Skip to content

refactor(actions): align release workflows with LibreSign #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vitormattos merged 1 commit into from
Apr 1, 2026
+41 −48
Merged

refactor(actions): align release workflows with LibreSign #49

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 8 additions & 20 deletions .github/workflows/appstore-build-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:

permissions:
contents: write
actions: write

jobs:
build_and_publish:
Expand All @@ -26,6 +27,7 @@ jobs:
- name: Set app env
run: |
[ "${GITHUB_REPOSITORY##*/}" = "${APP_NAME}" ]
echo "APP_VERSION=${GITHUB_REF##*/}" >> "$GITHUB_ENV"

- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
Expand Down Expand Up @@ -91,11 +93,6 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Package ${{ env.APP_NAME }} with makefile
run: |
make -C "${{ env.APP_NAME }}" appstore
make -C "${{ env.APP_NAME }}" verify-appstore-package

- name: Check server download link for ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}
id: server-url
run: |
Expand All @@ -120,22 +117,13 @@ jobs:
repository: nextcloud/server
path: nextcloud

- name: Sign app
- name: Package ${{ env.APP_NAME }} ${{ github.ref_name }} with makefile
run: |
KEY_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}.key"
CERT_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}.crt"
APP_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}"

printf '%s' '${{ secrets.APP_PRIVATE_KEY }}' > "${KEY_PATH}"
chmod 600 "${KEY_PATH}"
wget --quiet -O "${CERT_PATH}" "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"

php nextcloud/occ integrity:sign-app \
--privateKey="${KEY_PATH}" \
--certificate="${CERT_PATH}" \
--path="${APP_PATH}"

tar -C "${{ env.APP_NAME }}/build/artifacts" -zcf "${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz" "${{ env.APP_NAME }}"
cd "${{ env.APP_NAME }}"
mkdir -p build/tools/certificates/
printf '%s' '${{ secrets.APP_PRIVATE_KEY }}' > "build/tools/certificates/${{ env.APP_NAME }}.key"
chmod 600 "build/tools/certificates/${{ env.APP_NAME }}.key"
make appstore verify-appstore-package

- name: Attach tarball to GitHub release
uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2.11.5
Expand Down
61 changes: 33 additions & 28 deletions .github/workflows/nightly-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ on:

permissions:
contents: write
actions: write

jobs:
check-latest-stable:
Expand Down Expand Up @@ -81,6 +82,10 @@ jobs:
filename: ${{ env.APP_NAME }}/appinfo/info.xml
expression: "//info//version/text()"

- name: Set APP_VERSION env
run: |
echo "APP_VERSION=${{ fromJSON(steps.app-version.outputs.result).version }}" >> "$GITHUB_ENV"

- name: Get appinfo data
id: appinfo
uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # v1.0.0
Expand Down Expand Up @@ -121,11 +126,6 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Package ${{ env.APP_NAME }} with makefile
run: |
make -C "${{ env.APP_NAME }}" appstore
make -C "${{ env.APP_NAME }}" verify-appstore-package

- name: Check server download link for ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}
id: server-url
run: |
Expand All @@ -150,27 +150,18 @@ jobs:
repository: nextcloud/server
path: nextcloud

- name: Sign app
- name: Package ${{ env.APP_NAME }} nightly with makefile
run: |
KEY_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}.key"
CERT_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}.crt"
APP_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}"

printf '%s' '${{ secrets.APP_PRIVATE_KEY }}' > "${KEY_PATH}"
chmod 600 "${KEY_PATH}"
wget --quiet -O "${CERT_PATH}" "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"

php nextcloud/occ integrity:sign-app \
--privateKey="${KEY_PATH}" \
--certificate="${CERT_PATH}" \
--path="${APP_PATH}"

tar -C "${{ env.APP_NAME }}/build/artifacts" -zcf "${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz" "${{ env.APP_NAME }}"
cd "${{ env.APP_NAME }}"
mkdir -p build/tools/certificates/
printf '%s' '${{ secrets.APP_PRIVATE_KEY }}' > "build/tools/certificates/${{ env.APP_NAME }}.key"
chmod 600 "build/tools/certificates/${{ env.APP_NAME }}.key"
make appstore verify-appstore-package

- name: Define nightly metadata
id: version
run: |
echo "version=${{ fromJSON(steps.app-version.outputs.result).version }}" >> "$GITHUB_OUTPUT"
echo "version=${APP_VERSION}" >> "$GITHUB_OUTPUT"
echo 'tag=nightly' >> "$GITHUB_OUTPUT"
echo "branch=${GITHUB_REF#refs/heads/}" >> "$GITHUB_OUTPUT"

Expand Down Expand Up @@ -228,11 +219,25 @@ jobs:
--prerelease
fi

- name: Upload nightly tarball
- name: Attach tarball to GitHub release
uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2.11.5
id: attach_to_release
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz
asset_name: ${{ env.APP_NAME }}-${{ steps.version.outputs.tag }}.tar.gz
tag: ${{ steps.version.outputs.tag }}
overwrite: true

- name: Upload app to Nextcloud appstore (nightly)
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload nightly \
'${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz' \
--repo '${{ github.repository }}' \
--clobber
APPSTORE_TOKEN: ${{ secrets.APPSTORE_TOKEN }}
APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
if: env.APPSTORE_TOKEN != '' && env.APP_PRIVATE_KEY != ''
uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1.0.3
with:
app_name: ${{ env.APP_NAME }}
appstore_token: ${{ env.APPSTORE_TOKEN }}
download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
app_private_key: ${{ env.APP_PRIVATE_KEY }}
nightly: true
Loading