name: Update Repository # Controls when the workflow will run on: #push: # If the configuration has changed, this ensures we apply updates. #branches: [ main ] schedule: # Upstream releases around once per month, so twice a week should be fine. - cron: '23 14 * * mon,thu' workflow_dispatch: jobs: check-upstream: name: Check for a new releases upstream runs-on: ubuntu-latest outputs: innernet_release: ${{ steps.check-latest-release.outputs.innernet_release }} innernet_version: ${{ steps.check-latest-release.outputs.innernet_version }} tarball_url: ${{ steps.check-latest-release.outputs.tarball_url }} new_release_exists: ${{ steps.check-repo-release.outputs.new_release_exists }} steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes jq liblzma-dev reprepro - name: Set Ubuntu Release Name id: set-ubuntu-release-name run: | echo "ubuntu_release=$(lsb_release --short --codename)" >>"$GITHUB_OUTPUT" - name: Check Latest Release id: check-latest-release run: | wget -O- \ -H'Accept: application/json' \ "https://api.github.com/repos/tonarino/innernet/releases/latest" \ | jq -r '(.name + " " + .tarball_url)' \ | ( read release tarball_url echo "innernet_release=$release" >>"$GITHUB_OUTPUT" echo "innernet_version=${release#v}" >>"$GITHUB_OUTPUT" echo "tarball_url=$tarball_url" >>"$GITHUB_OUTPUT" echo "Latest release: $release" ) - name: Checkout uses: actions/checkout@v3 with: # See https://github.com/marketplace/actions/github-push persist-credentials: false fetch-depth: 0 - name: Check Repo Release id: check-repo-release run: | new_release_exists= for ver_codename in ubuntu-22.04/jammy ubuntu-20.04/focal; do ver=${ver_codename%/*} codename=${ver_codename##*/} # Note the leading v to match the Git tag. indexed=v$(reprepro -b debian --list-format '${version}\n' listmatched "$codename" innernet) upstream="${{ steps.check-latest-release.outputs.innernet_release }}-0ubuntu0~$codename" echo "Repo release in $codename: $indexed" if [ "x$indexed" != "x$upstream" ]; then new_release_exists="${new_release_exists:+$new_release_exists }$ver" fi done echo "new_release_exists=$new_release_exists" >>"$GITHUB_OUTPUT" - name: Show Output id: show-output run: | echo "## Job Outputs" >>"$GITHUB_STEP_SUMMARY" echo "* \`innernet_release=${{ steps.check-latest-release.outputs.innernet_release }}\`" >>"$GITHUB_STEP_SUMMARY" echo "* \`innernet_version=${{ steps.check-latest-release.outputs.innernet_version }}\`" >>"$GITHUB_STEP_SUMMARY" echo "* \`new_release_exists=${{ steps.check-repo-release.outputs.new_release_exists }}\`" >>"$GITHUB_STEP_SUMMARY" build-deb: name: Build DEB Packages needs: [check-upstream] if: ${{ contains(needs.check-upstream.outputs.new_release_exists, matrix.os) }} runs-on: ${{ matrix.os }} strategy: matrix: os: - ubuntu-22.04 - ubuntu-20.04 steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes dpkg-dev liblzma-dev - name: Download Latest Release id: download-release run: | wget -O- "${{ needs.check-upstream.outputs.tarball_url }}" | tar xz mv tonarino-innernet-*/* . rm -fr tonarino-innernet-* - name: Install Rust uses: actions-rs/toolchain@v1 with: toolchain: stable profile: minimal override: true - name: Install cargo-deb run: | type -p cargo-deb || cargo install cargo-deb - name: Set Up Rust Cache uses: Swatinem/rust-cache@v1 with: key: ${{ matrix.os }} - name: Build Client DEB uses: actions-rs/cargo@v1 with: command: deb args: -p client --deb-version=${{ needs.check-upstream.outputs.innernet_version }}-0ubuntu0~${{ needs.check-upstream.outputs.ubuntu_release }} - name: Build Server DEB uses: actions-rs/cargo@v1 with: command: deb args: -p server --deb-version=${{ needs.check-upstream.outputs.innernet_version }}-0ubuntu0~${{ needs.check-upstream.outputs.ubuntu_release }} - name: Upload DEBs uses: actions/upload-artifact@v3 with: name: deb-ubuntu-${{ needs.check-upstream.outputs.ubuntu_release }} path: target/debian/*.deb release: needs: [check-upstream, build-deb] if: ${{ contains(needs.check-upstream.outputs.new_release_exists, matrix.os) }} # Avoid push conflicts. concurrency: update_repository runs-on: ${{ matrix.os }} strategy: matrix: os: - ubuntu-22.04 - ubuntu-20.04 steps: - name: Install Distro Dependencies run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes git gpg reprepro - name: Set Up GPG Keys run: | mkdir -p -m 0700 "$HOME/.gnupg" echo 'pinentry-mode loopback' >>"$HOME/.gnupg/gpg.conf" echo 'allow-loopback-pinentry' >>"$HOME/.gnupg/gpg-agent.conf" echo 'allow-preset-passphrase' >>"$HOME/.gnupg/gpg-agent.conf" gpgconf --reload gpg-agent echo "${{ secrets.GPG_SIGNING_KEY }}" | gpg --quiet --batch --yes --import echo '${{ secrets.GPG_SIGNING_PASSPHRASE }}' | /usr/lib/gnupg/gpg-preset-passphrase --preset 57F0E65446A301CC19914FD61167922350A2D8B2 - name: Checkout uses: actions/checkout@v3 with: # See https://github.com/marketplace/actions/github-push persist-credentials: false fetch-depth: 0 - name: Get Artifacts uses: actions/download-artifact@v3 with: name: deb-ubuntu-${{ needs.check-upstream.outputs.ubuntu_release }} path: ./artifacts - name: Import Artifacts run: | cd artifacts for name in *.deb; do reprepro --export=silent-never -b ../debian includedeb "${{ needs.check-upstream.outputs.ubuntu_release }}" "$name" done - name: Update Repository run: | has_changes() { git status --porcelain "$@" | grep -q . } if has_changes debian/pool; then reprepro -b debian export "${{ needs.check-upstream.outputs.ubuntu_release }}" fi if has_changes debian/{db,dists,pool}; then git add debian/{db,dists,pool} git \ -c 'user.email=41898282+github-actions[bot]@users.noreply.github.com' \ -c 'user.name=github-actions[bot]' \ commit -m "Included release tonarino/innernet@${{ needs.check-upstream.outputs.innernet_release }} in ${{ needs.check-upstream.outputs.ubuntu_release }}." else echo 'No updates to commit.' fi - name: Push changes uses: ad-m/github-push-action@master if: github.ref_name == 'main' with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ github.ref }} # GitHub shows an inconsistent delay with pulling right after pushing. Since we push # for multiple distributions, we have to make sure the next checkout doesn't conflict # with the current. - name: Delay 30 seconds for pushed changes to be visible run: sleep 30s shell: bash