stages: - compiling - assembling - testing - signing - packaging - publishing image: ubuntu:20.10 Compile: stage: compiling script: - apt update - DEBIAN_FRONTEND="noninteractive" apt install -y npm - make dev-setup - make build-js Assemble: stage: assembling script: - wget https://github.com/ChristophWurst/krankerl/releases/download/v0.12.3/krankerl_0.12.3_amd64.deb - sudo dpkg -i krankerl_0.12.3_amd64.deb - krankerl package PHPUnit: stage: testing script: - npm run phpunit artifacts: paths: - ./passwords Sign: stage: signing script: - echo "-----BEGIN PRIVATE KEY-----" > sign.key - echo $SIGN_KEY | tr " " "\n" >> sign.key - echo "-----END PRIVATE KEY-----" >> sign.key - echo "-----BEGIN CERTIFICATE-----" > sign.crt - echo $SIGN_CRT | tr " " "\n" >> sign.crt - echo "-----END CERTIFICATE-----" >> sign.crt - /usr/src/nextcloud/occ integrity:sign-app --path=$(pwd)/passwords --privateKey=$(pwd)/sign.key --certificate=$(pwd)/sign.crt - rm sign.key sign.crt artifacts: paths: - ./passwords only: - testing - stable Pack: stage: packaging script: - tar -zcf passwords.tar.gz passwords - echo "export JOB_ID=\"${CI_JOB_ID}\"" > job.id artifacts: paths: - ./passwords.tar.gz - job.id only: - testing - stable Publish Nightly: stage: publishing script: - source job.id - echo "-----BEGIN PRIVATE KEY-----" > sign.key - echo $SIGN_KEY | tr " " "\n" >> sign.key - echo "-----END PRIVATE KEY-----" >> sign.key - SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n") - rm sign.key - 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":true}"' environment: name: Testing only: - testing Publish Stable: stage: publishing script: - source job.id - echo "-----BEGIN PRIVATE KEY-----" > sign.key - echo $SIGN_KEY | tr " " "\n" >> sign.key - echo "-----END PRIVATE KEY-----" >> sign.key - SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n") - rm sign.key - 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":false}"' environment: name: Stable only: - stable