.github/workflows/spm-collection.yml

name: Swift Package Collection

on:
  push:
    paths:
      - "packages.json"
  workflow_dispatch:
    inputs:
      commitChanges:
        description: "Commit Changes"
        required: true
        default: "true"

jobs:
  generate-signed-collection:
    runs-on: macos-12

    steps:
      - uses: actions/checkout@v3
      - name: Create .netrc file with credentials to download binaries from SAP RSBC
        uses: little-core-labs/netrc-creds@master
        with:
          machine: rbsc.repositories.cloud.sap
          login: sap-sdkiospecs
          password: ${{ secrets.RSBC_USER_BASICAUTH_PWD }}
      - name: Cache tools
        id: cache-tools
        uses: actions/cache@v2
        with:
          path: bin
          key: ${{ runner.os }}-tools
      - name: Build tools
        if: steps.cache-tools.outputs.cache-hit != 'true'
        run: |
          git clone https://github.com/apple/swift-package-collection-generator.git
          cd swift-package-collection-generator
          git checkout 5.7
          swift build -c release
          [ -d "../bin" ] || mkdir ../bin
          cp .build/release/package-collection-generate ../bin/
          cp .build/release/package-collection-sign ../bin/
          ../bin/package-collection-generate -help
      - name: Generate unsigned collection.json
        run: |
          bin/package-collection-generate packages.json collection.json -v --auth-token github:github.com:${{ secrets.PAT }}
          cat collection.json
      - name: Create certificates files
        env:
          CERTIFICATE_CONTENT_B64: ${{ secrets.CERTIFICATE_CONTENT_B64 }}
          PRIVATE_KEY_CONTENT: ${{ secrets.PRIVATE_KEY_CONTENT }}
        run: |
          echo "$CERTIFICATE_CONTENT_B64" | base64 --decode > spm_collection.cer
          echo "$PRIVATE_KEY_CONTENT" > spm_collection.pem
      - name: Generate signed collection.json
        run: |
          bin/package-collection-sign  collection.json collection-signed.json spm_collection.pem spm_collection.cer
          cat collection-signed.json
      - name: Create pull request to commit signed collection file
        if: github.event_name == 'push' || github.event.inputs.commitChanges == 'true'
        uses: peter-evans/create-pull-request@v4
        with:
          add-paths: |
            collection-signed.json
          commit-message: 'chore: auto create/update collection-signed.json'
          branch: updatePackageCollection
          delete-branch: true
          title: 'Automatically create/update collection-signed.json'
          body: ''