diff --git a/.github/workflows/updater.py b/.github/workflows/updater.py index 9424e7c..e56c1f9 100755 --- a/.github/workflows/updater.py +++ b/.github/workflows/updater.py @@ -1,43 +1,55 @@ #!/usr/bin/env python3 +""" +This script is meant to be run by GitHub Actions. +It comes with a Github Action updater.yml to run this script periodically. + +Since each app is different, maintainers can adapt its contents to perform +automatic actions when a new upstream release is detected. + +You need to enable the action by removing `if ${{ false }}` in updater.yml! +""" import hashlib import json import logging import os -import subprocess +import re +from subprocess import run, PIPE import textwrap -from pathlib import Path from typing import List, Tuple, Any import requests from packaging import version logging.getLogger().setLevel(logging.INFO) -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -# Remove this exit command when you are ready to run this Action -# exit(1) - -#================================================= -# Fetching information +# ========================================================================== # +# Functions customizable by app maintainer def get_latest_version(repo: str) -> Tuple[version.Version, Any]: - api_url = repo.replace("https://github.com/", "https://api.github.com/repos/") + """May be customized by maintainers for other forges than Github""" + api_url = repo.replace("github.com", "api.github.com/repos") + # May use {api_url}/tags and release["name"] for tag-based upstream releases = requests.get(f"{api_url}/releases").json() - release_info = [release for release in releases if not release["prerelease"]][0] + release_info = next(release for release in releases if not release["prerelease"]) return version.Version(release_info["tag_name"]), release_info -def get_assets_of_release(repo: str, rel_info: Any) -> List[str]: +def get_asset_urls_of_release(repo: str, release: Any) -> List[str]: """May be customized by maintainers for custom urls""" - assets = [asset["browse_download_url"] for asset in rel_info["assets"]] - assets.append(f"{repo}/archive/refs/tags/{rel_info['tag_name']}.tar.gz") - return assets + return [ + *[asset["browse_download_url"] for asset in release["assets"]], + f"{repo}/archive/refs/tags/{release['tag_name']}.tar.gz" + ] -#================================================= -# Download assets and compute filename / sha256sum +def handle_asset(asset_url: str): + """This should be customized by the maintainer according to upstream""" + logging.info("Handling asset at %s", asset_url) + if re.match(r".*/v[0-9\.]+.(tar.gz)$", asset_url): + write_src_file("app.src", asset_url, "tar.gz") + else: + logging.info("Asset ignored") + +# ========================================================================== # +# Core generic code of the script def sha256sum_of_url(url: str) -> str: """Compute checksum without saving the file""" @@ -46,55 +58,58 @@ def sha256sum_of_url(url: str) -> str: checksum.update(chunk) return checksum.hexdigest() -# It has to be adapted in accordance with how the upstream releases look like. -def handle_asset(asset_url: str): - """This should be customized by the maintainer""" - logging.info("Handling asset at %s", asset_url) - if asset_url.endswith(".tar.gz"): - src = "app.src" - else: - logging.info("Asset ignored") - return - logging.info("Asset is for %s", src) +def write_src_file(name: str, asset_url: str, extension: str, + extract: bool = True, subdir: bool = True) -> None: + """Rewrite conf/app.src""" + logging.info("Writing %s...", name) - # Rewrite source file - extension = "tar.gz" if asset_url.endswith(".tar.gz") else Path(asset_url).suffix[1:] - with open(f"conf/{src}", "w", encoding="utf-8") as conf_file: + with open(f"conf/{name}", "w", encoding="utf-8") as conf_file: conf_file.write(textwrap.dedent(f"""\ SOURCE_URL={asset_url} SOURCE_SUM={sha256sum_of_url(asset_url)} SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT={extension} - SOURCE_IN_SUBDIR=true - SOURCE_EXTRACT=true + SOURCE_IN_SUBDIR={str(subdir).lower()} + SOURCE_EXTRACT={str(extract).lower()} """)) +def write_github_env(proceed: bool, new_version: str, branch: str): + """Those values will be used later in the workflow""" + if "GITHUB_ENV" not