Merge branch 'feature/PB-25735_Release-v420' into 'master'

v4.2.0 release stable

See merge request passbolt/passbolt-ce-api!177

.github/workflows/release.yaml

@@ -0,0 +1,17 @@
+name: Create Release
+
+on:
+    push:
+        tags:
+            - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+    build:
+        name: Create release
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - env:
+                  GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+              name: Create Release
+              run: gh release create "${GITHUB_REF#refs/*/}" --notes-file RELEASE_NOTES.md

.github/workflows/release_candidate.yaml

@@ -0,0 +1,17 @@
+name: Create Release Candidate
+
+on:
+    push:
+        tags:
+            - 'v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+'
+
+jobs:
+    build:
+        name: Create release candidate
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+            - env:
+                  GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+              name: Create Release candidate
+              run: gh release create "${GITHUB_REF#refs/*/}" -p --notes-file RELEASE_NOTES.md

.gitignore

@@ -132,3 +132,5 @@ tilt_modules*
 
 # PHPUNIT generated file
 .phpunit.result.cache
+# Vim filems
+*.vim

.gitlab-ci.yml

@@ -18,14 +18,17 @@ stages:
   - unit-test
   - unit-test-parallel
   - packaging-trigger
+  - release
 
 include:
   - template: Code-Quality.gitlab-ci.yml
-  #  - local: "/.gitlab-ci/jobs/php_unit_tests/runner.yml"
+  # - local: "/.gitlab-ci/jobs/php_unit_tests/runner.yml"
   - local: "/.gitlab-ci/jobs/php_unit_tests/sequential/php_unit_tests.yml"
   - local: "/.gitlab-ci/jobs/style_check.yml"
   - local: "/.gitlab-ci/jobs/security_check.yml"
   - local: ".gitlab-ci/jobs/packaging_trigger/package_trigger.yml"
+  - local: ".gitlab-ci/jobs/release.yml"
+  - local: ".gitlab-ci/jobs/help_site_notes.yml"
 
 code_quality:
   stage: unit-test

.gitlab-ci/jobs/help_site_notes.yml

@@ -0,0 +1,21 @@
+help_site_notes:
+  stage: release
+  variables:
+    GPG_KEY_PATH: "/tmp/gpg-key"
+    GPG_PASSPHRASE: $HELP_SITE_GPG_KEY_PASS
+    GPG_KEY_GRIP: $HELP_SITE_GPG_KEYGRIP
+  image: debian
+  script: |
+    source .gitlab-ci/scripts/bin/set-env.sh "$CI_COMMIT_TAG"
+    if is_release_candidate "$tag"; then
+      echo "The tag is for a release candidate. Skipping release notes creation..."
+      exit 0
+    fi
+    apt update && apt install -y git curl gpg
+    curl -L https://gitlab.com/gitlab-org/cli/-/releases/v1.30.0/downloads/glab_1.30.0_Linux_x86_64.deb  --output glab.deb
+    dpkg -i glab.deb
+    cat "$HELP_SITE_GPG_KEY" > "$GPG_KEY_PATH"
+    bash .gitlab-ci/scripts/bin/help_site.sh
+  rules:
+    - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
+      when: on_success

.gitlab-ci/jobs/packaging_trigger/package_trigger.yml

@@ -3,10 +3,10 @@ packaging-trigger:
   variables:
     PACKAGING_TRIGGER_BRANCH: "main"
     DOWNSTREAM_PROJECT_ID: "$PACKAGING_PROJECT_ID"
-  image: registry.gitlab.com/passbolt/passbolt-ci-docker-images/debian-bullseye-11-slim:latest
+  image: debian:bullseye-slim
   script:
     - apt update && apt install -y curl
-    - bash .gitlab-ci/scripts/packaging-trigger.sh "$CI_COMMIT_TAG" "$PACKAGING_TRIGGER_BRANCH"
+    - bash .gitlab-ci/scripts/bin/packaging-trigger.sh "$CI_COMMIT_TAG" "$PACKAGING_TRIGGER_BRANCH"
   rules:
     - if: $CI_COMMIT_TAG
       when: on_success

.gitlab-ci/jobs/php_unit_tests/sequential/php_unit_tests.yml

@@ -113,7 +113,6 @@ seq-php7.4-mysql5.7:
   rules:
     - if: '$TEST_DISABLED == null'
 
-# TO BE REMOVED
 seq-php7.4-postgres:
   variables:
     PHP_VERSION: "7.4"
@@ -179,7 +178,8 @@ seq-php7.4-mysql8:
     - .mysql-template
     - .test-template
   rules:
-    - if: '$TEST_DISABLED == null'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
 
 #seq-php7.4-postgres12.11:
 #  variables:
@@ -200,7 +200,8 @@ seq-php8.1-mysql8:
     - .mysql-template
     - .test-template
   rules:
-    - if: '$TEST_DISABLED == null'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
+    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
 
