|
1 | | -name: Watch upstream dnscrypt-proxy releases (update testing) |
| 1 | +name: Watch upstream dnscrypt-proxy releases (auto-update testing) |
2 | 2 |
|
3 | 3 | on: |
4 | 4 | schedule: |
5 | | - - cron: "0 9 * * *" # once per day at 09:00 UTC |
| 5 | + - cron: "0 9 * * *" # daily at 09:00 UTC |
6 | 6 | workflow_dispatch: |
7 | 7 |
|
8 | 8 | permissions: |
9 | 9 | contents: write |
10 | | - pull-requests: write |
11 | 10 |
|
12 | 11 | jobs: |
13 | 12 | bump: |
| 13 | + # Guard rail: scheduled runs will already use the default branch workflow file, |
| 14 | + # but this prevents accidental manual runs from non-default branches doing unexpected things. |
| 15 | + if: github.ref_name == 'master' |
14 | 16 | runs-on: ubuntu-latest |
15 | 17 |
|
16 | 18 | steps: |
17 | 19 | - name: Checkout testing branch |
18 | 20 | uses: actions/checkout@v4 |
19 | 21 | with: |
20 | 22 | ref: testing |
| 23 | + fetch-depth: 0 |
21 | 24 |
|
22 | 25 | - name: Get latest upstream release version |
23 | 26 | id: upstream |
24 | 27 | shell: bash |
25 | 28 | run: | |
26 | 29 | LATEST="$(curl -fsSL https://api.github.com/repos/DNSCrypt/dnscrypt-proxy/releases/latest \ |
27 | 30 | | python -c "import sys,json; print(json.load(sys.stdin)['tag_name'].lstrip('v'))")" |
28 | | -
|
29 | | - echo "Latest upstream version: $LATEST" |
30 | 31 | echo "latest=$LATEST" >> "$GITHUB_OUTPUT" |
| 32 | + echo "Latest upstream: $LATEST" |
31 | 33 |
|
32 | | - - name: Update DNSCRYPT_PROXY_VERSION if needed |
| 34 | + - name: Compare & update DNSCRYPT_PROXY_VERSION |
33 | 35 | id: update |
34 | 36 | shell: bash |
35 | 37 | run: | |
36 | 38 | CURRENT="$(cat DNSCRYPT_PROXY_VERSION 2>/dev/null || true)" |
37 | 39 | LATEST="${{ steps.upstream.outputs.latest }}" |
38 | 40 |
|
39 | | - echo "Current version in repo: $CURRENT" |
40 | | - echo "Latest upstream version: $LATEST" |
| 41 | + echo "Current in testing: $CURRENT" |
| 42 | + echo "Latest upstream: $LATEST" |
| 43 | +
|
| 44 | + if [ -z "$LATEST" ]; then |
| 45 | + echo "Upstream version is empty. Failing for safety." |
| 46 | + exit 1 |
| 47 | + fi |
41 | 48 |
|
42 | | - # Nothing to do if empty or unchanged |
43 | | - if [ -z "$LATEST" ] || [ "$CURRENT" = "$LATEST" ]; then |
| 49 | + if [ "$CURRENT" = "$LATEST" ]; then |
44 | 50 | echo "No update needed." |
45 | 51 | echo "changed=false" >> "$GITHUB_OUTPUT" |
46 | 52 | exit 0 |
47 | 53 | fi |
48 | 54 |
|
49 | | - echo "Updating DNSCRYPT_PROXY_VERSION to $LATEST" |
50 | 55 | echo "$LATEST" > DNSCRYPT_PROXY_VERSION |
51 | 56 | echo "changed=true" >> "$GITHUB_OUTPUT" |
52 | 57 |
|
53 | | - - name: Create PR into testing |
| 58 | + - name: Commit and push to testing |
54 | 59 | if: steps.update.outputs.changed == 'true' |
55 | | - uses: peter-evans/create-pull-request@v6 |
56 | | - with: |
57 | | - branch: chore/bump-dnscrypt-proxy |
58 | | - base: testing |
59 | | - title: "chore: bump dnscrypt-proxy to ${{ steps.upstream.outputs.latest }}" |
60 | | - commit-message: "chore: bump dnscrypt-proxy to ${{ steps.upstream.outputs.latest }}" |
61 | | - body: | |
62 | | - This PR automatically updates DNSCRYPT_PROXY_VERSION |
63 | | - to the latest upstream dnscrypt-proxy release: ${{ steps.upstream.outputs.latest }} |
| 60 | + shell: bash |
| 61 | + run: | |
| 62 | + git config user.name "github-actions[bot]" |
| 63 | + git config user.email "github-actions[bot]@users.noreply.github.com" |
64 | 64 |
|
65 | | - When merged, the testing branch will rebuild the Docker image |
66 | | - and publish new :testing and :testing-<version> tags. |
67 | | - labels: dependencies |
| 65 | + git add DNSCRYPT_PROXY_VERSION |
| 66 | + git commit -m "chore: bump dnscrypt-proxy to ${{ steps.upstream.outputs.latest }}" |
| 67 | + git push origin HEAD:testing |
0 commit comments