CD Check NLnet Labs Unbound Release #200
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD Check NLnet Labs Unbound Release | |
| on: | |
| schedule: | |
| - cron: '0 17 * * mon-fri' | |
| jobs: | |
| unbound-update: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get versions | |
| id: GET_VERSIONS | |
| run: | | |
| BOOL="$(curl -s https://api.github.com/repos/NLnetLabs/unbound/releases | jq '.[0] | .prerelease')" | |
| if $BOOL; then | |
| echo "Pre-release, skipping" | |
| exit 1 | |
| else | |
| echo UNBOUND_VERSION="$(curl -s https://api.github.com/repos/NLnetLabs/unbound/releases | jq '.[0] | .name' -r | grep -Eo '([0-9]+)(\.?[0-9]+)*' | head -1)" >> $GITHUB_OUTPUT | |
| echo UNBOUND_DOCKER_VERSION="$(curl -s https://api.github.com/repos/madnuttah/unbound-docker/releases | jq '.[0] | .name' -r | grep -Eo '([0-9]+)(\.?[0-9]+)*' | head -1)" >> $GITHUB_OUTPUT | |
| echo UNBOUND_DOCKER_IMAGE_VERSION="$(curl -s https://api.github.com/repos/madnuttah/unbound-docker/releases | jq '.[0] | .name' -r)" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Is update available | |
| id: IS_UPDATE_AVAILABLE | |
| run: | | |
| if [[ "${{ steps.GET_VERSIONS.outputs.UNBOUND_VERSION }}" = "${{ steps.GET_VERSIONS.outputs.UNBOUND_DOCKER_VERSION }}" ]]; then | |
| echo "No update found" | |
| exit 1 | |
| else | |
| echo "Update found" | |
| echo UNBOUND_SHA256="$(curl -s https://nlnetlabs.nl/downloads/unbound/unbound-"${{ steps.GET_VERSIONS.outputs.UNBOUND_VERSION }}".tar.gz.sha256)" >> $GITHUB_OUTPUT | |
| echo UNBOUND_GIT_SHA="$(git ls-remote https://github.com/NLnetLabs/unbound.git | head -1 | cut -f 1)" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Import GPG key | |
| id: IMPORT_GPG | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_push_gpgsign: false | |
| trust_level: 5 | |
| - name: Push files to repository | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| GIT_AUTHOR_NAME: ${{ steps.IMPORT_GPG.outputs.name }} | |
| GIT_AUTHOR_EMAIL: ${{ steps.IMPORT_GPG.outputs.email }} | |
| GIT_COMMITTER_NAME: ${{ steps.IMPORT_GPG.outputs.name }} | |
| GIT_COMMITTER_EMAIL: ${{ steps.IMPORT_GPG.outputs.email }} | |
| run: | | |
| git remote set-url origin https://x-access-token:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/${{ github.repository }} | |
| UNBOUND_VERSION=${{ steps.GET_VERSIONS.outputs.UNBOUND_VERSION }} | |
| UNBOUND_SHA256=${{ steps.IS_UPDATE_AVAILABLE.outputs.UNBOUND_SHA256 }} | |
| echo IMAGE_BUILD_DATE="$(date -u)" > buildvars | |
| echo UNBOUND_VERSION="$UNBOUND_VERSION" >> buildvars | |
| echo UNBOUND_SHA256="$UNBOUND_SHA256" >> buildvars | |
| echo UNBOUND_DOCKER_IMAGE_VERSION="${UNBOUND_VERSION}-0" >> buildvars | |
| echo ${{ steps.IS_UPDATE_AVAILABLE.outputs.UNBOUND_GIT_SHA }} > unbound_git_sha | |
| git add buildvars unbound_git_sha | |
| git commit buildvars unbound_git_sha -m "Updated buildvars and unbound_git_sha" | |
| git push origin main | |
| exit 0 |