feat: allow integration of Agama flows into the authz challenge enpoi… #893
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish packages | |
on: | |
push: | |
tags: | |
- 'v**' | |
- 'nightly' | |
permissions: | |
contents: read | |
jobs: | |
publish_binary_packages: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
name: [ubuntu22, ubuntu20, el8, suse15] | |
include: | |
- name: ubuntu22 | |
asset_suffix: ~ubuntu22.04_amd64.deb | |
build_files: deb/jammy | |
asset_prefix: '_' | |
asset_path: jans | |
sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900 | |
python_version: 3.8 | |
- name: ubuntu20 | |
asset_suffix: ~ubuntu20.04_amd64.deb | |
build_files: deb/focal | |
asset_prefix: '_' | |
asset_path: jans | |
sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900 | |
python_version: 3.8 | |
- name: el8 | |
asset_suffix: .el8.x86_64.rpm | |
build_files: rpm/el8 | |
asset_prefix: '-' | |
asset_path: jans/rpmbuild/RPMS/x86_64 | |
sign_cmd: rpm --addsign | |
python_version: 3.6 | |
- name: suse15 | |
asset_suffix: .suse15.x86_64.rpm | |
build_files: rpm/suse15 | |
asset_prefix: '-' | |
asset_path: jans/rpmbuild/RPMS/x86_64 | |
sign_cmd: rpm --addsign | |
python_version: 3.6 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
path: temp-jans | |
- name: Getting build dependencies | |
id: get_dependencies | |
run: | | |
mkdir -p jans/jans-src/opt/ | |
cp -rp temp-jans/automation/packaging/${{ matrix.build_files }}/* jans/ | |
cp temp-jans/jans-linux-setup/jans_setup/install.py jans/install.py | |
sudo add-apt-repository ppa:deadsnakes/ppa | |
sudo apt-get update | |
sudo apt-get install -y python${{ matrix.python_version }} | |
sudo apt install -y build-essential devscripts debhelper rpm dpkg-sig python3-dev python3-requests python3-ruamel.yaml python3-pymysql python3-crypto python3-distutils python3-prompt-toolkit python${{ matrix.python_version }}-distutils libpq-dev python${{ matrix.python_version }}-dev apache2 rsyslog python3-urllib3 python3-certifi postgresql postgresql-contrib | |
sudo cp -r /usr/lib/python3/dist-packages /usr/lib/python${{ matrix.python_version }}/ | |
sudo python${{ matrix.python_version }} -m pip install psycopg2-binary psycopg2 | |
- name: Import GPG key | |
id: import_gpg | |
continue-on-error: true | |
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: List keys | |
id: list_keys | |
run: gpg -K | |
- name: Get latest tag | |
id: previoustag | |
run: | | |
echo "tag=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" >> $GITHUB_OUTPUT | |
if [[ ${{ github.event.ref }} == 'refs/tags/nightly' ]]; then | |
echo "version=0.0.0-nightly" >> $GITHUB_OUTPUT | |
else | |
echo "version=$(echo ${{ github.event.ref }} | cut -d 'v' -f 2)-stable" >> $GITHUB_OUTPUT | |
fi | |
echo "PACKAGE_PREFIX=jans" >> ${GITHUB_ENV} | |
- name: Print Version and tag | |
run: | | |
echo "Version: ${{ steps.previoustag.outputs.version }}" | |
echo "Tag: ${{ steps.previoustag.outputs.tag }}" | |
- name: Running install and build | |
id: run_build | |
run: | | |
cd jans/ | |
sudo python${{ matrix.python_version }} install.py -download-exit -yes --keep-downloads --keep-setup -force-download | |
cp -r /opt/dist jans-src/opt/ | |
cp -r /opt/jans jans-src/opt/ | |
touch jans-src/opt/jans/jans-setup/package | |
rm -rf install.py install jans-cli-tui | |
rm -rf jans-src/opt/jans/jans-setup/logs/setup.log | |
rm -rf jans-src/opt/jans/jans-setup/logs/setup_error.log | |
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh | |
cat run-build.sh | |
sudo ./run-build.sh | |
- name: Sign package | |
id: sign_package | |
run : | | |
echo '%_gpg_name moauto (automation) <[email protected]>' >> ~/.rpmmacros | |
${{ matrix.sign_cmd }} ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} | |
gpg --armor --detach-sign ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} | |
- name: Create checksum | |
id: create_checksum | |
run: | | |
cd jans/ | |
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" checksum.sh | |
sudo ./checksum.sh | |
ls ${{github.workspace}}/${{ matrix.asset_path }} | |
- name: Upload binaries to release | |
id: upload_binaries | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} | |
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload checksum to release | |
id: upload_shas | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum | |
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload sig to release | |
id: upload_sigs | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc | |
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
build_python_packages: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3 | |
name: Build with Suse | |
continue-on-error: true | |
with: | |
image: opensuse/leap:15.4 | |
options: -v ${{ github.workspace }}:/suse | |
run: | | |
zypper addrepo https://download.opensuse.org/repositories/openSUSE:Leap:15.1/standard/openSUSE:Leap:15.1.repo | |
zypper --gpg-auto-import-keys refresh | |
zypper --non-interactive install -y gcc-c++ make gcc automake autoconf libtool python3-pip python3-setuptools python3-wheel openssl | |
zypper addrepo https://download.opensuse.org/repositories/home:smarty12:Python/RaspberryPi_Leap_15.2/home:smarty12:Python.repo | |
zypper --gpg-auto-import-keys refresh | |
zypper download python3-dev | |
rpm -i --nodeps /var/cache/zypp/packages/home_smarty12_Python/noarch/python3-dev-0.4.0-lp152.1.4.noarch.rpm | |
zypper --non-interactive install -y python3 | |
zypper --non-interactive install -y python3-devel | |
echo "Building jans-linux-setup package" | |
cd /suse/jans-linux-setup | |
pip install shiv | |
make zipapp | |
mv jans-linux-setup.pyz jans-linux-suse-X86-64-setup.pyz | |
sha256sum jans-linux-suse-X86-64-setup.pyz > jans-linux-suse-X86-64-setup.pyz.sha256sum | |
cd ../jans-cli-tui | |
make zipapp | |
mv jans-cli-tui.pyz jans-cli-tui-linux-suse-X86-64.pyz | |
sha256sum jans-cli-tui-linux-suse-X86-64.pyz > jans-cli-tui-linux-suse-X86-64.pyz.sha256sum | |
- name: Set up Python 3.6 | |
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
with: | |
python-version: 3.6 | |
- name: Build with Ubuntu | |
continue-on-error: true | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3 build-essential ca-certificates dbus systemd iproute2 gpg python3-pip python3-dev libpq-dev gcc | |
python3 -m pip install --upgrade pip || echo "Failed to upgrade pip" | |
pip3 install shiv wheel setuptools | |
echo "Building jans-linux-setup package" | |
sudo chown -R runner:docker /home/runner/work/jans/jans | |
cd jans-linux-setup | |
make zipapp || echo "Creating linux setup failed for ubuntu" | |
mv jans-linux-setup.pyz jans-linux-ubuntu-X86-64-setup.pyz || echo "Failed" | |
sha256sum jans-linux-ubuntu-X86-64-setup.pyz > jans-linux-ubuntu-X86-64-setup.pyz.sha256sum || echo "Failed" | |
cd ../jans-cli-tui | |
make zipapp | |
mv jans-cli-tui.pyz jans-cli-tui-linux-ubuntu-X86-64.pyz | |
sha256sum jans-cli-tui-linux-ubuntu-X86-64.pyz > jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum | |
- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
id: cache-installers | |
with: | |
path: | | |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz | |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz.sha256sum | |
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz | |
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz.sha256sum | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz.sha256sum | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum | |
key: ${{ github.sha }} | |
upload_python_packages: | |
if: github.repository == 'JanssenProject/jans' | |
needs: build_python_packages | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
name: [ubuntu, suse] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
id: cache-installers | |
with: | |
path: | | |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz | |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz.sha256sum | |
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz | |
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz.sha256sum | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz.sha256sum | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum | |
key: ${{ github.sha }} | |
- name: Get latest tag | |
id: previoustag | |
