-
Notifications
You must be signed in to change notification settings - Fork 114
187 lines (152 loc) · 7.31 KB
/
update-base-isos.yml
File metadata and controls
187 lines (152 loc) · 7.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
name: Update Base ISOs
on:
schedule:
# Run daily at 08:00 UTC
- cron: "0 8 * * *"
workflow_dispatch:
jobs:
update-ubuntu-iso:
name: Check for Ubuntu ISO updates
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.TROPI_APP_ID }}
private-key: ${{ secrets.TROPI_APP_PRIVATE_KEY }}
- name: Checkout Code
uses: actions/checkout@v6
- name: Check for new Ubuntu ISO version
id: ubuntu
run: |
SCRIPT="iso/scripts/generate_dappnode_iso_ubuntu.sh"
# Get current version from script
CURRENT_ISO=$(grep -oP 'BASE_ISO_NAME=\K.*' "$SCRIPT")
echo "Current Ubuntu ISO: $CURRENT_ISO"
# Fetch the SHA256SUMS file from Ubuntu releases
SHA256SUMS=$(curl -fsSL "https://releases.ubuntu.com/24.04/SHA256SUMS")
# Find the latest live-server ISO entry
LATEST_LINE=$(echo "$SHA256SUMS" | grep 'live-server-amd64.iso' | head -1)
if [ -z "$LATEST_LINE" ]; then
echo "Could not find live-server ISO in SHA256SUMS"
exit 0
fi
LATEST_SHA=$(echo "$LATEST_LINE" | awk '{print $1}')
LATEST_ISO=$(echo "$LATEST_LINE" | awk '{print $2}' | sed 's|^\*||')
# Remove any leading path (e.g., "./" or directory prefix)
LATEST_ISO=$(basename "$LATEST_ISO")
echo "Latest Ubuntu ISO: $LATEST_ISO (sha256: $LATEST_SHA)"
if [ "$CURRENT_ISO" = "$LATEST_ISO" ]; then
echo "Ubuntu ISO is already up to date."
echo "updated=false" >> "$GITHUB_OUTPUT"
exit 0
fi
# Update the script
CURRENT_SHA=$(grep -oP 'BASE_ISO_SHASUM="\K[^"]*' "$SCRIPT" | awk '{print $1}')
sed -i "s|${CURRENT_ISO}|${LATEST_ISO}|g" "$SCRIPT"
sed -i "s|${CURRENT_SHA}|${LATEST_SHA}|" "$SCRIPT"
echo "updated=true" >> "$GITHUB_OUTPUT"
echo "current_iso=$CURRENT_ISO" >> "$GITHUB_OUTPUT"
echo "latest_iso=$LATEST_ISO" >> "$GITHUB_OUTPUT"
- name: Close outdated Ubuntu ISO PR
if: steps.ubuntu.outputs.updated == 'true'
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
EXISTING_PR=$(gh pr list --head auto/update-ubuntu-iso --state open --json number --jq '.[0].number')
if [ -n "$EXISTING_PR" ]; then
gh pr close "$EXISTING_PR" --comment "Superseded by a newer Ubuntu ISO version (${{ steps.ubuntu.outputs.latest_iso }})." --delete-branch
fi
- name: Create Pull Request for Ubuntu ISO update
if: steps.ubuntu.outputs.updated == 'true'
uses: peter-evans/create-pull-request@v7
with:
token: ${{ steps.app-token.outputs.token }}
commit-message: "Update Ubuntu base ISO to ${{ steps.ubuntu.outputs.latest_iso }}"
branch: auto/update-ubuntu-iso
delete-branch: true
title: "Update Ubuntu base ISO to ${{ steps.ubuntu.outputs.latest_iso }}"
body: |
Automated update of the Ubuntu base ISO.
