# Auto-update workflow for the fai/scoop-bucket repo. # # Lives here as the canonical source of truth. The bootstrap # script (scripts/bootstrap-distribution-repos.sh in # fai/chain-private) seeds this file into the bucket repo at # .forgejo/workflows/update.yml. Edit it here, run the # bootstrap script, the bucket picks up the new version. # # What it does: # * Every 4 hours, fetches the latest release manifest for # fai/chain-private. # * If the version differs from the one currently in # chain.json, rewrites version + architecture.64bit.url + # architecture.64bit.hash and commits. # * Workflow_dispatch trigger lets you force an update from # the Forgejo UI. # # Linux runner, no Scoop dependency — we replicate scoop's # checkver+autoupdate logic with curl + jq because installing # scoop itself needs a Windows runner. name: Update Scoop manifest on: schedule: - cron: '0 */4 * * *' workflow_dispatch: {} jobs: update: name: Sync chain.json to latest platform release runs-on: ubuntu-latest steps: - name: Checkout via external URL run: | set -eu mkdir -p "$GITHUB_WORKSPACE" cd "$GITHUB_WORKSPACE" git init -q git remote add origin \ "https://x-access-token:${GITHUB_TOKEN}@git.flemming.ai/${GITHUB_REPOSITORY}.git" git fetch --depth=1 origin "$GITHUB_REF_NAME" git checkout -q FETCH_HEAD - name: Install jq + curl + sponge run: | apt-get update -qq apt-get install -y --no-install-recommends \ jq curl moreutils ca-certificates - name: Fetch latest manifest id: manifest run: | set -eu REL=$(curl -fsSL \ "https://git.flemming.ai/api/v1/repos/fai/chain-private/releases?limit=1" \ | jq -r '.[0]') TAG=$(echo "$REL" | jq -r '.tag_name') VERSION="${TAG#v}" # The .exe sha256 comes from the binary sidecar, NOT # the release manifest — keeps this workflow honest # against the bytes Scoop users will actually # download. Same logic as scoop's autoupdate hash # selector. SHA=$(curl -fsSL \ "https://releases.chain.flemming.ai/v/${TAG}/chain-windows-x86_64.exe.sha256" \ | awk '{print $1}') if [ -z "$SHA" ] || [ "${#SHA}" -ne 64 ]; then echo "chain-windows-x86_64.exe.sha256 missing or malformed for $TAG" echo "skip=true" >> "$GITHUB_OUTPUT" exit 0 fi echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "sha=$SHA" >> "$GITHUB_OUTPUT" - name: Detect manifest version id: current if: steps.manifest.outputs.skip != 'true' run: | CUR=$(jq -r '.version' chain.json) echo "version=$CUR" >> "$GITHUB_OUTPUT" - name: Rewrite chain.json id: rewrite if: | steps.manifest.outputs.skip != 'true' && steps.manifest.outputs.version != steps.current.outputs.version env: NEW_VERSION: ${{ steps.manifest.outputs.version }} NEW_SHA: ${{ steps.manifest.outputs.sha }} run: | set -eu jq --arg v "$NEW_VERSION" --arg sha "sha256:$NEW_SHA" \ '.version = $v | .architecture."64bit".url = ("https://releases.chain.flemming.ai/v/v" + $v + "/chain-windows-x86_64.exe#/chain.exe") | .architecture."64bit".hash = $sha' \ chain.json | sponge chain.json echo "rewritten=true" >> "$GITHUB_OUTPUT" - name: Commit + push if: steps.rewrite.outputs.rewritten == 'true' env: NEW_VERSION: ${{ steps.manifest.outputs.version }} run: | set -eu git config user.email "chain@flemming.ai" git config user.name "fai-scoop-bot" git add chain.json git commit -s -m "chore: scoop manifest -> v${NEW_VERSION}" git push origin "HEAD:${GITHUB_REF_NAME}"