From b61c1151a398689c42b5ccd94acc15f6344502be Mon Sep 17 00:00:00 2001
From: tuntoja <58987095+tuntoja@users.noreply.github.com>
Date: Fri, 9 Dec 2022 11:06:53 +0100
Subject: [PATCH] enh(packaging): add rpm sign to workflow 2110

---
 .github/actions/delivery/action.yml     | 16 ++++++-----
 .github/actions/package-sign/action.yml | 36 +++++++++++++++++++++++++
 .github/scripts/rpm-signing.sh          |  5 ++++
 .github/workflows/centreon-collect.yml  |  9 +++++++
 4 files changed, 59 insertions(+), 7 deletions(-)
 create mode 100644 .github/actions/package-sign/action.yml
 create mode 100755 .github/scripts/rpm-signing.sh

diff --git a/.github/actions/delivery/action.yml b/.github/actions/delivery/action.yml
index 57a08cbb9c9..59184dbacb5 100644
--- a/.github/actions/delivery/action.yml
+++ b/.github/actions/delivery/action.yml
@@ -97,25 +97,27 @@ runs:
           echo "[DEBUG] - File: $FILE"
           VERSION=${{ inputs.version }}
           MAJOR="$VERSION"
-          DISTRIB="${{ inputs.distrib }}";
           REPOTYPE="$SUBREPO"
-          ARCH=$(echo $FILE | grep -oP '(x86_64|noarch)')
           PROJECT=${{ inputs.module_name }}
-          FOLDER=$(basename $FILE .rpm)
           PROJECT_PATH="standard"
 
-          echo "[DEBUG] - Arch: $ARCH"
           echo "[DEBUG] - Suprepo: $SUBREPO"
           echo "[DEBUG] - FILES: $FILES"
-          echo "[DEBUG] - DISTRIB: $DISTRIB"
           echo "[DEBUG] - Version: $VERSION"
           if [[ "${{ env.extfile }}" == "deb" ]] ; then
-            echo "[DEBUG] - https://artifactory.apps.centreon.com/artifactory/debian-$VERSION-$REPO/pool/$FILE;deb.distribution=bullseye;deb.component=main;deb.architecture=amd64"
-            curl -v -u "${{ inputs.repos_username }}":"${{ inputs.repos_password }}" -X PUT "https://artifactory.apps.centreon.com/artifactory/debian-$VERSION-$REPO/pool/$FILE;deb.distribution=bullseye;deb.component=main;deb.architecture=amd64" -T "./$FILE"
+            curl -u "${{ inputs.repo_username }}":"${{ inputs.repo_password }}" -H "Content-Type: multipart/form-data" --data-binary "@./$FILE" https://apt.centreon.com/repository/23.04-$SUBREPO/
           else
             #echo "[DEBUG] - https://artifactory.apps.centreon.com/artifactory/rpm-$VERSION-$REPO/$DISTRIB/$REPO/x86_64/centreon-collect"
             #curl -v -u "${{ inputs.repos_username }}":"${{ inputs.repos_password }}" -X PUT "https://artifactory.apps.centreon.com/artifactory/rpm-$VERSION-$REPO/$DISTRIB/$REPO/x86_64/centreon-collect/$FILE" -T "./$FILE"
 
+            DISTRIB="${{ inputs.distrib }}"
+            ARCH=$(echo $FILE | grep -oP '(x86_64|noarch)')
+            FOLDER=$(basename $FILE .rpm)
+
+            echo "[DEBUG] - DISTRIB: $DISTRIB"
+            echo "[DEBUG] - Arch: $ARCH"
+            echo "[DEBUG] - FOLDER: $FOLDER"
+
             eval `ssh-agent`
             ssh-add - <<< "${{ inputs.yum_repo_key }}"
 
diff --git a/.github/actions/package-sign/action.yml b/.github/actions/package-sign/action.yml
new file mode 100644
index 00000000000..3d197b0edd2
--- /dev/null
+++ b/.github/actions/package-sign/action.yml
@@ -0,0 +1,36 @@
+name: rpm-sign-in-docker
+description: Run step in docker container
+inputs:
+  script_name:
+    description: "script_name"
+    required: true
+  image_name:
+    description: "image_name"
+    required: true
+  image_version:
+    description: "image_version"
+    required: true
+  centreon_pat:
+    description: "Secret"
+    required: false
+  username:
+    description: The artifactory username
+    required: true
+  password:
+    description: The artifactory password
+    required: true
+  params:
+    description: "params for script"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - name: Login to Registry
+      uses: docker/login-action@v2
+      with:
+        registry: docker.centreon.com
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+
+    - run: docker run -i -e TOKEN=${{ inputs.centreon_pat }} --entrypoint /src/.github/scripts/${{ inputs.script_name }}.sh -v "$PWD:/src" docker.centreon.com/${{ inputs.image_name }}:${{ inputs.image_version}} ${{ inputs.params }}
+      shell: bash
\ No newline at end of file
diff --git a/.github/scripts/rpm-signing.sh b/.github/scripts/rpm-signing.sh
new file mode 100755
index 00000000000..2f42905b059
--- /dev/null
+++ b/.github/scripts/rpm-signing.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -ex
+export GPG_TTY=$(tty)
+rpmsign --addsign /src/*.rpm
\ No newline at end of file
diff --git a/.github/workflows/centreon-collect.yml b/.github/workflows/centreon-collect.yml
index 220b8f3ab37..d17f95e7a0c 100644
--- a/.github/workflows/centreon-collect.yml
+++ b/.github/workflows/centreon-collect.yml
@@ -114,6 +114,15 @@ jobs:
           image_version: ${{ env.imgversion }}
           env_variable: -e DISTRIB="${{ matrix.distrib }}" -e VERSION="${{ env.version }}" -e RELEASE="${{ env.release }}"
 
+      - name: sign rpm ${{ matrix.image }}
+        uses: ./.github/actions/package-sign
+        with:
+          script_name: rpm-signing
+          image_name: rpm-signing
+          image_version: ubuntu
+          username: ${{ secrets.REPOS_USERNAME }}
+          password: ${{ secrets.REPOS_PASSWORD }}
+
       - name: Use cache RPM files
         uses: actions/cache@v3
         env: