From 369bcef0982d40a0114ded84da27b9a88df9fecd Mon Sep 17 00:00:00 2001
From: Mario Lukas <info@fabscan.org>
Date: Wed, 11 Aug 2021 23:42:43 +0200
Subject: [PATCH] chore (actions): fixed workflow for debian build and
 deployment

---
 .github/act/push.json               |   5 +++++
 .github/act/tag.json                |   5 +++++
 .github/scripts/decrypt_file.sh     |   7 +++++++
 .github/workflows/build-package.yml |  22 ++++++++++++++++------
 .gitignore                          |   1 +
 fabscan.key.enc                     | Bin 1680 -> 0 bytes
 fabscan.key.gpg                     | Bin 0 -> 1381 bytes
 7 files changed, 34 insertions(+), 6 deletions(-)
 create mode 100644 .github/act/push.json
 create mode 100644 .github/act/tag.json
 create mode 100755 .github/scripts/decrypt_file.sh
 delete mode 100644 fabscan.key.enc
 create mode 100644 fabscan.key.gpg

diff --git a/.github/act/push.json b/.github/act/push.json
new file mode 100644
index 00000000..345bacb6
--- /dev/null
+++ b/.github/act/push.json
@@ -0,0 +1,5 @@
+{
+  "push": {
+    "ref": "refs/master"
+  }
+}
\ No newline at end of file
diff --git a/.github/act/tag.json b/.github/act/tag.json
new file mode 100644
index 00000000..3c8870d5
--- /dev/null
+++ b/.github/act/tag.json
@@ -0,0 +1,5 @@
+{
+  "push": {
+    "ref": "refs/tags/v.0.10.0"
+  }
+}
\ No newline at end of file
diff --git a/.github/scripts/decrypt_file.sh b/.github/scripts/decrypt_file.sh
new file mode 100755
index 00000000..6b949fd4
--- /dev/null
+++ b/.github/scripts/decrypt_file.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+mkdir $HOME/secrets
+# Decrypt the file
+# --batch to prevent interactive command
+# --yes to assume "yes" for questions
+gpg --quiet --batch --yes --decrypt --passphrase="$FABSCAN_KEY_PASSPHRASE" \
+--output $HOME/secrets/fabscan.key fabscan.key.gpg
\ No newline at end of file
diff --git a/.github/workflows/build-package.yml b/.github/workflows/build-package.yml
index 766a9e10..8503f7ab 100644
--- a/.github/workflows/build-package.yml
+++ b/.github/workflows/build-package.yml
@@ -6,7 +6,7 @@ jobs:
     steps:
       - name: 🏗 Install build dependencies
         run: sudo apt-get -qq update
-      - run: sudo apt-get install python3.8 python3.8-dev python3-pip libcurl4 build-essential python3-tornado python3-setuptools debhelper dh-systemd cdbs dh-python fakeroot python3-pip rsync locales
