From 2b4ee30cce2a4d9df69725c1dd0c6354334aebce Mon Sep 17 00:00:00 2001 From: irl Date: Sun, 17 May 2026 16:45:58 +0100 Subject: [PATCH] no sid only golang --- {.github => .forgejo}/FUNDING.yml | 0 .forgejo/workflows/build-and-publish.yaml | 35 ++++ .github/workflows/build.yaml | 232 ---------------------- .github/workflows/deb.yaml | 79 -------- .github/workflows/mirror.yaml | 27 --- .github/workflows/update-check.yaml | 24 --- README.md | 90 --------- SECURITY.md | 5 - build/{Dockerfile => Containerfile} | 9 +- deb/Dockerfile | 28 --- deb/PACKAGE | 1 - deb/entrypoint.sh | 49 ----- deb/gpgparams | 8 - deb/install.sh | 16 -- update-check.py | 51 ++--- 15 files changed, 58 insertions(+), 596 deletions(-) rename {.github => .forgejo}/FUNDING.yml (100%) create mode 100644 .forgejo/workflows/build-and-publish.yaml delete mode 100644 .github/workflows/build.yaml delete mode 100644 .github/workflows/deb.yaml delete mode 100644 .github/workflows/mirror.yaml delete mode 100644 .github/workflows/update-check.yaml delete mode 100644 SECURITY.md rename build/{Dockerfile => Containerfile} (75%) delete mode 100644 deb/Dockerfile delete mode 100644 deb/PACKAGE delete mode 100644 deb/entrypoint.sh delete mode 100644 deb/gpgparams delete mode 100644 deb/install.sh diff --git a/.github/FUNDING.yml b/.forgejo/FUNDING.yml similarity index 100% rename from .github/FUNDING.yml rename to .forgejo/FUNDING.yml diff --git a/.forgejo/workflows/build-and-publish.yaml b/.forgejo/workflows/build-and-publish.yaml new file mode 100644 index 0000000..57798da --- /dev/null +++ b/.forgejo/workflows/build-and-publish.yaml @@ -0,0 +1,35 @@ +name: Build and publish + +on: + push: + branches: + - main + +jobs: + build-and-push-arch: + runs-on: docker + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + options: -v /dind/docker.sock:/var/run/docker.sock + steps: + - name: Checkout the repo + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to the registry + uses: docker/login-action@v3 + with: + registry: guardianproject.dev + username: irl + password: ${{ secrets.PACKAGE_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: build/ + file: build/Dockerfile + push: true + tags: guardianproject.dev/${{ github.repository }}:latest + diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml deleted file mode 100644 index defc7de..0000000 --- a/.github/workflows/build.yaml +++ /dev/null @@ -1,232 +0,0 @@ -name: build from source - -on: - push: - paths: - - .github/workflows/build.yaml - - build/* - - VERSION - pull_request: - paths: - - .github/workflows/build.yaml - - build/* - workflow_dispatch: - -env: - GHCR_REPO: shenxn/protonmail-bridge-docker - DOCKERHUB_REPO: shenxn/protonmail-bridge - DOCKER_REPO_DEV: ghcr.io/shenxn/protonmail-bridge - PLATFORMS: linux/amd64,linux/arm64/v8,linux/arm/v7,linux/riscv64 - -jobs: - test: - runs-on: ubuntu-latest - if: github.ref != 'refs/heads/master' - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Set version - id: version - run: echo "version=`cat VERSION`" >> $GITHUB_ENV - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.DOCKER_REPO_DEV }} - - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - driver-opts: network=host - - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 - with: - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,"name=${{ env.DOCKER_REPO_DEV }}",push-by-digest=false,name-canonical=true,push=true - context: ./build - file: ./build/Dockerfile - tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}" - build-args: | - version=${{ env.version }} - - - name: Run Trivy vulnerability scan - uses: aquasecurity/trivy-action@0.30.0 - with: - image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}" - format: 'sarif' - exit-code: 0 - severity: 'CRITICAL,HIGH' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan SARIF report - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' - - build: - runs-on: ubuntu-latest - if: github.event_name == 'push' && github.ref == 'refs/heads/master' - strategy: - fail-fast: false - matrix: - platform: - - linux/amd64 - - linux/arm64/v8 - - linux/arm/v7 - - linux/riscv64 - steps: - - name: Checkout - uses: actions/checkout@master - - - name: Prepare - run: | - platform=${{ matrix.platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - - name: Set version - id: version - run: echo "version=`cat VERSION`" >> $GITHUB_ENV - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.DOCKERHUB_REPO }} - ${{ env.GHCR_REPO }} - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 - with: - platforms: ${{ matrix.platform }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,"name=name=${{ env.DOCKERHUB_REPO }},${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=false - context: ./build - file: ./build/Dockerfile - tags: | - "${{ env.DOCKERHUB_REPO }}:build" - "${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build" - "${{ env.GHCR_REPO }}:build" - "${{ env.GHCR_REPO }}:${{ env.version }}-build" - provenance: false - sbom: false - build-args: | - version=${{ env.version }} - - - name: Export digest - run: | - mkdir -p ${{ runner.temp }}/digests - digest="${{ steps.build.outputs.digest }}" - touch "${{ runner.temp }}/digests/${digest#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-${{ env.PLATFORM_PAIR }} - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - - merge: - runs-on: ubuntu-latest - needs: - - build - steps: - - name: Download digests - uses: actions/download-artifact@v4 - with: - path: ${{ runner.temp }}/digests - pattern: digests-* - merge-multiple: true - - - name: Set version - id: version - run: echo "version=`cat VERSION`" >> $GITHUB_ENV - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - driver-opts: network=host - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.DOCKERHUB_REPO }} - ${{ env.GHCR_REPO }} - tags: | - type=raw,enable=true,value=${{ env.version }}-build - type=raw,enable=true,suffix=,value=build - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *) - - - name: Run Trivy vulnerability scan - uses: aquasecurity/trivy-action@0.30.0 - with: - image-ref: "${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build" - format: 'sarif' - exit-code: 0 - severity: 'CRITICAL,HIGH' - output: 'trivy-results.sarif' - - name: Upload Trivy scan SARIF report - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' - - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }} - docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }} diff --git a/.github/workflows/deb.yaml b/.github/workflows/deb.yaml deleted file mode 100644 index ddf4c99..0000000 --- a/.github/workflows/deb.yaml +++ /dev/null @@ -1,79 +0,0 @@ -name: pack from deb - -on: - push: - paths: - - .github/workflows/deb.yaml - - deb/* - - VERSION - pull_request: - paths: - - .github/workflows/deb.yaml - - deb/* - workflow_dispatch: - -env: - DOCKER_REPO: shenxn/protonmail-bridge - DOCKER_REPO_DEV: ghcr.io/shenxn/protonmail-bridge-dev - -jobs: - deb: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@master - - name: Set version - id: version - run: echo "version=`cat VERSION`" >> $GITHUB_ENV - - name: Set repo - id: repo - run: if [[ $GITHUB_REF == "refs/heads/master" ]]; then echo "::set-output name=repo::${DOCKER_REPO}"; else echo "::set-output name=repo::${DOCKER_REPO_DEV}"; fi - - name: Docker meta - id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 - with: - images: ${{ steps.repo.outputs.repo }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Build image without push - uses: docker/build-push-action@v2 - with: - context: ./deb - file: ./deb/Dockerfile - load: true - tags: protonmail-bridge:latest - - name: Scan image - id: scan - uses: anchore/scan-action@v2 - with: - image: protonmail-bridge:latest - fail-build: true - severity-cutoff: critical - acs-report-enable: true - - name: Upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: ${{ steps.scan.outputs.sarif }} - - name: Login to DockerHub - uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} - with: - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.CR_PAT }} - - name: Push image - uses: docker/build-push-action@v2 - with: - context: ./deb - file: ./deb/Dockerfile - tags: | - ${{ steps.repo.outputs.repo }}:latest - ${{ steps.repo.outputs.repo }}:${{ env.version }} - labels: ${{ steps.docker_meta.outputs.labels }} - push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/mirror.yaml b/.github/workflows/mirror.yaml deleted file mode 100644 index 4e2409b..0000000 --- a/.github/workflows/mirror.