From ec78789dfe661c36a140023ea3a4850d0d0b2b84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Tue, 30 Aug 2022 10:07:51 +0200 Subject: [PATCH] Rewrite updater script in Python, split what's editable by app maintainer and what's not. --- .github/workflows/updater.py | 136 +++++++++++++++++++++++++++++++++ .github/workflows/updater.sh | 137 ---------------------------------- .github/workflows/updater.yml | 40 ++++++++++ 3 files changed, 176 insertions(+), 137 deletions(-) create mode 100755 .github/workflows/updater.py delete mode 100755 .github/workflows/updater.sh create mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.py b/.github/workflows/updater.py new file mode 100755 index 0000000..0f1b202 --- /dev/null +++ b/.github/workflows/updater.py @@ -0,0 +1,136 @@ +#!/usr/bin/env python3 +""" +This script is meant to be run by GitHub Actions. +It comes with a Github Action updater.yml to run this script periodically. + +Since each app is different, maintainers can adapt its contents to perform +automatic actions when a new upstream release is detected. + +You need to enable the action by removing `if ${{ false }}` in updater.yml! +""" + +import hashlib +import json +import logging +import os +import re +from subprocess import run, PIPE +import textwrap +from typing import List, Tuple, Any +import requests +from packaging import version + +logging.getLogger().setLevel(logging.INFO) + + +# ========================================================================== # +# Functions customizable by app maintainer + +def get_latest_version(repo: str) -> Tuple[version.Version, Any]: + """ + May be customized by maintainers for other forges than Github. + Returns a tuple: a comparable version, and some data that will + be passed to get_asset_urls_of_release(). + """ + api_url = repo.replace("github.com", "api.github.com/repos") + + # Maintainer: use either releases or tags + tags = requests.get(f"{api_url}/tags").json() + tag_info = next( + tag for tag in tags + if "-rc" not in tag["name"] and "REL" not in tag["name"] + ) + return version.Version(tag_info["name"]), tag_info + + # Maintainer: use either releases or tags + releases = requests.get(f"{api_url}/releases").json() + release_info = next( + release for release in releases + if not release["prerelease"] + ) + return version.Version(release_info["tag_name"]), release_info + + +def generate_src_files(repo: str, release: Any): + """ + Should call write_src_file() for every asset/binary/... to download. + """ + + built_release = f"{repo}/archive/refs/tags/{release['name']}.tar.gz" + logging.info("Handling main tarball at %s", built_release) + write_src_file("app.src", built_release, "tar.gz") + + +# ========================================================================== # +# Core generic code of the script, app maintainers should not edit this part + +def sha256sum_of_url(url: str) -> str: + """Compute checksum without saving the file""" + checksum = hashlib.sha256() + for chunk in requests.get(url, stream=True).iter_content(): + checksum.update(chunk) + return checksum.hexdigest() + +def write_src_file(name: str, asset_url: str, extension: str, + extract: bool = True, subdir: bool = True) -> None: + """Rewrite conf/app.src""" + logging.info("Writing %s...", name) + + with open(f"conf/{name}", "w", encoding="utf-8") as conf_file: + conf_file.write(textwrap.dedent(f"""\ + SOURCE_URL={asset_url} + SOURCE_SUM={sha256sum_of_url(asset_url)} + SOURCE_SUM_PRG=sha256sum + SOURCE_FORMAT={extension} + SOURCE_IN_SUBDIR={str(subdir).lower()} + SOURCE_EXTRACT={str(extract).lower()} + """)) + +def write_github_env(proceed: bool, new_version: str, branch: str): + """Those values will be used later in the workflow""" + if "GITHUB_ENV" not in os.environ: + logging.warning("GITHUB_ENV is not in the envvars, assuming not in CI") + return + with open(os.environ["GITHUB_ENV"], "w", encoding="utf-8") as github_env: + github_env.write(textwrap.dedent(f"""\ + VERSION={new_version} + BRANCH={branch} + PROCEED={str(proceed).lower()} + """)) + +def main(): + with open("manifest.json", "r", encoding="utf-8") as manifest_file: + manifest = json.load(manifest_file) + repo = manifest["upstream"]["code"] + + current_version = version.Version(manifest["version"].split("~")[0]) + latest_version, release_info = get_latest_version(repo) + logging.info("Current version: %s", current_version) + logging.info("Latest upstream version: %s", latest_version) + + # Proceed only if the retrieved version is greater than the current one + if latest_version <= current_version: + logging.warning("No new version available") + write_github_env(False, "", "") + return + + # Proceed only if a PR for this new version does not already exist + branch = f"ci-auto-update-v${latest_version}" + command = ["git", "ls-remote", "--exit-code", "-h", repo, branch] + if run(command, stderr=PIPE, stdout=PIPE, check=False).returncode == 0: + logging.warning("A branch already exists for this update") + write_github_env(False, "", "") + return + + generate_src_files(repo, release_info) + + manifest["version"] = f"{latest_version}~ynh1" + with open("manifest.json", "w", encoding="utf-8") as manifest_file: + json.dump(manifest, manifest_file, indent=4, ensure_ascii=False) + manifest_file.write("\n") + + write_github_env(True, latest_version, branch) + + +if __name__ == "__main__": + main() diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100755 index 72eb5cb..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -# Remove this exit command when you are ready to run this Action -exit 1 - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - -echo "Handling asset at $asset_url" - -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *"admin"*) - src="app" - ;; - *"update"*) - src="app-upgrade" - ;; - *) - src="" - ;; -esac - -# If $src is not empty, let's process the asset -if [ ! -z "$src" ]; then - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -EOT -echo "... conf/$src.src updated" - -else -echo "... asset ignored" -fi - -done - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..f79c97c --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,40 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' + +jobs: + updater: + # Maintainer should customize the updater script then comment this line. + if: ${{ false }} + + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Run the updater script + run: .github/workflows/updater.py + + - name: Create Pull Request + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + title: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} + body: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} + commit-message: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + base: testing + branch: ${{ env.BRANCH }} + delete-branch: true