run: | | |
echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
echo "tag=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" >> $GITHUB_OUTPUT | |
echo "SETUP_PREFIX=jans-linux" >> ${GITHUB_ENV} | |
echo "TUI_PREFIX=jans-cli-tui-linux" >> ${GITHUB_ENV} | |
echo "PACKAGE_PREFIX=jans" >> ${GITHUB_ENV} | |
- name: Print Version and tag | |
run: | | |
echo "Version: ${{ steps.previoustag.outputs.version }}" | |
echo "Tag: ${{ github.event.ref }}" | |
- name: Upload binaries to release | |
id: upload_binaries_setup | |
continue-on-error: true | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/jans-linux-setup/jans-linux-${{ matrix.name }}-X86-64-setup.pyz | |
asset_name: ${{ env.SETUP_PREFIX }}-${{ matrix.name }}-X86-64-setup.pyz | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload checksum to release | |
id: upload_shas_setup | |
continue-on-error: true | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/jans-linux-setup/jans-linux-${{ matrix.name }}-X86-64-setup.pyz.sha256sum | |
asset_name: ${{ env.SETUP_PREFIX }}-${{ matrix.name }}-X86-64-setup.pyz.sha256sum | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload binaries to release | |
id: upload_binaries_cli | |
continue-on-error: true | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-${{ matrix.name }}-X86-64.pyz | |
asset_name: ${{ env.TUI_PREFIX }}-${{ matrix.name }}-X86-64.pyz | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload checksum to release | |
id: upload_shas_cli | |
continue-on-error: true | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-${{ matrix.name }}-X86-64.pyz.sha256sum | |
asset_name: ${{ env.TUI_PREFIX }}-${{ matrix.name }}-X86-64.pyz.sha256sum | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
build_demo_packages: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Build with Ubuntu | |
continue-on-error: true | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y zip | |
cd demos | |
VER=$(echo ${{ github.event.ref }} | cut -d '/' -f 3) | |
for i in $(ls -d */); do zip -r demo-${i%/}-$VER-source.zip $i && sha256sum demo-${i%/}-$VER-source.zip > demo-${i%/}-$VER-source.zip.sha256sum; done | |
sudo rm demo-jans-tarp-$VER-source.zip demo-jans-tarp-$VER-source.zip.sha256sum | |
cd jans-tarp | |
npm install | |
npm run build | |
npm run pack | |
mv ./release/jans-tarp-chrome-*.zip ../demo-jans-tarp-chrome-$VER.zip | |
mv ./release/jans-tarp-firefox-*.zip ../demo-jans-tarp-firefox-$VER.zip | |
sha256sum ../demo-jans-tarp-chrome-$VER.zip > ../demo-jans-tarp-chrome-$VER.zip.sha256sum | |
sha256sum ../demo-jans-tarp-firefox-$VER.zip > ../demo-jans-tarp-firefox-$VER.zip.sha256sum | |
cd .. | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
gh release upload $VER *.zip *.sha256sum --clobber | |
build_cedarling_python: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Import GPG key | |
id: import_gpg | |
continue-on-error: true | |
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
- uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1.45.0 | |
with: | |
working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_python | |
command: build | |
args: --release -i python3.10 python3.11 | |
- name: Generate sha256sum and sign | |
id: sign-cedarling | |
run: | | |
TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//') | |
VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" | |
if [ "${TAG}" == "nightly" ]; then | |
VERSION=nightly | |
TAG="0.0.0" | |
fi | |
cd ${{ github.workspace }}/jans-cedarling/target/wheels | |
sha256sum cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl > cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl.sha256sum | |
sha256sum cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl > cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl.sha256sum | |
gpg --armor --detach-sign cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl || echo "Failed to sign" | |
gpg --armor --detach-sign cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl || echo "Failed to sign" | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
gh release upload "${VERSION}" *.whl *.sha256sum *.asc |