+      - run: sudo apt-get -y install python3.8 python3.8-dev python3-pip libcurl4 build-essential python3-tornado python3-setuptools debhelper dh-systemd cdbs dh-python fakeroot python3-pip rsync locales
       - run: pip3 install virtualenv
       - name: 🏗 Create virtual python env
         run: virtualenv -p /usr/bin/python3.8 hotspot-env
@@ -16,12 +16,22 @@ jobs:
         uses: actions/checkout@v2
         with:
          fetch-depth: 0
+      - name: Add current Date to env vars
+        run: echo "CURRENT_DATE=$(date +%Y%m%d%H%M)" >> $GITHUB_ENV
+      - name: Add Version to env vars
+        run: echo "VERSION=$(head -1 debian/changelog | awk -F'[()]' '{print $2}')" >> $GITHUB_ENV
       - name: Replace version Number for testing build
         if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
-        run: |
-          CURRENT_DATE=$(date +%Y%m%d%H%M) \
-          VERSION=$(head -1 debian/changelog | awk -F'[()]' '{print $2}') \
-          sed -i -e "s/$VERSION/$VERSION+$CURRENT_DATE/g" debian/changelog
-        shell: bash
+        run: sed -i -e "s/${{ env.VERSION }}/${{ env.VERSION }}+${{ env.CURRENT_DATE }}/g" debian/changelog
       - name: 🔨 Build Debian package
         run: sudo make deb
+      - name: Add Package Name to env var
+        run: echo "FILE_NAME=$(ls -a ../*.deb)" >> $GITHUB_ENV
+      - name: Decrypt fabscan key secret
+        run: ./.github/scripts/decrypt_file.sh
+        env:
+          FABSCAN_KEY_PASSPHRASE: ${{ secrets.FABSCAN_KEY_PASSPHRASE }}
+      - name: change keyfile permission
+        run: chmod 600 $HOME/secrets/fabscan.key
+      - name: deploy build artifact
+        run: LC_ALL=C scp -o StrictHostKeyChecking=no -i $HOME/secrets/fabscan.key ${{ env.FILE_NAME }} ${{ secrets.FABSCAN_DEPLOY_USER }}@mariolukas.de:/var/deploy/release/.
diff --git a/.gitignore b/.gitignore
index 6dc0f840..b3679c88 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,3 +68,4 @@ docs/_build/
 target/
 
 .idea/
+.github/act/my.secrets
diff --git a/fabscan.key.enc b/fabscan.key.enc
deleted file mode 100644
index d37c5feb42bfddee683e350c0c75f6f16dafa1e0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1680
zcmV;B25<RziX!6%8gSBHMC6$hY0Vo$(vrv73(n;CSwai+0eW+!Md%e~8Ptebkz^}R
zxDkv~RScblt2!a$LbMAt{CQV9s^*ZhGtcC)+)gtK*4VrEQ+%7V9E?jv2}k7b78Ozk
zPW20B^lGcfSpo#o6pb8$QcfsWqTa<WX&LiZuM{(3`4xl=fH9lE?5+)J4D8H9WvPJ#
zAM0CJBHJk@i)OcV#u9rje;OX9G|OD3ImtR=_}8b`Aq5VZ8rL;8Ob`l;Q;rQnR$1o{
zysRTa@adzOS{Cqc1*Lq)zCOZuyh1}G%v%rUXJ$b=FIxE4YSbZOn4GOsmg9|A$#n;f