 #seq-php8.1-postgres14.3:
 #  variables:
@@ -216,7 +217,7 @@ seq-php8.1-mysql8:
 ## RPM COMBINATIONS
 ##
 ## CENTOS 7 - with remi and mariadb repos
-seq-php7.4-mariadb10.3:
+seq-php8.2-mariadb10.3:
   variables:
     PHP_VERSION: "7.4"
     DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mariadb-10.3'
@@ -260,13 +261,3 @@ seq-php8.0-mariadb8.0:
 #  rules:
 #    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "master"'
 #    - if: '$TEST_DISABLED == null && $CI_COMMIT_BRANCH == "develop"'
-
-seq-php8.2-mysql8:
-  variables:
-    PHP_VERSION: "8.2"
-    DATABASE_ENGINE_VERSION: '$CI_REGISTRY/mysql-8.0'
-  extends:
-    - .mysql-template
-    - .test-template
-  rules:
-    - if: '$TEST_DISABLED == null'

.gitlab-ci/jobs/release.yml

@@ -0,0 +1,21 @@
+release_notes:
+  image: registry.gitlab.com/gitlab-org/release-cli:latest
+  release:
+    description: './RELEASE_NOTES.md'
+    tag_name: $CI_COMMIT_TAG
+  rules:
+    - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
+      when: on_success
+  script: echo "Creating relase notes for $CI_COMMIT_TAG"
+  stage: release
+
+release_notes_candidate:
+  image: registry.gitlab.com/gitlab-org/release-cli:latest
+  release:
+    tag_name: $CI_COMMIT_TAG
+    description: $CI_COMMIT_TAG
+  rules:
+    - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/'
+      when: on_success
+  script: echo "Creating relase notes for $CI_COMMIT_TAG"
+  stage: release

.gitlab-ci/scripts/bin/help_site.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+#
+
+set -euo pipefail
+
+CI_SCRIPTS_DIR=$(dirname "$0")/..
+
+# shellcheck source=.gitlab-ci/scripts/lib/git-helpers.sh
+source "$CI_SCRIPTS_DIR"/lib/git-helpers.sh
+
+PASSBOLT_HELP_DIR="passbolt_help"
+GITLAB_USER_EMAIL="contact@passbolt.com"
+GIT_CI_TOKEN_NAME=${GIT_CI_TOKEN_NAME:-gitlab-ci-token}
+ACCESS_TOKEN_NAME="help-site-bot"
+HELP_SITE_REPO="gitlab.com/passbolt/passbolt-help.git"
+RELEASE_NOTES_PATH="../RELEASE_NOTES.md"
+
+
+function create_release_notes() {
+    title="$(grep name ../config/version.php | awk -F "'" '{print $4}')"
+    slug="$(grep name ../config/version.php | awk -F "'" '{print $4}' | tr ' ' '_' | tr '[:upper:]' '[:lower:]')"
+    categories="releases $PASSBOLT_FLAVOUR"
+    song="$(grep 'Release song:' $RELEASE_NOTES_PATH | awk '{print $3}')"
+    quote="$(grep name ../config/version.php | awk -F "'" '{print $4}')"
+    permalink="/releases/$PASSBOLT_FLAVOUR/$(grep name ../config/version.php | awk -F "'" '{print $4}' | tr ' ' '_' | tr '[:upper:]' '[:lower:]')"
+    date="$(date +'%Y-%m-%d')"
+
+    cat << EOF >> _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
+---
+title: $title
+slug: $slug
+layout: release
+categories: $categories
+version: $CI_COMMIT_TAG
+product: $PASSBOLT_FLAVOUR
+song: $song
+quote: $quote
+permalink: $permalink
+date: $date
+---
+EOF
+
+    cat $RELEASE_NOTES_PATH >> _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
+}
+
+setup_gpg_key "$GPG_KEY_PATH" "$GPG_PASSPHRASE" "$GPG_KEY_GRIP"
+setup_git_user "$GITLAB_USER_EMAIL" "$ACCESS_TOKEN_NAME"
+
+git clone -b master https://"$HELPSITE_TOKEN_NAME":"$HELPSITE_TOKEN"@"$HELP_SITE_REPO" "$PASSBOLT_HELP_DIR"
+
+cd "$PASSBOLT_HELP_DIR"
+
+create_release_notes
+git checkout -b release_notes_"$CI_COMMIT_TAG"
+git add _releases/"$PASSBOLT_FLAVOUR"/"$CI_COMMIT_TAG".md
+git commit -m ":robot: Automatically added release notes for version $CI_COMMIT_TAG $PASSBOLT_FLAVOUR"
+glab auth login --token "$HELPSITE_TOKEN"
+mr_url=$(glab mr create -s release_notes_"$CI_COMMIT_TAG" -b master -d ":robot: Release notes for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" -t "Release notes for $CI_COMMIT_TAG" --push --repo "passbolt/passbolt-help" | grep 'https://gitlab.com/passbolt/passbolt-help/-/merge_requests/')
+cd -
+bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":notebook: New helpsite release notes created for $CI_COMMIT_TAG $PASSBOLT_FLAVOUR" "$mr_url"

