stages: - compiling - assembling - testing - signing - packaging - publishing image: ubuntu:20.04 Compile: stage: compiling script: - apt update - apt install npm - npm install - if [ "${CI_COMMIT_REF_NAME}" == "stable" ] ; then npm run build:prod ; fi - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then npm run build:nightly ; fi artifacts: paths: - ./src/js/Static/* - ./src/l10n/* - ./src/css/* Assemble: stage: assembling script: - mkdir passwords - if [ "${CI_COMMIT_REF_NAME}" == "stable" ] ; then sed -i -e "s/-BUILD//g" ./src/appinfo/info.xml ; fi - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then sed -i -e "s/-BUILD/-build${CI_PIPELINE_ID}/g" ./src/appinfo/info.xml ; fi - rsync -r --exclude="vue" --exclude="js" --exclude="scss" src/* passwords - rsync -r src/js/Static passwords/js/ - cp CHANGELOG.md passwords/ artifacts: paths: - ./passwords PHPUnit: stage: testing script: - npm run phpunit artifacts: paths: - ./passwords Sign: stage: signing script: - echo "-----BEGIN PRIVATE KEY-----" > sign.key - echo $SIGN_KEY | tr " " "\n" >> sign.key - echo "-----END PRIVATE KEY-----" >> sign.key - echo "-----BEGIN CERTIFICATE-----" > sign.crt - echo $SIGN_CRT | tr " " "\n" >> sign.crt - echo "-----END CERTIFICATE-----" >> sign.crt - /usr/src/nextcloud/occ integrity:sign-app --path=$(pwd)/passwords --privateKey=$(pwd)/sign.key --certificate=$(pwd)/sign.crt - rm sign.key sign.crt artifacts: paths: - ./passwords only: - testing - stable Pack: stage: packaging script: - tar -zcf passwords.tar.gz passwords - echo "export JOB_ID=\"${CI_JOB_ID}\"" > job.id artifacts: paths: - ./passwords.tar.gz - job.id only: - testing - stable Publish Nightly: stage: publishing script: - source job.id - echo "-----BEGIN PRIVATE KEY-----" > sign.key - echo $SIGN_KEY | tr " " "\n" >> sign.key - echo "-----END PRIVATE KEY-----" >> sign.key - SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n") - rm sign.key - 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":true}"' environment: name: Testing only: - testing Publish Stable: stage: publishing script: - source job.id - echo "-----BEGIN PRIVATE KEY-----" > sign.key - echo $SIGN_KEY | tr " " "\n" >> sign.key - echo "-----END PRIVATE KEY-----" >> sign.key - SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n") - rm sign.key - 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":false}"' environment: name: Stable only: - stable