Rewrite updater script in Python, split what's editable by app maintainer and what's not.

2024-09-03 20:06:13 +02:00 · 2022-08-30 10:07:51 +02:00 · 2022-08-30 10:07:51 +02:00 · ec78789dfe
commit ec78789dfe
parent 7a077746cf
3 changed files with 176 additions and 137 deletions
--- a/.github/workflows/updater.py
+++ b/.github/workflows/updater.py
@ -0,0 +1,136 @@
+#!/usr/bin/env python3
+"""
+This script is meant to be run by GitHub Actions.
+It comes with a Github Action updater.yml to run this script periodically.
+
+Since each app is different, maintainers can adapt its contents to perform
+automatic actions when a new upstream release is detected.
+
+You need to enable the action by removing `if ${{ false }}` in updater.yml!
+"""
+
+import hashlib
+import json
+import logging
+import os
+import re
+from subprocess import run, PIPE
+import textwrap
+from typing import List, Tuple, Any
+import requests
+from packaging import version
+
+logging.getLogger().setLevel(logging.INFO)
+
+
+# ========================================================================== #
+# Functions customizable by app maintainer
+
+def get_latest_version(repo: str) -> Tuple[version.Version, Any]:
+    """
+    May be customized by maintainers for other forges than Github.
+    Returns a tuple: a comparable version, and some data that will
+    be passed to get_asset_urls_of_release().
+    """
+    api_url = repo.replace("github.com", "api.github.com/repos")
+
+    # Maintainer: use either releases or tags
+    tags = requests.get(f"{api_url}/tags").json()
+    tag_info = next(
+        tag for tag in tags
+        if "-rc" not in tag["name"] and "REL" not in tag["name"]
+    )
+    return version.Version(tag_info["name"]), tag_info
+
+    # Maintainer: use either releases or tags
+    releases = requests.get(f"{api_url}/releases").json()
+    release_info = next(
+        release for release in releases
+        if not release["prerelease"]
+    )
+    return version.Version(release_info["tag_name"]), release_info
+
+
+def generate_src_files(repo: str, release: Any):
+    """
+    Should call write_src_file() for every asset/binary/... to download.
+    """
+
+    built_release = f"{repo}/archive/refs/tags/{release['name']}.tar.gz"
+    logging.info("Handling main tarball at %s", built_release)
+    write_src_file("app.src", built_release, "tar.gz")
+
+
+# ========================================================================== #
+# Core generic code of the script, app maintainers should not edit this part
+
+def sha256sum_of_url(url: str) -> str:
+    """Compute checksum without saving the file"""
+    checksum = hashlib.sha256()
+    for chunk in requests.get(url, stream=True).iter_content():
+        checksum.update(chunk)
+    return checksum.hexdigest()
+
+def write_src_file(name: str, asset_url: str, extension: str,
+                   extract: bool = True, subdir: bool = True) -> None:
+    """Rewrite conf/app.src"""
+    logging.info("Writing %s...", name)
+
+    with open(f"conf/{name}", "w", encoding="utf-8") as conf_file:
+        conf_file.write(textwrap.dedent(f"""\
+            SOURCE_URL={asset_url}
+            SOURCE_SUM={sha256sum_of_url(asset_url)}
+            SOURCE_SUM_PRG=sha256sum
+            SOURCE_FORMAT={extension}
+            SOURCE_IN_SUBDIR={str(subdir).lower()}
+            SOURCE_EXTRACT={str(extract).lower()}
+        """))
+
+def write_github_env(proceed: bool, new_version: str, branch: str):
+    """Those values will be used later in the workflow"""
+    if "GITHUB_ENV" not in os.environ:
+        logging.warning("GITHUB_ENV is not in the envvars, assuming not in CI")
+        return
+    with open(os.environ["GITHUB_ENV"], "w", encoding="utf-8") as github_env:
+        github_env.write(textwrap.dedent(f"""\
+            VERSION={new_version}
+            BRANCH={branch}
+            PROCEED={str(proceed).lower()}
+        """))
+
+def main():
+    with open("manifest.json", "r", encoding="utf-8") as manifest_file:
+        manifest = json.load(manifest_file)
+    repo = manifest["upstream"]["code"]
+
+    current_version = version.Version(manifest["version"].split("~")[0])
+    latest_version, release_info = get_latest_version(repo)
+    logging.info("Current version: %s", current_version)
+    logging.info("Latest upstream version: %s", latest_version)
+
+    # Proceed only if the retrieved version is greater than the current one
+    if latest_version <= current_version:
+        logging.warning("No new version available")
+        write_github_env(False, "", "")
+        return
+
+    # Proceed only if a PR for this new version does not already exist
+    branch = f"ci-auto-update-v${latest_version}"
+    command = ["git", "ls-remote", "--exit-code", "-h", repo, branch]
+    if run(command, stderr=PIPE, stdout=PIPE, check=False).returncode == 0:
+        logging.warning("A branch already exists for this update")
+        write_github_env(False, "", "")
+        return
+
+    generate_src_files(repo, release_info)
+
+    manifest["version"] = f"{latest_version}~ynh1"
+    with open("manifest.json", "w", encoding="utf-8") as manifest_file:
+        json.dump(manifest, manifest_file, indent=4, ensure_ascii=False)
+        manifest_file.write("\n")
+
+    write_github_env(True, latest_version, branch)
+
+
+if __name__ == "__main__":
+    main()
--- a/.github/workflows/updater.sh
+++ b/.github/workflows/updater.sh
@ -1,137 +0,0 @@
-#!/bin/bash
-
-#=================================================
-# PACKAGE UPDATING HELPER
-#=================================================
-
-# This script is meant to be run by GitHub Actions
-# The YunoHost-Apps organisation offers a template Action to run this script periodically
-# Since each app is different, maintainers can adapt its contents so as to perform
-# automatic actions when a new upstream release is detected.
