forbid password reset when token has expired #259
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Packaging | |
on: | |
push: | |
branches: | |
- master | |
- devel | |
- 'release-**' | |
- 'feature-008-debian' | |
tags: | |
- 'v*' | |
jobs: | |
debian: | |
name: Debian package | |
runs-on: ubuntu-22.04 | |
env: | |
KEY_ID: ${{ vars.KALKUN_GITHUB_WORKFLOW_PACKAGER_KEY_FINGERPRINT }} | |
DPUT_CF: /home/runner/dput.cf | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install required packages | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y git-buildpackage build-essential equivs | |
# For kalkun source build dependency | |
sudo apt-get install -y pkg-php-tools dh-apache2 | |
# For sphinxcontrib-phpdomain source build dependency | |
sudo apt-get install -y dh-python | |
# For backportpackage | |
sudo apt-get install -y ubuntu-dev-tools | |
cd ~ | |
- name: Import GPG key & related stuff | |
env: | |
PUB_KEY: ${{ secrets.KALKUN_GITHUB_WORKFLOW_PACKAGER_KEY_PRIVATE }} | |
PUB_KEY_PASS: ${{ secrets.KALKUN_GITHUB_WORKFLOW_PACKAGER_KEY_PASSPHRASE }} | |
KEYGRIP: ${{ secrets.KALKUN_GITHUB_WORKFLOW_PACKAGER_KEY_KEYGRIP }} | |
run: | | |
# As per: https://stackoverflow.com/a/55032706/15401262 | |
export GPG_TTY=$(tty) | |
# Import private key | |
echo "$PUB_KEY" | gpg --batch --import | |
# List secret keys | |
gpg --list-secret-keys --with-keygrip | |
# Preset Password | |
echo "allow-preset-passphrase" >> ~/.gnupg/gpg-agent.conf | |
gpg-connect-agent reloadagent /bye | |
echo "$PUB_KEY_PASS" | /usr/lib/gnupg/gpg-preset-passphrase --preset "$KEYGRIP" | |
- name: Configure dput | |
run: | | |
sed "s/%LAUNCHPAD_USER_NAME%/${{ vars.LAUNCHPAD_USER_NAME }}/" utils/launchpad/dput.cf.in > $DPUT_CF | |
- name: Set env | |
run: | | |
echo "DEBEMAIL=packager@kalkun.invalid" >> $GITHUB_ENV | |
echo "DEBFULLNAME=Kalkun github workflow packager" >> $GITHUB_ENV | |
if [[ "$(git tag --points-at ${GIT_BRANCH})" != "" ]]; then \ | |
echo "DPUT_UPLOAD_SERVER=kalkun-releases" >> $GITHUB_ENV | |
else \ | |
echo "DPUT_UPLOAD_SERVER=kalkun-snapshots" >> $GITHUB_ENV | |
fi | |
- name: Git config user | |
run: | | |
git config user.name "$DEBFULLNAME" | |
git config user.email "$DEBEMAIL" | |
- name: Build kalkun build-dependencies | |
run: | | |
set -x | |
# Don't error out to not fail the github job if a dsc is not available anymore. | |
set +e | |
# Upload somes dependencies to the "kalkun-build-deps" PPA for focal | |
# debhelper13 for focal (from focal-backports) | |
./utils/upload_build_deps_to_ppa.sh -d focal http://archive.ubuntu.com/ubuntu/pool/main/d/debhelper/debhelper_13.6ubuntu1~bpo20.04.1.dsc | |
# pkg-php-tools for focal (from jammy) - Don't use it, because it requires the dependencies to conform to the new way php-pkg-tools work, and in focal, the packages don't support that. | |
# ./utils/upload_build_deps_to_ppa.sh -d focal http://archive.ubuntu.com/ubuntu/pool/main/p/pkg-php-tools/pkg-php-tools_1.42build1.dsc | |
# Error out again | |
set -e | |
REPOS_TO_BUILD=() | |
# Order matters so that build dependencies are installed before the packages requiring them. | |
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-datto-json-rpc") | |
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-datto-json-rpc-http") | |
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-giggsey-locale") | |
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-giggsey-libphonenumber") | |
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-econea-nusoap") | |
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-kissifrot-php-ixr") | |
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-league-csv") | |
REPOS_TO_BUILD+=("https://salsa.debian.org/bastif/sphinxcontrib-phpdomain") | |
REPOS_TO_BUILD+=("https://salsa.debian.org/php-team/pear/php-codeigniter-framework") | |
for repo in "${REPOS_TO_BUILD[@]}"; do | |
./utils/upload_kalkun_deps_to_ppa.sh -r "$repo" -d "$(ubuntu-distro-info --supported)" -h "${DPUT_UPLOAD_SERVER}" | |
done | |
- name: Build kalkun | |
run: | | |
set -x | |
./utils/upload_kalkun_deps_to_ppa.sh -r "kalkun" -d "$(ubuntu-distro-info --supported)" -h "${DPUT_UPLOAD_SERVER}" | |
- name: Copy source & binary packages, and dependencies | |
if: always() | |
run: | | |
set -x | |
mkdir -p ~/Kalkun_${GITHUB_REF_NAME}_debianBundle | |
# Copy kalkun source & binary packages | |
dcmd mv ~/build_products/kalkun*.changes ~/Kalkun_${GITHUB_REF_NAME}_debianBundle | |
# Copy binary packages of dependencies | |
dcmd --deb mv ~/build_products/*.changes ~/Kalkun_${GITHUB_REF_NAME}_debianBundle | |
cd ~ && tar -cvf Kalkun_${GITHUB_REF_NAME}_debianBundle.tar Kalkun_${GITHUB_REF_NAME}_debianBundle | |
echo "my_home=$HOME" >> $GITHUB_ENV | |
- name: Archive artifacts | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Debian packages (source & binary) | |
