From f724e05d539a1456cbdf7309bd1090a94208bc07 Mon Sep 17 00:00:00 2001
From: oleole39 <59071673+oleole39@users.noreply.github.com>
Date: Tue, 21 Mar 2023 00:24:45 +0100
Subject: [PATCH] add autoupdate workflow

---
 .github/workflows/updater.sh  | 79 ++++++++++++++---------------------
 .github/workflows/updater.yml | 52 +++++++++++++++++++++++
 2 files changed, 83 insertions(+), 48 deletions(-)
 create mode 100644 .github/workflows/updater.yml

diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh
index 72eb5cb..eb0ce5c 100755
--- a/.github/workflows/updater.sh
+++ b/.github/workflows/updater.sh
@@ -17,8 +17,8 @@ exit 1
 #=================================================
 
 # Fetching information
-current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
-repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
+current_version=$(cat manifest.toml | tomlq -j '.version|split("~")[0]')
+repo=$(cat manifest.toml | tomlq -j '.upstream.code|split("https://github.com/")[1]')
 # Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
 version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
 assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
@@ -48,38 +48,24 @@ elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.
     exit 0
 fi
 
-# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
-echo "${#assets[@]} available asset(s)"
+# As of current build process, each release should contain a unique asset (zip)
+case ${#assets[@]} in    
+    0) 
+        echo "::warning ::no asset found, exiting"
+        exit 0 
+        ;;     
+    1)
+        echo "1 available asset, let's proceed"
+        ;;
+    *) 
+        echo "::warning ::multiple assets, that breaks the expected pattern, exiting"
+        exit 0
 
 #=================================================
 # UPDATE SOURCE FILES
 #=================================================
 
-# Here we use the $assets variable to get the resources published in the upstream release.
-# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
-
-# Let's loop over the array of assets URLs
-for asset_url in ${assets[@]}; do
-
-echo "Handling asset at $asset_url"
-
-# Assign the asset to a source file in conf/ directory
-# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
-# Leave $src empty to ignore the asset
-case $asset_url in
-  *"admin"*)
-    src="app"
-    ;;
-  *"update"*)
-    src="app-upgrade"
-    ;;
-  *)
-    src=""
-    ;;
-esac
-
-# If $src is not empty, let's process the asset
-if [ ! -z "$src" ]; then
+asset_url=${assets[0]}
 
 # Create the temporary directory
 tempdir="$(mktemp -d)"
@@ -89,27 +75,21 @@ filename=${asset_url##*/}
 curl --silent -4 -L $asset_url -o "$tempdir/$filename"
 checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
 
+# Update manifest' source information in manifest
+old_src_main_url=$(cat manifest.toml | tomlq -j '.resources.sources.main.url')
+old_src_main_sha256=$(cat manifest.toml | tomlq -j '.resources.sources.main.sha256')
+sed -i "s^$old_src_main_url^$asset_url^" # use alternate sed delimiter to avoid url escaping
+sed -i "s/$old_src_main_sha256/$checksum/"
+## Alternative less flexible  
+#sed -i "s/^\(\s*url\s\=\s\"\).*/\1$asset_url\"/" 
+#sed -i "s/^\(\s*sha256\s\=\s\"\).*/\1$checksum\"/"
+## Alternative loosing manifest original's format (especially indentation) as yq currently does not apply automatic styling for toml, cf. https://github.com/kislyuk/yq/issues/164
+#cat manifest.toml | tomlq -t --arg url "$asset_url" --arg sha256 "$checksum" '.resources.sources.main.url |= $url | .resources.sources.main.sha256 |= $sha256' > $tempdir/manifest.toml 
+#mv $tempdir/manifest.toml manifest.toml
+
 # Delete temporary directory
 rm -rf $tempdir
 
-# Get extension
-if [[ $filename == *.tar.gz ]]; then
-  extension=tar.gz
-else
-  extension=${filename##*.}
-fi
-
-# Rewrite source file
-cat <<EOT > conf/$src.src
-SOURCE_URL=$asset_url
-SOURCE_SUM=$checksum
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=$extension
-SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
-EOT
-echo "... conf/$src.src updated"
-
 else
 echo "... asset ignored"
 fi
@@ -123,12 +103,15 @@ done
 # Any action on the app's source code can be done.
 # The GitHub Action workflow takes care of committing all changes after this script ends.
 
+# Update nginx.conf index page
+sed -i "s/^\s*index\sCyberChef.*/\  index CyberChef_v$version.html;/" conf/nginx.conf
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 
 # Replace new version in manifest
-echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
+sed -i "s/^version\s*=.*/version = \"$version~ynh1\"/" manifest.toml
 
 # No need to update the README, yunohost-bot takes care of it
 
diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml
new file mode 100644
index 0000000..34e0a47
--- /dev/null
+++ b/.github/workflows/updater.yml
@@ -0,0 +1,52 @@
+# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
+# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
+# This file should be enough by itself, but feel free to tune it to your needs.
+# It calls updater.sh, which is where you should put the app-specific update steps.
+name: Check for new upstream releases
+on:
+  # Allow to manually trigger the workflow
+  workflow_dispatch:
+  # Run it every day at 6:00 UTC
+  schedule:
+    - cron:  '0 6 * * *'
+jobs:
+  updater:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch the source code
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run the updater script
+        id: run_updater
+        run: |
+          # Setting up Git user
+          git config --global user.name 'yunohost-bot'
+          git config --global user.email 'yunohost-bot@users.noreply.github.com'
+          # Download yq/tomlq
+          pip install yq
+          # Run the updater script
+          /bin/bash .github/workflows/updater.sh
+      - name: Commit changes
+        id: commit
+        if: ${{ env.PROCEED == 'true' }}
+        run: |
+          git commit -am "Upgrade to v$VERSION"
+      - name: Create Pull Request
+        id: cpr
+        if: ${{ env.PROCEED == 'true' }}
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Update to version ${{ env.VERSION }}
+          committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          signoff: false
+          base: testing
+          branch: ci-auto-update-v${{ env.VERSION }}
+          delete-branch: true
+          title: 'Upgrade to version ${{ env.VERSION }}'
+          body: |
+            Upgrade to v${{ env.VERSION }}
+            [See upstream release page](https://github.com/${{ env.REPO }}/releases/tag/v${{ env.VERSION }})
+          draft: false