-
Notifications
You must be signed in to change notification settings - Fork 1
137 lines (117 loc) · 5.56 KB
/
release-app.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Makefile CI
on:
push:
branches: ["main"]
tags: ["*"]
pull_request:
branches: ["main"]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
name: setup node
with:
node-version: 20
- uses: docker-practice/actions-setup-docker@master
- name: install nextcloud
env:
CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.VAAS_CLIENT_SECRET }}
run: ./install.sh
- name: create testuser
run: |
docker exec --env OC_PASS=myfancysecurepassword234 --user www-data nextcloud-container php occ user:add testuser --password-from-env
- name: create testfiles
run: |
echo 'nothingwronghere' > /tmp/clean.txt
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > /tmp/eicar.com.txt
curl --output /tmp/pup.exe http://amtso.eicar.org/PotentiallyUnwanted.exe
- name: admin eicar Upload
run: |
curl --silent -u admin:admin -T /tmp/eicar.com.txt http://127.0.0.1/remote.php/dav/files/admin/eicar.com.txt \
| grep -o "Virus EICAR-Test-File is detected in the file. Upload cannot be completed." \
|| exit 1
- name: admin clean Upload
run: |
STATUS_CODE=$(curl --silent -u admin:admin -T /tmp/clean.txt http://127.0.0.1/remote.php/dav/files/admin/clean.txt)
[[ $STATUS_CODE -ge 200 && $STATUS_CODE -lt 300 ]] || exit 1
- name: admin pup Upload
run: |
STATUS_CODE=$(curl --silent -u admin:admin -T /tmp/pup.exe http://127.0.0.1/remote.php/dav/files/admin/pup.exe)
[[ $STATUS_CODE -ge 200 && $STATUS_CODE -lt 300 ]] || exit 1
- name: testuser eicar Upload
run: |
curl --silent -u testuser:myfancysecurepassword234 -T /tmp/eicar.com.txt http://127.0.0.1/remote.php/dav/files/testuser/eicar.com.txt \
| grep -o "Virus EICAR-Test-File is detected in the file. Upload cannot be completed." \
|| exit 1
- name: admin clean Upload
run: |
STATUS_CODE=$(curl --silent -u testuser:myfancysecurepassword234 -T /tmp/clean.txt http://127.0.0.1/remote.php/dav/files/testuser/clean.txt)
[[ $STATUS_CODE -ge 200 && $STATUS_CODE -lt 300 ]] || exit 1
- name: admin pup Upload
run: |
STATUS_CODE=$(curl --silent -u testuser:myfancysecurepassword234 -T /tmp/pup.exe http://127.0.0.1/remote.php/dav/files/testuser/pup.exe)
[[ $STATUS_CODE -ge 200 && $STATUS_CODE -lt 300 ]] || exit 1
- name: test upload when vaas does not function
env:
CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.VAAS_CLIENT_SECRET }}
run: |
docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="WRONG_PASSWORD"
STATUS_CODE=$(curl --silent -u admin:admin -T /tmp/eicar.com.txt http://127.0.0.1/remote.php/dav/files/admin/eicar.com.txt)
[[ $STATUS_CODE -ge 200 && $STATUS_CODE -lt 300 ]] || exit 1
docker exec --user www-data -i nextcloud-container php occ config:app:set gdatavaas clientSecret --value="$CLIENT_SECRET"
- uses: actions/upload-artifact@master
with:
name: build-dir
path: build/
release:
needs:
- test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@master
with:
name: build-dir
path: build/
- name: replace version
id: replace-version
if: startsWith(github.ref, 'refs/tags/')
run: |
RELEASE_VERSION=${GITHUB_REF#refs/tags/}
sed -i "s/<version>0.0.0<\/version>/<version>$RELEASE_VERSION<\/version>/g" ./appinfo/info.xml
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
- name: Github Release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: build/artifacts/*
# - uses: docker-practice/actions-setup-docker@master
# - name: Upload to appstore
# env:
# APPSTORE_TOKEN: ${{ secrets.VAAS_APPSTORE_TOKEN }}
# NEXTCLOUD_KEY: ${{ secrets.VAAS_NEXTCLOUD_KEY }}
# run: |
# echo $NEXTCLOUD_KEY > ./gdatavaas.key
# SIGNATURE=$(openssl dgst -sha512 -sign ~/gdatavaas.key build/artifacts/gdatavaas.tar.gz | openssl base64)
# docker run -v./gdatavaas.key:./gdatavaas.key -v./build/artifacts/gdatavaas.tar.gz:./build/artifacts/gdatavaas.tar.gz -it --entrypoint php nextcloud:28 occ integrity:sign-app --privateKey=./gdatavaas.key --certificate=./gdatavaas.crt --path=./build/artifacts/gdatavaas.tar.gz
- name: Attach tarball to github release
uses: svenstaro/upload-release-action@v2
if: startsWith(github.ref, 'refs/tags/')
id: attach_to_release
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ./build/artifacts/gdatavaas.tar.gz
asset_name: gdatavaas-${{ steps.replace-version.outputs.RELEASE_VERSION }}.tar.gz
tag: ${{ github.ref }}
overwrite: true
# - name: Upload app to Nextcloud appstore
# uses: nextcloud-releases/nextcloud-appstore-push-action@v1
# with:
# app_name: gdatavaas
# appstore_token: ${{ secrets.VAAS_APPSTORE_TOKEN }}
# download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
# app_private_key: ${{ secrets.VAAS_NEXTCLOUD_KEY }}