.gitlab-ci/scripts/packaging-trigger.sh → .gitlab-ci/scripts/bin/packaging-trigger.sh

@@ -15,19 +15,41 @@ function is_release_candidate () {
   return 0
 }
 
+function is_testing_candidate () {
+  local version=$1
+  if [[ ! $version =~ [0-9]+\.[0-9]+\.[0-9]+-test\.[0-9]+ ]];then
+    return 1
+  fi
+  return 0
+}
+
+function is_stable_candidate () {
+  local version=$1
+  if [[ ! $version =~ [0-9]+\.[0-9]+\.[0-9]+$ ]];then
+    return 1
+  fi
+  return 0
+}
+
 function parse_tag() {
   local tag=$1
 
+  if is_testing_candidate "$tag"; then
+    echo "$tag" | awk -F '-' '{print $1"-"$2}' | tr -d 'v'
+  fi
+
   if is_release_candidate "$tag"; then
     echo "$tag" | awk -F '-' '{print $1"-"$2}' | tr -d 'v'
-  else
+  fi
+
+  if is_stable_candidate "$tag"; then
     echo "$tag" | awk -F '-' '{print $1}' | tr -d 'v'
   fi
 }
 
 if [[ $tag == "" ]]; then
   echo "Error: tag is empty!"
-  exit 1 
+  exit 1
 else
   version="$(parse_tag "$tag")"
 fi

.gitlab-ci/scripts/bin/set-env.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# shellcheck disable=SC1091
+
+CI_SCRIPTS_DIR=$(dirname "$BASH_SOURCE")/..
+
+source "$CI_SCRIPTS_DIR"/lib/version-check.sh
+source "$CI_SCRIPTS_DIR"/lib/set-env.sh
+
+declare -a version_config
+tag="$1"
+
+if [[ $tag == "" ]]; then
+  # If we don't have a tag we check for specific commit message to set
+  # parse_commit_message returns by default: release pro all testing
+  # branch and flavour
+  read -r -a version_config <<< "$(parse_commit_message "$CI_COMMIT_MESSAGE")"
+else
+  # This line doesn't work on zsh shell
+  read -r -a version_config <<< "$(parse_tag "$tag")"
+fi
+
+echo "Exporting the following variables"
+echo "================================="
+echo "API_CLONE_BRANCH=${version_config[0]}"
+echo "PASSBOLT_FLAVOUR=${version_config[1]}"
+echo "FILTER=${version_config[2]}"
+echo "PASSBOLT_COMPONENT=${version_config[3]}"
+
+export API_CLONE_BRANCH="${version_config[0]}"
+export PASSBOLT_FLAVOUR="${version_config[1]}"
+export FILTER="${version_config[2]}"
+export PASSBOLT_COMPONENT="${version_config[3]}"

.gitlab-ci/scripts/bin/slack-status-messages.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Variables required
+# CI_PROJECT_NAME
+# CI_PIPELINE_ID
+# SLACK_CHANNEL_ID
+# SLACK_WEBHOOK
+
+title="$1"
+url="$2"
+
+curl -X POST -H 'Content-type: application/json' $SLACK_WEBHOOK \
+--data-binary @- <<EOF
+{
+  "channel": "$SLACK_CHANNEL_ID",
+  "attachments": [
+    {
+      "color": "#36A64F",
+      "title": "$title",
+      "attachment_type": "default",
+      "actions": [
+        {
+          "name": "Check it!",
+          "text": "Check it!",
+          "type": "button",
+          "style": "primary",
+          "url": "$url"
+        }
+      ]
+    }
+  ]
+}
+EOF

.gitlab-ci/scripts/lib/git-helpers.sh

@@ -0,0 +1,29 @@
+function setup_gpg_key() {
+  key_path="$1"
+  passphrase="$2"
+  grip="$3"
+
+  mkdir -p ~/.gnupg
+  echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf
+  gpg-agent --homedir ~/.gnupg --use-standard-socket --daemon
+  /usr/lib/gnupg2/gpg-preset-passphrase -c "$grip" <<< "$passphrase"
+  gpg --pinentry-mode loopback --passphrase "$passphrase" --import "$key_path"
+}
+
+function setup_git_user() {
+  local email="$1"
+  local name="$2"
+  git config --global user.email "$email"
+  git config --global user.name "$name"
+  git config --global commit.gpgsign true
+  git config --global user.signingkey "$email"
+}
+
+function create_git_tag() {
+  local passbolt_version="$1"
+  local passbolt_flavour="$2"
+  local filter="$3"
+  local component="$4"
+  local tag="$passbolt_version-$passbolt_flavour-$filter"
+  git tag -a "$tag" -m "Release $tag version for $component package" > /dev/null
+}