nextmcloud · tsdicloud · Jul 10, 2023 · Jul 10, 2023 · Jul 11, 2023 · Jul 11, 2023
diff --git a/.github/workflows/nmc-custom-app-release.yml b/.github/workflows/nmc-custom-app-release.yml
@@ -0,0 +1,68 @@
+###
+# SPDX-License-Identifier: AGPL-3.0
+#
+# Author: Bernd rederlechner <bernd.rederlechner@t-systems.com>
+#
+# Builds a stable release package based on a release assembly
+# customisation-<version>-<increment>
+#
+# As soon as a package is deployed to production, the tag and the branch
+# MUST STAY FOR 2 years and not deleted.
+#
+# Release packages, tags and customisation branches not delivered to production should
+# be deleted asap a newer release is available.
+#
+
+name: MCLOUD custom app release
+
+on:
+  workflow_dispatch:
+    inputs:
+      increment:
+        description: 'Release increment'
+        required: true
+        type: number
+      branch:
+        type: choice
+        description: Branch to build a package from
+        options: 
+          - main
+          - stable32
+          - stable33
+          - stable34
+        default: main
+
+jobs:
+  check-custom:
+    uses: nextmcloud/.github/.github/workflows/nmc-app-precond.yml@master
+    with:
+      versionbranch: ${{ inputs.branch }}
+      increment: ${{ inputs.increment }}
+    secrets: inherit
+  assemble-custom:
+    uses: nextmcloud/.github/.github/workflows/nmc-custom-assembly.yml@master
+    needs: check-custom
+    with:
+      trunk: 'main'
+      stable: ${{ inputs.branch }}
+      result: ${{ format('customisation-{0}-{1}', inputs.branch, inputs.increment ) }}
+    secrets: inherit
+
+  composerdep:
+    strategy:
+      fail-fast: false
+    uses: ./.github/workflows/nmc-custom-oidc-composer.yml
+    needs: assemble-custom
+    with:
+      assembly: ${{ format('customisation-{0}-{1}', inputs.branch, inputs.increment) }}
+    secrets: inherit
+
+  build-custom:
+    uses: nextmcloud/.github/.github/workflows/nmc-custom-app-build.yml@master
+    needs: [ check-custom, composerdep ]
+    with:
+      appname: ${{ needs.check-custom.outputs.appname }}
+      assembly: ${{ format('customisation-{0}-{1}', inputs.branch , inputs.increment ) }}
+      tag: ${{ needs.check-custom.outputs.tag }}
+      prerelease: ${{ inputs.branch == 'main' && true || false }}
+    secrets: inherit
diff --git a/.github/workflows/nmc-custom-app-versions.yml b/.github/workflows/nmc-custom-app-versions.yml
@@ -0,0 +1,72 @@
+###
+# SPDX-License-Identifier: AGPL-3.0
+#
+# Author: Bernd rederlechner <bernd.rederlechner@t-systems.com>
+#
+# Assemble a customisation for trunk (no backports) and stable
+# (backport xor trunk)
+#
+# It creates review (user-specific) customisations branches
+# - customisation-<user>-<trunk>
+# - customisation-<user>-<stable>
+
+name: MCLOUD custom app versions
+
+###
+# The customisation-* branches are always reassembled if a customisation branch
+# is updated or included into a custom PR
+on:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+    branches:
+      - master
+      - main
+      - trunk
+      - nmcstable/**
+      # - stable/**
+
+jobs:
+
+  assemble:
+    strategy:
+      fail-fast: false
+      matrix:
+        custombase: [ "main" ]
+    uses: nextmcloud/.github/.github/workflows/nmc-custom-assembly.yml@master
+    with:
+      trunk: "main"
+      stable: ${{ matrix.custombase }}
+      result: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }}
+    secrets: inherit
+
+  composerdep:
+    strategy:
+      fail-fast: false
+      matrix:
+        custombase: [ "main" ]
+    uses: ./.github/workflows/nmc-custom-oidc-composer.yml
+    needs: assemble
+    with:
+      assembly: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }}
+    secrets: inherit
+
+  phpunit:
+    strategy:
+      fail-fast: false
+      matrix:
+        phpversion: ['8.0', '8.1']
+        database: ['mysql']
+        custombase: [ "main" ]
+    uses: nextmcloud/.github/.github/workflows/nmc-custom-app-phpunit.yml@master
+    needs: composerdep
+    with:
+      assembly: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }}
+      appname: 'user_oidc'
+      server-branch: ${{ matrix.custombase }}
+      phpversion: ${{ matrix.phpversion }}
+      database: ${{ matrix.database }}
+    secrets: inherit
diff --git a/.github/workflows/nmc-custom-oidc-composer.yml b/.github/workflows/nmc-custom-oidc-composer.yml
@@ -0,0 +1,143 @@
+###
+# SPDX-License-Identifier: AGPL-3.0
+#
+# Author: Mauro Mura <mauro-efisio.mura@t-systems.com>
+#
+# user_oidc brings its PHP dependencies via composer.json.
+# composer install also runs Mozart via post-install-cmd.
+# We add these commandline based in build to avoid continuous 
+# merge conflicts due to "composer.lock" merge problems.
