diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml new file mode 100644 index 0000000..dee091f --- /dev/null +++ b/.github/workflows/ci-cd.yml @@ -0,0 +1,48 @@ +name: CI/CD + +on: + pull_request: + push: + branches: + - master + tags: + - '[0-9]+.[0-9]+.[0-9]+' + - '[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+' + +env: + MATTERMOST_CHANNEL: publication + MATTERMOST_HOOK_URL: ${{ secrets.MATTERMOST_HOOK_URL }} + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + +jobs: + build: + name: Build and publish + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install dependencies + run: yarn install --frozen-lockfile + - name: Lint + run: yarn lint + - name: Build + run: yarn build + - name: Set SSH git push + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.DEPLOY_KEY }} + - name: Publish + if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') + run: | + DEPLOY_BRANCH=build yarn deploy + BUILD_SHA=$(git rev-parse build) + BUILD_URL=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/archive/$BUILD_SHA.tar.gz + if [[ $GITHUB_REF == refs/tags/* ]]; then + yarn cozyPublish --yes --build-url $BUILD_URL --postpublish mattermost + else + yarn cozyPublish --yes --build-url $BUILD_URL + fi diff --git a/.gitignore b/.gitignore index 35d328e..0d2608d 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ konnector-dev-config.json* fixtures/* data/* +.env # NPM node_modules/ diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 0000000..87bc4c7 --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +20.18.3 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index b693e8b..0000000 --- a/.travis.yml +++ /dev/null @@ -1,43 +0,0 @@ -language: node_js -dist: focal -node_js: -- '20' -env: - global: - - MATTERMOST_CHANNEL=publication - - secure: BgLoSPUecHA7qWjSp7qFLaPkl/o5hJmihffsXh8FveogYtbFRKOZoY+0mwCBcYBeuO3oAieObHF0ZZ0inMD1DPezC5wWlMku85zp7oUW0XfJn++o+AaG1yCRaQN9s4XTR5Y5nBVBEsFe3QQr+6vdPuHY4V/JQT+auAPjs7rBVJ78RFO3munKi6sEA2UMo7ztKB/OySqHLF+BDJTRpA9pJFlI5MI4FGt5971xEM0qj6wFKSj0s/3r+S80i34Wy/XxI0EGCBmz+XQTZexA5oFE/JqePw88PTYOTCb/eTHL1aS7CM6Ue/9VIDneYmP16tDVABSdYy70o9ttb59D0CL5pSBiNtF4ZDptrKy55f5joVaHIeoQdEcFOsiNc0XU40FzxGbUM0NPTFlo68se/XqcxwWLq3/9nPTwLSFnxEKurRHKtS76P6stfaKVyejwvHYol4AZkT6TalD1ai3uRnagGRvUruxAGlwWvfJ1uGbJAEpiYbj+Wako5i6tuDnpp0R829GraX/9yZJkrCA1PjslTO2AwYzFdnRbbxao5QEZ7aPbjd2tRjWiTXovBpjgokR0qjn9Et18Jj7qztg2C+SEvYtITFqztBjr2DvDG4WlsRCWbHHIj+DJLYZuRLUre/cMDbDc/z2ixl881KvI6euotFVC+5T4kSatcHO9lAhgjw0= - # MATTERMOST_HOOK_URL - - secure: ehNTj2kwGECCMPDtlGmCz7Mn2krRPCoQx0wtGCX8bW2tLhvXWPTCjgprXc2jYdJc6Oejx45UfRNc+i+hXGYj1yaibcZYOwtAHBWI7QKs6j5myDhpFrBgbPOKNmynGpK5trw20Tb6qL/lwV8UsgSGzVupplC8xh4oHtJnQ8xXKCyYbIKU1DXoegDzOVhnVeKwihcO3MolYVMZnOV/JdU7T5TYhgP8cukMBJk4iQ+UPBiRU5tj8vT3ujXJSiDabGw+tZqoWSRvARsYJm7XzdCkwTcD5HqpLZkFNvMYSYpFiu58pTLOH5HH9mX8AcvhSNY/AEZS3Vfed6L6HW0F34q6GMk6FhVSt3jnBs94SYJC34QzLiA+H1Vy8sd+xZ1OobJQbtdwNISCvVFxABd1uEsQd0BFp+6/uThgskgAnVq7T8IkkBhtfja9KAyn7pNg1cvtI1UZ/Isd+7Orkn9C5ltDqv9TEasErynXtc3VuD5r1QPSA7iA4zzu6J/qPUT/zvkPw8Eort6red4Kv83HOIgjRdihTNue0MyiU931dACfiBkhfN2nF7yHt4wu73w/eSWjHOzeSpCEWpj9VX//5puC+fcpGUV+DPCcrAbEYkqLrPrK70+FNzxiNEoToTQFjSvnSbVdx7UrFZYG0RMDSM48zIQjSxyk3Uk2up4+aBFeMVw= -cache: - yarn: true - directories: - - node_modules -branches: - except: - - build - - build-debug -script: -- yarn lint -- yarn build -deploy: -- provider: script - skip-cleanup: true - script: DEPLOY_BRANCH=build yarn deploy && yarn cozyPublish - on: - branch: - - master - - main -- provider: script - skip-cleanup: true - script: DEPLOY_BRANCH=build yarn deploy && yarn cozyPublish --postpublish mattermost - on: - tags: true -before_install: -- openssl aes-256-cbc -K $encrypted_8ebb1ef83f64_key -iv $encrypted_8ebb1ef83f64_iv - -in github_deploy_key.enc -out /tmp/github_deploy_key -d -- eval "$(ssh-agent -s)" -- if [[ -f /tmp/github_deploy_key ]]; then chmod 600 /tmp/github_deploy_key; fi -- if [[ -f /tmp/github_deploy_key ]]; then ssh-add /tmp/github_deploy_key; fi -after_deploy: -- rm -f /tmp/github_deploy_key -- ssh-add -D diff --git a/bin/generate_travis_deploy_key b/bin/generate_travis_deploy_key deleted file mode 100755 index dcd7ce4..0000000 --- a/bin/generate_travis_deploy_key +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -set -e - -if [ -z "$GITHUB_TOKEN" ]; then - echo "" - echo "GITHUB_TOKEN environment variable is missing" - echo "" - echo "TRAVIS DEPLOY KEY GENERATOR" - echo "" - echo "What it does : generate a new private and public key, add the public key as a deploy key - with write access to the origin remote github repository, encrypt the private key as - github_deploy_key.enc and add the configuration necessary to use it in .travis.yml file" - echo "" - echo "Use it like this:" - echo "" - echo " GITHUB_TOKEN=\`cat ~/secret/GITHUB_TOKEN\` ./generate_travis_deploy_key" - echo "" - echo "where ~/secret/GITHUB_TOKEN is a file containing a github token with write access to the current repository : (origin)" - echo "" - echo "You must have the travis executable installed on your system and available in the PATH" - echo "" - exit -fi - -url="$(git config --get remote.origin.url)" -owner="$(echo $url | cut -d: -f2 | cut -d/ -f1)" -reponame="$(echo $url | cut -d/ -f2 | cut -d. -f1)" - -# generate a new private and public key -ssh-keygen -t rsa -b 4096 -f github_deploy_key -N '' -C $url -q 1>/dev/null - -pubkey="$(cat github_deploy_key.pub)" - -# add the PUBLIC key to the github repository as a deploy key with write access -curl https://api.github.com/repos/$owner/$reponame/keys -H "Authorization: token $GITHUB_TOKEN" --data @- << EOF -{ - "title": "travis deploy key", - "key": "$pubkey", - "read_only": false -} -EOF - -# Synchronize Travis to get latest repo -travis sync --pro -# use travis to encrypt the private key as github_deploy_key.enc and remove the private key -travis encrypt-file github_deploy_key --pro --add --no-interactive -w /tmp/github_deploy_key -f -git add github_deploy_key.enc - -# cleaning -rm github_deploy_key -rm github_deploy_key.pub diff --git a/bin/generate_travis_deploy_key.ps1 b/bin/generate_travis_deploy_key.ps1 deleted file mode 100644 index 9ba21d7..0000000 --- a/bin/generate_travis_deploy_key.ps1 +++ /dev/null @@ -1,69 +0,0 @@ -param([String]$github_token = $env:GITHUB_TOKEN) -$ErrorActionPreference = "Stop" - -function cut { - param( - [Parameter(ValueFromPipeline = $True)] [string]$inputobject, - [string]$delimiter, - [int]$fieldIndex - ) - - process { - return ($inputobject -split $delimiter)[$fieldIndex - 1] - } -} - -if (!$github_token) { - echo "" - echo "GITHUB_TOKEN environment variable is missing" - echo "" - echo "TRAVIS DEPLOY KEY GENERATOR" - echo "" - echo "What it does : generate a new private and public key, add the public key as a deploy key -with write access to the origin remote github repository, encrypt the private key as -github_deploy_key.enc and add the configuration necessary to use it in .travis.yml file" - echo "" - echo "Use it like this:" - echo "" - echo " $env:GITHUB_TOKEN=""GITHUB_TOKEN""" - echo " .\generate_travis_deploy_key.ps1" - echo "" - echo "Or like this:" - echo "" - echo " .