111 lines
4 KiB
YAML
111 lines
4 KiB
YAML
# Auto-update workflow for the fai/scoop-bucket repo.
|
|
#
|
|
# Lives here as the canonical source of truth. The bootstrap
|
|
# script (scripts/bootstrap-distribution-repos.sh in
|
|
# fai/chain-private) seeds this file into the bucket repo at
|
|
# .forgejo/workflows/update.yml. Edit it here, run the
|
|
# bootstrap script, the bucket picks up the new version.
|
|
#
|
|
# What it does:
|
|
# * Every 4 hours, fetches the latest release manifest for
|
|
# fai/chain-private.
|
|
# * If the version differs from the one currently in
|
|
# chain.json, rewrites version + architecture.64bit.url +
|
|
# architecture.64bit.hash and commits.
|
|
# * Workflow_dispatch trigger lets you force an update from
|
|
# the Forgejo UI.
|
|
#
|
|
# Linux runner, no Scoop dependency — we replicate scoop's
|
|
# checkver+autoupdate logic with curl + jq because installing
|
|
# scoop itself needs a Windows runner.
|
|
|
|
name: Update Scoop manifest
|
|
on:
|
|
schedule:
|
|
- cron: '0 */4 * * *'
|
|
workflow_dispatch: {}
|
|
|
|
jobs:
|
|
update:
|
|
name: Sync chain.json to latest platform release
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout via external URL
|
|
run: |
|
|
set -eu
|
|
mkdir -p "$GITHUB_WORKSPACE"
|
|
cd "$GITHUB_WORKSPACE"
|
|
git init -q
|
|
git remote add origin \
|
|
"https://x-access-token:${GITHUB_TOKEN}@git.flemming.ai/${GITHUB_REPOSITORY}.git"
|
|
git fetch --depth=1 origin "$GITHUB_REF_NAME"
|
|
git checkout -q FETCH_HEAD
|
|
|
|
- name: Install jq + curl + sponge
|
|
run: |
|
|
apt-get update -qq
|
|
apt-get install -y --no-install-recommends \
|
|
jq curl moreutils ca-certificates
|
|
|
|
- name: Fetch latest manifest
|
|
id: manifest
|
|
run: |
|
|
set -eu
|
|
REL=$(curl -fsSL \
|
|
"https://git.flemming.ai/api/v1/repos/fai/chain-private/releases?limit=1" \
|
|
| jq -r '.[0]')
|
|
TAG=$(echo "$REL" | jq -r '.tag_name')
|
|
VERSION="${TAG#v}"
|
|
# The .exe sha256 comes from the binary sidecar, NOT
|
|
# the release manifest — keeps this workflow honest
|
|
# against the bytes Scoop users will actually
|
|
# download. Same logic as scoop's autoupdate hash
|
|
# selector.
|
|
SHA=$(curl -fsSL \
|
|
"https://releases.chain.flemming.ai/v/${TAG}/chain-windows-x86_64.exe.sha256" \
|
|
| awk '{print $1}')
|
|
if [ -z "$SHA" ] || [ "${#SHA}" -ne 64 ]; then
|
|
echo "chain-windows-x86_64.exe.sha256 missing or malformed for $TAG"
|
|
echo "skip=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
|
echo "sha=$SHA" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Detect manifest version
|
|
id: current
|
|
if: steps.manifest.outputs.skip != 'true'
|
|
run: |
|
|
CUR=$(jq -r '.version' chain.json)
|
|
echo "version=$CUR" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Rewrite chain.json
|
|
id: rewrite
|
|
if: |
|
|
steps.manifest.outputs.skip != 'true'
|
|
&& steps.manifest.outputs.version != steps.current.outputs.version
|
|
env:
|
|
NEW_VERSION: ${{ steps.manifest.outputs.version }}
|
|
NEW_SHA: ${{ steps.manifest.outputs.sha }}
|
|
run: |
|
|
set -eu
|
|
jq --arg v "$NEW_VERSION" --arg sha "sha256:$NEW_SHA" \
|
|
'.version = $v
|
|
| .architecture."64bit".url =
|
|
("https://releases.chain.flemming.ai/v/v"
|
|
+ $v + "/chain-windows-x86_64.exe#/chain.exe")
|
|
| .architecture."64bit".hash = $sha' \
|
|
chain.json | sponge chain.json
|
|
echo "rewritten=true" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Commit + push
|
|
if: steps.rewrite.outputs.rewritten == 'true'
|
|
env:
|
|
NEW_VERSION: ${{ steps.manifest.outputs.version }}
|
|
run: |
|
|
set -eu
|
|
git config user.email "chain@flemming.ai"
|
|
git config user.name "fai-scoop-bot"
|
|
git add chain.json
|
|
git commit -s -m "chore: scoop manifest -> v${NEW_VERSION}"
|
|
git push origin "HEAD:${GITHUB_REF_NAME}"
|