name: Update Repository # Controls when the workflow will run on: #push: # If the configuration has changed, this ensures we apply updates. #branches: [ main ] schedule: # Upstream releases around once per month, so twice a week should be fine. - cron: '23 14 * * mon,thu' workflow_dispatch: jobs: check-upstream: name: Check for a new releases upstream runs-on: ubuntu-latest outputs: innernet_release: ${{ steps.check-latest-release.outputs.innernet_release }} innernet_version: ${{ steps.check-latest-release.outputs.innernet_version }} tarball_url: ${{ steps.check-latest-release.outputs.tarball_url }} new_release_exists: ${{ steps.check-repo-release.outputs.new_release_exists }} steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes jq liblzma-dev reprepro - name: Set Ubuntu Release Name id: set-ubuntu-release-name run: | echo "ubuntu_release=$(lsb_release --short --codename)" >>"$GITHUB_OUTPUT" - name: Check Latest Release id: check-latest-release run: | wget -O- \ -H'Accept: application/json' \ "https://api.github.com/repos/tonarino/innernet/releases/latest" \ | jq -r '(.name + " " + .tarball_url)' \ | ( read release tarball_url echo "innernet_release=$release" >>"$GITHUB_OUTPUT" echo "innernet_version=${release#v}" >>"$GITHUB_OUTPUT" echo "tarball_url=$tarball_url" >>"$GITHUB_OUTPUT" echo "Latest release: $release" ) - name: Checkout uses: actions/checkout@v3 with: # See https://github.com/marketplace/actions/github-push persist-credentials: false fetch-depth: 0 - name: Check Repo Release id: check-repo-release run: | new_release_exists= for ver_codename in ubuntu-22.04/jammy ubuntu-20.04/focal; do ver=${ver_codename%/*} codename=${ver_codename##*/} # Note the leading v to match the Git tag. indexed=v$(reprepro -b debian --list-format '${version}\n' listmatched "$codename" innernet) upstream="${{ steps.check-latest-release.outputs.innernet_release }}-0ubuntu0~$codename" echo "Repo release in $codename: $indexed" if [ "x$indexed" != "x$upstream" ]; then new_release_exists="${new_release_exists:+$new_release_exists,}\"$ver\"" fi done echo "new_release_exists=[$new_release_exists]" >>"$GITHUB_OUTPUT" - name: Show Output id: show-output run: | echo "## Job Outputs" >>"$GITHUB_STEP_SUMMARY" echo "* \`innernet_release=${{ steps.check-latest-release.outputs.innernet_release }}\`" >>"$GITHUB_STEP_SUMMARY" echo "* \`innernet_version=${{ steps.check-latest-release.outputs.innernet_version }}\`" >>"$GITHUB_STEP_SUMMARY" echo "* \`new_release_exists=${{ steps.check-repo-release.outputs.new_release_exists }}\`" >>"$GITHUB_STEP_SUMMARY" build-deb: name: Build DEB Packages needs: [check-upstream] runs-on: ${{ matrix.os }} strategy: matrix: os: ${{ fromJson(needs.check-upstream.outputs.new_release_exists) }} steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes dpkg-dev liblzma-dev - name: Translate Codename id: translate-codename run: | case "${{ matrix.os }}" in ubuntu-22.04) codename=jammy ;; ubuntu-20.04) codename=focal ;; *) echo "Unknown OS: ${{ matrix.os }}" >&2 exit 1 ;; esac echo "codename=$codename" >>"$GITHUB_OUTPUT" - name: Download Latest Release id: download-release run: | wget -O- "${{ needs.check-upstream.outputs.tarball_url }}" | tar xz mv tonarino-innernet-*/* . rm -fr tonarino-innernet-* - name: Install Rust uses: actions-rs/toolchain@v1 with: toolchain: stable profile: minimal override: true - name: Install cargo-deb run: | type -p cargo-deb || cargo install cargo-deb - name: Set Up Rust Cache uses: Swatinem/rust-cache@v1 with: key: ${{ matrix.os }} - name: Build Client DEB uses: actions-rs/cargo@v1 with: command: deb args: -p client --deb-version=${{ needs.check-upstream.outputs.innernet_version }}-0ubuntu0~${{ steps.translate-codename.outputs.codename }} - name: Build Server DEB uses: actions-rs/cargo@v1 with: command: deb args: -p server --deb-version=${{ needs.check-upstream.outputs.innernet_version }}-0ubuntu0~${{ steps.translate-codename.outputs.codename }} - name: Upload DEBs uses: actions/upload-artifact@v3 with: name: deb-${{ matrix.os }} path: target/debian/*.deb - name: Show Output id: show-output run: | echo "## Job Outputs" >>"$GITHUB_STEP_SUMMARY" echo "* \`codename=${{ steps.translate-codename.outputs.codename }}\`" >>"$GITHUB_STEP_SUMMARY" release: needs: [check-upstream, build-deb] # Avoid push conflicts. concurrency: update_repository runs-on: ${{ matrix.os }} strategy: matrix: os: ${{ fromJson(needs.check-upstream.outputs.new_release_exists) }} steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes git gpg reprepro - name: Set Up GPG Keys run: | mkdir -p -m 0700 "$HOME/.gnupg" echo 'pinentry-mode loopback' >>"$HOME/.gnupg/gpg.conf" echo 'allow-loopback-pinentry' >>"$HOME/.gnupg/gpg-agent.conf" echo 'allow-preset-passphrase' >>"$HOME/.gnupg/gpg-agent.conf" gpgconf --reload gpg-agent echo "${{ secrets.GPG_SIGNING_KEY }}" | gpg --quiet --batch --yes --import echo '${{ secrets.GPG_SIGNING_PASSPHRASE }}' | /usr/lib/gnupg/gpg-preset-passphrase --preset 57F0E65446A301CC19914FD61167922350A2D8B2 - name: Translate Codename id: translate-codename run: | case "${{ matrix.os }}" in ubuntu-22.04) codename=jammy ;; ubuntu-20.04) codename=focal ;; *) echo "Unknown OS: ${{ matrix.os }}" >&2 exit 1 ;; esac echo "codename=$codename" >>"$GITHUB_OUTPUT" - name: Checkout uses: actions/checkout@v3 with: # See https://github.com/marketplace/actions/github-push persist-credentials: false fetch-depth: 0 - name: Download DEBs uses: actions/download-artifact@v3 with: name: deb-${{ matrix.os }} path: ./artifacts - name: Import DEBs run: | cd artifacts for name in *.deb; do reprepro --export=silent-never -b ../debian includedeb "${{ steps.translate-codename.outputs.codename }}" "$name" done - name: Update Repository run: | has_changes() { git status --porcelain "$@" | grep -q . } if has_changes debian/pool; then reprepro -b debian export "${{ steps.translate-codename.outputs.codename }}" fi if has_changes debian/{db,dists,pool}; then git add debian/{db,dists,pool} git \ -c 'user.email=41898282+github-actions[bot]@users.noreply.github.com' \ -c 'user.name=github-actions[bot]' \ commit -m "Included release tonarino/innernet@${{ needs.check-upstream.outputs.innernet_release }} in ${{ steps.translate-codename.outputs.codename }}." else echo 'No updates to commit.' fi - name: Push changes uses: ad-m/github-push-action@master if: github.ref_name == 'main' with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ github.ref }} # GitHub shows an inconsistent delay with pulling right after pushing. Since we push # for multiple distributions, we have to make sure the next checkout doesn't conflict # with the current. - name: Delay 30 seconds for pushed changes to be visible run: sleep 30s shell: bash