further work on gitlab-ci.yml

This commit is contained in:
Jonas Heinrich 2020-11-26 11:18:41 +01:00
parent 21fe44f87f
commit 718c81ea34

View File

@ -1,8 +1,5 @@
stages:
- compiling
- assembling
- testing
- signing
- packaging
- publishing
@ -15,79 +12,30 @@ Compile:
- DEBIAN_FRONTEND="noninteractive" apt install -y npm
- make dev-setup
- make build-js
Assemble:
stage: assembling
script:
- wget https://github.com/ChristophWurst/krankerl/releases/download/v0.12.3/krankerl_0.12.3_amd64.deb
- sudo dpkg -i krankerl_0.12.3_amd64.deb
- krankerl package
PHPUnit:
stage: testing
script:
- npm run phpunit
artifacts:
cache:
paths:
- ./passwords
Sign:
stage: signing
script:
- echo "-----BEGIN PRIVATE KEY-----" > sign.key
- echo $SIGN_KEY | tr " " "\n" >> sign.key
- echo "-----END PRIVATE KEY-----" >> sign.key
- echo "-----BEGIN CERTIFICATE-----" > sign.crt
- echo $SIGN_CRT | tr " " "\n" >> sign.crt
- echo "-----END CERTIFICATE-----" >> sign.crt
- /usr/src/nextcloud/occ integrity:sign-app --path=$(pwd)/passwords --privateKey=$(pwd)/sign.key --certificate=$(pwd)/sign.crt
- rm sign.key sign.crt
artifacts:
paths:
- ./passwords
only:
- testing
- stable
- node_modules/
Pack:
stage: packaging
script:
- tar -zcf passwords.tar.gz passwords
- echo "export JOB_ID=\"${CI_JOB_ID}\"" > job.id
- wget https://github.com/ChristophWurst/krankerl/releases/download/v0.12.3/krankerl_0.12.3_amd64.deb
- sudo dpkg -i krankerl_0.12.3_amd64.deb
- krankerl package
artifacts:
paths:
- ./passwords.tar.gz
- job.id
only:
- testing
- stable
Publish Nightly:
stage: publishing
script:
- source job.id
- echo "-----BEGIN PRIVATE KEY-----" > sign.key
- echo $SIGN_KEY | tr " " "\n" >> sign.key
- echo "-----END PRIVATE KEY-----" >> sign.key
- SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n")
- rm sign.key
- 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":true}"'
environment:
name: Testing
only:
- testing
- build/artifacts/radio.tar.gz
Publish Stable:
stage: publishing
image: registry.gitlab.com/gitlab-org/release-cli:latest
needs:
- job: packaging
artifacts: true
rules:
- if: $CI_COMMIT_TAG
script:
- source job.id
- echo "-----BEGIN PRIVATE KEY-----" > sign.key
- echo $SIGN_KEY | tr " " "\n" >> sign.key
- echo "-----END PRIVATE KEY-----" >> sign.key
- SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n")
- rm sign.key
- 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":false}"'
environment:
name: Stable
only:
- stable
- >
release-cli create --name "v$CI_COMMIT_TAG" --description $EXTRA_DESCRIPTION
--tag-name $CI_COMMIT_TAG --ref $CI_COMMIT_SHA
--assets-link '{"name":"matrixregistration-$CI_COMMIT_TAG","url":"https://gitlab.com/olze/matrixregistration/-/jobs/artifacts/$CI_COMMIT_TAG/download?job=production","link_type":"other"}'