From b3647dfb757947f2adecb0a8f18e60d149091e3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Wed, 22 Jan 2025 12:27:54 +0100 Subject: [PATCH] GH Action: update images ref in Schutzfile on schedule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a simple script and an action to update images ref in Schutzfile on schedule. Both, the script and action are based on those in the osbuild/images repository and the credit for those goes to Achilleas Koutsou. Signed-off-by: Tomáš Hozza --- .github/workflows/update-images.yml | 52 +++++++++++++++++++++++++++++ schutzbot/update-schutzfile-images | 46 +++++++++++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 .github/workflows/update-images.yml create mode 100755 schutzbot/update-schutzfile-images diff --git a/.github/workflows/update-images.yml b/.github/workflows/update-images.yml new file mode 100644 index 00000000..d69b7f1e --- /dev/null +++ b/.github/workflows/update-images.yml @@ -0,0 +1,52 @@ +# This action updates the images ref in the Schutzfile +--- + name: "Update images ref" + + on: + workflow_dispatch: + schedule: + # Every Mon at 8:00 + - cron: "0 8 * * 1" + + jobs: + update-and-push: + runs-on: ubuntu-latest + steps: + - name: Apt update + run: sudo apt update + + - name: Check out main + uses: actions/checkout@v4 + with: + path: osbuild + ref: main + + - name: Update Schutzfile + working-directory: ./osbuild + env: + GITHUB_TOKEN: ${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }} + run: | + ./schutzbot/update-schutzfile-images + + - name: Open PR + working-directory: ./osbuild + env: + GITHUB_TOKEN: ${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }} + run: | + if git diff --exit-code; then echo "No changes"; exit 0; fi + git config --unset-all http.https://github.com/.extraheader + git config user.name "schutzbot" + git config user.email "schutzbot@gmail.com" + branch="schutzfile-images-$(date -I)" + git checkout -b "${branch}" + git add Schutzfile + git commit -m "Schutzfile: Update images dependency ref to latest" + git push -f https://"$GITHUB_TOKEN"@github.com/schutzbot/osbuild.git + echo "Updating images dependency ref to current `main`" > body + gh pr create \ + -t "Update images dependency ref to latest" \ + -F "body" \ + -r "osbuild/osbuild-reviewers" \ + --repo "osbuild/osbuild" \ + --base "main" \ + --head "schutzbot:${branch}" diff --git a/schutzbot/update-schutzfile-images b/schutzbot/update-schutzfile-images new file mode 100755 index 00000000..214beca8 --- /dev/null +++ b/schutzbot/update-schutzfile-images @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 +import json +import os +import sys +import urllib.request + +SCHUTZFILE = "Schutzfile" + + +def images_main_commit_id(): + token = os.environ.get("GITHUB_TOKEN") + req = urllib.request.Request("https://api.github.com/repos/osbuild/images/commits/main") + req.add_header("Accept", "application/vnd.github+json") + if token: + # this API request doesn't necessarily require a token, but let's use it if we have one + req.add_header("Authorization", f"Bearer {token}") + try: + with urllib.request.urlopen(req, timeout=30) as resp: + body = resp.read() + except urllib.error.HTTPError as http_error: + print(http_error) + sys.exit(1) + + data = json.loads(body) + return data["sha"] + + +def update_images_ref(new): + with open(SCHUTZFILE, encoding="utf-8") as schutzfile: + data = json.load(schutzfile) + + data.setdefault("global", {}).setdefault("dependencies", {}).setdefault("images", {})["ref"] = new + + with open(SCHUTZFILE, encoding="utf-8", mode="w") as schutzfile: + json.dump(data, schutzfile, indent=" ") + + +def main(): + main_id = images_main_commit_id() + print(f"osbuild/images main commit ID: {main_id}") + print("Updating Schutzfile") + update_images_ref(main_id) + + +if __name__ == "__main__": + main()