.github/workflows/appstore-build-publish.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

# This workflow is provided via the organization template repository
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
#
# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT

name: Build and publish app release

on:
  release:
    types: [published]

jobs:
  build_and_publish:
    runs-on: ubuntu-latest

    # Only allowed to be run on nextcloud-releases repositories
    if: ${{ github.repository_owner == 'nextcloud-releases' }}

    steps:
      - name: Check actor permission
        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
        with:
          require: write

      - name: Set app env
        run: |
          # Split and keep last
          echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
          echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV

      - name: Checkout
        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          path: ${{ env.APP_NAME }}

      - name: Get appinfo data
        id: appinfo
        uses: skjnldsv/xpath-action@7e6a7c379d0e9abc8acaef43df403ab4fc4f770c # master
        with:
          filename: ${{ env.APP_NAME }}/appinfo/info.xml
          expression: "//info//dependencies//nextcloud/@min-version"

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        # Continue if no package.json
        continue-on-error: true
        with:
          path: ${{ env.APP_NAME }}
          fallbackNode: '^20'
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
        # Skip if no package.json
        if: ${{ steps.versions.outputs.nodeVersion }}
        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
        # Skip if no package.json
        if: ${{ steps.versions.outputs.npmVersion }}
        run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"

      - name: Get php version
        id: php-versions
        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
        with:
          filename: ${{ env.APP_NAME }}/appinfo/info.xml

      - name: Set up php ${{ steps.php-versions.outputs.php-min }}
        uses: shivammathur/setup-php@c665c7a15b5295c2488ac8a87af9cb806cd72198 # v2
        with:
          php-version: ${{ steps.php-versions.outputs.php-min }}
          coverage: none
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Check composer.json
        id: check_composer
        uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
        with:
          files: "${{ env.APP_NAME }}/composer.json"

      - name: Install composer dependencies
        if: steps.check_composer.outputs.files_exists == 'true'
        run: |
          cd ${{ env.APP_NAME }}
          composer install --no-dev

      - name: Build ${{ env.APP_NAME }}
        # Skip if no package.json
        if: ${{ steps.versions.outputs.nodeVersion }}
        env:
          NODE_ENV: production
        run: |
          cd ${{ env.APP_NAME }}
          npm ci
          npm run build --if-present

      - name: Check Krankerl config
        id: krankerl
        uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
        with:
          files: ${{ env.APP_NAME }}/krankerl.toml

      - name: Install Krankerl
        if: steps.krankerl.outputs.files_exists == 'true'
        run: |
          wget https://github.com/ChristophWurst/krankerl/releases/download/v0.14.0/krankerl_0.14.0_amd64.deb
          sudo dpkg -i krankerl_0.14.0_amd64.deb

      - name: Package ${{ env.APP_NAME }} ${{ env.APP_VERSION }} with krankerl
        if: steps.krankerl.outputs.files_exists == 'true'
        run: |
          cd ${{ env.APP_NAME }}
          krankerl package

      - name: Package ${{ env.APP_NAME }} ${{ env.APP_VERSION }} with makefile
        if: steps.krankerl.outputs.files_exists != 'true'
        run: |
          cd ${{ env.APP_NAME }}
          make appstore

      - name: Checkout server ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}
        continue-on-error: true
        id: server-checkout
        run: |
          NCVERSION=${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}
          wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip
          unzip latest-$NCVERSION.zip

      - name: Checkout server master fallback
        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        if: ${{ steps.server-checkout.outcome != 'success' }}
        with:
          submodules: true
          repository: nextcloud/server
          path: nextcloud

      - name: Sign app
        run: |
          # Extracting release
          cd ${{ env.APP_NAME }}/build/artifacts
          tar -xvf ${{ env.APP_NAME }}.tar.gz
          cd ../../../
          # Setting up keys
          echo "${{ secrets.APP_PRIVATE_KEY }}" > ${{ env.APP_NAME }}.key
          wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"
          # Signing
          php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}
          # Rebuilding archive
          cd ${{ env.APP_NAME }}/build/artifacts
          tar -zcvf ${{ env.APP_NAME }}.tar.gz ${{ env.APP_NAME }}

      - name: Attach tarball to github release
        uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
        id: attach_to_release
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: ${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz
          asset_name: ${{ env.APP_NAME }}-${{ env.APP_VERSION }}.tar.gz
          tag: ${{ github.ref }}
          overwrite: true

      - name: Upload app to Nextcloud appstore
        uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1
        with:
          app_name: ${{ env.APP_NAME }}
          appstore_token: ${{ secrets.APPSTORE_TOKEN }}
          download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
          app_private_key: ${{ secrets.APP_PRIVATE_KEY }}