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: Mirroring - -# yamllint disable-line rule:truthy -on: - push: - branches: - - master - - dev - -jobs: - mirror_gitee: - name: Mirror to Gitee - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Push to Gitee - env: - SSH_KEY: ${{ secrets.GITEE_KEY }} - run: | - mkdir -p ~/.ssh - echo "${SSH_KEY}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no -l git" - git remote add gitee git@gitee.com:shenxn/protonmail-bridge-docker.git - git push --tags --force --prune gitee "refs/remotes/origin/*:refs/heads/*" diff --git a/.github/workflows/update-check.yaml b/.github/workflows/update-check.yaml deleted file mode 100644 index 0c46ab4..0000000 --- a/.github/workflows/update-check.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: update check - -on: - push: - paths: - - .github/workflows/update-check.yaml - - update-check.py - pull_request: - paths: - - .github/workflows/update-check.yaml - - update-check.py - schedule: - - cron: '0 0 * * *' # runs everyday at midnight - -jobs: - check: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@master - with: - token: ${{ secrets.PERSONAL_TOKEN }} - - name: Check Update - run: python3 update-check.py ${{ github.event_name == 'pull_request' }} diff --git a/README.md b/README.md index e772fde..0bb9d68 100644 --- a/README.md +++ b/README.md @@ -1,93 +1,3 @@ # ProtonMail IMAP/SMTP Bridge Docker Container -![version badge](https://img.shields.io/docker/v/shenxn/protonmail-bridge) -![image size badge](https://img.shields.io/docker/image-size/shenxn/protonmail-bridge/build) -![docker pulls badge](https://img.shields.io/docker/pulls/shenxn/protonmail-bridge) -![deb badge](https://github.com/shenxn/protonmail-bridge-docker/workflows/pack%20from%20deb/badge.svg) -![build badge](https://github.com/shenxn/protonmail-bridge-docker/workflows/build%20from%20source/badge.svg) -This is an unofficial Docker container of the [ProtonMail Bridge](https://protonmail.com/bridge/). Some of the scripts are based on [Hendrik Meyer's work](https://gitlab.com/T4cC0re/protonmail-bridge-docker). - -Docker Hub: [https://hub.docker.com/r/shenxn/protonmail-bridge](https://hub.docker.com/r/shenxn/protonmail-bridge) - -GitHub: [https://github.com/shenxn/protonmail-bridge-docker](https://github.com/shenxn/protonmail-bridge-docker) - -## ARM Support - -We now support ARM devices (`arm64` and `arm/v7`)! Use the images tagged with `build`. See next section for details. - -## Tags - -There are two types of images. - - `deb`: Images based on the official [.deb release](https://protonmail.com/bridge/install). It only supports the `amd64` architecture. - - `build`: Images based on the [source code](https://github.com/ProtonMail/proton-bridge). It supports `amd64`, `arm64`, `arm/v7` and `riscv64`. Supporting to more architectures is possible. PRs are welcome. - -tag | description - -- | -- -`latest` | latest `deb` image -`[version]` | `deb` images -`build` | latest `build` image -`[version]-build` | `build` images - -## Initialization - -To initialize and add account to the bridge, run the following command. - -``` -docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init -``` - -If you want to use Docker Compose instead, you can create a copy of the provided example [docker-compose.yml](docker-compose.yml) file, modify it to suit your needs, and then run the following command: - -``` -docker compose run protonmail-bridge init -``` - -Wait for the bridge to startup, then you will see a prompt appear for [Proton Mail Bridge interactive shell](https://proton.me/support/bridge-cli-guide). Use the `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely. - -## Run - -To run the container, use the following command. - -``` -docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge -``` - -Or, if using Docker Compose, use