-
-# Remove this exit command when you are ready to run this Action
-exit 1
-
-#=================================================
-# FETCHING LATEST RELEASE AND ITS ASSETS
-#=================================================
-
-# Fetching information
-current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
-repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
-# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
-version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
-assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
-
-# Later down the script, we assume the version has only digits and dots
-# Sometimes the release name starts with a "v", so let's filter it out.
-# You may need more tweaks here if the upstream repository has different naming conventions. 
-if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
-    version=${version:1}
-fi
-
-# Setting up the environment variables
-echo "Current version: $current_version"
-echo "Latest release from upstream: $version"
-echo "VERSION=$version" >> $GITHUB_ENV
-echo "REPO=$repo" >> $GITHUB_ENV
-# For the time being, let's assume the script will fail
-echo "PROCEED=false" >> $GITHUB_ENV
-
-# Proceed only if the retrieved version is greater than the current one
-if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
-    echo "::warning ::No new version available"
-    exit 0
-# Proceed only if a PR for this new version does not already exist
-elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
-    echo "::warning ::A branch already exists for this update"
-    exit 0
-fi
-
-# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
-echo "${#assets[@]} available asset(s)"
-
-#=================================================
-# UPDATE SOURCE FILES
-#=================================================
-
-# Here we use the $assets variable to get the resources published in the upstream release.
-# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
-
-# Let's loop over the array of assets URLs
-for asset_url in ${assets[@]}; do
-
-echo "Handling asset at $asset_url"
-
-# Assign the asset to a source file in conf/ directory
-# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
-# Leave $src empty to ignore the asset
-case $asset_url in
-  *"admin"*)
-    src="app"
-    ;;
-  *"update"*)
-    src="app-upgrade"
-    ;;
-  *)
-    src=""
-    ;;
-esac
-
-# If $src is not empty, let's process the asset
-if [ ! -z "$src" ]; then
-
-# Create the temporary directory
-tempdir="$(mktemp -d)"
-
-# Download sources and calculate checksum
-filename=${asset_url##*/}
-curl --silent -4 -L $asset_url -o "$tempdir/$filename"
-checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
-
-# Delete temporary directory
-rm -rf $tempdir
-
-# Get extension
-if [[ $filename == *.tar.gz ]]; then
-  extension=tar.gz
-else
-  extension=${filename##*.}
-fi
-
-# Rewrite source file
-cat <<EOT > conf/$src.src
-SOURCE_URL=$asset_url
-SOURCE_SUM=$checksum
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=$extension
-SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
-EOT
-echo "... conf/$src.src updated"
-
-else
-echo "... asset ignored"
-fi
-
-done
-
-#=================================================
-# SPECIFIC UPDATE STEPS
-#=================================================
-
-# Any action on the app's source code can be done.
-# The GitHub Action workflow takes care of committing all changes after this script ends.
-
-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-
-# Replace new version in manifest
-echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
-
-# No need to update the README, yunohost-bot takes care of it
-
-# The Action will proceed only if the PROCEED environment variable is set to true
-echo "PROCEED=true" >> $GITHUB_ENV
-exit 0
--- a/.github/workflows/updater.yml
+++ b/.github/workflows/updater.yml
@ -0,0 +1,40 @@
+# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
+# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
+# This file should be enough by itself, but feel free to tune it to your needs.
+# It calls updater.sh, which is where you should put the app-specific update steps.
+name: Check for new upstream releases
+on:
+  # Allow to manually trigger the workflow
+  workflow_dispatch:
+  # Run it every day at 6:00 UTC
+  schedule:
+    - cron: '0 6 * * *'
+
+jobs:
+  updater:
+    # Maintainer should customize the updater script then comment this line.
+    if: ${{ false }}
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch the source code
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run the updater script
+        run: .github/workflows/updater.py
+
+      - name: Create Pull Request
+        if: ${{ env.PROCEED == 'true' }}
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          title: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }}
+          body: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }}
+          commit-message: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }}
+          committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          base: testing
+          branch: ${{ env.BRANCH }}
+          delete-branch: true