From 56d6455d22dff170bcc29d1bc7f8ed9aeb2e22a0 Mon Sep 17 00:00:00 2001 From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> Date: Wed, 1 Apr 2026 11:06:58 -0300 Subject: [PATCH] fix(actions): auto-register app before appstore release upload Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> --- .github/workflows/appstore-build-publish.yml | 30 ++++++++++++++++++++ .github/workflows/nightly-release.yml | 30 ++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index 46d029e..9345cba 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -135,6 +135,36 @@ jobs: tag: ${{ github.ref }} overwrite: true + - name: Ensure app exists in Nextcloud appstore + env: + APPSTORE_TOKEN: ${{ secrets.APPSTORE_TOKEN }} + APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} + run: | + APPSTORE_TOKEN="$(printf '%s' "$APPSTORE_TOKEN" | tr -d '\r\n')" + KEY_FILE="$RUNNER_TEMP/${{ env.APP_NAME }}.key" + CERT_FILE="$RUNNER_TEMP/${{ env.APP_NAME }}.crt" + RESPONSE_FILE="$RUNNER_TEMP/appstore-register-response.json" + + printf '%s' "$APP_PRIVATE_KEY" > "$KEY_FILE" + curl -fsSL "https://raw.githubusercontent.com/nextcloud/app-certificate-requests/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" -o "$CERT_FILE" + + REGISTER_SIGNATURE="$(printf '%s' '${{ env.APP_NAME }}' | openssl dgst -sha512 -sign "$KEY_FILE" | openssl base64 -A)" + CERT_CONTENT="$(cat "$CERT_FILE")" + PAYLOAD="$(jq -nc --arg certificate "$CERT_CONTENT" --arg signature "$REGISTER_SIGNATURE" '{certificate:$certificate, signature:$signature}')" + + HTTP_STATUS="$(curl -sS -o "$RESPONSE_FILE" -w '%{http_code}' -X POST https://apps.nextcloud.com/api/v1/apps \ + -H "Authorization: Token ${APPSTORE_TOKEN}" \ + -H 'Content-Type: application/json' \ + --data "$PAYLOAD")" + + echo "App registration status: $HTTP_STATUS" + cat "$RESPONSE_FILE" + + if [ "$HTTP_STATUS" != "201" ] && [ "$HTTP_STATUS" != "204" ]; then + echo "::error::App registration failed with HTTP $HTTP_STATUS" + exit 1 + fi + - name: Upload app to Nextcloud appstore env: APPSTORE_TOKEN: ${{ secrets.APPSTORE_TOKEN }} diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml index a65d500..21f8507 100644 --- a/.github/workflows/nightly-release.yml +++ b/.github/workflows/nightly-release.yml @@ -229,6 +229,36 @@ jobs: tag: ${{ steps.version.outputs.tag }} overwrite: true + - name: Ensure app exists in Nextcloud appstore + env: + APPSTORE_TOKEN: ${{ secrets.APPSTORE_TOKEN }} + APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} + run: | + APPSTORE_TOKEN="$(printf '%s' "$APPSTORE_TOKEN" | tr -d '\r\n')" + KEY_FILE="$RUNNER_TEMP/${{ env.APP_NAME }}.key" + CERT_FILE="$RUNNER_TEMP/${{ env.APP_NAME }}.crt" + RESPONSE_FILE="$RUNNER_TEMP/appstore-register-response.json" + + printf '%s' "$APP_PRIVATE_KEY" > "$KEY_FILE" + curl -fsSL "https://raw.githubusercontent.com/nextcloud/app-certificate-requests/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" -o "$CERT_FILE" + + REGISTER_SIGNATURE="$(printf '%s' '${{ env.APP_NAME }}' | openssl dgst -sha512 -sign "$KEY_FILE" | openssl base64 -A)" + CERT_CONTENT="$(cat "$CERT_FILE")" + PAYLOAD="$(jq -nc --arg certificate "$CERT_CONTENT" --arg signature "$REGISTER_SIGNATURE" '{certificate:$certificate, signature:$signature}')" + + HTTP_STATUS="$(curl -sS -o "$RESPONSE_FILE" -w '%{http_code}' -X POST https://apps.nextcloud.com/api/v1/apps \ + -H "Authorization: Token ${APPSTORE_TOKEN}" \ + -H 'Content-Type: application/json' \ + --data "$PAYLOAD")" + + echo "App registration status: $HTTP_STATUS" + cat "$RESPONSE_FILE" + + if [ "$HTTP_STATUS" != "201" ] && [ "$HTTP_STATUS" != "204" ]; then + echo "::error::App registration failed with HTTP $HTTP_STATUS" + exit 1 + fi + - name: Upload app to Nextcloud appstore (nightly) env: APPSTORE_TOKEN: ${{ secrets.APPSTORE_TOKEN }}