-
Notifications
You must be signed in to change notification settings - Fork 10
187 lines (178 loc) · 7.11 KB
/
updpkgsums.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
name: Update the checksums of a package version in an open PR
run-name: Update checksums in git-for-windows/${{ inputs.repo }}#${{ inputs.pr-number }}
on:
push:
env:
REPO: build-extra
PR_NUMBER: 558
OWNER: 'git-for-windows'
ACTOR: dscho
jobs:
updpkgsums:
runs-on: windows-latest
steps:
- uses: mxschmitt/action-tmate@v3
with:
detached: true
- uses: actions/checkout@v4
# Since we want to operate on _another_ repository, we sadly cannot use:
#
# permissions:
# checks: write
#
# Therefore, we registered a GitHub App and stored the data required to
# act as that App in repository secrets `GH_APP_ID`, `GH_APP_PRIVATE_KEY`.
- name: Obtain installation token
id: setup
uses: actions/github-script@v7
with:
script: |
const appId = ${{ secrets.GH_APP_ID }}
const privateKey = `${{ secrets.GH_APP_PRIVATE_KEY }}`
const getAppInstallationId = require('./get-app-installation-id')
const installationId = await getAppInstallationId(
console,
appId,
privateKey,
process.env.OWNER,
process.env.REPO
)
const getInstallationAccessToken = require('./get-installation-access-token')
const { token: accessToken } = await getInstallationAccessToken(
console,
appId,
privateKey,
installationId
)
core.setSecret(accessToken)
core.setOutput('token', accessToken)
- name: Initialize Git for Windows SDK subset
uses: ./.github/actions/init-g4w-sdk-for-pacman
with:
include-makepkg: true
- name: Clone ${{ env.REPO }}
id: clone
shell: bash
run: |
mkdir -p /usr/src &&
git init "/usr/src/$REPO" &&
cd "/usr/src/$REPO" &&
git fetch --depth 1 "https://github.com/$OWNER/$REPO" "refs/pull/$PR_NUMBER/head" &&
git checkout FETCH_HEAD &&
echo "result=$(cygpath -aw "/usr/src/$REPO")" >>$GITHUB_OUTPUT
- name: Determine modified packages
id: determine-packages
uses: actions/github-script@v7
env:
WORKTREE_PATH: '${{ steps.clone.outputs.result }}'
with:
result-encoding: string
script: |
const githubApiRequest = require('./github-api-request')
const files = await githubApiRequest(
context,
'${{ steps.setup.outputs.token }}',
'GET',
`/repos/${process.env.OWNER}/${process.env.REPO}/pulls/${process.env.PR_NUMBER}/files`
)
const fs = require('fs')
const path = require('path')
const packages = files.map(e => path.dirname(e.filename)).reduce((a, directory) => {
if (a[0] !== directory && fs.existsSync(path.join(process.env.WORKTREE_PATH, directory, 'PKGBUILD'))) {
if (directory.indexOf(' ') >= 0) throw new Error(`${directory}: contains spaces!`)
a.unshift(directory)
}
return a
}, [])
return packages.join(' ')
- name: Identify actor
if: steps.determine-packages.outputs.result != ''
id: actor
uses: actions/github-script@v7
with:
script: |
const githubApiRequest = require('./github-api-request')
const answer = await githubApiRequest(
console,
'${{ steps.setup.outputs.token }}',
'GET',
`/users/${process.env.ACTOR}`
)
core.setOutput('login', answer.login)
core.setOutput('name', answer.name)
core.setOutput('email', answer.email || `${process.env.ACTOR}@users.noreply.github.com`)
- name: Configure build
if: steps.determine-packages.outputs.result != ''
shell: bash
run: |
USER_NAME="${{ steps.actor.outputs.name }}" &&
USER_EMAIL="${{ steps.actor.outputs.email }}" &&
mkdir -p "$HOME" &&
git config --global user.name "$USER_NAME" &&
git config --global user.email "$USER_EMAIL" &&
echo "PACKAGER=$USER_NAME <$USER_EMAIL>" >>$GITHUB_ENV
- name: Update packages
if: steps.determine-packages.outputs.result != ''
id: update
shell: bash
env:
PACKAGES: ${{ steps.determine-packages.outputs.result }}
run: |
for PACKAGE_TO_UPGRADE in $PACKAGES
do
cd "/usr/src/$REPO/$PACKAGE_TO_UPGRADE" &&
update_script="$GITHUB_WORKSPACE/update-scripts/checksums/$PACKAGE_TO_UPGRADE" &&
if test -f "$update_script"
then
PACKAGE_VERSION="$(sed -n 's/^pkgver=//p' PKGBUILD)" &&
test -n "$PACKAGE_VERSION" &&
$update_script "$PACKAGE_VERSION"
else
updpkgsums
fi &&
# give `pkgver()` a chance
if grep '^pkgver *()' PKGBUILD
then
# give makepkg a chance to update the version
git fetch --unshallow "https://github.com/$OWNER/$REPO" "refs/pull/$PR_NUMBER/head" &&
makepkg --noextract --nobuild
fi ||
exit 1
done
git update-index -q --refresh &&
if git diff-files --exit-code
then
echo "::notice::No checksums needed to be updated in $PACKAGES"
exit 0
fi &&
msg="$PACKAGES: update checksums" &&
git commit -asm "$msg" &&
echo "msg=$msg" >>$GITHUB_OUTPUT &&
echo "modified=true" >>$GITHUB_OUTPUT
- name: Determine repository to push to
# PRs frequently originate from forks; Unless contributors uncheck the box to
# allow maintainers to push to their PR branch, the GitForWindowsHelper GitHub
# App credentials are still good enough to push there, we just need to figure
# out where "there" is.
if: steps.update.outputs.modified == 'true'
id: determine-repository
uses: actions/github-script@v7
with:
script: |
const githubApiRequest = require('./github-api-request')
const pr = await githubApiRequest(
context,
'${{ steps.setup.outputs.token }}',
'GET',
`/repos/${process.env.OWNER}/${process.env.REPO}/pulls/${process.env.PR_NUMBER}`
)
core.setOutput('ref', pr.head.ref)
core.setOutput('url', pr.head.repo.clone_url)
- name: Push changes
if: steps.update.outputs.modified == 'true'
shell: bash
run: |
auth="$(printf '%s:%s' '${{ steps.actor.outputs.login }}' '${{ steps.setup.outputs.token }}' | base64)" &&
echo "::add-mask::$auth" &&
cd "/usr/src/$REPO/$PACKAGE_TO_UPGRADE" &&
git -c http.extraHeader="Authorization: Basic $auth" push --force '${{ steps.determine-repository.outputs.url }}' HEAD:refs/heads/'${{ steps.determine-repository.outputs.ref }}'