the following command. - -``` -docker compose up -d -``` - -## Kubernetes - -If you want to run this image in a Kubernetes environment. You can use the [Helm](https://helm.sh/) chart (https://github.com/k8s-at-home/charts/tree/master/charts/stable/protonmail-bridge) created by [@Eagleman7](https://github.com/Eagleman7). More details can be found in [#23](https://github.com/shenxn/protonmail-bridge-docker/issues/23). - -If you don't want to use Helm, you can also reference to the guide ([#6](https://github.com/shenxn/protonmail-bridge-docker/issues/6)) written by [@ghudgins](https://github.com/ghudgins). - -## Security - -Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package. - -``` -docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge -``` - -Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service). - -## Compatibility - -The bridge currently only supports some of the email clients. More details can be found on the official website. I've tested this on a Synology DiskStation and it runs well. However, you may need ssh onto it to run the interactive docker command to add your account. The main reason of using this instead of environment variables is that it seems to be the best way to support two-factor authentication. - -## Bridge CLI Guide - -The initialization step exposes the bridge CLI so you can do things like switch between combined and split mode, change proxy, etc. The [official guide](https://protonmail.com/support/knowledge-base/bridge-cli-guide/) gives more information on to use the CLI. - -## Build - -For anyone who want to build this container on your own (for development or security concerns), here is the guide to do so. First, you need to `cd` into the directory (`deb` or `build`, depending on which type of image you want). Then just run the docker build command -``` -docker build . -``` - -That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images. diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index ac1a029..0000000 --- a/SECURITY.md +++ /dev/null @@ -1,5 +0,0 @@ -# Security Policy - -## Reporting a Vulnerability - -Before reporting any vulnerability, make sure that it is caused by this project (i.e., this is not a vulnarability of the bridge itself). To report a vulnerabilitiy, you can send me an email (s@sxn.dev). My PGP public key is available [here](https://api.protonmail.ch/pks/lookup?op=get&search=s@sxn.dev). diff --git a/build/Dockerfile b/build/Containerfile similarity index 75% rename from build/Dockerfile rename to build/Containerfile index e90ff25..6516ad8 100644 --- a/build/Dockerfile +++ b/build/Containerfile @@ -1,18 +1,17 @@ -# The build image could be golang, but it currently does not support riscv64. Only debian:sid does, at the time of writing. -FROM debian:sid-slim AS build +FROM golang:1-trixie AS build ARG version # Install dependencies -RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev +RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev libcbor-dev # Build ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/ WORKDIR /build/ RUN make build-nogui vault-editor -FROM debian:sid-slim -LABEL maintainer="Simon Felding " +FROM golang:1-trixie +LABEL maintainer="SR2 Communications " EXPOSE 25/tcp EXPOSE 143/tcp diff --git a/deb/Dockerfile b/deb/Dockerfile deleted file mode 100644 index a0d8e2c..0000000 --- a/deb/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -### The Deb install is just a repack of the official ProtonMail Bridge deb package with less dependencies. -### I recommend you don't use this. It's here for legacy reasons. - -FROM debian:sid-slim AS build - -COPY install.sh PACKAGE / -RUN apt-get update && apt-get install -y wget binutils - -# Repack deb (removes unnecessary dependencies and produces /protonmail.deb) -RUN bash /install.sh - -FROM debian:sid-slim -LABEL maintainer="Simon Felding " - -EXPOSE 25/tcp -EXPOSE 143/tcp - -WORKDIR /protonmail - -# Copy bash scripts -COPY gpgparams entrypoint.sh PACKAGE /protonmail/ -COPY --from=build /protonmail.deb /tmp/protonmail.deb - -RUN apt-get update \ - && apt-get install -y --no-install-recommends /tmp/protonmail.deb socat pass libsecret-1-0 ca-certificates procps \ - && rm -rf /var/lib/apt/lists/* - -CMD ["bash", "/protonmail/entrypoint.sh"] diff --git a/deb/PACKAGE b/deb/PACKAGE deleted file mode 100644 index d949e9e..0000000 --- a/deb/PACKAGE +++ /dev/null @@ -1 +0,0 @@ -https://github.com/ProtonMail/proton-bridge/releases/download/v3.24.2/protonmail-bridge_3.24.2-1_amd64.deb \ No newline at end of file diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh deleted file mode 100644 index 13637e5..0000000 --- a/deb/entrypoint.