Customisation automation

.github/workflows/nmc-custom-app-release.yml

@@ -0,0 +1,68 @@
+###
+# SPDX-License-Identifier: AGPL-3.0
+#
+# Author: Bernd rederlechner <bernd.rederlechner@t-systems.com>
+#
+# Builds a stable release package based on a release assembly
+# customisation-<version>-<increment>
+#
+# As soon as a package is deployed to production, the tag and the branch
+# MUST STAY FOR 2 years and not deleted.
+#
+# Release packages, tags and customisation branches not delivered to production should
+# be deleted asap a newer release is available.
+#
+
+name: MCLOUD custom app release
+
+on:
+  workflow_dispatch:
+    inputs:
+      increment:
+        description: 'Release increment'
+        required: true
+        type: number
+      branch:
+        type: choice
+        description: Branch to build a package from
+        options: 
+          - main
+          - stable25
+          - stable26
+          - stable27
+        default: main
+
+jobs:
+  check-custom:
+    uses: nextmcloud/.github/.github/workflows/nmc-app-precond.yml@master
+    with:
+      versionbranch: ${{ inputs.branch }}
+      increment: ${{ inputs.increment }}
+    secrets: inherit
+  assemble-custom:
+    uses: nextmcloud/.github/.github/workflows/nmc-custom-assembly.yml@master
+    needs: check-custom
+    with:
+      trunk: 'main'
+      stable: ${{ inputs.branch }}
+      result: ${{ format('customisation-{0}-{1}', inputs.branch, inputs.increment ) }}
+    secrets: inherit
+
+  composerdep:
+    strategy:
+      fail-fast: false
+    uses: ./.github/workflows/nmc-custom-oidc-composer.yml
+    needs: assemble-custom
+    with:
+      assembly: ${{ format('customisation-{0}-{1}', inputs.branch, inputs.increment) }}
+    secrets: inherit
+
+  build-custom:
+    uses: nextmcloud/.github/.github/workflows/nmc-custom-app-build.yml@master
+    needs: [ check-custom, composerdep ]
+    with:
+      appname: ${{ needs.check-custom.outputs.appname }}
+      assembly: ${{ format('customisation-{0}-{1}', inputs.branch , inputs.increment ) }}
+      tag: ${{ needs.check-custom.outputs.tag }}
+      prerelease: ${{ inputs.branch == 'main' && true || false }}
+    secrets: inherit

.github/workflows/nmc-custom-app-versions.yml

@@ -0,0 +1,72 @@
+###
+# SPDX-License-Identifier: AGPL-3.0
+#
+# Author: Bernd rederlechner <bernd.rederlechner@t-systems.com>
+#
+# Assemble a customisation for trunk (no backports) and stable
+# (backport xor trunk)
+#
+# It creates review (user-specific) customisations branches
+# - customisation-<user>-<trunk>
+# - customisation-<user>-<stable>
+
+name: MCLOUD custom app versions
+
+###
+# The customisation-* branches are always reassembled if a customisation branch
+# is updated or included into a custom PR
+on:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+    branches:
+      - master
+      - main
+      - trunk
+      - nmcstable/**
+      # - stable/**
+
+jobs:
+
+  assemble:
+    strategy:
+      fail-fast: false
+      matrix:
+        custombase: [ "main" ]
+    uses: nextmcloud/.github/.github/workflows/nmc-custom-assembly.yml@master
+    with:
+      trunk: "main"
+      stable: ${{ matrix.custombase }}
+      result: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }}
+    secrets: inherit
+
+  composerdep:
+    strategy:
+      fail-fast: false
+      matrix:
+        custombase: [ "main" ]
+    uses: ./.github/workflows/nmc-custom-oidc-composer.yml
+    needs: assemble
+    with:
+      assembly: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }}
+    secrets: inherit
+
+  phpunit:
+    strategy:
+      fail-fast: false
+      matrix:
+        phpversion: ['8.0', '8.1']
+        database: ['mysql']
+        custombase: [ "main" ]
+    uses: nextmcloud/.github/.github/workflows/nmc-custom-app-phpunit.yml@master
+    needs: composerdep
+    with:
+      assembly: ${{ format('customisation-{0}-{1}', github.actor, matrix.custombase) }}
+      appname: 'user_oidc'
+      server-branch: ${{ matrix.custombase }}
+      phpversion: ${{ matrix.phpversion }}
+      database: ${{ matrix.database }}
+    secrets: inherit

.github/workflows/nmc-custom-oidc-composer.yml

@@ -0,0 +1,81 @@
+###
+# SPDX-License-Identifier: AGPL-3.0
+#
+# Author: Bernd Rederlechner <bernd.rederlechner@t-systems.com
+#
+# user_oidc is (so far) the only app where we add php packages
+# to Nextcloud standard. We add these commandline based in build
+# to avoid continuous merge conflicts due to "composer.lock"
+# merge problems
+
+name: MCLOUD custom user_oidc dependencies
+
+
+on:
+  workflow_call:
+    inputs:
+      assembly:
+        description: name of the customisation assembly branch
+        required: true
+        type: string
+
+jobs:
+  build-custom:
+    runs-on: ubuntu-latest
+    env:
+      BUILD_USER:    ${{ github.actor }}
+      BUILD_EMAIL:   ${{ github.actor }}@users.noreply.github.com
+      BUILD_TOKEN:   ${{ secrets.BUILD_TOKEN || secrets.GITHUB_TOKEN }}
+      PHP_VERSION:   ${{ vars.PHP_VERSION || '8.2' }}
+    steps:
+      - name: Fetch custom assembly
+        id:   checkout_custom
+        uses: actions/checkout@v3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          repository: ${{ github.repository }}
+          ref: ${{ inputs.assembly }}
+          fetch-depth: 0
+          token: ${{ env.BUILD_TOKEN }}
+
+      - name: Prepare GIT modifications
+        id:   prepare_git        
+        run: |
+          # set user in case commits are needed
+          git config user.name $BUILD_USER
+          git config user.email $BUILD_EMAIL
+
+      # install php dependencies
+      - name: Set up php ${{ env.PHP_VERSION }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ env.PHP_VERSION }}
+          coverage: none
+
+      - name: Check composer.json
+        id: check_composer
+        uses: andstor/file-existence-action@v1
+        with:
+          files: "./composer.json"
+
+      - name: Install composer JWT dependencies
+        if: steps.check_composer.outputs.files_exists == 'true'
+        run: |
+          composer require web-token/jwt-core:^2.0 \
+            web-token/jwt-encryption:^2.2 \
+            web-token/jwt-signature:^2.2 \
+            web-token/jwt-encryption-algorithm-aescbc:^2.2 \
+            web-token/jwt-encryption-algorithm-ecdh-es:^2.2 \
+            web-token/jwt-encryption-algorithm-rsa:^2.2 \
+            web-token/jwt-encryption-algorithm-pbes2:^2.2 \
+            web-token/jwt-signature-algorithm-hmac:^2.2 \
+            web-token/jwt-signature-algorithm-rsa:^2.2 \
+            web-token/jwt-util-ecc:^2.2
+
+      - name: Commit push composer.json/.lock '${{ env.CUSTOM_BRANCH }}'
+        id: pushcomposerdep
+        run: |
+          git commit -m "Add jwt-token composer library dependencies" composer.json composer.lock
+          git push origin $CUSTOM_BRANCH
+