Skip to content

forbid password reset when token has expired #259

forbid password reset when token has expired

forbid password reset when token has expired #259

Workflow file for this run

name: Packaging
on:
push:
branches:
- master
- devel
- 'release-**'
- 'feature-008-debian'
tags:
- 'v*'
jobs:
debian:
name: Debian package
runs-on: ubuntu-22.04
env:
KEY_ID: ${{ vars.KALKUN_GITHUB_WORKFLOW_PACKAGER_KEY_FINGERPRINT }}
DPUT_CF: /home/runner/dput.cf
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install required packages
run: |
sudo apt-get update
sudo apt-get install -y git-buildpackage build-essential equivs
# For kalkun source build dependency
sudo apt-get install -y pkg-php-tools dh-apache2
# For sphinxcontrib-phpdomain source build dependency
sudo apt-get install -y dh-python
# For backportpackage
sudo apt-get install -y ubuntu-dev-tools
cd ~
- name: Import GPG key & related stuff
env:
PUB_KEY: ${{ secrets.KALKUN_GITHUB_WORKFLOW_PACKAGER_KEY_PRIVATE }}
PUB_KEY_PASS: ${{ secrets.KALKUN_GITHUB_WORKFLOW_PACKAGER_KEY_PASSPHRASE }}
KEYGRIP: ${{ secrets.KALKUN_GITHUB_WORKFLOW_PACKAGER_KEY_KEYGRIP }}
run: |
# As per: https://stackoverflow.com/a/55032706/15401262
export GPG_TTY=$(tty)
# Import private key
echo "$PUB_KEY" | gpg --batch --import
# List secret keys
gpg --list-secret-keys --with-keygrip
# Preset Password
echo "allow-preset-passphrase" >> ~/.gnupg/gpg-agent.conf
gpg-connect-agent reloadagent /bye
echo "$PUB_KEY_PASS" | /usr/lib/gnupg/gpg-preset-passphrase --preset "$KEYGRIP"
- name: Configure dput
run: |
sed "s/%LAUNCHPAD_USER_NAME%/${{ vars.LAUNCHPAD_USER_NAME }}/" utils/launchpad/dput.cf.in > $DPUT_CF
- name: Set env
run: |
echo "DEBEMAIL=packager@kalkun.invalid" >> $GITHUB_ENV
echo "DEBFULLNAME=Kalkun github workflow packager" >> $GITHUB_ENV
if [[ "$(git tag --points-at ${GIT_BRANCH})" != "" ]]; then \
echo "DPUT_UPLOAD_SERVER=kalkun-releases" >> $GITHUB_ENV
else \
echo "DPUT_UPLOAD_SERVER=kalkun-snapshots" >> $GITHUB_ENV
fi
- name: Git config user
run: |
git config user.name "$DEBFULLNAME"
git config user.email "$DEBEMAIL"
- name: Build kalkun build-dependencies
run: |
set -x
# Don't error out to not fail the github job if a dsc is not available anymore.
set +e
# Upload somes dependencies to the "kalkun-build-deps" PPA for focal
# debhelper13 for focal (from focal-backports)
./utils/upload_build_deps_to_ppa.sh -d focal http://archive.ubuntu.com/ubuntu/pool/main/d/debhelper/debhelper_13.6ubuntu1~bpo20.04.1.dsc
# pkg-php-tools for focal (from jammy) - Don't use it, because it requires the dependencies to conform to the new way php-pkg-tools work, and in focal, the packages don't support that.
# ./utils/upload_build_deps_to_ppa.sh -d focal http://archive.ubuntu.com/ubuntu/pool/main/p/pkg-php-tools/pkg-php-tools_1.42build1.dsc
# Error out again
set -e
REPOS_TO_BUILD=()
# Order matters so that build dependencies are installed before the packages requiring them.
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-datto-json-rpc")
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-datto-json-rpc-http")
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-giggsey-locale")
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-giggsey-libphonenumber")
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-econea-nusoap")
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-kissifrot-php-ixr")
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-league-csv")
REPOS_TO_BUILD+=("https://salsa.debian.org/bastif/sphinxcontrib-phpdomain")
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-codeigniter-framework")
for repo in "${REPOS_TO_BUILD[@]}"; do
./utils/upload_kalkun_deps_to_ppa.sh -r "$repo" -d "$(ubuntu-distro-info --supported)" -h "${DPUT_UPLOAD_SERVER}"
done
- name: Build kalkun
run: |
set -x
./utils/upload_kalkun_deps_to_ppa.sh -r "kalkun" -d "$(ubuntu-distro-info --supported)" -h "${DPUT_UPLOAD_SERVER}"
- name: Copy source & binary packages, and dependencies
if: always()
run: |
set -x
mkdir -p ~/Kalkun_${GITHUB_REF_NAME}_debianBundle
# Copy kalkun source & binary packages
dcmd mv ~/build_products/kalkun*.changes ~/Kalkun_${GITHUB_REF_NAME}_debianBundle
# Copy binary packages of dependencies
dcmd --deb mv ~/build_products/*.changes ~/Kalkun_${GITHUB_REF_NAME}_debianBundle
cd ~ && tar -cvf Kalkun_${GITHUB_REF_NAME}_debianBundle.tar Kalkun_${GITHUB_REF_NAME}_debianBundle
echo "my_home=$HOME" >> $GITHUB_ENV
