eXist-db/public-repo

[feature] add direct deployment of gitHub release assets capability

duncdrum opened this issue · 4 comments

duncdrum commented

With the use of webhooks it should be possible to automatically deploy an expath package to a running public-repo instance. This would primarily help exist-db team, but would be beneficial to users with their own public-repo instances, as long as they use github for development (gitlab and bintray could be added later).

The workflow would be something like this:
1.) Create a release on github and attach a .xar release-asset
2.) webhook triggers a script in public repo
3) public repo downloads .xar file for deployment

grantmacken commented

@duncdrum
I now use travis-ci to build, test and on a tagged commit travis-ci deploys a xar release asset to github releases.
On github I have have set up one of my domains to receive release notification via a a github webhook.
Apart from the bad grammar, the working code can be seen on https://github.com/grantmacken/newBase60.

Now to receive a web-hook you should authenticate the hmac data signature sent in the request header headers['X-Hub-Signature']. I use openresty as a reverse proxy so this authentication phase, is carried out via a openresty hmac lib and after the signature is verified post the body to eXist.

https://github.com/claudius108/crypto-exist-java-lib has hmac so the verify the signature phase could be done in xQuery. If no one has a working example, I could look into creating a small lib

line-o commented

This user story / use-case has evolved a bit since it was opened. Several things happened:

  • exist-db as an organisation is migrating away from travisCI towards using GitHubActions
  • the GitHubAction used in several projects relies semantic-release
  • semantic-release will attach a XAR after the test run has succeeded
  • we could add a publish step to this workflow with the credentials available as environment secrets

This is especially interesting now since version 2 of the public repository allows only members of repo group to add packages.

line-o commented

refs #59

line-o commented

Given the appropriate access rights a POST-request to /publish is the way to go.