in os.environ: + logging.warning("GITHUB_ENV is not in the envvars, assuming not in CI") + return + with open(os.environ["GITHUB_ENV"], "w", encoding="utf-8") as github_env: + github_env.write(textwrap.dedent(f"""\ + VERSION={new_version} + BRANCH={branch} + PROCEED={str(proceed).lower()} + """)) def main(): - with open(os.environ["GITHUB_ENV"], "w", encoding="utf-8") as github_env: - github_env.write("PROCEED=false\n") - - with open("manifest.json", "r", encoding="utf-8") as file: - manifest = json.load(file) + with open("manifest.json", "r", encoding="utf-8") as manifest_file: + manifest = json.load(manifest_file) repo = manifest["upstream"]["code"] - current_version = version.parse(manifest["version"].split("~")[0]) - logging.info("Current version: %s", current_version) + current_version = version.Version(manifest["version"].split("~")[0]) latest_version, release_info = get_latest_version(repo) + logging.info("Current version: %s", current_version) logging.info("Latest upstream version: %s", latest_version) # Proceed only if the retrieved version is greater than the current one if latest_version <= current_version: logging.warning("No new version available") + write_github_env(False, "", "") return # Proceed only if a PR for this new version does not already exist - command = ["git", "ls-remote", "--exit-code", "-h", repo, f"ci-auto-update-v${latest_version}"] - if subprocess.run(command, stderr=subprocess.DEVNULL, check=False).returncode == 0: + branch = f"ci-auto-update-v${latest_version}" + command = ["git", "ls-remote", "--exit-code", "-h", repo, branch] + if run(command, stderr=PIPE, stdout=PIPE, check=False).returncode == 0: logging.warning("A branch already exists for this update") + write_github_env(False, "", "") return - assets = get_assets_of_release(repo, release_info) + assets = get_asset_urls_of_release(repo, release_info) logging.info("%d available asset(s)", len(assets)) for asset in assets: handle_asset(asset) @@ -104,12 +119,7 @@ def main(): json.dump(manifest, manifest_file, indent=4, ensure_ascii=False) manifest_file.write("\n") - with open(os.environ["GITHUB_ENV"], "w", encoding="utf-8") as github_env: - github_env.write(textwrap.dedent(f"""\ - VERSION={latest_version} - REPO={repo} - PROCEED=true - """)) + write_github_env(True, latest_version, branch) if __name__ == "__main__": diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100755 index 72eb5cb..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -# Remove this exit command when you are ready to run this Action -exit 1 - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - -echo "Handling asset at $asset_url" - -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *"admin"*) - src="app" - ;; - *"update"*) - src="app-upgrade" - ;; - *) - src="" - ;; -esac - -# If $src is not empty, let's process the asset -if [ ! -z "$src" ]; then - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -EOT -echo "... conf/$src.src updated" - -else -echo "... asset ignored" -fi - -done - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml index c67f0f3..f79c97c 100644 --- a/.github/workflows/updater.yml +++ b/.github/workflows/updater.yml @@ -8,42 +8,33 @@ on: workflow_dispatch: # Run it every day at 6:00 UTC schedule: - - cron: '0 6 * * *' + - cron: '0 6 * * *' + jobs: updater: + # Maintainer should customize the updater script then comment this line. + if: ${{ false }} + runs-on: ubuntu-latest steps: - name: Fetch the source code uses: actions/checkout@v2 with: token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - .github/workflows/updater.py - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" + run: .github/workflows/updater.py + - name: Create Pull Request - id: cpr if: ${{ env.PROCEED == 'true' }} uses: peter-evans/create-pull-request@v3 with: token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} + title: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} + body: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} + commit-message: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} committer: 'yunohost-bot ' author: 'yunohost-bot ' - signoff: false base: testing - branch: ci-auto-update-v${{ env.VERSION }} + branch: ${{ env.BRANCH }} delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false