From a87e742c0767eb10e838528dfb4b65556dbc55ef Mon Sep 17 00:00:00 2001 From: Vitor Mattos Date: Mon, 24 Jun 2024 19:29:08 -0300 Subject: [PATCH 1/3] chore: update appstore-build-publish.yml Signed-off-by: Vitor Mattos --- .github/workflows/appstore-build-publish.yml | 23 ++++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index d5b0f4747b..370d270509 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -2,6 +2,9 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Build and publish app release @@ -32,7 +35,7 @@ jobs: echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: ${{ env.APP_NAME }} @@ -63,12 +66,17 @@ jobs: - name: Set up npm ${{ steps.versions.outputs.npmVersion }} # Skip if no package.json if: ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Set up php ${{ env.PHP_VERSION }} uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # v2 with: - php-version: ${{ env.PHP_VERSION }} + filename: ${{ env.APP_NAME }}/appinfo/info.xml + + - name: Set up php ${{ steps.php-versions.outputs.php-min }} + uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761 # v2 + with: + php-version: ${{ steps.php-versions.outputs.php-min }} coverage: none env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -90,10 +98,11 @@ jobs: if: ${{ steps.versions.outputs.nodeVersion }} env: CYPRESS_INSTALL_BINARY: 0 + NODE_ENV: production run: | cd ${{ env.APP_NAME }} npm ci - npm run build + npm run build --if-present - name: Check Krankerl config id: krankerl @@ -123,12 +132,12 @@ jobs: continue-on-error: true id: server-checkout run: | - NCVERSION=${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} + NCVERSION='${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}' wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip unzip latest-$NCVERSION.zip - name: Checkout server master fallback - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 if: ${{ steps.server-checkout.outcome != 'success' }} with: submodules: true @@ -142,7 +151,7 @@ jobs: tar -xvf ${{ env.APP_NAME }}.tar.gz cd ../../../ # Setting up keys - echo "${{ secrets.APP_PRIVATE_KEY }}" > ${{ env.APP_NAME }}.key + echo '${{ secrets.APP_PRIVATE_KEY }}' > ${{ env.APP_NAME }}.key wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" # Signing php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }} From ea6384cb99866a574bcf81c8e227910cc8cb629f Mon Sep 17 00:00:00 2001 From: Vitor Mattos Date: Mon, 24 Jun 2024 19:29:54 -0300 Subject: [PATCH 2/3] chore: sign setup when publish app Signed-off-by: Vitor Mattos --- .github/workflows/appstore-build-publish.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index 370d270509..8c07f0f0a5 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -154,6 +154,9 @@ jobs: echo '${{ secrets.APP_PRIVATE_KEY }}' > ${{ env.APP_NAME }}.key wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" # Signing + php nextcloud/occ libresign:install --all --architecture aarch64 + php nextcloud/occ libresign:install --all --architecture x86_64 + php nextcloud/occ libresign:developer:sign-setup --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }} # Rebuilding archive cd ${{ env.APP_NAME }}/build/artifacts From 274f6e5e92568ae14924f1fc36cf7f4287262f13 Mon Sep 17 00:00:00 2001 From: Vitor Mattos Date: Mon, 24 Jun 2024 19:30:11 -0300 Subject: [PATCH 3/3] fix: only sign setup if have certificate Signed-off-by: Vitor Mattos --- Makefile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 29dffe51a8..b13f213c03 100644 --- a/Makefile +++ b/Makefile @@ -112,11 +112,12 @@ appstore: clean mkdir -p $(appstore_sign_dir)/$(app_name)/tests/fixtures cp tests/fixtures/small_valid.pdf $(appstore_sign_dir)/$(app_name)/tests/fixtures - $(occ) config:app:set libresign certificate_engine --value cfssl - $(occ) libresign:install --all --architecture aarch64 - $(occ) libresign:install --all --architecture x86_64 - $(occ) libresign:developer:sign-setup --privateKey=$(cert_dir)/$(app_name).key \ - --certificate=$(cert_dir)/$(app_name).crt + @if [ ! -f $(cert_dir)/$(app_name).crt ]; then \ + $(occ) libresign:install --all --architecture aarch64 \ + $(occ) libresign:install --all --architecture x86_64 \ + $(occ) libresign:developer:sign-setup --privateKey=$(cert_dir)/$(app_name).key \ + --certificate=$(cert_dir)/$(app_name).crt \ + fi @if [ -z "$$GITHUB_ACTION" ]; then \ chown -R www-data:www-data $(appstore_sign_dir)/$(app_name) ; \