219 lines
7.9 KiB
YAML
219 lines
7.9 KiB
YAML
name: Update Repository
|
|
|
|
# Controls when the workflow will run
|
|
on:
|
|
#push:
|
|
# If the configuration has changed, this ensures we apply updates.
|
|
#branches: [ main ]
|
|
|
|
schedule:
|
|
# Upstream releases around once per month, so twice a week should be fine.
|
|
- cron: '23 14 * * mon,thu'
|
|
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
check-upstream:
|
|
name: Check for a new releases upstream
|
|
runs-on: ubuntu-latest
|
|
|
|
outputs:
|
|
innernet_release: ${{ steps.check-latest-release.outputs.innernet_release }}
|
|
innernet_version: ${{ steps.check-latest-release.outputs.innernet_version }}
|
|
tarball_url: ${{ steps.check-latest-release.outputs.tarball_url }}
|
|
new_release_exists: ${{ steps.check-repo-release.outputs.new_release_exists }}
|
|
|
|
steps:
|
|
- name: Install Distro Dependencies
|
|
run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes jq liblzma-dev reprepro
|
|
|
|
- name: Set Ubuntu Release Name
|
|
id: set-ubuntu-release-name
|
|
run: |
|
|
echo "ubuntu_release=$(lsb_release --short --codename)" >>"$GITHUB_OUTPUT"
|
|
|
|
- name: Check Latest Release
|
|
id: check-latest-release
|
|
run: |
|
|
wget -O- \
|
|
-H'Accept: application/json' \
|
|
"https://api.github.com/repos/tonarino/innernet/releases/latest" \
|
|
| jq -r '(.name + " " + .tarball_url)' \
|
|
| (
|
|
read release tarball_url
|
|
echo "innernet_release=$release" >>"$GITHUB_OUTPUT"
|
|
echo "innernet_version=${release#v}" >>"$GITHUB_OUTPUT"
|
|
echo "tarball_url=$tarball_url" >>"$GITHUB_OUTPUT"
|
|
echo "Latest release: $release"
|
|
)
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
# See https://github.com/marketplace/actions/github-push
|
|
persist-credentials: false
|
|
fetch-depth: 0
|
|
|
|
- name: Check Repo Release
|
|
id: check-repo-release
|
|
run: |
|
|
new_release_exists=
|
|
for ver_codename in 22.04/jammy 20.04/focal; do
|
|
ver=${ver_codename%/*}
|
|
codename=${ver_codename##*/}
|
|
# Note the leading v to match the Git tag.
|
|
indexed=v$(reprepro -b debian --list-format '${version}\n' listmatched "$codename" innernet)
|
|
upstream="${{ steps.check-latest-release.outputs.innernet_release }}-0ubuntu0~$codename"
|
|
echo "Repo release in $codename: $indexed"
|
|
if [ "x$indexed" != "x$upstream" ]; then
|
|
new_release_exists="${new_release_exists:+$new_release_exists }$ver"
|
|
fi
|
|
done
|
|
echo "new_release_exists=$new_release_exists" >>"$GITHUB_OUTPUT"
|
|
|
|
- name: Show Output
|
|
id: show-output
|
|
run: |
|
|
echo "## Job Outputs" >>"$GITHUB_STEP_SUMMARY"
|
|
echo "* \`innernet_release=${{ steps.check-latest-release.outputs.innernet_release }}\`" >>"$GITHUB_STEP_SUMMARY"
|
|
echo "* \`innernet_version=${{ steps.check-latest-release.outputs.innernet_version }}\`" >>"$GITHUB_STEP_SUMMARY"
|
|
echo "* \`new_release_exists=${{ steps.check-repo-release.outputs.new_release_exists }}\`" >>"$GITHUB_STEP_SUMMARY"
|
|
|
|
build-deb:
|
|
name: Build DEB Packages
|
|
needs: [check-upstream]
|
|
if: contains('${{ needs.check-upstream.outputs.new_release_exists }}', 'ubuntu-${{ matrix.os }}')
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
strategy:
|
|
matrix:
|
|
os:
|
|
- ubuntu-22.04
|
|
- ubuntu-20.04
|
|
|
|
steps:
|
|
- name: Install Distro Dependencies
|
|
run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes dpkg-dev liblzma-dev
|
|
|
|
- name: Download Latest Release
|
|
id: download-release
|
|
run: |
|
|
wget -O- "${{ needs.check-upstream.outputs.tarball_url }}" | tar xz
|
|
mv tonarino-innernet-*/* .