+
+name: MCLOUD custom user_oidc dependencies
+
+on:
+  workflow_call:
+    inputs:
+      assembly:
+        description: name of the customisation assembly branch
+        required: true
+        type: string
+
+jobs:
+  build-custom:
+    runs-on: ubuntu-latest
+    env:
+      BUILD_USER: ${{ github.actor }}
+      BUILD_EMAIL: ${{ github.actor }}@users.noreply.github.com
+      BUILD_TOKEN: ${{ secrets.BUILD_TOKEN || secrets.GITHUB_TOKEN }}
+      PHP_VERSION: ${{ vars.PHP_VERSION || '8.1' }}
+      ASSEMBLY_BRANCH: ${{ inputs.assembly }}
+
+    steps:
+      - name: Fetch custom assembly
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ github.repository }}
+          ref: ${{ inputs.assembly }}
+          fetch-depth: 0
+          token: ${{ env.BUILD_TOKEN }}
+
+      - name: Prepare GIT modifications
+        run: |
+          git config user.name "$BUILD_USER"
+          git config user.email "$BUILD_EMAIL"
+
+      - name: Set up PHP ${{ env.PHP_VERSION }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ env.PHP_VERSION }}
+          coverage: none
+
+      - name: Check composer.json
+        id: check_composer
+        uses: andstor/file-existence-action@v1
+        with:
+          files: "./composer.json"
+
+      - name: Patch composer.json for custom user_oidc dependencies
+        if: steps.check_composer.outputs.files_exists == 'true'
+        run: |
+          php <<'PHP'
+          <?php
+
+          $file = 'composer.json';
+
+          $json = json_decode(
+              file_get_contents($file),
+              true,
+              512,
+              JSON_THROW_ON_ERROR
+          );
+
+          $json['config']['platform']['php'] = '8.1.0';
+
+          // In this workflow we only need production dependencies for the release package.
+          // Keep require-dev out of the lock resolving process because current dev deps may require PHP >= 8.2.
+          unset($json['require-dev']);
+
+          $json['autoload']['psr-4']['OCA\\UserOIDC\\'] = 'lib/';
+          $json['autoload-dev']['psr-4']['OCA\\UserOIDC\\Tests\\'] = 'tests/';
+
+          $json['require']['web-token/jwt-core'] = '^3.4';
+          $json['require']['web-token/jwt-signature'] = '^3.4';
+          $json['require']['web-token/jwt-encryption'] = '^3.4';
+          $json['require']['spomky-labs/aes-key-wrap'] = '^7.0';
+
+          $json['scripts']['post-install-cmd'] = [
+              '@composer bin all install --ansi',
+              'vendor/bin/mozart compose',
+              '@fix-prefixed-aeskw-imports',
+              'composer dump-autoload',
+          ];
+
+          $json['scripts']['post-update-cmd'] = [
+              '@composer bin all install --ansi',
+              'vendor/bin/mozart compose',
+              '@fix-prefixed-aeskw-imports',
+              'composer dump-autoload',
+          ];
+
+          $json['scripts']['fix-prefixed-aeskw-imports'] = "[ ! -d lib/Vendor/Jose/Component/Encryption/Algorithm/KeyEncryption ] || find lib/Vendor/Jose/Component/Encryption/Algorithm/KeyEncryption -type f -name '*.php' -exec sed -i -e 's/use AESKW\\\\/use OCA\\\\UserOIDC\\\\Vendor\\\\AESKW\\\\/g' {} +; [ ! -d lib/Vendor/AESKW ] || find lib/Vendor/AESKW -type f -name '*.php' -exec sed -i -e 's/use OCA\\\\UserOIDC\\\\Vendor\\\\AESKW;/use AESKW;/g' {} +; [ ! -f lib/Vendor/AESKW/AESKW.php ] || sed -i -e 's/trait OCA\\\\UserOIDC\\\\Vendor\\\\AESKW/trait AESKW/g' lib/Vendor/AESKW/AESKW.php";
+
+          $json['extra']['mozart']['packages'] = [
+              'firebase/php-jwt',
+              'id4me/id4me-rp',
+              'spomky-labs/aes-key-wrap',
+              'web-token/jwt-core',
+              'web-token/jwt-signature',
+              'web-token/jwt-encryption',
+          ];
+
+          file_put_contents(
+              $file,
+              json_encode($json, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . PHP_EOL
+          );
+          PHP
+
+      - name: Install custom composer dependencies
+        if: steps.check_composer.outputs.files_exists == 'true'
+        run: |
+          composer update \
+            web-token/jwt-core \
+            web-token/jwt-signature \
+            web-token/jwt-encryption \
+            spomky-labs/aes-key-wrap \
+            --with-all-dependencies \
+            --no-dev \
+            --no-interaction \
+            --no-scripts
+
+      - name: Commit and push composer changes
+        if: steps.check_composer.outputs.files_exists == 'true'
+        run: |
+          git status --short
+
+          git add composer.json composer.lock
+
+          if git diff --cached --quiet; then
+            echo "No composer changes to commit"
+            exit 0
+          fi
+
+          git commit -m "Add custom user_oidc composer dependencies"
+          git push origin "HEAD:${ASSEMBLY_BRANCH}"