Let the CI pipeline build and upload release archives

[nodiscc]

Mentioned here #1105:

all-in-one zip, I'm thinking of setting up an automated build service. Apparently Travis makes this possible https://stackoverflow.com/questions/12343452/how-to-publish-artifacts-in-travis-ci#33109519

having this generated in an automated way would be super nice :)

[nodiscc]

https://docs.travis-ci.com/user/deployment/releases/

A problem will arise if we want to upload the built -full.zip to Github releases - to upload releases, you have to pass a Personal Access Token with public_repo scope in https://travis-ci.com/github/shaarli/Shaarli/settings, however I can't generate a token for the organization only, this otken necessarily has r/w access to all aspects of all my GH repositories. Not very granular or secure...

As a workaround we could create a separate shared github account with only access to this repo, and generate the token from there. It baffles me but it seems there's no "correct" way to do it on organization-owned repos... Or upload the zip somewhere else.

I'll try to get travis to properly build the zip first, and check the release upload part in a second time.

[ArthurHoaro]

I had a similar issue in one of my previous job, either giving full access to my account or using a private key which was undocumented and never worked. Creating a repo account seems like a good compromise.

[immanuelfodor]

Maybe a Github action could copy the zip from Travis, or migrate to Github actions completely? Although I haven't tried any of them yet, it seems logical to me that maybe GA has better permission management within its parent organization than an external tool. But registering a machine account is definitely quicker than reimplementing the pipeline :)

[nodiscc]

Build stuck https://travis-ci.org/github/nodiscc/Shaarli/builds/738112375 second time in a row. Will check back later

[nodiscc]

Work on this should be restarted from scratch since Shaarli's CI was moved to Github Actions

[nodiscc]

I made a crude draft here: https://github.com/nodiscc/Shaarli/pull/9/files

This builds the -full.zip for every commit, and uploads it as a workflow artifact. The artifact can be downloaded from the workflow page (e.g. https://github.com/nodiscc/Shaarli/actions/runs/5657615304)

Though it could serve as a base for future work on this issue, there are limitations:

• it must be adapted to publish the resulting file when a new tag/release is made (most of the work is done, I guess it's a matter of finding the correct on: trigger, and a few other things)
• my first intention with this patch, was to have the -full.zip built for every commit, including those from pull requests, and have this .zip ready for automated deployment (for example using this ansible role which deploys from prebuilt .zips). However workflow artifacts can only be downloaded by logged-in github users, the artifact download URL is hard to predict/determine in a programmatical way [1], and it cannot be downloaded directly using wget or similar tools. This makes it a lot less useful.
• The downloaded file has the extension .zip.zip
• To get the same directory structure as existing -full.zips, costly/dirty workarounds for upload-artifact double-zips a zip actions/upload-artifact#39, Unable to upload a folder as an artifact actions/upload-artifact#248 are required.

So I will attach the patch here, and give up working on this as the reward is not worth the effort in my opinion (releases are not frequent enough to warrant full automation, though build reproducibility/logging would be nice to have).

From 0fd97e87f991d84ff057e9f8d5b44d8e6ea510f2 Mon Sep 17 00:00:00 2001
From: nodiscc <nodiscc@gmail.com>
Date: Fri, 14 Jan 2022 14:58:12 +0100
Subject: [PATCH 1/5] WIP tools: github actions: build full .zip on push and
 upload it as a workflow artifact - makefile: 'git describe' fails in github
 actions as they use shallow clones (fatal: No names found, cannot describe
 anything.), use the short commit hash as .zip version identifier when git
 describe fails - standardize whitespace/line breaks in github actions yaml -
 upload the full .zip as build artifact
 (https://github.com/actions/upload-artifact) - the full .zip can be
 downloaded from the workflow summary page, e.g.
 https://github.com/shaarli/Shaarli/actions/runs/3705666208

---
 .github/workflows/build-zip.yml | 25 +++++++++++++++++++++++++
 Makefile                        |  2 +-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/build-zip.yml

diff --git a/.github/workflows/build-zip.yml b/.github/workflows/build-zip.yml
new file mode 100644
index 000000000..107fadbe1
--- /dev/null
+++ b/.github/workflows/build-zip.yml
@@ -0,0 +1,25 @@
+name: Build full .zip
+on: [push]
+jobs:
+  build-zip:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.1"
+          extensions: gd, xml, curl, mbstring, intl, gettext
+          tools: composer:v2
+      - name: Install Gettext
+        run: sudo apt-get install gettext
+      - name: Build full .zip
+        run: make release_zip
+      - name: Extract full .zip # workaround for https://github.com/actions/upload-artifact/issues/39, https://github.com/actions/upload-artifact/issues/248
+        run: mkdir Shaarli && unzip -d Shaarli shaarli-*-full.zip
+      - name: Upload full .zip as workflow artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: shaarli-full.zip
+          path: Shaarli/
diff --git a/Makefile b/Makefile
index 038ac7d42..86bca7af9 100644
--- a/Makefile
+++ b/Makefile
@@ -101,7 +101,7 @@ composer_dependencies_dev: clean
 # These targets produce similar archives, featuring 3rd-party dependencies
 # to ease deployment on shared hosting.
 ##
-ARCHIVE_VERSION := shaarli-$$(git describe)-full
+ARCHIVE_VERSION := shaarli-$$(git describe || git rev-parse --short HEAD)-full
 ARCHIVE_PREFIX=Shaarli/
 
