Stabilize runtime image, add PR-based version gating, drop arm/v7
Dockerfile: - Keep build stage on debian:sid-slim (required for riscv64 Go support) - Switch runtime stage to debian:bookworm-slim for stable, predictable package names — eliminates the libcbor0 class of breakage for users update-check.py: - Create a branch and open a PR instead of pushing directly to master - PR body links to upstream release notes and prompts review of new dependencies before merge - Remove dead deb/PACKAGE code build.yaml: - Drop linux/arm/v7 — upstream go-libfido2 is incompatible with 32-bit ARM address space as of v3.22.0; not fixable without upstream changes - Add VERSION to pull_request trigger paths so the test job builds and validates every version bump PR before it can be merged update-check.yaml: - Pass GITHUB_TOKEN and GITHUB_REPOSITORY to script for PR creation README.md: - Document arm/v7 as unsupported with reason
This commit is contained in:
Dan Williams
parent
152ddbc05b
commit
fcebd8a198
5 changed files with 79 additions and 28 deletions
|
|
@ -1,37 +1,84 @@
|
|||
import requests, os, sys
|
||||
import requests, os, sys, subprocess
|
||||
|
||||
def git(command):
|
||||
return os.system(f"git {command}")
|
||||
return os.system(f"git {command}")
|
||||
|
||||
def git_output(command):
|
||||
result = subprocess.run(f"git {command}", shell=True, capture_output=True, text=True)
|
||||
return result.stdout.strip()
|
||||
|
||||
|
||||
release = requests.get("https://api.github.com/repos/protonmail/proton-bridge/releases/latest").json()
|
||||
# Get latest upstream release
|
||||
release = requests.get("https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest").json()
|
||||
version = release['tag_name']
|
||||
deb = [asset for asset in release ['assets'] if asset['name'].endswith('.deb')][0]['browser_download_url']
|
||||
print(f"Latest upstream release: {version}")
|
||||
|
||||
print(f"Latest release is: {version}")
|
||||
# Read current version
|
||||
with open("VERSION", 'r') as f:
|
||||
current_version = f.read().strip()
|
||||
|
||||
if version == current_version:
|
||||
print("Already up to date.")
|
||||
exit(0)
|
||||
|
||||
print(f"New version detected: {current_version} -> {version}")
|
||||
|
||||
# Don't push anything during pull_request runs (used for testing this script itself)
|
||||
is_pull_request = len(sys.argv) > 1 and sys.argv[1] == "true"
|
||||
if is_pull_request:
|
||||
print("Pull request run — skipping push.")
|
||||
exit(0)
|
||||
|
||||
# Write new version
|
||||
with open("VERSION", 'w') as f:
|
||||
f.write(version)
|
||||
|
||||
with open("deb/PACKAGE", 'w') as f:
|
||||
f.write(deb)
|
||||
f.write(version + "\n")
|
||||
|
||||
# Configure git identity
|
||||
git("config --local user.name 'GitHub Actions'")
|
||||
git("config --local user.email 'actions@github.com'")
|
||||
|
||||
git("add -A")
|
||||
# Create and push a branch for the version bump
|
||||
branch = f"bump/{version}"
|
||||
git(f"checkout -b {branch}")
|
||||
git("add VERSION")
|
||||
git(f'commit -m "Bump version to {version}"')
|
||||
|
||||
if git("diff --cached --quiet") == 0: # Returns 0 if there are no changes
|
||||
print("Version didn't change")
|
||||
exit(0)
|
||||
if git(f"push origin {branch}") != 0:
|
||||
print("Git push failed!")
|
||||
exit(1)
|
||||
|
||||
git(f"commit -m 'Bump version to {version}'")
|
||||
is_pull_request = sys.argv[1] == "true"
|
||||
# Open a pull request via GitHub API
|
||||
token = os.environ.get("GITHUB_TOKEN")
|
||||
repo = os.environ.get("GITHUB_REPOSITORY")
|
||||
|
||||
if is_pull_request:
|
||||
print("This is a pull request, skipping push step.")
|
||||
exit(0)
|
||||
upstream_url = f"https://github.com/ProtonMail/proton-bridge/releases/tag/{version}"
|
||||
|
||||
if git("push") != 0:
|
||||
print("Git push failed!")
|
||||
exit(1)
|
||||
pr_body = f"""\
|
||||
Automated version bump from `{current_version}` to `{version}`.
|
||||
|
||||
**Before merging:**
|
||||
- Check the [upstream release notes]({upstream_url}) for any new system dependencies or breaking changes.
|
||||
- Confirm the test build below passes. If it fails, a new dependency likely needs to be added to the Dockerfile.
|
||||
|
||||
This PR was opened automatically by the update-check workflow.
|
||||
"""
|
||||
|
||||
response = requests.post(
|
||||
f"https://api.github.com/repos/{repo}/pulls",
|
||||
json={
|
||||
"title": f"Bump version to {version}",
|
||||
"body": pr_body,
|
||||
"head": branch,
|
||||
"base": "master",
|
||||
},
|
||||
headers={
|
||||
"Authorization": f"token {token}",
|
||||
"Accept": "application/vnd.github.v3+json",
|
||||
},
|
||||
)
|
||||
|
||||
if response.status_code == 201:
|
||||
print(f"PR opened: {response.json()['html_url']}")
|
||||
else:
|
||||
print(f"Failed to create PR: {response.status_code} {response.text}")
|
||||
exit(1)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue