Update #352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # Check for updates every half hour between 15:00 UTC and 19:00 UTC on Tuesday through Thursday | |
| - cron: "0,30 15-19 * * 2-4" | |
| # Check for updates every hour between 17:00 UTC and 19:00 UTC on Monday and Friday | |
| - cron: "0 17-19 * * 1,5" | |
| # Check for updates at 19:00 UTC once every Saturday and Sunday | |
| - cron: "0 19 * * 0,6" | |
| jobs: | |
| check: | |
| outputs: | |
| should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Install Deno | |
| uses: denoland/setup-deno@v2 | |
| with: | |
| deno-version: v2.x | |
| - name: Install dependencies | |
| run: deno install | |
| - run: deno task getLatestVersion | |
| env: | |
| REFRESH_TOKEN: ${{secrets.REFRESH_TOKEN}} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22.x" | |
| - name: Install dependencies | |
| run: npm install | |
| - uses: actions/github-script@v8 | |
| with: | |
| github-token: ${{ secrets.VERSION_DB_TOKEN }} | |
| script: | | |
| const sodium = require('sodium-native'); | |
| const fs = require('fs'); | |
| const path = require('path'); | |
| const publicKey = await github.rest.actions.getRepoPublicKey({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| }); | |
| const envFilePath = path.join(process.cwd(), '.env'); | |
| const newSecretValue = fs.readFileSync(envFilePath, 'utf8').replace('REFRESH_TOKEN=', ''); | |
| const message = Buffer.from(newSecretValue); | |
| const key = Buffer.from(publicKey.data.key, 'base64'); | |
| const sealed = Buffer.alloc(message.byteLength + sodium.crypto_box_SEALBYTES); | |
| sodium.crypto_box_seal(sealed, message, key); | |
| await github.rest.actions.createOrUpdateRepoSecret({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| secret_name: 'REFRESH_TOKEN', | |
| encrypted_value: sealed.toString('base64'), | |
| key_id: publicKey.data.key_id, | |
| }); | |
| - run: deno task deleteEnvFile | |
| - name: Check file change condition | |
| id: skip_check | |
| run: | | |
| if [ "${{ github.ref }}" == "refs/heads/main" ]; then | |
| if git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | grep -E "(historical_versions.json|go.mod)"; then | |
| echo "should_skip=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "should_skip=true" >> $GITHUB_OUTPUT | |
| fi | |
| else | |
| echo "should_skip=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Upload modified files as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: modified-files | |
| path: | | |
| historical_versions.json | |
| go.mod | |
| commit-files: | |
| needs: check | |
| runs-on: ubuntu-latest | |
| if: ${{ needs.check.outputs.should_skip != 'true' }} | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download modified files artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: modified-files | |
| - name: Use modified files | |
| run: | | |
| cat historical_versions.json | |
| cat go.mod | |
| - name: Commit files | |
| run: | | |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
| git config --local user.name "github-actions[bot]" | |
| git commit -a -m "Add version" | |
| - name: Determine next v0.0.x tag | |
| id: next_tag | |
| run: | | |
| git fetch --tags | |
| last_patch=$(git tag | grep -E '^v0\.0\.[0-9]+$' | sed 's/^v0\.0\.//' | sort -n | tail -n 1) | |
| if [ -z "$last_patch" ]; then | |
| next_tag="v0.0.1" | |
| else | |
| next_tag="v0.0.$((last_patch + 1))" | |
| fi | |
| echo "tag=$next_tag" >> $GITHUB_OUTPUT | |
| - name: Create tag | |
| run: | | |
| git tag "${{ steps.next_tag.outputs.tag }}" | |
| - name: Push changes | |
| uses: ad-m/github-push-action@master | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| branch: ${{ github.ref }} | |
| tags: true |