scoop-bucket/.forgejo/workflows/update.yml
flemming-it 72feaba1bb chore: chain rename + bump to v0.16.0 (mirror URLs, fix auto-update)
Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
2026-06-17 17:19:01 +02:00

111 lines
4 KiB
YAML

# Auto-update workflow for the fai/scoop-bucket repo.
#
# Lives here as the canonical source of truth. The bootstrap
# script (scripts/bootstrap-distribution-repos.sh in
# fai/chain-private) seeds this file into the bucket repo at
# .forgejo/workflows/update.yml. Edit it here, run the
# bootstrap script, the bucket picks up the new version.
#
# What it does:
# * Every 4 hours, fetches the latest release manifest for
# fai/chain-private.
# * If the version differs from the one currently in
# chain.json, rewrites version + architecture.64bit.url +
# architecture.64bit.hash and commits.
# * Workflow_dispatch trigger lets you force an update from
# the Forgejo UI.
#
# Linux runner, no Scoop dependency — we replicate scoop's
# checkver+autoupdate logic with curl + jq because installing
# scoop itself needs a Windows runner.
name: Update Scoop manifest
on:
schedule:
- cron: '0 */4 * * *'
workflow_dispatch: {}
jobs:
update:
name: Sync chain.json to latest platform release
runs-on: ubuntu-latest
steps:
- name: Checkout via external URL
run: |
set -eu
mkdir -p "$GITHUB_WORKSPACE"
cd "$GITHUB_WORKSPACE"
git init -q
git remote add origin \
"https://x-access-token:${GITHUB_TOKEN}@git.flemming.ai/${GITHUB_REPOSITORY}.git"
git fetch --depth=1 origin "$GITHUB_REF_NAME"
git checkout -q FETCH_HEAD
- name: Install jq + curl + sponge
run: |
apt-get update -qq
apt-get install -y --no-install-recommends \
jq curl moreutils ca-certificates
- name: Fetch latest manifest
id: manifest
run: |
set -eu
REL=$(curl -fsSL \
"https://git.flemming.ai/api/v1/repos/fai/chain-private/releases?limit=1" \
| jq -r '.[0]')
TAG=$(echo "$REL" | jq -r '.tag_name')
VERSION="${TAG#v}"
# The .exe sha256 comes from the binary sidecar, NOT
# the release manifest — keeps this workflow honest
# against the bytes Scoop users will actually
# download. Same logic as scoop's autoupdate hash
# selector.
SHA=$(curl -fsSL \
"https://releases.chain.flemming.ai/v/${TAG}/chain-windows-x86_64.exe.sha256" \
| awk '{print $1}')
if [ -z "$SHA" ] || [ "${#SHA}" -ne 64 ]; then
echo "chain-windows-x86_64.exe.sha256 missing or malformed for $TAG"
echo "skip=true" >> "$GITHUB_OUTPUT"
exit 0
fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "sha=$SHA" >> "$GITHUB_OUTPUT"
- name: Detect manifest version
id: current
if: steps.manifest.outputs.skip != 'true'
run: |
CUR=$(jq -r '.version' chain.json)
echo "version=$CUR" >> "$GITHUB_OUTPUT"
- name: Rewrite chain.json
id: rewrite
if: |
steps.manifest.outputs.skip != 'true'
&& steps.manifest.outputs.version != steps.current.outputs.version
env:
NEW_VERSION: ${{ steps.manifest.outputs.version }}
NEW_SHA: ${{ steps.manifest.outputs.sha }}
run: |
set -eu
jq --arg v "$NEW_VERSION" --arg sha "sha256:$NEW_SHA" \
'.version = $v
| .architecture."64bit".url =
("https://releases.chain.flemming.ai/v/v"
+ $v + "/chain-windows-x86_64.exe#/chain.exe")
| .architecture."64bit".hash = $sha' \
chain.json | sponge chain.json
echo "rewritten=true" >> "$GITHUB_OUTPUT"
- name: Commit + push
if: steps.rewrite.outputs.rewritten == 'true'
env:
NEW_VERSION: ${{ steps.manifest.outputs.version }}
run: |
set -eu
git config user.email "chain@flemming.ai"
git config user.name "fai-scoop-bot"
git add chain.json
git commit -s -m "chore: scoop manifest -> v${NEW_VERSION}"
git push origin "HEAD:${GITHUB_REF_NAME}"