zjr4%W5kjPl_v6=(mD1Hi+6TUW9p$K##qh=0Gt8D|ha$Fn%<_3UhBp(4Gy;uZ9egL>
z3wu}tmheF>=AYhN^}r41H^j?VYHBV`hHy12_oT#yp>=ovg~2is(o;WyXp5M7)ea<y
z(h2t1ALrig8-ZhN+LDZavJDE;AV!?U=^nVPD1)66Ub~Ca5OFzvA-*_QQa~_eUjxt~
zJ7(8Cz$96w(XBt=2MbES4a(cKpq~o-bOVsC<EN0OROJ<0$aBn4*Q(_Xg+UG~RE5!6
zD)qP%X^7`f!4ul#3X!{Kt(%;d3yNGDl^Q-Xp78fboz(cMKQu?PPlq{XQz$fcOG>Gw
z@QmoxHka|Dewj?-+4LoFZFPuBJ;BNij~5JC=%DR~+?QHN*1(e-npu5h>WHCB9;V2B
zg9hIqFCTnX8%zslW-n+L?~0yuYyBDo0*ux>wFF(i%TgP6)KpeE@1jC5xsg71YCIUx
zz9vGMUk&lpE0}Dzd~3FtQXS3ImaC|y3V*a>G-a?h==_)G!BrSOm|}3U6Ok|J93n3=
z70(~O)GCgxHZeO&Oy3Q?AP^7=%QgdRMy6bClCv9yoP#1VX>R#$Ltq*{p(vfdfLcAG
zUKKQJWxty=RZ98vCiF-7)bbDCY{Cl#kzA@_axPacWigH4EWjGeg3xS7w06EP54AUp
zA9C=1z;Tbfa0~K=RKAHbxTBlA4`BH2yf<NhpaS=6rlLJe4FD?QlP3-!Dc^vrMwe%1
z?bKlT<i7%zoCZ7SNHUWqlhe%DWS&&Kw+g<Zoht9le)yLCHEid!?%uUhuF7Vp0~J(R
z?RO#*10n9d(7m{zaYIsEFwR0Yo6O7%Gzb%-hNQC&d9Yy*+@Y$ja7=0q#3$Oa?vj8V
z3V{J6z#13nVR1pPEnP|9q|(QGUli7Jd0?V*iUwFa*;5dB5uVrt2ivq~2{;<p{7m(0
zMJM;p>dE*YT>M)E?Uyal^Q5S8R`1eTFz%*cM2z0oT(co!i!xV<(pi9<n%cYL|NYND
z%Q7>xY}dog;r8*(oahGn|3(j&sDSMY3%r)mw))JoZPxkiifCt#nFh>lk^65%F*-N<
zV*Kef(yqQ_fMDcJjhLz4w;QgT%Q|MohAar^VW<8XvMX(h3jxiB*}9rcX@@g-B$zp)
zy6GnrB_}vj@nD4_a8z86zuP{??)D^&NLTaGVF2l(peDaW-(IC#3GJ)YyX7uJxQyD<
zpJFH~-AeKLZx~XoIZi8CD9J=uXlD#9?Q8-4P<jZwYx4+OF>AFr<%_}Z$ZWVD#yw7m
z=zCN}XRDJ2*Bym#QhYBYr32f*DWoPac{?h6H+ZrG$3n)m?$qRZP<{#sPA^7?phRd&
zTV?SRUjvp;&rlu>d9nGBB(I&-Sg=j!IedrfNb@{F57WcwdH!A<A>GY$HKE?Z8tVZF
z_=Rj7zRzFV1Z|yrwzLAk)`FqhM&E0oG+hgMt|7jZ%|W{k;Z-B=L#iD5hrrTJ0@z6Y
z&E|!=HFh^)6VFutTW^auVLmhLrjXv>SZvLRoypq5-ia6sX61N+;4^pm+-Axs5s*?F
zCM#wgNObm-$FXP+jF>4I!^pRO;%5i1(1y(R>z{(aQEfRd`gs7lf3k6O+OSb2W6LqJ
znPRK|9HJdv4Gz{Pq?{Z|uTkXzXo^UfO4AWGPy6kE)=UlDV^d6~!I7j?uysxUx*rAp
zJL|i<yCkq|jK3ox1Npn{E~I|r%xZF7W}|9tr4q-L&w@M1IhJ%8=JqG@CO>dN4h)bT
zHNA8TmyR_pde)0WRO0mx?8P377b%K&Iwo*9)hyX_uR!aidqfkz9xnWd7<TumYmugF
a)Lt*ONdxaRK9xo+dExTjNrxZL`<SVeJ~Qk9

diff --git a/fabscan.key.gpg b/fabscan.key.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..db1f90fb890727549f3666d33b18b2307073af80
GIT binary patch
literal 1381
zcmV-r1)BPd4Fm}T0!z?6SeNghT-Va-0cNx!iZ$C5)h3UQySjVd&r~V&e4>>V`p0sc
znS~5?Y6DBHbi7v(M;Z+3G&bx)!pP;a<S^X4=lKW4S-Mm@_*YwxN|MZ*4Vm{#Fn>6_
zc8OgKCEcBidb6y;|H+MUP+@kskq*d^H@LwJ<9PYf_Vp9O0ILou7vmu6q`nQt%&XnA
z;qV23ZNbSa@RzuL<hUk>H#v|e9WI%w4(R!Mq*`8eMhlY)lX#tE8p01^iPYDo6i_HU
zQ%6FxZuy1-`2~7+)j6iNzjl#(_BOs#hd#wk<0t$<=k6R&u7(_gn&i%*)#H6!ya3*J
z-_J^0hyiauT~1*iU@pX<MU9wzvwuInAQ^JaIFT{&Qg@p3ePIE25S*xYS<1k^)%C)!
