Merge pull request #48 from LibreCodeCoop/fix/actions-signing-paths

vitormattos · web-flow · commit 40c39757b822 · 2026-03-31T17:38:44.000-03:00
fix(actions): make app signing use absolute paths
diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml
@@ -122,14 +122,18 @@ jobs:
 
       - name: Sign app
         run: |
-          printf '%s' '${{ secrets.APP_PRIVATE_KEY }}' > "${{ env.APP_NAME }}.key"
-          chmod 600 "${{ env.APP_NAME }}.key"
-          wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"
+          KEY_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}.key"
+          CERT_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}.crt"
+          APP_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}"
+
+          printf '%s' '${{ secrets.APP_PRIVATE_KEY }}' > "${KEY_PATH}"
+          chmod 600 "${KEY_PATH}"
+          wget --quiet -O "${CERT_PATH}" "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"
 
           php nextcloud/occ integrity:sign-app \
-            --privateKey="${{ env.APP_NAME }}.key" \
-            --certificate="${{ env.APP_NAME }}.crt" \
-            --path="${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}"
+            --privateKey="${KEY_PATH}" \
+            --certificate="${CERT_PATH}" \
+            --path="${APP_PATH}"
 
           tar -C "${{ env.APP_NAME }}/build/artifacts" -zcf "${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz" "${{ env.APP_NAME }}"
 
diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml
@@ -152,14 +152,18 @@ jobs:
 
       - name: Sign app
         run: |
-          printf '%s' '${{ secrets.APP_PRIVATE_KEY }}' > "${{ env.APP_NAME }}.key"
-          chmod 600 "${{ env.APP_NAME }}.key"
-          wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"
+          KEY_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}.key"
+          CERT_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}.crt"
+          APP_PATH="${GITHUB_WORKSPACE}/${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}"
+
+          printf '%s' '${{ secrets.APP_PRIVATE_KEY }}' > "${KEY_PATH}"
+          chmod 600 "${KEY_PATH}"
+          wget --quiet -O "${CERT_PATH}" "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"
 
           php nextcloud/occ integrity:sign-app \
-            --privateKey="${{ env.APP_NAME }}.key" \
-            --certificate="${{ env.APP_NAME }}.crt" \
-            --path="${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}"
+            --privateKey="${KEY_PATH}" \
+            --certificate="${CERT_PATH}" \
+            --path="${APP_PATH}"
 
           tar -C "${{ env.APP_NAME }}/build/artifacts" -zcf "${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz" "${{ env.APP_NAME }}"
 
