diff --git a/.github/workflows/nmc-custom-app-release.yml b/.github/workflows/nmc-custom-app-release.yml new file mode 100644 index 000000000..ec889c38c --- /dev/null +++ b/.github/workflows/nmc-custom-app-release.yml @@ -0,0 +1,68 @@ +### +# SPDX-License-Identifier: AGPL-3.0 +# +# Author: Bernd rederlechner +# +# Builds a stable release package based on a release assembly +# customisation-- +# +# As soon as a package is deployed to production, the tag and the branch +# MUST STAY FOR 2 years and not deleted. +# +# Release packages, tags and customisation branches not delivered to production should +# be deleted asap a newer release is available. +# + +name: MCLOUD custom app release + +on: + workflow_dispatch: + inputs: + increment: + description: 'Release increment' + required: true + type: number + branch: + type: choice + description: Branch to build a package from + options: + - main + - stable32 + - stable33 + - stable34 + default: main + +jobs: + check-custom: + uses: nextmcloud/.github/.github/workflows/nmc-app-precond.yml@master + with: + versionbranch: ${{ inputs.branch }} + increment: ${{ inputs.increment }} + secrets: inherit + assemble-custom: + uses: nextmcloud/.github/.github/workflows/nmc-custom-assembly.yml@master + needs: check-custom + with: + trunk: 'main' + stable: ${{ inputs.branch }} + result: ${{ format('customisation-{0}-{1}', inputs.branch, inputs.increment ) }} + secrets: inherit + + composerdep: + strategy: + fail-fast: false + uses: ./.github/workflows/nmc-custom-oidc-composer.yml + needs: assemble-custom + with: + assembly: ${{ format('customisation-{0}-{1}', inputs.branch, inputs.increment) }} + secrets: inherit + + build-custom: + uses: nextmcloud/.github/.github/workflows/nmc-custom-app-build.yml@master + needs: [ check-custom, composerdep ] + with: + appname: ${{ needs.check-custom.outputs.appname }} + assembly: ${{ format('customisation-{0}-{1}', inputs.branch , inputs.increment ) }} + tag: ${{ needs.check-custom.outputs.tag }} + prerelease: ${{ inputs.branch == 'main' && true || false }} + secrets: inherit diff --git a/.github/workflows/nmc-custom-app-versions.yml b/.github/workflows/nmc-custom-app-versions.yml new file mode 100644 index 000000000..e18f19412 --- /dev/null +++ b/.github/workflows/nmc-custom-app-versions.yml @@ -0,0 +1,72 @@ +### +# SPDX-License-Identifier: AGPL-3.0 +# +# Author: Bernd rederlechner +# +# Assemble a customisation for trunk (no backports) and stable +# (backport xor trunk) +# +# It creates review (user-specific) customisations branches +# - customisation-- +# - customisation-- + +name: MCLOUD custom app versions + +### +# The customisation-* branches are always reassembled if a customisation branch +# is updated or included into a custom PR +on: + workflow_dispatch: + pull_request: + types: + - opened + - reopened + - synchronize + branches: + - master + - main + - trunk + - nmcstable/** + # - stable/** + +jobs: + + assemble: + strategy: + fail-fast: false + matrix: + custombase: [ "main" ] + uses: nextmcloud/.github/.github/workflows/nmc-custom-assembly.yml@master + with: + trunk: "main" + stable: ${{ matrix.custombase }} + result: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }} + secrets: inherit + + composerdep: + strategy: + fail-fast: false + matrix: + custombase: [ "main" ] + uses: ./.github/workflows/nmc-custom-oidc-composer.yml + needs: assemble + with: + assembly: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }} + secrets: inherit + + phpunit: + strategy: + fail-fast: false + matrix: + phpversion: ['8.0', '8.1'] + database: ['mysql'] + custombase: [ "main" ] + uses: nextmcloud/.github/.github/workflows/nmc-custom-app-phpunit.yml@master + needs: composerdep + with: + assembly: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }} + appname: 'user_oidc' + server-branch: ${{ matrix.custombase }} + phpversion: ${{ matrix.phpversion }} + database: ${{ matrix.database }} + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/nmc-custom-oidc-composer.yml b/.github/workflows/nmc-custom-oidc-composer.yml