\generate_travis_deploy_key.ps1 ""GITHUB_TOKEN""" - echo "" - echo "where ""GITHUB_TOKEN"" is a github token with write access to the current repository : (origin)" - echo "" - echo "You must have the travis executable installed on your system and available in the PATH" - echo "" - echo "You also must be authenticated on travis cli (travis login --auto)" - echo "" - exit -} - -$url = "$(git config --get remote.origin.url)" -$owner = "$(echo $url | cut -d / -f 4)" -$reponame = "$(echo $url | cut -d / -f 5 | cut -d \. -f 1)" - -# generate a new private and public key -ssh-keygen -t rsa -b 4096 -f github_deploy_key -N System.String -C "$url" -q - -$pubkey = "$(cat github_deploy_key.pub)" - -# add the PUBLIC key to the github repository as a deploy key with write access -[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -curl https://api.github.com/repos/$owner/$reponame/keys -H @{"Authorization" = "token $github_token"} -Method "POST" -Body @" -{ - "title": "travis deploy key", - "key": "$pubkey", - "read_only": false -} -"@ - -# use travis to encrypt the private key as github_deploy_key.enc and remove the private key -travis encrypt-file github_deploy_key --pro --add --no-interactive -w /tmp/github_deploy_key -f -git add github_deploy_key.enc - -# cleaning -rm github_deploy_key -rm github_deploy_key.pub diff --git a/bin/init_github_action b/bin/init_github_action new file mode 100755 index 0000000..3f93854 --- /dev/null +++ b/bin/init_github_action @@ -0,0 +1,48 @@ +#!/bin/bash + +set -e + +# .env file sample +# MATTERMOST_HOOK_URL=https://*** +# REGISTRY_TOKEN="***" + +if [ ! -f ".env" ]; then + echo "Error: .env file is missing" + echo "Please create a .env file with the following structure:" + echo "MATTERMOST_HOOK_URL=https://your-mattermost-hook-url" + echo "REGISTRY_TOKEN=your-registry-token" + exit 1 +fi + +# Check if required environment variables are present in .env +if ! grep -q "^MATTERMOST_HOOK_URL=" .env || ! grep -q "^REGISTRY_TOKEN=" .env; then + echo "Error: MATTERMOST_HOOK_URL and/or REGISTRY_TOKEN missing from .env file" + exit 1 +fi + +# Source the .env file to get variables +source .env + +# Check if variables are empty +if [ -z "$MATTERMOST_HOOK_URL" ] || [ -z "$REGISTRY_TOKEN" ]; then + echo "Error: MATTERMOST_HOOK_URL and/or REGISTRY_TOKEN cannot be empty in .env file" + exit 1 +fi + +# Check if gh CLI is installed +if ! command -v gh &> /dev/null; then + echo "Error: GitHub CLI (gh) is not installed" + echo "Please install it from: https://cli.github.com/" + exit 1 +fi + +# generate a new private and public key +ssh-keygen -t rsa -b 4096 -f github_deploy_key -N '' -C $url -q 1>/dev/null + +gh repo deploy-key add --allow-write --title "github_deploy_key" ./github_deploy_key.pub +gh secret set DEPLOY_KEY < github_deploy_key +gh secret set -f .env + +# cleaning +rm github_deploy_key +rm github_deploy_key.pub diff --git a/github_deploy_key.enc b/github_deploy_key.enc deleted file mode 100644 index 5c1025b..0000000 Binary files a/github_deploy_key.enc and /dev/null differ diff --git a/package.json b/package.json index de9a0f8..2777ed3 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "lint": "eslint --fix .", "deploy": "git-directory-deploy --directory build/ --branch ${DEPLOY_BRANCH:-build} --repo=${DEPLOY_REPOSITORY:-$npm_package_repository_url}", "cozyPublish": "cozy-app-publish --token $REGISTRY_TOKEN --build-commit $(git rev-parse ${DEPLOY_BRANCH:-build})", - "travisDeployKey": "./bin/generate_travis_deploy_key" + "initGithubAction": "./bin/init_github_action" }, "dependencies": { "cheerio": "^1.0.0-rc.12",