 release_archive: release_tar release_zip

From c50e574b168549045dbad8b166f86cfa18c1fe59 Mon Sep 17 00:00:00 2001
From: nodiscc <nodiscc@gmail.com>
Date: Sun, 19 Mar 2023 13:54:13 +0100
Subject: [PATCH 2/5] github actions: build-zip: downgrade runner image to
 ubuntu-20.04 - attempt to fix nodejs error 'digital envelope
 routines::unsupported'

---
 .github/workflows/build-zip.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-zip.yml b/.github/workflows/build-zip.yml
index 107fadbe1..d032540fb 100644
--- a/.github/workflows/build-zip.yml
+++ b/.github/workflows/build-zip.yml
@@ -2,7 +2,7 @@ name: Build full .zip
 on: [push]
 jobs:
   build-zip:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout
         uses: actions/checkout@v3

From d0b7b8ac2ae040a45df44b93688c4aa1c9b603d9 Mon Sep 17 00:00:00 2001
From: nodiscc <nodiscc@gmail.com>
Date: Sun, 19 Mar 2023 13:58:44 +0100
Subject: [PATCH 3/5] Revert "github actions: build-zip: downgrade runner image
 to ubuntu-20.04"

This reverts commit 439dfcf1b9fb6bd51d5b0ce3544d8d26ebbf4d59.
---
 .github/workflows/build-zip.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-zip.yml b/.github/workflows/build-zip.yml
index d032540fb..107fadbe1 100644
--- a/.github/workflows/build-zip.yml
+++ b/.github/workflows/build-zip.yml
@@ -2,7 +2,7 @@ name: Build full .zip
 on: [push]
 jobs:
   build-zip:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3

From 028e04bdb36bf1b864033503f980f81e5dda91c2 Mon Sep 17 00:00:00 2001
From: nodiscc <nodiscc@gmail.com>
Date: Sun, 19 Mar 2023 14:01:20 +0100
Subject: [PATCH 4/5] github actions: build-zip: hold nodejs to v16.19.1 to
 prevent 'digital envelope routines::unsupported' error - ref.
 https://github.com/ucfopen/UDOIT/pull/895 - ref.
 https://github.com/webpack/webpack/issues/14532 - ref.
 https://stackoverflow.com/questions/69692842/error-message-error0308010cdigital-envelope-routinesunsupported
 - ref. https://nodejs.org/en/blog/release

---
 .github/workflows/build-zip.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-zip.yml b/.github/workflows/build-zip.yml
index 107fadbe1..497fdc949 100644
--- a/.github/workflows/build-zip.yml
+++ b/.github/workflows/build-zip.yml
@@ -16,6 +16,8 @@ jobs:
         run: sudo apt-get install gettext
       - name: Build full .zip
         run: make release_zip
+        with:
+          node-version: 16.19.1
       - name: Extract full .zip # workaround for https://github.com/actions/upload-artifact/issues/39, https://github.com/actions/upload-artifact/issues/248
         run: mkdir Shaarli && unzip -d Shaarli shaarli-*-full.zip
       - name: Upload full .zip as workflow artifact

From bf574df44f93664bae851871e4cbef8331780622 Mon Sep 17 00:00:00 2001
From: nodiscc <nodiscc@gmail.com>
Date: Tue, 25 Jul 2023 15:46:11 +0200
Subject: [PATCH 5/5] WIP fix workflow syntax/nodejs installation

---
 .github/workflows/build-zip.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-zip.yml b/.github/workflows/build-zip.yml
index 497fdc949..9aa45b363 100644
--- a/.github/workflows/build-zip.yml
+++ b/.github/workflows/build-zip.yml
@@ -12,12 +12,14 @@ jobs:
           php-version: "8.1"
           extensions: gd, xml, curl, mbstring, intl, gettext
           tools: composer:v2
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '16.x'
       - name: Install Gettext
         run: sudo apt-get install gettext
       - name: Build full .zip
         run: make release_zip
-        with:
-          node-version: 16.19.1
       - name: Extract full .zip # workaround for https://github.com/actions/upload-artifact/issues/39, https://github.com/actions/upload-artifact/issues/248
         run: mkdir Shaarli && unzip -d Shaarli shaarli-*-full.zip
       - name: Upload full .zip as workflow artifact