- **Previous**: `${{ steps.ubuntu.outputs.current_iso }}`
- **New**: `${{ steps.ubuntu.outputs.latest_iso }}`
This PR was created automatically by the `update-base-isos` workflow.
labels: automated
update-debian-iso:
name: Check for Debian ISO updates
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.TROPI_APP_ID }}
private-key: ${{ secrets.TROPI_APP_PRIVATE_KEY }}
- name: Checkout Code
uses: actions/checkout@v6
- name: Check for new Debian ISO version
id: debian
run: |
SCRIPT="iso/scripts/generate_dappnode_iso_debian.sh"
# Get current version from script
CURRENT_ISO=$(grep -oP 'BASE_ISO_NAME="\K[^"]*' "$SCRIPT")
echo "Current Debian ISO: $CURRENT_ISO"
# Fetch the SHA256SUMS file from Debian current release
SHA256SUMS=$(curl -fsSL "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS")
# Find the latest netinst ISO entry
LATEST_LINE=$(echo "$SHA256SUMS" | grep 'amd64-netinst.iso' | head -1)
if [ -z "$LATEST_LINE" ]; then
echo "Could not find netinst ISO in SHA256SUMS"
exit 0
fi
LATEST_SHA=$(echo "$LATEST_LINE" | awk '{print $1}')
LATEST_ISO=$(echo "$LATEST_LINE" | awk '{print $2}' | sed 's|^\*||')
LATEST_ISO=$(basename "$LATEST_ISO")
echo "Latest Debian ISO: $LATEST_ISO (sha256: $LATEST_SHA)"
if [ "$CURRENT_ISO" = "$LATEST_ISO" ]; then
echo "Debian ISO is already up to date."
echo "updated=false" >> "$GITHUB_OUTPUT"
exit 0
fi
# Extract version numbers for URL update
CURRENT_VERSION=$(echo "$CURRENT_ISO" | grep -oP 'debian-\K[0-9]+\.[0-9]+\.[0-9]+')
LATEST_VERSION=$(echo "$LATEST_ISO" | grep -oP 'debian-\K[0-9]+\.[0-9]+\.[0-9]+')
# Update the script
CURRENT_SHA=$(grep -oP 'BASE_ISO_SHASUM="\K[^ ]*' "$SCRIPT")
sed -i "s|${CURRENT_ISO}|${LATEST_ISO}|g" "$SCRIPT"
sed -i "s|${CURRENT_SHA}|${LATEST_SHA}|" "$SCRIPT"
# Update the source comment and URL if the major version changed
CURRENT_MAJOR=$(echo "$CURRENT_VERSION" | cut -d. -f1)
LATEST_MAJOR=$(echo "$LATEST_VERSION" | cut -d. -f1)
if [ "$CURRENT_MAJOR" != "$LATEST_MAJOR" ]; then
# If major version changes, update any archive URL to current
sed -i "s|cdimage.debian.org/mirror/cdimage/archive/${CURRENT_VERSION}|cdimage.debian.org/debian-cd/current|" "$SCRIPT"
fi
# Update version in the source comment
sed -i "s|${CURRENT_VERSION}|${LATEST_VERSION}|g" "$SCRIPT"
echo "updated=true" >> "$GITHUB_OUTPUT"
echo "current_iso=$CURRENT_ISO" >> "$GITHUB_OUTPUT"
echo "latest_iso=$LATEST_ISO" >> "$GITHUB_OUTPUT"
- name: Close outdated Debian ISO PR
if: steps.debian.outputs.updated == 'true'
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
EXISTING_PR=$(gh pr list --head auto/update-debian-iso --state open --json number --jq '.[0].number')
if [ -n "$EXISTING_PR" ]; then
gh pr close "$EXISTING_PR" --comment "Superseded by a newer Debian ISO version (${{ steps.debian.outputs.latest_iso }})." --delete-branch
fi
- name: Create Pull Request for Debian ISO update
if: steps.debian.outputs.updated == 'true'
uses: peter-evans/create-pull-request@v7
with:
token: ${{ steps.app-token.outputs.token }}
commit-message: "Update Debian base ISO to ${{ steps.debian.outputs.latest_iso }}"
branch: auto/update-debian-iso
delete-branch: true
title: "Update Debian base ISO to ${{ steps.debian.outputs.latest_iso }}"
body: |
Automated update of the Debian base ISO.
- **Previous**: `${{ steps.debian.outputs.current_iso }}`
- **New**: `${{ steps.debian.outputs.latest_iso }}`
This PR was created automatically by the `update-base-isos` workflow.
labels: automated