|
|
rm -fr tonarino-innernet-*
|
|
|
|
- name: Install Rust
|
|
uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: stable
|
|
profile: minimal
|
|
override: true
|
|
|
|
- name: Install cargo-deb
|
|
run: |
|
|
type -p cargo-deb || cargo install cargo-deb
|
|
|
|
- name: Set Up Rust Cache
|
|
uses: Swatinem/rust-cache@v1
|
|
with:
|
|
key: ${{ matrix.os }}
|
|
|
|
- name: Build Client DEB
|
|
uses: actions-rs/cargo@v1
|
|
with:
|
|
command: deb
|
|
args: -p client --deb-version=${{ needs.check-upstream.outputs.innernet_version }}-0ubuntu0~${{ needs.check-upstream.outputs.ubuntu_release }}
|
|
|
|
- name: Build Server DEB
|
|
uses: actions-rs/cargo@v1
|
|
with:
|
|
command: deb
|
|
args: -p server --deb-version=${{ needs.check-upstream.outputs.innernet_version }}-0ubuntu0~${{ needs.check-upstream.outputs.ubuntu_release }}
|
|
|
|
- name: Upload DEBs
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: deb-ubuntu-${{ needs.check-upstream.outputs.ubuntu_release }}
|
|
path: target/debian/*.deb
|
|
|
|
release:
|
|
needs: [check-upstream, build-deb]
|
|
if: contains('${{ needs.check-upstream.outputs.new_release_exists }}', 'ubuntu-${{ matrix.os }}')
|
|
# Avoid push conflicts.
|
|
concurrency: update_repository
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
strategy:
|
|
matrix:
|
|
os:
|
|
- ubuntu-22.04
|
|
- ubuntu-20.04
|
|
|
|
steps:
|
|
- name: Install Distro Dependencies
|
|
run: sudo env DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes git gpg reprepro
|
|
|
|
- name: Set Up GPG Keys
|
|
run: |
|
|
mkdir -p -m 0700 "$HOME/.gnupg"
|
|
echo 'pinentry-mode loopback' >>"$HOME/.gnupg/gpg.conf"
|
|
echo 'allow-loopback-pinentry' >>"$HOME/.gnupg/gpg-agent.conf"
|
|
echo 'allow-preset-passphrase' >>"$HOME/.gnupg/gpg-agent.conf"
|
|
gpgconf --reload gpg-agent
|
|
echo "${{ secrets.GPG_SIGNING_KEY }}" | gpg --quiet --batch --yes --import
|
|
echo '${{ secrets.GPG_SIGNING_PASSPHRASE }}' | /usr/lib/gnupg/gpg-preset-passphrase --preset 57F0E65446A301CC19914FD61167922350A2D8B2
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
# See https://github.com/marketplace/actions/github-push
|
|
persist-credentials: false
|
|
fetch-depth: 0
|
|
|
|
- name: Get Artifacts
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: deb-ubuntu-${{ needs.check-upstream.outputs.ubuntu_release }}
|
|
path: ./artifacts
|
|
|
|
- name: Import Artifacts
|
|
run: |
|
|
cd artifacts
|
|
for name in *.deb; do
|
|
reprepro --export=silent-never -b ../debian includedeb "${{ needs.check-upstream.outputs.ubuntu_release }}" "$name"
|
|
done
|
|
|
|
- name: Update Repository
|
|
run: |
|
|
has_changes() {
|
|
git status --porcelain "$@" | grep -q .
|
|
}
|
|
|
|
if has_changes debian/pool; then
|
|
reprepro -b debian export "${{ needs.check-upstream.outputs.ubuntu_release }}"
|
|
fi
|
|
|
|
if has_changes debian/{db,dists,pool}; then
|
|
git add debian/{db,dists,pool}
|
|
git \
|
|
-c 'user.email=41898282+github-actions[bot]@users.noreply.github.com' \
|
|
-c 'user.name=github-actions[bot]' \
|
|
commit -m "Included release tonarino/innernet@${{ needs.check-upstream.outputs.innernet_release }} in ${{ needs.check-upstream.outputs.ubuntu_release }}."
|
|
else
|
|
echo 'No updates to commit.'
|
|
fi
|
|
|
|
- name: Push changes
|
|
uses: ad-m/github-push-action@master
|
|
if: github.ref_name == 'main'
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
branch: ${{ github.ref }}
|
|
|
|
# GitHub shows an inconsistent delay with pulling right after pushing. Since we push
|
|
# for multiple distributions, we have to make sure the next checkout doesn't conflict
|
|
# with the current.
|
|
- name: Delay 30 seconds for pushed changes to be visible
|
|
run: sleep 30s
|
|
shell: bash
|