mirror of
https://github.com/flatcar/scripts.git
synced 2026-05-04 19:56:32 +02:00
.github: Port cacert update action from old coreos-overlay
This commit is contained in:
Krzesimir Nowak
Thilo Fromm
parent
b6fc418fe5
commit
b594f36900
33
.github/workflows/cacerts-apply-patch.sh
vendored
Executable file
33
.github/workflows/cacerts-apply-patch.sh
vendored
Executable file
@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
source "${GHA_SCRIPTS_DIR}/.github/workflows/common.sh"
|
||||
|
||||
prepare_git_repo
|
||||
|
||||
pushd "${SDK_OUTER_OVERLAY}"
|
||||
|
||||
# Parse the Manifest file for already present source files and keep the latest version in the current series
|
||||
VERSION_OLD=$(sed -n "s/^DIST nss-\([0-9]*\.[0-9]*\).*$/\1/p" app-misc/ca-certificates/Manifest | sort -ruV | head -n1)
|
||||
if [[ "${VERSION_NEW}" = "${VERSION_OLD}" ]]; then
|
||||
echo "already the latest ca-certificates, nothing to do"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
EBUILD_FILENAME=$(get_ebuild_filename app-misc/ca-certificates "${VERSION_OLD}")
|
||||
git mv "${EBUILD_FILENAME}" "app-misc/ca-certificates/ca-certificates-${VERSION_NEW}.ebuild"
|
||||
|
||||
popd
|
||||
|
||||
URLVERSION=$(echo "${VERSION_NEW}" | tr '.' '_')
|
||||
URL="https://firefox-source-docs.mozilla.org/security/nss/releases/nss_${URLVERSION}.html"
|
||||
|
||||
generate_update_changelog 'ca-certificates' "${VERSION_NEW}" "${URL}" 'ca-certificates'
|
||||
|
||||
commit_changes app-misc/ca-certificates "${VERSION_OLD}" "${VERSION_NEW}"
|
||||
|
||||
cleanup_repo
|
||||
|
||||
echo "VERSION_OLD=${VERSION_OLD}" >>"${GITHUB_OUTPUT}"
|
||||
echo 'UPDATE_NEEDED=1' >>"${GITHUB_OUTPUT}"
|
||||
67
.github/workflows/cacerts-release.yaml
vendored
Normal file
67
.github/workflows/cacerts-release.yaml
vendored
Normal file
@ -0,0 +1,67 @@
|
||||
name: Get the latest ca-certificates release for all maintained branches
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 7 * * 1'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
get-cacerts-release:
|
||||
strategy:
|
||||
matrix:
|
||||
channel: [main,alpha,beta,stable,lts,lts-old]
|
||||
fail-fast: false
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out main scripts branch for GitHub workflow scripts only
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
path: gha
|
||||
ref: main
|
||||
- name: Figure out branch
|
||||
id: figure-out-branch
|
||||
run: gha/.github/workflows/figure-out-branch.sh '${{ matrix.channel }}'
|
||||
- name: Check out work scripts branch for updating
|
||||
if: steps.figure-out-branch.outputs.SKIP == 0
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
path: work
|
||||
ref: ${{ steps.figure-out-branch.outputs.BRANCH }}
|
||||
- name: Figure out latest ca-certificates release version
|
||||
if: steps.figure-out-branch.outputs.SKIP == 0
|
||||
id: nss-latest-release
|
||||
run: |
|
||||
nssVersion=$(git ls-remote --tags https://github.com/nss-dev/nss | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1)
|
||||
echo "NSS_VERSION=${nssVersion}" >>"${GITHUB_OUTPUT}"
|
||||
- name: Set up Flatcar SDK
|
||||
if: steps.figure-out-branch.outputs.SKIP == 0
|
||||
id: setup-flatcar-sdk
|
||||
env:
|
||||
WORK_SCRIPTS_DIR: "${{ github.workspace }}/work"
|
||||
CHANNEL: ${{ steps.figure-out-branch.outputs.LABEL }}
|
||||
# This will be empty for the main channel, but we handle
|
||||
# this case inside setup-flatcar-sdk.sh.
|
||||
MIRROR_LINK: ${{ steps.figure-out-branch.outputs.LINK }}
|
||||
run: gha/.github/workflows/setup-flatcar-sdk.sh
|
||||
- name: Apply patch
|
||||
if: steps.figure-out-branch.outputs.SKIP == 0
|
||||
id: apply-patch
|
||||
env:
|
||||
GHA_SCRIPTS_DIR: "${{ github.workspace }}/gha"
|
||||
WORK_SCRIPTS_DIR: "${{ github.workspace }}/work"
|
||||
VERSION_NEW: ${{ steps.nss-latest-release.outputs.NSS_VERSION }}
|
||||
PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }}
|
||||
SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }}
|
||||
run: gha/.github/workflows/cacerts-apply-patch.sh
|
||||
- name: Create pull request
|
||||
if: (steps.figure-out-branch.outputs.SKIP == 0) && (steps.apply-patch.outputs.UPDATE_NEEDED == 1)
|
||||
uses: peter-evans/create-pull-request@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
path: work
|
||||
branch: "cacerts-${{ steps.nss-latest-release.outputs.NSS_VERSION }}-${{ steps.figure-out-branch.outputs.BRANCH }}"
|
||||
base: ${{ steps.figure-out-branch.outputs.BRANCH }}
|
||||
title: Update ca-certificates in ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.nss-latest-release.outputs.NSS_VERSION }}
|
||||
body: Subject says it all.
|
||||
labels: ${{ steps.figure-out-branch.outputs.LABEL }}
|
||||
Loading…
x
Reference in New Issue
Block a user