generated from bitwarden/template
-
Notifications
You must be signed in to change notification settings - Fork 3
138 lines (116 loc) · 4.7 KB
/
fdroid.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Generate F-Droid repo
on:
workflow_dispatch:
inputs:
dry-run:
description: "Skips pushing changes when enabled. Optional. Defaults to false."
type: boolean
default: false
required: false
schedule:
- cron: "45 2 * * *"
jobs:
apps:
name: "Generate repo from apps listing"
runs-on: ubuntu-24.04
env:
COMMIT_MSG_FILE: "${{ github.workspace }}/commit_message.tmp"
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create basic directory structure
run: mkdir -p fdroid/repo
- name: Restore correct mtime
run: |
sudo apt install git-restore-mtime
git restore-mtime
- name: Login to Azure - CI Subscription
uses: Azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "github-gpg-private-key,
github-gpg-private-key-passphrase,
github-pat-bitwarden-devops-bot-repo-scope"
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
with:
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: Set up Git
run: |
git config --local user.email "[email protected]"
git config --local user.name "bitwarden-devops-bot"
- name: Download secrets
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
run: |
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name store_fdroid-keystore.jks --file fdroid/keystore.p12 --output none
- name: Validate secrets
run: |
if [ -f "fdroid/keystore.p12" ]; then
echo "keystore found"
else
echo "keystore not found!"
exit 1
fi
- name: Configure F-Droid server
env:
FDROID_STORE_KEYSTORE_PASSWORD: ${{ secrets.FDROID_STORE_KEYSTORE_PASSWORD }}
run: |
cp base_fdroid_config.yml fdroid/config.yml
chmod 0600 fdroid/config.yml
echo "keypass: '$FDROID_STORE_KEYSTORE_PASSWORD'" >> fdroid/config.yml
echo "keystorepass: '$FDROID_STORE_KEYSTORE_PASSWORD'" >> fdroid/config.yml
- name: Install F-Droid server software
run: |
sudo add-apt-repository ppa:fdroid/fdroidserver
sudo apt-get update
sudo apt-get install fdroidserver
- name: Ignore F-Droid ResParseError
run: |
sudo sed -i 's|raise ResParserError("res0 must be zero!")|log.warning("res0 must be zero!")|g' /usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py
sudo sed -i 's|raise ResParserError("res1 must be zero!")|log.warning("res1 must be zero!")|g' /usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: '^1.17.0'
- name: Run metascoop
id: run-metascoop
env:
GH_ACCESS_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
run: |
bash run_metascoop.sh ${{ env.COMMIT_MSG_FILE }}
if [ $? -eq 0 ]; then
echo "Changes detected"
echo "has_changes=true" >> $GITHUB_OUTPUT
elif [ $? -eq 2 ]; then
echo "No changes detected"
echo "has_changes=false" >> $GITHUB_OUTPUT
else
echo "Unexpected exit code: $?"
echo "has_changes=false" >> $GITHUB_OUTPUT
fi
continue-on-error: true
- name: Delete F-Droid server config
run: |
rm -f fdroid/config.yml
- name: Update repo
env:
GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
run: |
if [ "${{ inputs.dry-run }}" = "true" ]; then
echo "Dry run. Changes are not being saved."
elif [ "${{ steps.run-metascoop.outputs.has_changes }}" != "true" ]; then
echo "No changes to save."
else
bash update_repo.sh ${{ env.COMMIT_MSG_FILE }}
fi