path: ~/Kalkun_${{ github.ref_name }}_debianBundle/* | |
if-no-files-found: ignore | |
- name: Archive artifacts | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Debian packages (source & binary) tarball | |
path: ~/Kalkun_${{ github.ref_name }}_debianBundle.tar | |
if-no-files-found: ignore | |
required_php_versions: | |
name: Get PHP versions to pack for | |
runs-on: ubuntu-latest | |
outputs: | |
php_versions: ${{ steps.php_ver_step.outputs.PHP_VERSIONS }} | |
php_versions_matrix: ${{ steps.php_ver_step.outputs.PHP_VERSIONS_matrix }} | |
steps: | |
- name: Install required packages | |
run: | | |
if ! command -v jq; then sudo apt-get update && sudo apt-get install -y jq; fi | |
- name: Build PHP_VERSIONS array & PHP_VERSIONS_matrix | |
id: php_ver_step | |
run: | | |
set -x | |
# Set array that will store the PHP versions for which we create a package. | |
PHP_VERSIONS=() | |
# Set version of PHP running on the sourceforge server (for the DEMO). | |
PHP_VERSIONS+=("$(curl https://kalkun.sourceforge.io/phpver.php)") | |
# Get all released php versions above 5.6 (in the format X.Y) | |
for upstream_ver in $(curl https://www.php.net/releases/?json | jq -r '.[].version' | cut -f -2 -d .); do | |
major=$(cut -f 1 -d . <<< "$upstream_ver") | |
for minor in {0..20}; do | |
if dpkg --compare-versions ${major}.$minor le $upstream_ver && dpkg --compare-versions ${major}.$minor ge 5.6; then | |
PHP_VERSIONS+=("${major}.$minor") | |
fi | |
done | |
done | |
PHP_VERSIONS_matrix=$(sed 's/\ /", "/g' <<< [\"${PHP_VERSIONS[*]}\"]) | |
echo "PHP_VERSIONS=${PHP_VERSIONS[*]}" >> "$GITHUB_OUTPUT" | |
echo "PHP_VERSIONS_matrix=$PHP_VERSIONS_matrix" >> "$GITHUB_OUTPUT" | |
echo "PHP_VERSIONS=${PHP_VERSIONS[*]}" | |
echo "PHP_VERSIONS_matrix=$PHP_VERSIONS_matrix" | |
prebuilt: | |
name: Prebuild packages by PHP version | |
needs: [ required_php_versions ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Composer (php-actions) | |
uses: php-actions/composer@v6 | |
with: | |
dev: no | |
php_version: "7.4" | |
php_extensions: ctype curl hash intl json mbstring session | |
- name: Build prebuilt packages with Composer dependencies | |
env: | |
PHP_VERSIONS: ${{needs.required_php_versions.outputs.php_versions}} | |
run: | | |
set -x | |
git fetch --prune --unshallow --tags | |
for version in $PHP_VERSIONS; do | |
./utils/build_single_dist.sh "$version" | |
done | |
ls dist | |
- name: Archive artifacts (all prebuilt packages) | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Prebuilt packages (all) | |
path: 'dist/' | |
if-no-files-found: ignore | |
individual_artifacts: | |
name: Create artifacts for ${{ matrix.version }} | |
needs: [ prebuilt, required_php_versions ] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
#version: ["5.6", "7.0", "7.4.30"] | |
version: ${{fromJson(needs.required_php_versions.outputs.php_versions_matrix)}} | |
steps: | |
- name: Download artifact of 'prebuilt packages' | |
if: always() | |
uses: actions/download-artifact@v4 | |
with: | |
name: Prebuilt packages (all) | |
path: 'dist/' | |
- name: Display structure of downloaded files | |
run: ls -R | |
working-directory: 'dist' | |
- name: Archive artifacts for ${{ matrix.version }} | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Prebuilt package for PHP ${{ matrix.version }} | |
path: 'dist/*forPHP${{ matrix.version }}.[tz]*' | |
if-no-files-found: ignore | |
release: | |
name: Create release and add packages | |
needs: [ prebuilt, debian ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download artifact of 'prebuilt packages' | |
if: startsWith(github.ref, 'refs/tags/') | |
uses: actions/download-artifact@v4 | |
with: | |
name: Prebuilt packages (all) | |
path: 'dist/' | |
- name: Download artifact of 'Debian packages' | |
if: startsWith(github.ref, 'refs/tags/') | |
uses: actions/download-artifact@v4 | |
with: | |
name: Debian packages (source & binary) tarball | |
path: 'dist/' | |
- name: Display structure of downloaded files | |
if: startsWith(github.ref, 'refs/tags/') | |
run: ls -R | |
working-directory: 'dist' | |
- name: Check if is prerelease | |
if: startsWith(github.ref, 'refs/tags/') | |
run: | | |
if [[ "$GITHUB_REF_NAME" =~ alpha|beta|rc ]]; then | |
echo "is_prerelease=true" >> $GITHUB_ENV | |
else | |
echo "is_prerelease=false" >> $GITHUB_ENV | |
fi | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
fail_on_unmatched_files: true | |
prerelease: ${{ env.is_prerelease }} | |
files: | | |
dist/* | |
delete_artifacts: | |
needs: [ individual_artifacts, release ] | |
name: Delete temporary artifact | |
runs-on: ubuntu-latest | |
steps: | |
- uses: geekyeggo/delete-artifact@v2 | |
with: | |
name: Prebuilt packages (all) | |
failOnError: false | |
- uses: geekyeggo/delete-artifact@v2 | |
with: | |
name: Debian packages (source & binary) tarball | |
failOnError: false |