Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix docs#5 #6

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix docs#5 #6

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
191d9c9
Update README with nighly and code-signing
R0Wi Nov 17, 2020
54d726d
Add badges
R0Wi Nov 17, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 77 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
![GitHub release (latest by date)](https://img.shields.io/github/v/release/R0Wi/nextcloud-appstore-push-action)
![Run tests](https://github.com/R0Wi/nextcloud-appstore-push-action/workflows/Run%20tests/badge.svg)
[![GitHub license](https://img.shields.io/github/license/R0Wi/nextcloud-appstore-push-action)](https://github.com/R0Wi/nextcloud-appstore-push-action/blob/master/LICENSE)

# Upload a new app version to Nextcloud's appstore
This Github Action automatically publishes a new app version in the Nextcloud appstore after you created a new Github release.

Expand All @@ -13,7 +17,7 @@ The following workflow can be automated when using this Github Action:

## Prerequisites
1. **Register** you app in the Nextcloud appstore like described [here](https://nextcloudappstore.readthedocs.io/en/latest/developer.html).
2. Paste the content of your app's **private key into a new [Github Secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)** named `APP_PRIVATE_KEY`. This key is later used for signing the new app version before uploading it to the appstore.
2. Paste the content of your app's **private key (`.key`) into a new [Github Secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets)** named `APP_PRIVATE_KEY`. This key is later used for signing the new app version before uploading it to the appstore. If you want to use [code signing](https://docs.nextcloud.com/server/latest/admin_manual/issues/code_signing.html) you will need the certificate (`.crt`) of your app, too. Store it inside another secret called `APP_CERT`.

3. For **authentication** against the Nextcloud appstore you can use one of the following approaches:
1. **Token** (recommended): create a new [Github Secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) for your Nextcloud appstore account [token](https://nextcloudappstore.readthedocs.io/en/latest/restapi.html#authentication) named `APPSTORE_TOKEN`. The token can be copied by logging into https://apps.nextcloud.com an then visiting *My account -> API-Token*.
Expand Down Expand Up @@ -64,20 +68,84 @@ jobs:
appstore_token: ${{ secrets.APPSTORE_TOKEN }}
download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
nightly: ${{ github.event.release.prerelease }}
nightly: false

```

### Example including [code signing](https://docs.nextcloud.com/server/latest/admin_manual/issues/code_signing.html)
The following example show how to upload a app which makes use of [code signing](https://docs.nextcloud.com/server/latest/admin_manual/issues/code_signing.html). It assumes the following:
* You have a `Makefile` inside of your app's root folder which makes use of the [`occ integrity:sign-app`](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#integrity-check)-command to sign the code of your app before creating the app's tarball
* The `Makefile` will use the app's private key and certificate from the root of the app folder. Please modify the paths if they do not fit your needs.

> :warning: Always make sure you never upload your app's private key inside the app's tarball by accident! Unfortunately the [`occ integrity:sign-app`](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#integrity-check)-command currently needs the `.key` and `.crt`-files to be persisted on the local disk for signing.

```yaml
name: Build and publish app release

on:
release:
types: [published]

env:
APP_NAME: workflow_ocr

jobs:
build_and_publish:
runs-on: ubuntu-latest
steps:
- name: Checkout NC server
uses: actions/checkout@v2
with:
repository: nextcloud/server
ref: 'master'
- name: Checkout NC submodules
shell: bash
run: |
auth_header="$(git config --local --get http.https://github.com/.extraheader)"
git submodule sync --recursive
git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
Comment on lines +100 to +106
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ref: 'master'
- name: Checkout NC submodules
shell: bash
run: |
auth_header="$(git config --local --get http.https://github.com/.extraheader)"
git submodule sync --recursive
git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
ref: master
submodules: true

- name: Checkout app
uses: actions/checkout@v2
with:
path: ${{ env.APP_NAME }}
- name: Run build
run: |
cd ${{ env.APP_NAME }}
echo "${{ secrets.APP_PRIVATE_KEY }}" > ${{ env.APP_NAME }}.key
echo "${{ secrets.APP_CERT }}" > ${{ env.APP_NAME }}.crt
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be nice to download from the official repo instead.

Suggested change
echo "${{ secrets.APP_CERT }}" > ${{ env.APP_NAME }}.crt
wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"

make appstore
rm ${{ env.APP_NAME }}.key
rm ${{ env.APP_NAME }}.crt
- name: Upload app tarball to release
uses: svenstaro/upload-release-action@v2
id: attach_to_release
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ env.APP_NAME }}/build/artifacts/appstore/${{ env.APP_NAME }}.tar.gz
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure all apps follows that path 🤔
Krankerl outputs to build/artifacts/<app_id>.tar.gz
https://github.com/ChristophWurst/krankerl

asset_name: ${{ env.APP_NAME }}.tar.gz
tag: ${{ github.ref }}
overwrite: true
- name: Upload app to Nextcloud appstore
uses: R0Wi/nextcloud-appstore-push-action@v1
env:
app_name: ${{ env.APP_NAME }}
appstore_token: ${{ secrets.APPSTORE_TOKEN }}
download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
nightly: false

```

### Input variables
| Name | Description | Default | Possible values | Required |
|-------------------|---------------------------------------------------------------------------------------------|---------|-----------------|----------|
| `app_name` | The id of your Nextcloud app | - | `string` | `true` |
| `appstore_token` | A valid access token to upload a new version of your app into Nextcloud appstore | - | `string` | `false`* |
| `appstore_username` | Username for Nextcloud appstore | - | `string` | `false`* |
| `appstore_password` | Password for Nextcloud appstore | - | `string` | `false`* |
| `download_url` | The download url of you app tarball | - | `string` | `true` |
| `app_private_key` | The private key string of you app to sign the new release. Usually stored in Github Secrets | - | `string` | `true` |
| `nightly` | Controls if the app will be published as nightly into the Nextcloud appstore | `false` | `true`, `false` | `false` |
| `app_name` | The id of your Nextcloud app. | - | `string` | `true` |
| `appstore_token` | A valid access token to upload a new version of your app into Nextcloud appstore. | - | `string` | `false`* |
| `appstore_username` | Username for Nextcloud appstore. | - | `string` | `false`* |
| `appstore_password` | Password for Nextcloud appstore. | - | `string` | `false`* |
| `download_url` | The download url of your app's tarball. | - | `string` | `true` |
| `app_private_key` | The private key string of your app to sign the new release tarball (and eventually used for [code signing](https://docs.nextcloud.com/server/latest/admin_manual/issues/code_signing.html)). Usually stored in Github Secrets. | - | `string` | `true` |
| `nightly` | Controls if the app will be published as nightly into the Nextcloud appstore. This should only be set to `true` if you publish app releases via daily builds (e.g. from your `master`-branch). See [#5](https://github.com/R0Wi/nextcloud-appstore-push-action/issues/5) for more details. | `false` | `true`, `false` | `false` |

> *Either `appstore_token` or `appstore_username` **and** `appstore_password` must be set.

Expand Down