.gitlab-ci.yml

stages:
  - prepare
  - testing
  - compiling
  - assembling
  - releasing
  - publishing
  - hooks

image: passwords-builder

Prepare:
  stage: prepare
  script:
    - PACKAGE_NAME=passwords
    - APP_VERSION=$(node -p "require('./package.json').version")
    - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then APP_VERSION="${APP_VERSION}-build${CI_PIPELINE_ID}"; PACKAGE_NAME=passwords-nightly ; fi
    - PACKAGE_REGISTRY_URL="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${APP_VERSION}"
    - CHANGELOG=$(node --no-warnings scripts/extract-changelog.mjs)
    - echo "APP_VERSION=${APP_VERSION}" >> variables.env
    - echo "PACKAGE_REGISTRY_URL=${PACKAGE_REGISTRY_URL}" >> variables.env
    - echo "CHANGELOG=${CHANGELOG}" >> variables.env
  artifacts:
    expire_in: 1 week
    reports:
      dotenv: variables.env
  only:
    - testing
    - stable

PHPUnit:
  stage: testing
  script:
    - npm run phpunit

Compile:
  stage: compiling
  script:
    - npm ci
    - if [ "${CI_COMMIT_REF_NAME}" == "stable" ] ; then npm run build:stable ; fi
    - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then npm run build:testing ; fi
  artifacts:
    expire_in: 1 week
    paths:
      - ./src/js/Static/*
      - ./src/l10n/*
      - ./src/css/*
  only:
    - testing
    - stable

Assemble:
  stage: assembling
  script:
    - mkdir passwords
    - if [ "${CI_COMMIT_REF_NAME}" == "stable" ] ; then php scripts/set-version.php ; fi
    - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then php scripts/set-version.php --nightly --build "${CI_PIPELINE_ID}" ; fi
    - rsync -r --exclude="vue" --exclude="js" --exclude="scss" src/* passwords
    - rsync -r src/js/Static passwords/js/
    - cp CHANGELOG.md passwords/
    - /usr/src/nextcloud/occ integrity:sign-app --path=$(pwd)/passwords --privateKey=${SIGN_KEY} --certificate=${SIGN_CRT}
    - tar -zcf passwords.tar.gz passwords
    - SIGNATURE=$(openssl dgst -sha512 -sign ${SIGN_KEY} ./passwords.tar.gz | openssl base64 | tr -d "\n")
    - echo "SIGNATURE=${SIGNATURE}" >> variables.env
    - if [ "${CI_COMMIT_REF_NAME}" == "stable" ] ; then UPLOAD_URL="${PACKAGE_REGISTRY_URL}/passwords.tar.gz" ; fi
    - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then UPLOAD_URL="${PACKAGE_REGISTRY_URL}/passwords-nightly.tar.gz" ; fi
    - 'curl --retry 5 --retry-all-errors --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ./passwords.tar.gz "${UPLOAD_URL}"'
    - echo "Package available at ${UPLOAD_URL}"
  artifacts:
    expire_in: 1 week
    reports:
      dotenv: variables.env
  only:
    - testing
    - stable

Assemble Legacy PHP 8.0 Support Release:
  stage: assembling
  script:
    - mkdir passwords-lsr-80
    - rsync -r .patches/lsr-8.0/* src
    - npm run rector
    - if [ "${CI_COMMIT_REF_NAME}" == "stable" ] ; then php scripts/set-version.php --lsr 1; fi
    - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then php scripts/set-version.php --lsr 1 --nightly --build "${CI_PIPELINE_ID}" ; fi
    - rsync -r --exclude="vue" --exclude="js" --exclude="scss" src/* passwords-lsr-80
    - rsync -r src/js/Static passwords-lsr-80/js/
    - cp CHANGELOG.md passwords-lsr-80/
    - /usr/src/nextcloud/occ integrity:sign-app --path=$(pwd)/passwords-lsr-80 --privateKey=${SIGN_KEY} --certificate=${SIGN_CRT}
    - tar -zcf passwords-lsr-80.tar.gz passwords-lsr-80 --transform s/passwords-lsr-80/passwords/
    - LSR_SIGNATURE=$(openssl dgst -sha512 -sign ${SIGN_KEY} ./passwords-lsr-80.tar.gz | openssl base64 | tr -d "\n")
    - echo "LSR_SIGNATURE=${LSR_SIGNATURE}" >> variables.env
    - 'curl --retry 5 --retry-all-errors --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ./passwords-lsr-80.tar.gz "${PACKAGE_REGISTRY_URL}/passwords-lsr-80.tar.gz"'
    - echo "Package available at ${PACKAGE_REGISTRY_URL}/passwords-lsr-80.tar.gz"
  artifacts:
    expire_in: 1 week
    reports:
      dotenv: variables.env
  only:
    - stable

Publish Package:
  stage: publishing
  image: registry.gitlab.com/gitlab-org/release-cli:latest
  script:
    - echo -e "## New in Passwords ${APP_VERSION}\\n${CHANGELOG}" > description.txt
    - |
      release-cli create --name "Passwords ${APP_VERSION}" --tag-name ${APP_VERSION} \
        --description "description.txt" \
        --assets-link "{\"name\":\"Passwords Handbook ${APP_VERSION}\",\"url\":\"https://git.mdns.eu/nextcloud/passwords-handbook/-/releases/${APP_VERSION}\",\"link_type\":\"other\"}" \
        --assets-link "{\"name\":\"Passwords ${APP_VERSION} LSR for PHP 8.0 (tar.gz)\",\"url\":\"${PACKAGE_REGISTRY_URL}/passwords-lsr-80.tar.gz\",\"link_type\":\"package\"}" \
        --assets-link "{\"name\":\"Passwords ${APP_VERSION} (tar.gz)\",\"url\":\"${PACKAGE_REGISTRY_URL}/passwords.tar.gz\",\"link_type\":\"package\"}"
  only:
    - stable

Publish Nightly:
  stage: publishing
  script:
    - 'curl --retry 3 --retry-all-errors -m 900 --connect-timeout 900 -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${PACKAGE_REGISTRY_URL}/passwords-nightly.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":true}"'
  environment:
    name: Testing
  only:
  - testing

Publish Stable:
  stage: publishing
  script:
    - 'curl --retry 3 --retry-all-errors -m 900 --connect-timeout 900 -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${PACKAGE_REGISTRY_URL}/passwords-lsr-80.tar.gz\",\"signature\":\"${LSR_SIGNATURE}\",\"nightly\":false}"'
    - 'curl --retry 3 --retry-all-errors -m 900 --connect-timeout 900 -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${PACKAGE_REGISTRY_URL}/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":false}"'
  environment:
    name: Stable
  only:
  - stable

Update Handbook:
  stage: hooks
  script:
    - mkdir -p ~/.ssh/ && cp ${HANDBOOK_PUBLISH_KEY} ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
    - export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no"
    - git clone --branch ${CI_COMMIT_REF_NAME} ${HANDBOOK_REPOSITORY} passwords-handbook
    - cd passwords-handbook
    - CURRENT_VERSION=$(node -p "require('./package.json').version")
    - if [ "${CURRENT_VERSION}" == "${APP_VERSION}" ] ; then exit 0 ; fi
    - 'sed -i -e "s|${CURRENT_VERSION}|${APP_VERSION}|g" ./package.json'
    - git config --global user.name "Gitlab CI"
    - git config --global user.email "gitlab@git.mdns.eu"
    - git commit -am "Raise version to ${APP_VERSION}"
    - git push origin
    - echo "Raised version from ${CURRENT_VERSION} to ${APP_VERSION}"
  only:
  - stable