELEASE_PAT }}
git-user-email: [email protected]
git-user-name: Nextcloud Command Bot
skip-git-pull: "true"
pre-commit: build/pre-commit.js
release-count: 0
version-file: "package.json, package-lock.json"
- name: Get appinfo data
id: appinfo
uses: skjnldsv/xpath-action@7e6a7c379d0e9abc8acaef43df403ab4fc4f770c # master
if: ${{ steps.changelog.outputs.skipped == 'false' }}
with:
filename: appinfo/info.xml
expression: "//info//dependencies//nextcloud/@min-version"
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2
if: ${{ steps.changelog.outputs.skipped == 'false' }}
id: versions
# Continue if no package.json
continue-on-error: true
with:
path: ./
fallbackNode: '^20'
fallbackNpm: '^9'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
if: ${{ steps.changelog.outputs.skipped == 'false' }}
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
- name: Set up npm ${{ steps.versions.outputs.npmVersion }}
if: ${{ steps.changelog.outputs.skipped == 'false' }}
run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"
- name: Set up php ${{ env.PHP_VERSION }}
uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
if: ${{ steps.changelog.outputs.skipped == 'false' }}
with:
php-version: ${{ env.PHP_VERSION }}
coverage: none
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install Krankerl
if: ${{ steps.changelog.outputs.skipped == 'false' }}
run: |
wget https://github.com/ChristophWurst/krankerl/releases/download/v0.14.0/krankerl_0.14.0_amd64.deb
sudo dpkg -i krankerl_0.14.0_amd64.deb
- name: Package ${{ env.APP_NAME }} ${{ env.APP_VERSION }} with krankerl
if: ${{ steps.changelog.outputs.skipped == 'false' }}
run: krankerl package
- name: Checkout server ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}
if: ${{ steps.changelog.outputs.skipped == 'false' }}
continue-on-error: true
id: server-checkout
run: |
NCVERSION=${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}
wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip -O build/nextcloud.zip
unzip build/nextcloud.zip build/nextcloud
- name: Checkout server master fallback
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ steps.changelog.outputs.skipped == 'false' && steps.server-checkout.outcome != 'success' }}
with:
submodules: true
repository: nextcloud/server
path: build/nextcloud
- name: Sign app
if: ${{ steps.changelog.outputs.skipped == 'false' }}
run: |
# Extracting release
cd build/artifacts
tar -xvf ${{ env.APP_NAME }}.tar.gz
cd ../../
# Setting up keys
echo "${{ secrets.APP_PRIVATE_KEY }}" > build/${{ env.APP_NAME }}.key
wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" -O build/${{ env.APP_NAME }}.crt
pwd
ls -l
ls -l build
# Signing
php build/nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../artifacts/${{ env.APP_NAME }}
# Rebuilding archive
cd build/artifacts
tar -zcvf ${{ env.APP_NAME }}.tar.gz ${{ env.APP_NAME }}
- name: Push tag to releases organization
if: ${{ steps.changelog.outputs.skipped == 'false' }}
run: |
git remote add release https://github.com/nextcloud-releases/${{ env.APP_NAME }}.git
git push release ${{ steps.changelog.outputs.tag }}
- name: Attach tarball to github release
if: ${{ steps.changelog.outputs.skipped == 'false' }}
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
id: attach_to_release
with:
repo_token: ${{ secrets.RELEASE_PAT }}
repo_name: nextcloud-releases/${{ env.APP_NAME }}
file: build/artifacts/${{ env.APP_NAME }}.tar.gz
asset_name: ${{ env.APP_NAME }}-${{ env.APP_VERSION }}.tar.gz
tag: ${{ steps.changelog.outputs.tag }}
overwrite: true
- name: Upload app to Nextcloud appstore
if: ${{ steps.changelog.outputs.skipped == 'false' }}
uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1
with:
app_name: ${{ env.APP_NAME }}
appstore_token: ${{ secrets.APPSTORE_TOKEN }}
download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
app_private_key: ${{ secrets.APP_PRIVATE_KEY }}