- name: Archive artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: Debian packages (source & binary)
path: ~/Kalkun_${{ github.ref_name }}_debianBundle/*
if-no-files-found: ignore
- name: Archive artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: Debian packages (source & binary) tarball
path: ~/Kalkun_${{ github.ref_name }}_debianBundle.tar
if-no-files-found: ignore
required_php_versions:
name: Get PHP versions to pack for
runs-on: ubuntu-latest
outputs:
php_versions: ${{ steps.php_ver_step.outputs.PHP_VERSIONS }}
php_versions_matrix: ${{ steps.php_ver_step.outputs.PHP_VERSIONS_matrix }}
steps:
- name: Install required packages
run: |
if ! command -v jq; then sudo apt-get update && sudo apt-get install -y jq; fi
- name: Build PHP_VERSIONS array & PHP_VERSIONS_matrix
id: php_ver_step
run: |
set -x
# Set array that will store the PHP versions for which we create a package.
PHP_VERSIONS=()
# Set version of PHP running on the sourceforge server (for the DEMO).
PHP_VERSIONS+=("$(curl https://kalkun.sourceforge.io/phpver.php)")
# Get all released php versions above 5.6 (in the format X.Y)
for upstream_ver in $(curl https://www.php.net/releases/?json | jq -r '.[].version' | cut -f -2 -d .); do
major=$(cut -f 1 -d . <<< "$upstream_ver")
for minor in {0..20}; do
if dpkg --compare-versions ${major}.$minor le $upstream_ver && dpkg --compare-versions ${major}.$minor ge 5.6; then
PHP_VERSIONS+=("${major}.$minor")
fi
done
done
PHP_VERSIONS_matrix=$(sed 's/\ /", "/g' <<< [\"${PHP_VERSIONS[*]}\"])
echo "PHP_VERSIONS=${PHP_VERSIONS[*]}" >> "$GITHUB_OUTPUT"
echo "PHP_VERSIONS_matrix=$PHP_VERSIONS_matrix" >> "$GITHUB_OUTPUT"
echo "PHP_VERSIONS=${PHP_VERSIONS[*]}"
echo "PHP_VERSIONS_matrix=$PHP_VERSIONS_matrix"
prebuilt:
name: Prebuild packages by PHP version
needs: [ required_php_versions ]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Composer (php-actions)
uses: php-actions/composer@v6
with:
dev: no
php_version: "7.4"
php_extensions: ctype curl hash intl json mbstring session
- name: Build prebuilt packages with Composer dependencies
env:
PHP_VERSIONS: ${{needs.required_php_versions.outputs.php_versions}}
run: |
set -x
git fetch --prune --unshallow --tags
for version in $PHP_VERSIONS; do
./utils/build_single_dist.sh "$version"
done
ls dist
- name: Archive artifacts (all prebuilt packages)
if: always()
uses: actions/upload-artifact@v4
with:
name: Prebuilt packages (all)
path: 'dist/'
if-no-files-found: ignore
individual_artifacts:
name: Create artifacts for ${{ matrix.version }}
needs: [ prebuilt, required_php_versions ]
runs-on: ubuntu-latest
strategy:
matrix:
#version: ["5.6", "7.0", "7.4.30"]
version: ${{fromJson(needs.required_php_versions.outputs.php_versions_matrix)}}
steps:
- name: Download artifact of 'prebuilt packages'
if: always()
uses: actions/download-artifact@v4
with:
name: Prebuilt packages (all)
path: 'dist/'
- name: Display structure of downloaded files
run: ls -R
working-directory: 'dist'
- name: Archive artifacts for ${{ matrix.version }}
if: always()
uses: actions/upload-artifact@v4
with:
name: Prebuilt package for PHP ${{ matrix.version }}
path: 'dist/*forPHP${{ matrix.version }}.[tz]*'
if-no-files-found: ignore
release:
name: Create release and add packages
needs: [ prebuilt, debian ]
runs-on: ubuntu-latest
steps:
- name: Download artifact of 'prebuilt packages'
if: startsWith(github.ref, 'refs/tags/')
uses: actions/download-artifact@v4
with:
name: Prebuilt packages (all)
path: 'dist/'
- name: Download artifact of 'Debian packages'
if: startsWith(github.ref, 'refs/tags/')
uses: actions/download-artifact@v4
with:
name: Debian packages (source & binary) tarball
path: 'dist/'
- name: Display structure of downloaded files
if: startsWith(github.ref, 'refs/tags/')
run: ls -R
working-directory: 'dist'
- name: Check if is prerelease
if: startsWith(github.ref, 'refs/tags/')
run: |
if [[ "$GITHUB_REF_NAME" =~ alpha|beta|rc ]]; then
echo "is_prerelease=true" >> $GITHUB_ENV
else
echo "is_prerelease=false" >> $GITHUB_ENV
fi
- name: Release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
fail_on_unmatched_files: true
prerelease: ${{ env.is_prerelease }}
files: |
dist/*
delete_artifacts:
needs: [ individual_artifacts, release ]
name: Delete temporary artifact
runs-on: ubuntu-latest
steps:
- uses: geekyeggo/delete-artifact@v2
with:
name: Prebuilt packages (all)
failOnError: false
- uses: geekyeggo/delete-artifact@v2
with:
name: Debian packages (source & binary) tarball
failOnError: false