name: Update Repository # Controls when the workflow will run on: #push: # If the configuration has changed, this ensures we apply updates. #branches: [ main ] schedule: # Upstream releases around once per month, so twice a week should be fine. - cron: '23 14 * * mon,thu' workflow_dispatch: jobs: check-upstream: name: Check for a new releases upstream runs-on: ubuntu-latest outputs: innernet_release: ${{ steps.check-latest-release.outputs.innernet_release }} tarball_url: ${{ steps.check-latest-release.outputs.tarball_url }} new_release_exists: ${{ steps.check-repo-release.outputs.new_release_exists }} steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes jq liblzma-dev reprepro - name: Check Latest Release id: check-latest-release run: | wget -O- \ -H'Accept: application/json' \ "https://api.github.com/repos/tonarino/innernet/releases/latest" \ | jq -r '(.name + " " + .tarball_url)' \ | ( read release tarball_url echo "innernet_release=$release" >>"$GITHUB_OUTPUT" echo "tarball_url=$tarball_url" >>"$GITHUB_OUTPUT" echo "Latest release: $release" ) - name: Checkout uses: actions/checkout@v2 with: # See https://github.com/marketplace/actions/github-push persist-credentials: false fetch-depth: 0 - name: Check Repo Release id: check-repo-release run: | # Note the leading v to match the Git tag. indexed=v$(reprepro -b debian --list-format '${version}\n' listmatched unstable innernet) echo "Repo release: $indexed" if [ "x$indexed" = "x${{ steps.check-latest-release.outputs.innernet_release }}" ]; then echo "new_release_exists=false" >>"$GITHUB_OUTPUT" else echo "new_release_exists=true" >>"$GITHUB_OUTPUT" fi - name: Show Output id: show-output run: | echo "## Job Outputs" >>"$GITHUB_STEP_SUMMARY" echo "* \`innernet_release=${{ steps.check-latest-release.outputs.innernet_release }}\`" >>"$GITHUB_STEP_SUMMARY" echo "* \`new_release_exists=${{ steps.check-repo-release.outputs.new_release_exists }}\`" >>"$GITHUB_STEP_SUMMARY" build-deb: name: Build DEB Packages runs-on: ubuntu-latest needs: [check-upstream] if: ${{ needs.check-upstream.outputs.new_release_exists == 'true' }} steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes dpkg-dev liblzma-dev - name: Download Latest Release id: download-release run: | wget -O- "${{ needs.check-upstream.outputs.tarball_url }}" | tar xz mv tonarino-innernet-*/* . rm -fr tonarino-innernet-* - name: Install Rust uses: actions-rs/toolchain@v1 with: toolchain: stable profile: minimal override: true - name: Install cargo-deb run: | type -p cargo-deb || cargo install cargo-deb - name: Set Up Rust Cache uses: Swatinem/rust-cache@v1 - name: Build Client DEB uses: actions-rs/cargo@v1 with: command: deb args: -p client - name: Build Server DEB uses: actions-rs/cargo@v1 with: command: deb args: -p server - name: Upload DEBs uses: actions/upload-artifact@v2 with: name: deb-ubuntu-latest path: target/debian/*.deb release: runs-on: ubuntu-latest needs: [check-upstream, build-deb] if: ${{ needs.check-upstream.outputs.new_release_exists == 'true' }} steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes git gpg reprepro - name: Set Up GPG Keys run: | mkdir -p -m 0700 "$HOME/.gnupg" echo 'pinentry-mode loopback' >>"$HOME/.gnupg/gpg.conf" echo 'allow-loopback-pinentry' >>"$HOME/.gnupg/gpg-agent.conf" echo 'allow-preset-passphrase' >>"$HOME/.gnupg/gpg-agent.conf" gpgconf --reload gpg-agent echo "${{ secrets.GPG_SIGNING_KEY }}" | gpg --quiet --batch --yes --import echo '${{ secrets.GPG_SIGNING_PASSPHRASE }}' | /usr/lib/gnupg/gpg-preset-passphrase --preset 57F0E65446A301CC19914FD61167922350A2D8B2 - name: Checkout uses: actions/checkout@v2 with: # See https://github.com/marketplace/actions/github-push persist-credentials: false fetch-depth: 0 - name: Get Artifacts uses: actions/download-artifact@v2 with: name: deb-ubuntu-latest path: ./artifacts - name: Import Artifacts run: | cd artifacts for name in *.deb; do reprepro --export=silent-never -b ../debian includedeb unstable "$name" done - name: Update Repository run: | has_changes() { git status --porcelain "$@" | grep -q . } if has_changes debian/pool; then reprepro -b debian export unstable fi if has_changes debian/{db,dists,pool}; then git add debian/{db,dists,pool} git \ -c 'user.email=41898282+github-actions[bot]@users.noreply.github.com' \ -c 'user.name=github-actions[bot]' \ commit -m "Included release tonarino/innernet@${{ needs.check-upstream.outputs.innernet_release }}." else echo 'No updates to commit.' fi - name: Push changes uses: ad-m/github-push-action@v0.6.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ github.ref }}