From 4b68235044e2b3ffb9e50738b3ef773337afddee Mon Sep 17 00:00:00 2001 From: doubleface Date: Tue, 9 Sep 2025 14:18:54 +0200 Subject: [PATCH] feat: Migrate from Travis to GitHub Actions --- .github/workflows/ci-cd.yml | 48 ++++++++++++++++++++ .gitignore | 1 + .nvmrc | 1 + .travis.yml | 43 ------------------ bin/generate_travis_deploy_key | 52 ---------------------- bin/generate_travis_deploy_key.ps1 | 69 ----------------------------- bin/init_github_action | 48 ++++++++++++++++++++ github_deploy_key.enc | Bin 3424 -> 0 bytes package.json | 2 +- 9 files changed, 99 insertions(+), 165 deletions(-) create mode 100644 .github/workflows/ci-cd.yml create mode 100644 .nvmrc delete mode 100644 .travis.yml delete mode 100755 bin/generate_travis_deploy_key delete mode 100644 bin/generate_travis_deploy_key.ps1 create mode 100755 bin/init_github_action delete mode 100644 github_deploy_key.enc diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml new file mode 100644 index 0000000..dee091f --- /dev/null +++ b/.github/workflows/ci-cd.yml @@ -0,0 +1,48 @@ +name: CI/CD + +on: + pull_request: + push: + branches: + - master + tags: + - '[0-9]+.[0-9]+.[0-9]+' + - '[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+' + +env: + MATTERMOST_CHANNEL: publication + MATTERMOST_HOOK_URL: ${{ secrets.MATTERMOST_HOOK_URL }} + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + +jobs: + build: + name: Build and publish + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install dependencies + run: yarn install --frozen-lockfile + - name: Lint + run: yarn lint + - name: Build + run: yarn build + - name: Set SSH git push + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.DEPLOY_KEY }} + - name: Publish + if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') + run: | + DEPLOY_BRANCH=build yarn deploy + BUILD_SHA=$(git rev-parse build) + BUILD_URL=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/archive/$BUILD_SHA.tar.gz + if [[ $GITHUB_REF == refs/tags/* ]]; then + yarn cozyPublish --yes --build-url $BUILD_URL --postpublish mattermost + else + yarn cozyPublish --yes --build-url $BUILD_URL + fi diff --git a/.gitignore b/.gitignore index 35d328e..0d2608d 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ konnector-dev-config.json* fixtures/* data/* +.env # NPM node_modules/ diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 0000000..87bc4c7 --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +20.18.3 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index b693e8b..0000000 --- a/.travis.yml +++ /dev/null @@ -1,43 +0,0 @@ -language: node_js -dist: focal -node_js: -- '20' -env: - global: - - MATTERMOST_CHANNEL=publication - - secure: BgLoSPUecHA7qWjSp7qFLaPkl/o5hJmihffsXh8FveogYtbFRKOZoY+0mwCBcYBeuO3oAieObHF0ZZ0inMD1DPezC5wWlMku85zp7oUW0XfJn++o+AaG1yCRaQN9s4XTR5Y5nBVBEsFe3QQr+6vdPuHY4V/JQT+auAPjs7rBVJ78RFO3munKi6sEA2UMo7ztKB/OySqHLF+BDJTRpA9pJFlI5MI4FGt5971xEM0qj6wFKSj0s/3r+S80i34Wy/XxI0EGCBmz+XQTZexA5oFE/JqePw88PTYOTCb/eTHL1aS7CM6Ue/9VIDneYmP16tDVABSdYy70o9ttb59D0CL5pSBiNtF4ZDptrKy55f5joVaHIeoQdEcFOsiNc0XU40FzxGbUM0NPTFlo68se/XqcxwWLq3/9nPTwLSFnxEKurRHKtS76P6stfaKVyejwvHYol4AZkT6TalD1ai3uRnagGRvUruxAGlwWvfJ1uGbJAEpiYbj+Wako5i6tuDnpp0R829GraX/9yZJkrCA1PjslTO2AwYzFdnRbbxao5QEZ7aPbjd2tRjWiTXovBpjgokR0qjn9Et18Jj7qztg2C+SEvYtITFqztBjr2DvDG4WlsRCWbHHIj+DJLYZuRLUre/cMDbDc/z2ixl881KvI6euotFVC+5T4kSatcHO9lAhgjw0= - # MATTERMOST_HOOK_URL - - secure: ehNTj2kwGECCMPDtlGmCz7Mn2krRPCoQx0wtGCX8bW2tLhvXWPTCjgprXc2jYdJc6Oejx45UfRNc+i+hXGYj1yaibcZYOwtAHBWI7QKs6j5myDhpFrBgbPOKNmynGpK5trw20Tb6qL/lwV8UsgSGzVupplC8xh4oHtJnQ8xXKCyYbIKU1DXoegDzOVhnVeKwihcO3MolYVMZnOV/JdU7T5TYhgP8cukMBJk4iQ+UPBiRU5tj8vT3ujXJSiDabGw+tZqoWSRvARsYJm7XzdCkwTcD5HqpLZkFNvMYSYpFiu58pTLOH5HH9mX8AcvhSNY/AEZS3Vfed6L6HW0F34q6GMk6FhVSt3jnBs94SYJC34QzLiA+H1Vy8sd+xZ1OobJQbtdwNISCvVFxABd1uEsQd0BFp+6/uThgskgAnVq7T8IkkBhtfja9KAyn7pNg1cvtI1UZ/Isd+7Orkn9C5ltDqv9TEasErynXtc3VuD5r1QPSA7iA4zzu6J/qPUT/zvkPw8Eort6red4Kv83HOIgjRdihTNue0MyiU931dACfiBkhfN2nF7yHt4wu73w/eSWjHOzeSpCEWpj9VX//5puC+fcpGUV+DPCcrAbEYkqLrPrK70+FNzxiNEoToTQFjSvnSbVdx7UrFZYG0RMDSM48zIQjSxyk3Uk2up4+aBFeMVw= -cache: - yarn: true - directories: - - node_modules -branches: - except: - - build - - build-debug -script: -- yarn lint -- yarn build -deploy: -- provider: script - skip-cleanup: true - script: DEPLOY_BRANCH=build yarn deploy && yarn cozyPublish - on: - branch: - - master - - main -- provider: script - skip-cleanup: true - script: DEPLOY_BRANCH=build yarn deploy && yarn cozyPublish --postpublish mattermost - on: - tags: true -before_install: -- openssl aes-256-cbc -K $encrypted_8ebb1ef83f64_key -iv $encrypted_8ebb1ef83f64_iv - -in github_deploy_key.enc -out /tmp/github_deploy_key -d -- eval "$(ssh-agent -s)" -- if [[ -f /tmp/github_deploy_key ]]; then chmod 600 /tmp/github_deploy_key; fi -- if [[ -f /tmp/github_deploy_key ]]; then ssh-add /tmp/github_deploy_key; fi -after_deploy: -- rm -f /tmp/github_deploy_key -- ssh-add -D diff --git a/bin/generate_travis_deploy_key b/bin/generate_travis_deploy_key deleted file mode 100755 index dcd7ce4..0000000 --- a/bin/generate_travis_deploy_key +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -set -e - -if [ -z "$GITHUB_TOKEN" ]; then - echo "" - echo "GITHUB_TOKEN environment variable is missing" - echo "" - echo "TRAVIS DEPLOY KEY GENERATOR" - echo "" - echo "What it does : generate a new private and public key, add the public key as a deploy key - with write access to the origin remote github repository, encrypt the private key as - github_deploy_key.enc and add the configuration necessary to use it in .travis.yml file" - echo "" - echo "Use it like this:" - echo "" - echo " GITHUB_TOKEN=\`cat ~/secret/GITHUB_TOKEN\` ./generate_travis_deploy_key" - echo "" - echo "where ~/secret/GITHUB_TOKEN is a file containing a github token with write access to the current repository : (origin)" - echo "" - echo "You must have the travis executable installed on your system and available in the PATH" - echo "" - exit -fi - -url="$(git config --get remote.origin.url)" -owner="$(echo $url | cut -d: -f2 | cut -d/ -f1)" -reponame="$(echo $url | cut -d/ -f2 | cut -d. -f1)" - -# generate a new private and public key -ssh-keygen -t rsa -b 4096 -f github_deploy_key -N '' -C $url -q 1>/dev/null - -pubkey="$(cat github_deploy_key.pub)" - -# add the PUBLIC key to the github repository as a deploy key with write access -curl https://api.github.com/repos/$owner/$reponame/keys -H "Authorization: token $GITHUB_TOKEN" --data @- << EOF -{ - "title": "travis deploy key", - "key": "$pubkey", - "read_only": false -} -EOF - -# Synchronize Travis to get latest repo -travis sync --pro -# use travis to encrypt the private key as github_deploy_key.enc and remove the private key -travis encrypt-file github_deploy_key --pro --add --no-interactive -w /tmp/github_deploy_key -f -git add github_deploy_key.enc - -# cleaning -rm github_deploy_key -rm github_deploy_key.pub diff --git a/bin/generate_travis_deploy_key.ps1 b/bin/generate_travis_deploy_key.ps1 deleted file mode 100644 index 9ba21d7..0000000 --- a/bin/generate_travis_deploy_key.ps1 +++ /dev/null @@ -1,69 +0,0 @@ -param([String]$github_token = $env:GITHUB_TOKEN) -$ErrorActionPreference = "Stop" - -function cut { - param( - [Parameter(ValueFromPipeline = $True)] [string]$inputobject, - [string]$delimiter, - [int]$fieldIndex - ) - - process { - return ($inputobject -split $delimiter)[$fieldIndex - 1] - } -} - -if (!$github_token) { - echo "" - echo "GITHUB_TOKEN environment variable is missing" - echo "" - echo "TRAVIS DEPLOY KEY GENERATOR" - echo "" - echo "What it does : generate a new private and public key, add the public key as a deploy key -with write access to the origin remote github repository, encrypt the private key as -github_deploy_key.enc and add the configuration necessary to use it in .travis.yml file" - echo "" - echo "Use it like this:" - echo "" - echo " $env:GITHUB_TOKEN=""GITHUB_TOKEN""" - echo " .\generate_travis_deploy_key.ps1" - echo "" - echo "Or like this:" - echo "" - echo " .\generate_travis_deploy_key.ps1 ""GITHUB_TOKEN""" - echo "" - echo "where ""GITHUB_TOKEN"" is a github token with write access to the current repository : (origin)" - echo "" - echo "You must have the travis executable installed on your system and available in the PATH" - echo "" - echo "You also must be authenticated on travis cli (travis login --auto)" - echo "" - exit -} - -$url = "$(git config --get remote.origin.url)" -$owner = "$(echo $url | cut -d / -f 4)" -$reponame = "$(echo $url | cut -d / -f 5 | cut -d \. -f 1)" - -# generate a new private and public key -ssh-keygen -t rsa -b 4096 -f github_deploy_key -N System.String -C "$url" -q - -$pubkey = "$(cat github_deploy_key.pub)" - -# add the PUBLIC key to the github repository as a deploy key with write access -[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -curl https://api.github.com/repos/$owner/$reponame/keys -H @{"Authorization" = "token $github_token"} -Method "POST" -Body @" -{ - "title": "travis deploy key", - "key": "$pubkey", - "read_only": false -} -"@ - -# use travis to encrypt the private key as github_deploy_key.enc and remove the private key -travis encrypt-file github_deploy_key --pro --add --no-interactive -w /tmp/github_deploy_key -f -git add github_deploy_key.enc - -# cleaning -rm github_deploy_key -rm github_deploy_key.pub diff --git a/bin/init_github_action b/bin/init_github_action new file mode 100755 index 0000000..3f93854 --- /dev/null +++ b/bin/init_github_action @@ -0,0 +1,48 @@ +#!/bin/bash + +set -e + +# .env file sample +# MATTERMOST_HOOK_URL=https://*** +# REGISTRY_TOKEN="***" + +if [ ! -f ".env" ]; then + echo "Error: .env file is missing" + echo "Please create a .env file with the following structure:" + echo "MATTERMOST_HOOK_URL=https://your-mattermost-hook-url" + echo "REGISTRY_TOKEN=your-registry-token" + exit 1 +fi + +# Check if required environment variables are present in .env +if ! grep -q "^MATTERMOST_HOOK_URL=" .env || ! grep -q "^REGISTRY_TOKEN=" .env; then + echo "Error: MATTERMOST_HOOK_URL and/or REGISTRY_TOKEN missing from .env file" + exit 1 +fi + +# Source the .env file to get variables +source .env + +# Check if variables are empty +if [ -z "$MATTERMOST_HOOK_URL" ] || [ -z "$REGISTRY_TOKEN" ]; then + echo "Error: MATTERMOST_HOOK_URL and/or REGISTRY_TOKEN cannot be empty in .env file" + exit 1 +fi + +# Check if gh CLI is installed +if ! command -v gh &> /dev/null; then + echo "Error: GitHub CLI (gh) is not installed" + echo "Please install it from: https://cli.github.com/" + exit 1 +fi + +# generate a new private and public key +ssh-keygen -t rsa -b 4096 -f github_deploy_key -N '' -C $url -q 1>/dev/null + +gh repo deploy-key add --allow-write --title "github_deploy_key" ./github_deploy_key.pub +gh secret set DEPLOY_KEY < github_deploy_key +gh secret set -f .env + +# cleaning +rm github_deploy_key +rm github_deploy_key.pub diff --git a/github_deploy_key.enc b/github_deploy_key.enc deleted file mode 100644 index 5c1025b91dab76680f9f370e5e5267038efec4d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3424 zcmV-m4WII`WJW&1G7O^{3T#oHrEL0xTPrEDbf$qZEdVnH{cII4C3Zn3@pQCWvJ^um z`E;iub?JwLr002Af7#Df*4W-~Y^E8~Q8+DWw|*)R6h8qiAVaSasCgQ2r1vA>YT&{H z3wD4UIv67!8S&%x77}F#*sVe)%>BT_YzM(@Z%#rESO+fhB?wcV4IWsn5*b@<73&Dw zAb*}+QxY@7@7G9d8y+dz7gj$AQ;Z{53aIXkM3+fe3a!n=Nv0zzz9or8FO<^ z_C7$MERh>@xQyM&FySqgX+%d6*H5logtzQRz#;MvqK=*?PU3QJK(!