build-packages.yml

name: Publish packages

on:
  push:
    tags:
    - 'v**'
    - 'nightly'
permissions:
  contents: read
jobs:
  publish_binary_packages:
    if: github.repository == 'GluuFederation/flex'
    runs-on: ubuntu-20.04
    strategy:
      fail-fast: false
      matrix:
        name: [ubuntu22, ubuntu20, el8, suse15]

        include:
          - name: ubuntu22
            asset_suffix: ~ubuntu22.04_amd64.deb
            build_files: deb/jammy
            asset_prefix: '_'
            asset_path: flex
            sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
            python_version: "3.8"                
          - name: ubuntu20
            asset_suffix: ~ubuntu20.04_amd64.deb
            build_files: deb/focal
            asset_prefix: '_'
            asset_path: flex
            sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
            python_version: "3.8"
          - name: el8
            asset_suffix: .el8.x86_64.rpm
            build_files: rpm/el8
            asset_prefix: '-'
            asset_path: flex/rpmbuild/RPMS/x86_64
            sign_cmd: rpm --addsign
            python_version: "3.6"
          - name: suse15
            asset_suffix: .suse15.x86_64.rpm
            build_files: rpm/suse15
            asset_prefix: '-'
            asset_path: flex/rpmbuild/RPMS/x86_64
            sign_cmd: rpm --addsign
            python_version: "3.6"

    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
      with:
        egress-policy: audit

    - name: Checkout
      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      with:
        path: temp-flex

    - name: Getting build dependencies
      id: get_dependencies
      run: |  
         mkdir -p flex/flex-src/opt/
         cp -rp temp-flex/automation/packaging/${{ matrix.build_files }}/* flex/
         cp temp-flex/flex-linux-setup/flex_linux_setup/flex_setup.py flex/flex_setup.py
         sudo add-apt-repository ppa:deadsnakes/ppa
         sudo apt-get update
         sudo apt-get install -y python${{ matrix.python_version }}
         sudo apt install -y build-essential devscripts debhelper rpm dpkg-sig python3-dev python3-requests python3-ruamel.yaml python3-pymysql python3-crypto python3-distutils python3-prompt-toolkit python${{ matrix.python_version }}-distutils libpq-dev python${{ matrix.python_version }}-dev apache2 rsyslog python3-urllib3 python3-certifi postgresql postgresql-contrib 
         sudo cp -r /usr/lib/python3/dist-packages /usr/lib/python${{ matrix.python_version }}/
         sudo python${{ matrix.python_version }} -m pip install psycopg2-binary psycopg2
    - name: Import GPG key
      id: import_gpg
      continue-on-error: true
      uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
      with:
        gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
        passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
        git_user_signingkey: true
        git_commit_gpgsign: true
    - name: List keys
      id: list_keys
      run: gpg -K
    - name: Get latest tag
      id: previoustag
      run: |
        echo "tag=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" >> $GITHUB_OUTPUT
        if [[ ${{ github.event.ref }} == 'refs/tags/nightly' ]]; then
          echo "version=0.0.0-nightly" >> $GITHUB_OUTPUT
        else
          echo "version=$(echo ${{ github.event.ref }} | cut -d 'v' -f 2)-stable" >> $GITHUB_OUTPUT
        fi
        echo "PACKAGE_PREFIX=flex" >> ${GITHUB_ENV}

    - name: Print Version and tag
      run: |
        echo "Version: ${{ steps.previoustag.outputs.version }}"
        echo "Tag: ${{ steps.previoustag.outputs.tag }}"
    - name: Running install and build
      id: run_build
      run: |
         cd flex/
         sudo python${{ matrix.python_version }} flex_setup.py --jans-branch="main" --jans-setup-branch="main" -download-exit -yes --keep-downloads --keep-setup -force-download
         cp -r /opt/dist flex-src/opt/
         cp -r /opt/jans flex-src/opt/
         touch flex-src/opt/jans/jans-setup/package
         rm -rf install.py install jans-cli
         rm -rf flex-src/opt/jans/jans-setup/logs/setup.log
         rm -rf flex-src/opt/jans/jans-setup/logs/setup_error.log
         sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh
         cat run-build.sh
         sudo ./run-build.sh
    - name: Sign package
      id: sign_package
      run : |
        ls ${{github.workspace}}/${{ matrix.asset_path }}
        sudo mv ${{github.workspace}}/${{ matrix.asset_path }}/flex* ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} || echo "no need to rename"
        echo '%_gpg_name moauto (automation) <54212639+mo-auto@users.noreply.github.com>' >> ~/.rpmmacros      
        ${{ matrix.sign_cmd }} ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
        gpg --armor --detach-sign ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
        ls ${{github.workspace}}/${{ matrix.asset_path }}
    - name: Create checksum
      id: create_checksum
      run: |
        cd flex/
        sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" checksum.sh
        sudo ./checksum.sh
        ls ${{github.workspace}}/${{ matrix.asset_path }}

    - name: Upload binaries to release
      id: upload_binaries
      uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
      with:
        repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
        file: ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
        asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
        tag: ${{ steps.previoustag.outputs.tag }}
        overwrite: true
    - name: Upload checksum to release
      id: upload_shas
      uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
      with:
        repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
        file: ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum
        asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum
        tag: ${{ steps.previoustag.outputs.tag }}
        overwrite: true
    - name: Upload sig to release
      id: upload_sigs
      uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
      with:
        repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
        file: ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc
        asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc
        tag: ${{ steps.previoustag.outputs.tag }}
        overwrite: true