Continuous Deployment (#477)
* added key to sign deployed update package * added passphrase access to decrypt key for signing * [github-actions] renamed and disabled CI workflow * [github-actions] added draft for CD workflow * [github-actions] updated continuous deployment * updated deployment script
This commit is contained in:
parent
91486f430c
commit
2624665a34
|
@ -0,0 +1,35 @@
|
|||
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
|
||||
# https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions
|
||||
|
||||
name: Continuous Deployment
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- '*.*.*'
|
||||
|
||||
jobs:
|
||||
linux:
|
||||
name: Ubuntu
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
- name: Install NodeJS
|
||||
uses: actions/setup-node@v1
|
||||
with:
|
||||
node-version: 10.x
|
||||
- name: Install NPM Packages
|
||||
run: npm install
|
||||
- name: Lint
|
||||
run: npm run lint
|
||||
# Tests are currently disabled, because they do not work properly (unreliable)
|
||||
#- name: Test
|
||||
# run: npm run test
|
||||
- name: Deploy (web)
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
HAKUNEKO_PASSPHRASE: ${{ secrets.HAKUNEKO_PASSPHRASE }}
|
||||
run: npm run deploy:web
|
|
@ -6,7 +6,7 @@ name: Continuous Integration
|
|||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- DISABLED
|
||||
|
||||
jobs:
|
||||
linux:
|
||||
|
@ -35,11 +35,4 @@ jobs:
|
|||
- name: Build (web)
|
||||
run: npm run build:web
|
||||
- name: Test
|
||||
run: npm run test
|
||||
- name: HELLO WORLD
|
||||
env:
|
||||
PROJECT: HakuNeko
|
||||
#working-directory: ${{ github.workspace }}
|
||||
run: |
|
||||
echo $PROJECT
|
||||
ls -la
|
||||
run: npm run test
|
|
@ -1,7 +1,9 @@
|
|||
module.exports = {
|
||||
key: 'hakuneko.key',
|
||||
key: 'key.pem',
|
||||
passphrase: 'env:HAKUNEKO_PASSPHRASE',
|
||||
build: './build/web',
|
||||
// The deployment directory must match the `applicationStartupURL` configuration in the desktop
|
||||
// e.g. 'https://manga-download.gihub.io/hakuneko/master/latest'
|
||||
branch: 'gh-pages',
|
||||
deploy: './6.0'
|
||||
// The deployment directory must match the `applicationStartupURL` configuration in the desktop client
|
||||
// e.g. 'https://manga-download.gihub.io/hakuneko/master/latest'
|
||||
}
|
|
@ -59,7 +59,7 @@ async function sslPack(archive, meta) {
|
|||
process.chdir(config.build);
|
||||
}
|
||||
await execute(`zip -r ${archive} .`);
|
||||
let signature = await execute(`openssl dgst -sha256 -hex -sign ${key} ${archive} | cut -d' ' -f2`);
|
||||
let signature = await execute(`openssl dgst -sha256 -hex -sign ${key} -passin ${config.passphrase} ${archive} | cut -d' ' -f2`);
|
||||
await fs.writeFile(meta, `${archive}?signature=${signature}`);
|
||||
process.chdir(cwd);
|
||||
}
|
||||
|
@ -67,11 +67,12 @@ async function sslPack(archive, meta) {
|
|||
/**
|
||||
*
|
||||
*/
|
||||
async function gitCommit(glob) {
|
||||
// TODO: provide user credentials to push changes
|
||||
await execute(`git add ${glob}`);
|
||||
async function gitCommit() {
|
||||
let auth = Buffer.from(process.env.GITHUB_ACTOR + ':' + process.env.GITHUB_TOKEN).toString('base64');
|
||||
await execute(`git add ${config.deploy}/*`);
|
||||
await execute(`git commit -m 'deploy release: ${config.deploy}'`);
|
||||
await execute(`git push`);
|
||||
await execute(`git -c user.name="${user}" commit -m 'Deployed Release: ${config.deploy}'`);
|
||||
await execute(`git -c http.extraheader="AUTHORIZATION: Basic ${auth}" push origin HEAD:${config.branch}`);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -79,7 +80,6 @@ async function gitCommit(glob) {
|
|||
*/
|
||||
async function main() {
|
||||
let meta = 'latest';
|
||||
let glob = path.join(config.deploy, '*');
|
||||
let archive = Date.now().toString(36).toUpperCase() + '.zip';
|
||||
await sslPack(archive, meta);
|
||||
await fs.remove(config.deploy);
|
||||
|
@ -87,10 +87,10 @@ async function main() {
|
|||
await fs.move(path.resolve(config.build, meta), path.resolve(config.deploy, meta));
|
||||
await fs.move(path.resolve(config.build, archive), path.resolve(config.deploy, archive));
|
||||
let stashID = await gitStashPush(glob);
|
||||
await execute(`git checkout gh-pages`);
|
||||
await execute(`git checkout ${config.branch} || git checkout -b ${config.branch}`);
|
||||
await fs.remove(config.deploy);
|
||||
await gitStashPop(stashID);
|
||||
await gitCommit(glob);
|
||||
await gitCommit();
|
||||
}
|
||||
|
||||
// exit application as soon as any uncaught exception is thrown
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,3B15F6E6C492AF7E01C6EED908FFEB27
|
||||
|
||||
sHGLysGfMhIqTVbxjmZ6+fRBsMXoncJyc8WVvzYmjBwO/C0lln8LxptyAG1eUw81
|
||||
sU5KGLtodGZ0lz0mv4/jkqfPfqWo8Vkle+unJ4+klwAzZyyH5OgAkweXk8v0H9Sv
|
||||
JdunRKsOEWHUnG2PrgjUxtCQHxfv+0uXI4r5To2harvgHRADeV16257FcMAihEB4
|
||||
LhP2JnWLu97G70QSlre50gpSHQyTDA3/6oU09LN5oUnUaxTic219PvdBdhOtNCNa
|
||||
lyx4UugFTN3OTVh0463IUDPDt2hZKQL7MA8+HUwL8OE4nfbmZ1gJUnmzyE0wU36b
|
||||
VhNnk85Qpoq69IFqYPBAOaPlWqhTTAtQX+BKUS8lo0NStdTNRrkepOMztBDnNy/z
|
||||
VGDahcH5uIeJ4xUoPZ5ALI4hze1awrAWVbcB9v/jTD6sO/rVRphi5BGM1gyxngK+
|
||||
QEDyBEwh6dYCSfN+bl5i+tgclceBVN2OQZtadu0QAPovlJMIaYhCkHrGAAVEDUuY
|
||||
8ZslQluosuDVXPSPo9NhofBg4eqy4rfzPuZig88mmPEa3odi2J5ANbu8aorDCkNI
|
||||
UxX4JeIvNT/TJOYIE9+crbHUso5+qww0kggd8BowM+FILZFhM06y+8b+G5F4gU0M
|
||||
1YxI4EN4wpZQKoDNy/RDYRRfIgnHp6RJvD1uOYAvtbgvHKcdP/mYVff+IKX86nD2
|
||||
ndW1dcmIP5YwAK4pOF/dve5DDQImXsMpf8qzuVbNMH37A+Vy5Q4soFotHwd6jEZw
|
||||
Y1sV5aFrTos0Q/kzIFMfKiHDtb36gwyZ5fmsD3afaLL1UthvUPDPF2zxUEHjoXlm
|
||||
Ubci9CNpsjqeYQepsQkxUb30LBHXMWY9ZGtyk4hvu9lom5LoMd7JJsXJ4WYQm1qY
|
||||
/2XzlA/roNcFz5Vuzlhswcv6qQSwpdXlAyx312zCkIb6HTHWrUde/eP4kOW0torQ
|
||||
wyCvavdPDHkuZhM+w4RWgZqwrlmr9NCwwFtir9QTsj+oQEpqEmxNybAfwV6xLISO
|
||||
Tq1tDgagTsyrF4FgCz8X9ZdoZnqxWsRjIMTluxOqnbGlF7blhrbsMK+700FPF6Su
|
||||
CL5hqi3T8oTFp8/pdGCl+7TuWg2uFstoaBLg4740HbfFGtacbyZUYd5VcXNLaTRm
|
||||
wRprylc1O1ovqtcQqPS5YynqbOlTMcaR3u/0as8r8K9a/8/GEBgaxasefEOS51/M
|
||||
mq7MsLfxuW2pKFoJcmE4rbGnfCfS1uZ8WpsuTsyy827n/Xaum7gXQ/cDERtXD8Re
|
||||
FyXLjIU2dODDWnPUWOnoRJKDQ2e5zEknpgIjSwmvzB0UIQ5vLweIa8Xc+IDBgFV+
|
||||
wGgTffli3xy1vPFMnzM1iqVwzSatjWHzFbxq/impQdRDlngbIj+2IWCvVz8GdQU2
|
||||
4pEbVsm1VtgltsM5nE7sTrbq3mthxjX90v8bsDbbWmoboOYMkMqWPK6kpkxmxaBK
|
||||
bw3i1oZEWFi6sut1FDuikTkJTA7z7fFGUanIYQpBZtLUtNC+VqFblo38zIrsSMxJ
|
||||
f7AId3Dfq+ML6Jy5lcpBFrTquIgqokxYDtUC6XkSCqy/xDaUD5f2E2riKg0aEP1M
|
||||
-----END RSA PRIVATE KEY-----
|
Loading…
Reference in New Issue