z`jG!774f}dy9ZH>MbPwxJV~aIg2J%qEc=X~8QSJ~FbaZpaCuuODx~^Li7L6zRDI0c
z$0Dw`5-9jO&ggxyEZC9UF7Yu~L_YTM7R|V%%h+b#KxG#r1FJmi{p1Z-?+k1E4D1||
zBq8=+^{fL}vbvB^4?cO^eg2^bvSzM+Q7I&Oh*5k`$~L%lVe7b&v@uJ|^ciET1mo%c
z#88S6I4{S2-|OpqO=)o4H!-mpw|XYO6|a*gr~5{6Ioz*xokBY#fQvJQ&Zr$k17fIl
zEG<;+@c?av0<^<|G8BATn!WUi%PPTgStIHA7Jubzfs4bo^e;t)TtJ>PGd2Wi^Hv+3
zvEHUS;DeN8R-joOAMiHTtv-CA)(*gBNi*t9QHD@!o<em*u3w;)y82}&CdIuUBwR0h
z7fX^EWMQ}{k#43ukHIk^(7iU|`6PI>M7g2#!(J=PS~h2yE~f|qxQ^;O%Ka*tU8H+E
zZs&~@TQO&KeOs5ePyJGm8sQUdLxMGhBd<&`S!@@ZiGZNcj2vb;FHBIFns;z;e>vfG
zsfQe7rv%a`q3xsTn8J<Jfw~+^D%WhpL>B2D0@s1oh}74?BxQJbarS>_naZLWc!utY
zNN&D`tV*-?Zf{c?6g{~z`k*&TGt19y#0%8i>xMK5R-0kyu{JWx0XG$#fu$Hve^sy9
zsLtFZiP|Z4xjB<A7QW?Kr@FPk;5K`TF)aPKhI+wtdqN%xXQL&DPszBv5nJ%|U*}^)
zg~*F-{*n}Huij9e5PI+uDL+P1hKAhIDFlPGr@VY9c=_-=9WN9R1$uP^jijB_^`xe7
z64dc~d!JxgwbfvmfNeY`mVfo?O3QwR0PIT1qE+&}y74ZZR;RJumUTcRk!u?hy9%BC
zj{OBhOY?XKnh#U+e7r($+O?8!FT$)bd6Zwv5*(mqg{iEUfgtlSwuVzGh=>42fH>$o
z@X{<Ps|phMz>*E*vxIce6qg46H2h6#?If&2@oXVKBJEWk$IdI}i^0-<&Cgx1UQ&I^
zLb(qw=gWh2Y6I{5l9Phuo=8d_GWr(klUXH}g7U96)n&V(jl>P*`<=vE&45=^y;8w$
zJBvo!Tm;&^LMsWuqfv_V)C8x2CTCm)K38p<%#m+{;AYK01BlCz)dG=(<hR{NCGV#X
z^(<hPx<S-tQV4GiWFzM_XgVX8r{}5hvpO7}5jr@GJH<w&mIWvAI~@d5kNHmSt_~Qy
zq#QvHRZsrY!0bHDK>Y2!2ft+1KE-$>fR0J9aqxIrj)Os|kEuy0h#v@z{Pam-TdDT-
z_gEa8dIT8X;+?iNWdfq5cc!$G_pw#UlH3=#SUkKOD^$@aANm7X|5p%Df~(QQLuMj^
nrV_&dH%sv*sQ8<r$sdiS4`&ZE2Y+scUI~lDwDGztObl{sPd%%w

literal 0
HcmV?d00001