`9VG^pS`HFH4 zF>}Www4{Ahmq<2RKkhm7oCUrjbs%ZNQZn)Gx%PJ$Aqk66Lr-pk1CF0wvK_YePv&8sXmSw&Y1(SM2)@?tX4s}2y`PK(M@3Y zWb;~F>2>lgtwJU#Qj?>!d9rZb`50KOQ3_?g+C5fcU1<{J8{L-Cq5m8K2> z*O@k5m6l&eiS*62;`0I0l=W+KwMipWK!*aj=Q+gC!)5aBlJM^es(#}qs3Aq&aInu+saei1TG2C8O;bo6FQ zhi%T>HK=%L)38#=MQ^l9vc~5j5i?oXPNR=+9qUzTLQee@ILe~A4|TGtCx_vBPb>ls$%X=f`NqWm5wYeq*M>h0)@eq+_b%Cv{}6jSM3ntz4ZmbJBMDBt}W$2 zfr~**VnQ^NxKVMG#LkpV18+16q7o?k|3{3^@e7tU!Z5Za^!Wmtpvx3tQPP8tZ>|Q; zG*F0PVgNdmFyKV?qWU|v@RF@QOPJvf&32VkaS7I{5uRu>|;bzDM{+4#xB zdV1**@vxyZN%rTc>3_`Ef{ng@$ImY;SX#C)FCx#-lZN}!xz~BwxX0*|kUfSq@K8GJ zX_2z&l_mj1k8>D8th!47bGx?Rc=t#|;5(5Fj|lmbq@^j#<=NDc)~9i+Ri47{x=FP_ z%rMUj)J8f}PFUGHH+MbOYuS!fWxc(g_Qsp~uH`H86Rdi|MmJx$3BIF^hFTQ~GU@{LyJR(%;4#e(x@{wwC z@M^sc(>8rdk^^SCA?NtL@{;eolMnh|eoV03hIg~X69nb~UWU>jKxZ3#p=Rw!w1!uq z@3_S3z0zat5|#KL>j_$s=ntKK`dfwjss!>N1Ym_MxvP7oN$rM}=fDKOh3 z1r+&iM&#eA+4m0jW3FXPZ?4ML!TSb~Wzc4&0;frR)hx3|en<rZiGfu0QTI1DbN5mCl3d* z#x>CGkIEM#3G&%+{v=fNRe?Pi)sq}D@T)cV7*QqC*P25n7Sj#QR-z@>Q>q`ERlEIL z{SYf2@oBAXKJsSs6cO!i!`hg7lvbAxoJ}P3u-C6V~XHG!yk1gkWCt-(FF-;QlC zo!1_}RxW{v_5NK<3e{bB?}bnsguw+H7_?08Gn-aR|6W0v`YMd>Cj?-&@y-g8LT{0ykDd0v~J0@MvWA0zKrcHkw+eiH>!gW`e^ z?`EcLOkG>h!7%$RwN#t*y`*4hrLJ64u5wCPTC#m5ZXwcD^20NwOh%8t~A_^`LgDg#`q64ooO%KZ#z%A zD2Tu+122SdIDb=FCD|Hd(+l^*9Oz%CQjvkhM0jCYpjcx8Z}HV*@wFUy6ug8DmK5rY z@(P=(c`rc(IXpKLg3JA^!7V2#&$Dy^C0SQQf_c(SS8|c5P*35MwM7A&STkxIr5_kL zVo!!Bc73@GK^0b82yR^r#0&ll*Tm;nZaKS+%2$_*NG0^# zTh^LawjgTpkDtjxm?su)0<6kigM(dd_`!y{fB%C~vSZtWJxl|6LLbr)+c{6AHs$dT z(MHpXhAq*(q!uy6O&fg0j~C+q*3T(Y#l%On?#A;(HK!7FYNk$arly>5_m+{n4I~s@ zz&;7p6mKXXmr_lV5jrC%=n~5A3%RFTKU}d7C$dP;3R@X4VM0`;1nrmE0F_;EAdJwW z?eIZ_*o<`v`JMI1qQCLU3CxR$RadekzW5NN0oOW_@zH0vv#{3;3>(S!ez(3N^qy zUv7I4`{uY7#=PDXBS6EY%fPvcad5~1kVBGzrsfhpT=jOGgAmCS6;R^HV%)P@94u;CIIwhi|>KK=-&(M!D>f zMvMTIweyyR_=2SWB>qL~Zg_Hp@kD4NzHNs3U^i@eX2MKM9terryAtS?Vd~0kkDEXx zAM46aB^&T6Icw=Z%$qc#Ykj3OO4N)4suW;9^t`=8{TSzZ^kCBjefX{};zf=nQP*qI z+Wv82<6k(Vby*D+rUI4@)GB+*MXHI8j~4&fIj^q3y`K|SSqktgqc&3N!@^%=A@w#!uiNs_Z3m6+Ih{Fe zvCZgW*DEzytNr=x6;d#E?-Q<3mM&?8*lBbstiS*7tEjMTl91*pI@*o?3C%*gDJ=~v}= zBoH;(ERIAT;{d3SmQe#7&+?V#^1?3IJ^uGB)VO2h<5RM~&-9!g;gBvC_qV&B;2M90 Cx2o9y diff --git a/package.json b/package.json index de9a0f8..2777ed3 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "lint": "eslint --fix .", "deploy": "git-directory-deploy --directory build/ --branch ${DEPLOY_BRANCH:-build} --repo=${DEPLOY_REPOSITORY:-$npm_package_repository_url}", "cozyPublish": "cozy-app-publish --token $REGISTRY_TOKEN --build-commit $(git rev-parse ${DEPLOY_BRANCH:-build})", - "travisDeployKey": "./bin/generate_travis_deploy_key" + "initGithubAction": "./bin/init_github_action" }, "dependencies": { "cheerio": "^1.0.0-rc.12",