mirror of
https://github.com/flatcar/scripts.git
synced 2026-01-09 02:22:16 +01:00
70 lines
3.2 KiB
YAML
70 lines
3.2 KiB
YAML
name: Get the latest ca-certificates release for all maintained branches
|
|
on:
|
|
schedule:
|
|
- cron: '0 7 * * 1'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
get-cacerts-release:
|
|
strategy:
|
|
matrix:
|
|
channel: [main,alpha,beta,stable,lts,lts-old]
|
|
fail-fast: false
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out main scripts branch for GitHub workflow scripts only
|
|
uses: actions/checkout@v4
|
|
with:
|
|
token: ${{ secrets.BOT_PR_TOKEN }}
|
|
path: gha
|
|
ref: main
|
|
- name: Figure out branch
|
|
id: figure-out-branch
|
|
run: gha/.github/workflows/figure-out-branch.sh '${{ matrix.channel }}'
|
|
- name: Check out work scripts branch for updating
|
|
if: steps.figure-out-branch.outputs.SKIP == 0
|
|
uses: actions/checkout@v4
|
|
with:
|
|
token: ${{ secrets.BOT_PR_TOKEN }}
|
|
path: work
|
|
ref: ${{ steps.figure-out-branch.outputs.BRANCH }}
|
|
- name: Figure out latest ca-certificates release version
|
|
if: steps.figure-out-branch.outputs.SKIP == 0
|
|
id: nss-latest-release
|
|
run: |
|
|
nssVersion=$(git ls-remote --tags https://github.com/nss-dev/nss | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1)
|
|
echo "NSS_VERSION=${nssVersion}" >>"${GITHUB_OUTPUT}"
|
|
- name: Set up Flatcar SDK
|
|
if: steps.figure-out-branch.outputs.SKIP == 0
|
|
id: setup-flatcar-sdk
|
|
env:
|
|
WORK_SCRIPTS_DIR: "${{ github.workspace }}/work"
|
|
CHANNEL: ${{ steps.figure-out-branch.outputs.LABEL }}
|
|
# This will be empty for the main channel, but we handle
|
|
# this case inside setup-flatcar-sdk.sh.
|
|
MIRROR_LINK: ${{ steps.figure-out-branch.outputs.LINK }}
|
|
run: gha/.github/workflows/setup-flatcar-sdk.sh
|
|
- name: Apply patch
|
|
if: steps.figure-out-branch.outputs.SKIP == 0
|
|
id: apply-patch
|
|
env:
|
|
GHA_SCRIPTS_DIR: "${{ github.workspace }}/gha"
|
|
WORK_SCRIPTS_DIR: "${{ github.workspace }}/work"
|
|
VERSION_NEW: ${{ steps.nss-latest-release.outputs.NSS_VERSION }}
|
|
PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }}
|
|
SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }}
|
|
TARGET_BRANCH: ${{ steps.figure-out-branch.outputs.BRANCH }}
|
|
run: gha/.github/workflows/cacerts-apply-patch.sh
|
|
- name: Create pull request
|
|
if: (steps.figure-out-branch.outputs.SKIP == 0) && (steps.apply-patch.outputs.UPDATE_NEEDED == 1)
|
|
uses: peter-evans/create-pull-request@v6
|
|
with:
|
|
token: ${{ secrets.BOT_PR_TOKEN }}
|
|
path: work
|
|
branch: "cacerts-${{ steps.nss-latest-release.outputs.NSS_VERSION }}-${{ steps.figure-out-branch.outputs.BRANCH }}"
|
|
base: ${{ steps.figure-out-branch.outputs.BRANCH }}
|
|
title: Update ca-certificates in ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.nss-latest-release.outputs.NSS_VERSION }}
|
|
body: Subject says it all.
|
|
labels: ${{ steps.figure-out-branch.outputs.LABEL }}
|
|
signoff: true
|