diff --git a/.github/workflows/appstore-conventional-build-publish.yml b/.github/workflows/appstore-conventional-build-publish.yml index de46984eda..9a4b0b51a7 100644 --- a/.github/workflows/appstore-conventional-build-publish.yml +++ b/.github/workflows/appstore-conventional-build-publish.yml @@ -8,17 +8,17 @@ name: Build and publish app release conventionally -on: workflow_dispatch +on: + workflow_dispatch: + branches: stable* env: PHP_VERSION: 8.2 jobs: build_and_publish: - runs-on: ubuntu-latest - - # Only allowed to be run on nextcloud-releases repositories - if: ${{ github.repository_owner == 'nextcloud-releases' }} + runs-on: [ubuntu-latest, self-hosted] + environment: release steps: - name: Check actor permission @@ -35,12 +35,12 @@ jobs: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: - path: ${{ env.APP_NAME }} + token: ${{ secrets.RELEASE_PAT }} + fetch-depth: 0 - name: Conventional Changelog Action id: changelog - uses: TriPSs/conventional-changelog-action@b7f32a8347e86c26ea2f4823cc7c160b9014c6a0 # v3 - working-directory: ${{ env.APP_NAME }} + uses: TriPSs/conventional-changelog-action@v3 with: github-token: ${{ secrets.RELEASE_PAT }} git-user-email: nextcloud-command@users.noreply.github.com @@ -51,27 +51,27 @@ jobs: version-file: "package.json, package-lock.json" - name: Get appinfo data - if: ${{ steps.changelog.outputs.skipped == 'false' }} id: appinfo uses: skjnldsv/xpath-action@7e6a7c379d0e9abc8acaef43df403ab4fc4f770c # master + if: ${{ steps.changelog.outputs.skipped == 'false' }} with: - filename: ${{ env.APP_NAME }}/appinfo/info.xml + filename: appinfo/info.xml expression: "//info//dependencies//nextcloud/@min-version" - name: Read package.json node and npm engines version - if: ${{ steps.changelog.outputs.skipped == 'false' }} uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 + if: ${{ steps.changelog.outputs.skipped == 'false' }} id: versions # Continue if no package.json continue-on-error: true with: - path: ${{ env.APP_NAME }} + path: ./ fallbackNode: '^20' fallbackNpm: '^9' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 if: ${{ steps.changelog.outputs.skipped == 'false' }} - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -80,8 +80,8 @@ jobs: run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" - name: Set up php ${{ env.PHP_VERSION }} + uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 if: ${{ steps.changelog.outputs.skipped == 'false' }} - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: php-version: ${{ env.PHP_VERSION }} coverage: none @@ -96,9 +96,7 @@ jobs: - name: Package ${{ env.APP_NAME }} ${{ env.APP_VERSION }} with krankerl if: ${{ steps.changelog.outputs.skipped == 'false' }} - run: | - cd ${{ env.APP_NAME }} - krankerl package + run: krankerl package - name: Checkout server ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} if: ${{ steps.changelog.outputs.skipped == 'false' }} @@ -106,8 +104,8 @@ jobs: id: server-checkout run: | NCVERSION=${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} - wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip - unzip latest-$NCVERSION.zip + wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip -o build/nextcloud.zip + unzip build/nextcloud.zip build/nextcloud - name: Checkout server master fallback uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -115,22 +113,25 @@ jobs: with: submodules: true repository: nextcloud/server - path: nextcloud + path: build/nextcloud - name: Sign app if: ${{ steps.changelog.outputs.skipped == 'false' }} run: | # Extracting release - cd ${{ env.APP_NAME }}/build/artifacts + cd build/artifacts tar -xvf ${{ env.APP_NAME }}.tar.gz - cd ../../../ + cd ../../ # Setting up keys - echo "${{ secrets.APP_PRIVATE_KEY }}" > ${{ env.APP_NAME }}.key - wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" + echo "${{ secrets.APP_PRIVATE_KEY }}" > build/${{ env.APP_NAME }}.key + wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" -o build/${{ env.APP_NAME }}.crt + pwd + ls -l + ls -l build # Signing - php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }} + php build/nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../artifacts/${{ env.APP_NAME }} # Rebuilding archive - cd ${{ env.APP_NAME }}/build/artifacts + cd build/artifacts tar -zcvf ${{ env.APP_NAME }}.tar.gz ${{ env.APP_NAME }} - name: Push tag to releases organization @@ -146,7 +147,7 @@ jobs: with: repo_token: ${{ secrets.RELEASE_PAT }} repo_name: nextcloud-releases/${{ env.APP_NAME }} - file: ${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz + file: build/artifacts/${{ env.APP_NAME }}.tar.gz asset_name: ${{ env.APP_NAME }}-${{ env.APP_VERSION }}.tar.gz tag: ${{ steps.changelog.outputs.tag }} overwrite: true