new file mode 100644 index 000000000..03f6c553f --- /dev/null +++ b/.github/workflows/nmc-custom-oidc-composer.yml @@ -0,0 +1,143 @@ +### +# SPDX-License-Identifier: AGPL-3.0 +# +# Author: Mauro Mura +# +# user_oidc brings its PHP dependencies via composer.json. +# composer install also runs Mozart via post-install-cmd. +# We add these commandline based in build to avoid continuous +# merge conflicts due to "composer.lock" merge problems. + +name: MCLOUD custom user_oidc dependencies + +on: + workflow_call: + inputs: + assembly: + description: name of the customisation assembly branch + required: true + type: string + +jobs: + build-custom: + runs-on: ubuntu-latest + env: + BUILD_USER: ${{ github.actor }} + BUILD_EMAIL: ${{ github.actor }}@users.noreply.github.com + BUILD_TOKEN: ${{ secrets.BUILD_TOKEN || secrets.GITHUB_TOKEN }} + PHP_VERSION: ${{ vars.PHP_VERSION || '8.1' }} + ASSEMBLY_BRANCH: ${{ inputs.assembly }} + + steps: + - name: Fetch custom assembly + uses: actions/checkout@v4 + with: + repository: ${{ github.repository }} + ref: ${{ inputs.assembly }} + fetch-depth: 0 + token: ${{ env.BUILD_TOKEN }} + + - name: Prepare GIT modifications + run: | + git config user.name "$BUILD_USER" + git config user.email "$BUILD_EMAIL" + + - name: Set up PHP ${{ env.PHP_VERSION }} + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ env.PHP_VERSION }} + coverage: none + + - name: Check composer.json + id: check_composer + uses: andstor/file-existence-action@v1 + with: + files: "./composer.json" + + - name: Patch composer.json for custom user_oidc dependencies + if: steps.check_composer.outputs.files_exists == 'true' + run: | + php <<'PHP' + = 8.2. + unset($json['require-dev']); + + $json['autoload']['psr-4']['OCA\\UserOIDC\\'] = 'lib/'; + $json['autoload-dev']['psr-4']['OCA\\UserOIDC\\Tests\\'] = 'tests/'; + + $json['require']['web-token/jwt-core'] = '^3.4'; + $json['require']['web-token/jwt-signature'] = '^3.4'; + $json['require']['web-token/jwt-encryption'] = '^3.4'; + $json['require']['spomky-labs/aes-key-wrap'] = '^7.0'; + + $json['scripts']['post-install-cmd'] = [ + '@composer bin all install --ansi', + 'vendor/bin/mozart compose', + '@fix-prefixed-aeskw-imports', + 'composer dump-autoload', + ]; + + $json['scripts']['post-update-cmd'] = [ + '@composer bin all install --ansi', + 'vendor/bin/mozart compose', + '@fix-prefixed-aeskw-imports', + 'composer dump-autoload', + ]; + + $json['scripts']['fix-prefixed-aeskw-imports'] = "[ ! -d lib/Vendor/Jose/Component/Encryption/Algorithm/KeyEncryption ] || find lib/Vendor/Jose/Component/Encryption/Algorithm/KeyEncryption -type f -name '*.php' -exec sed -i -e 's/use AESKW\\\\/use OCA\\\\UserOIDC\\\\Vendor\\\\AESKW\\\\/g' {} +; [ ! -d lib/Vendor/AESKW ] || find lib/Vendor/AESKW -type f -name '*.php' -exec sed -i -e 's/use OCA\\\\UserOIDC\\\\Vendor\\\\AESKW;/use AESKW;/g' {} +; [ ! -f lib/Vendor/AESKW/AESKW.php ] || sed -i -e 's/trait OCA\\\\UserOIDC\\\\Vendor\\\\AESKW/trait AESKW/g' lib/Vendor/AESKW/AESKW.php"; + + $json['extra']['mozart']['packages'] = [ + 'firebase/php-jwt', + 'id4me/id4me-rp', + 'spomky-labs/aes-key-wrap', + 'web-token/jwt-core', + 'web-token/jwt-signature', + 'web-token/jwt-encryption', + ]; + + file_put_contents( + $file, + json_encode($json, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . PHP_EOL + ); + PHP + + - name: Install custom composer dependencies + if: steps.check_composer.outputs.files_exists == 'true' + run: | + composer update \ + web-token/jwt-core \ + web-token/jwt-signature \ + web-token/jwt-encryption \ + spomky-labs/aes-key-wrap \ + --with-all-dependencies \ + --no-dev \ + --no-interaction \ + --no-scripts + + - name: Commit and push composer changes + if: steps.check_composer.outputs.files_exists == 'true' + run: | + git status --short + + git add composer.json composer.lock + + if git diff --cached --quiet; then + echo "No composer changes to commit" + exit 0 + fi + + git commit -m "Add custom user_oidc composer dependencies" + git push origin "HEAD:${ASSEMBLY_BRANCH}"