generated from bitwarden/template
-
Notifications
You must be signed in to change notification settings - Fork 5
132 lines (111 loc) · 4.35 KB
/
fdroid.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
name: Generate F-Droid repo
on:
workflow_dispatch:
inputs:
dry-run:
description: "Skips pushing changes when enabled. Optional. Defaults to false."
type: boolean
default: false
required: false
schedule:
- cron: "45 2 * * *"
jobs:
apps:
name: "Generate repo from apps listing"
runs-on: ubuntu-22.04
env:
COMMIT_MSG_FILE: "${{ github.workspace }}/commit_message.tmp"
steps:
- name: Checkout repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Create basic directory structure
run: mkdir -p fdroid/repo
- name: Restore correct mtime
run: |
sudo apt install git-restore-mtime
git restore-mtime
- name: Login to Azure - CI Subscription
uses: Azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "github-gpg-private-key,
github-gpg-private-key-passphrase,
github-pat-bitwarden-devops-bot-repo-scope"
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: Set up Git
run: |
git config --local user.email "[email protected]"
git config --local user.name "bitwarden-devops-bot"
- name: Download secrets
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
run: |
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name fdroid_repo_keystore.jks --file fdroid/keystore.p12 --output none
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name fdroid-config.yml --file fdroid/config.yml --output none
- name: Validate secrets
run: |
if [ -f "fdroid/config.yml" ]; then
echo "config found. setting permission to 0600"
chmod 0600 fdroid/config.yml
else
echo "config not found!"
exit 1
fi
if [ -f "fdroid/keystore.p12" ]; then
echo "keystore found"
else
echo "keystore not found!"
exit 1
fi
- name: Install F-Droid server software
run: |
sudo add-apt-repository ppa:fdroid/fdroidserver
sudo apt-get update
sudo apt-get install fdroidserver
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '^1.17.0'
- name: Run metascoop
id: run-metascoop
env:
GH_ACCESS_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
run: |
bash run_metascoop.sh ${{ env.COMMIT_MSG_FILE }}
if [ $? -eq 0 ]; then
echo "Changes detected"
echo "has_changes=true" >> $GITHUB_OUTPUT
elif [ $? -eq 2 ]; then
echo "No changes detected"
echo "has_changes=false" >> $GITHUB_OUTPUT
else
echo "Unexpected exit code: $?"
echo "has_changes=false" >> $GITHUB_OUTPUT
fi
continue-on-error: true
- name: Update repo
env:
GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
run: |
if [ "${{ inputs.dry-run }}" = "true" ]; then
echo "Dry run. Changes are not being saved."
elif [ "${{ steps.run-metascoop.outputs.has_changes }}" != "true" ]; then
echo "No changes to save."
else
bash update_repo.sh ${{ env.COMMIT_MSG_FILE }}
fi