CD Check OpenSSL Release #177
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD Check OpenSSL Release | |
on: | |
schedule: | |
- cron: '0 15 * * mon-fri' | |
workflow_dispatch: | |
jobs: | |
openssl-update: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get versions | |
id: GET_VERSIONS | |
run: | | |
BOOL="$(curl -s https://api.github.com/repos/openssl/openssl/releases | jq '.[0] | .prerelease')" | |
if $BOOL; then | |
echo "Pre-release, skipping" | |
exit 1 | |
else | |
echo OPENSSL_VERSION="$(curl -s https://api.github.com/repos/openssl/openssl/releases | jq '.[0] | .name' -r | grep -Eo '([0-9]+)(\.?[0-9]+)*' | head -1)" >> $GITHUB_OUTPUT | |
echo OPENSSL_BUILDENV_VERSION="$(curl -s https://api.github.com/repos/madnuttah/openssl-buildenv/releases | jq '.[0] | .name' -r | grep -Eo '([0-9]+)(\.?[0-9]+)*' | head -1)" >> $GITHUB_OUTPUT | |
fi | |
- name: Is update available | |
id: IS_UPDATE_AVAILABLE | |
run: | | |
if $(dpkg --compare-versions "${{ steps.GET_VERSIONS.outputs.OPENSSL_BUILDENV_VERSION }}" "lt" "${{ steps.GET_VERSIONS.outputs.OPENSSL_VERSION }}"); then | |
echo "Update found" | |
echo OPENSSL_SHA256="$(curl -s https://github.com/openssl/openssl/releases/download/openssl-"${{ steps.GET_VERSIONS.outputs.OPENSSL_VERSION }}"/openssl-"${{ steps.GET_VERSIONS.outputs.OPENSSL_VERSION }}".tar.gz.sha256 | xargs)" >> $GITHUB_OUTPUT | |
else | |
echo "No update found" | |
exit 1 | |
fi | |
- name: Checkout source | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Import GPG key | |
id: IMPORT_GPG | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }} | |
git_user_signingkey: false | |
git_commit_gpgsign: false | |
git_push_gpgsign: false | |
trust_level: 5 | |
- name: Push buildvars to repository | |
env: | |
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} | |
GIT_AUTHOR_NAME: ${{ steps.IMPORT_GPG.outputs.name }} | |
GIT_AUTHOR_EMAIL: ${{ steps.IMPORT_GPG.outputs.email }} | |
GIT_COMMITTER_NAME: ${{ steps.IMPORT_GPG.outputs.name }} | |
GIT_COMMITTER_EMAIL: ${{ steps.IMPORT_GPG.outputs.email }} | |
run: | | |
git remote set-url origin https://x-access-token:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/${{ github.repository }} | |
OPENSSL_VERSION=${{ steps.GET_VERSIONS.outputs.OPENSSL_VERSION }} | |
OPENSSL_SHA256=${{ steps.IS_UPDATE_AVAILABLE.outputs.OPENSSL_SHA256 }} | |
echo BUILDENV_BUILD_DATE="$(date -u)" > buildvars | |
echo OPENSSL_VERSION="$OPENSSL_VERSION" >> buildvars | |
echo OPENSSL_SHA256="$OPENSSL_SHA256" >> buildvars | |
echo OPENSSL_BUILDENV_VERSION="${OPENSSL_VERSION}-0" >> buildvars | |
git add buildvars | |
git commit buildvars -m "Updated buildvars" | |
git push origin main | |
exit 0 |