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -set -ex - -# Initialize -if [[ $1 == init ]]; then - - # # Parse parameters - # TFP="" # Default empty two factor passcode - # shift # skip `init` - # while [[ $# -gt 0 ]]; do - # key="$1" - # case $key in - # -u|--username) - # USERNAME="$2" - # ;; - # -p|--password) - # PASSWORD="$2" - # ;; - # -t|--twofactor) - # TWOFACTOR="$2" - # ;; - # esac - # shift - # shift - # done - - # Initialize pass - gpg --generate-key --batch /protonmail/gpgparams - pass init pass-key - - # Login - protonmail-bridge --cli - -else - - # socat will make the conn appear to come from 127.0.0.1 - # ProtonMail Bridge currently expects that. - # It also allows us to bind to the real ports :) - socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & - - # Start protonmail - # Fake a terminal, so it does not quit because of EOF... - rm -f faketty - mkfifo faketty - cat faketty | protonmail-bridge --cli - -fi diff --git a/deb/gpgparams b/deb/gpgparams deleted file mode 100644 index 355568e..0000000 --- a/deb/gpgparams +++ /dev/null @@ -1,8 +0,0 @@ -%no-protection -%echo Generating a basic OpenPGP key -Key-Type: RSA -Key-Length: 2048 -Name-Real: pass-key -Expire-Date: 0 -%commit -%echo done diff --git a/deb/install.sh b/deb/install.sh deleted file mode 100644 index 9593725..0000000 --- a/deb/install.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -ex - -# Repack deb (remove unnecessary dependencies) -mkdir deb -wget -i /PACKAGE -O /deb/protonmail.deb -cd deb -ar x -v protonmail.deb -mkdir control -tar zxvf control.tar.gz -C control -sed -i "s/^Depends: .*$/Depends: libgl1, libc6, libsecret-1-0, libstdc++6, libgcc1/" control/control -cd control -tar zcvf ../control.tar.gz . -cd ../ - -ar rcs -v /protonmail.deb debian-binary control.tar.gz data.tar.gz diff --git a/update-check.py b/update-check.py index 19666d6..51d8b9f 100644 --- a/update-check.py +++ b/update-check.py @@ -1,37 +1,24 @@ -import requests, os, sys +import urllib.request +import json -def git(command): - return os.system(f"git {command}") +# Fetch latest release from GitHub API +req = urllib.request.Request( + "https://api.github.com/repos/protonmail/proton-bridge/releases/latest", + headers={"Accept": "application/vnd.github.v3+json"} +) +with urllib.request.urlopen(req) as response: + release = json.loads(response.read().decode()) + latest_version = release['tag_name'] +print(f"Latest release is: {latest_version}") -release = requests.get("https://api.github.com/repos/protonmail/proton-bridge/releases/latest").json() -version = release['tag_name'] -deb = [asset for asset in release ['assets'] if asset['name'].endswith('.deb')][0]['browser_download_url'] +with open("VERSION", 'r') as f: + current_version = f.read() -print(f"Latest release is: {version}") +if latest_version != current_version: + print(f"Updating from {current_version}...") + with open("VERSION", 'w') as f: + f.write(latest_version) +else: + print("Already up to date.") -with open("VERSION", 'w') as f: - f.write(version) - -with open("deb/PACKAGE", 'w') as f: - f.write(deb) - -git("config --local user.name 'GitHub Actions'") -git("config --local user.email 'actions@github.com'") - -git("add -A") - -if git("diff --cached --quiet") == 0: # Returns 0 if there are no changes - print("Version didn't change") - exit(0) - -git(f"commit -m 'Bump version to {version}'") -is_pull_request = sys.argv[1] == "true" - -if is_pull_request: - print("This is a pull request, skipping push step.") - exit(0) - -if git("push") != 0: - print("Git push failed!") - exit(1)