Updater Endpoint Check #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Updater Endpoint Check | |
| on: | |
| schedule: | |
| - cron: "0 3 * * *" # 03:00 UTC nightly | |
| workflow_dispatch: | |
| jobs: | |
| validate-updater: | |
| name: Validate latest.json | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Fetch latest.json | |
| id: fetch | |
| run: | | |
| URL="https://github.com/${{ github.repository }}/releases/latest/download/latest.json" | |
| HTTP=$(curl -s -o response.json -w "%{http_code}" "$URL") | |
| echo "status=$HTTP" >> "$GITHUB_OUTPUT" | |
| cat response.json || true | |
| - name: Validate schema | |
| run: | | |
| python3 - << 'PYEOF' | |
| import json, sys | |
| with open("response.json") as f: | |
| d = json.load(f) | |
| required = ["version", "notes", "pub_date", "platforms"] | |
| missing = [k for k in required if k not in d] | |
| if missing: | |
| print(f"FAIL: missing keys: {missing}", file=sys.stderr) | |
| sys.exit(1) | |
| platforms = d["platforms"] | |
| expected = ["darwin-x86_64", "darwin-aarch64", "linux-x86_64", "windows-x86_64"] | |
| for p in expected: | |
| if p not in platforms: | |
| print(f"WARN: missing platform {p}", file=sys.stderr) | |
| elif "url" not in platforms[p] or "signature" not in platforms[p]: | |
| print(f"FAIL: platform {p} missing url or signature", file=sys.stderr) | |
| sys.exit(1) | |
| print("OK: latest.json is valid") | |
| PYEOF | |
| - name: Alert on failure | |
| if: failure() | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: `🚨 Updater endpoint broken — ${new Date().toISOString().slice(0,10)}`, | |
| body: [ | |
| "The nightly updater endpoint check failed.", | |
| "", | |
| `**Workflow run:** ${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`, | |
| "", | |
| "This means auto-updates are silently broken for all users.", | |
| "Check that `latest.json` exists in the latest GitHub Release and contains valid platform entries.", | |
| ].join("\n"), | |
| labels: ["bug", "auto-update", "critical"], | |
| }); |