Update Entitlements DB #387
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Entitlements DB | |
| on: | |
| schedule: | |
| - cron: "0 19 * * *" # daily at 11:00 PST (19:00 UTC) | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Version to check (e.g. 18.0, leave empty for latest)" | |
| required: false | |
| type: string | |
| force_update: | |
| description: "Force update even if no new IPSWs detected" | |
| required: false | |
| default: false | |
| type: boolean | |
| platforms: | |
| description: "Platforms to check (comma-separated: ios,macos)" | |
| required: false | |
| default: "ios,macos" | |
| type: string | |
| permissions: | |
| contents: write | |
| jobs: | |
| update-entitlements-db: | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: "1.26" | |
| - name: Build ipsw CLI | |
| run: | | |
| go build -o ipsw ./cmd/ipsw | |
| - name: Determine latest IPSW URLs | |
| id: get-ipsws | |
| run: | | |
| # Determine which platforms to check | |
| PLATFORMS="${{ github.event.inputs.platforms || 'ios,macos' }}" | |
| VERSION="${{ github.event.inputs.version }}" | |
| echo "Checking platforms: $PLATFORMS" | |
| echo "Requested version: ${VERSION:-latest}" | |
| # Function to get latest IPSW URL for a platform | |
| get_ipsw_url() { | |
| local device="$1" | |
| local platform_name="$2" | |
| local get_cmd=(./ipsw dl ipsw) | |
| if [ "$platform_name" = "macOS" ]; then | |
| get_cmd+=(--macos) | |
| else | |
| get_cmd+=(--device "$device") | |
| fi | |
| if [ -n "$VERSION" ]; then | |
| get_cmd+=(--version "$VERSION") | |
| else | |
| get_cmd+=(--latest) | |
| fi | |
| get_cmd+=(--urls) | |
| # Try to get latest IPSW URL, handle errors gracefully | |
| url=$("${get_cmd[@]}" 2>/dev/null | head -1 || echo "") | |
| if [ -n "$url" ] && [ "$url" != "null" ]; then | |
| echo "$url" | |
| else | |
| echo "" | |
| fi | |
| } | |
| # Initialize URLs | |
| IOS_URL="" | |
| MACOS_URL="" | |
| # Check each requested platform | |
| if echo "$PLATFORMS" | grep -q "ios"; then | |
| IOS_URL=$(get_ipsw_url "iPhone17,1" "iOS") | |
| fi | |
| if echo "$PLATFORMS" | grep -q "macos"; then | |
| MACOS_URL=$(get_ipsw_url "" "macOS") | |
| fi | |
| # Export URLs to environment | |
| echo "IOS_URL=$IOS_URL" >> $GITHUB_ENV | |
| echo "MACOS_URL=$MACOS_URL" >> $GITHUB_ENV | |
| - name: Check for new IPSWs | |
| id: check-ipsws | |
| run: | | |
| # Get cached URLs | |
| LAST_IOS=$(jq -r '.latest_ipsw.ios_url // ""' hack/.watch_cache) | |
| LAST_MACOS=$(jq -r '.latest_ipsw.macos_url // ""' hack/.watch_cache) | |
| echo "=== Cached URLs ===" | |
| echo "iOS: $LAST_IOS" | |
| echo "macOS: $LAST_MACOS" | |
| echo "=== Current URLs ===" | |
| echo "iOS: $IOS_URL" | |
| echo "macOS: $MACOS_URL" | |
| # Check for changes | |
| SHOULD_UPDATE_IOS="false" | |
| SHOULD_UPDATE_MACOS="false" | |
| SHOULD_UPDATE_ANY="false" | |
| if [ -n "$IOS_URL" ] && [ "$LAST_IOS" != "$IOS_URL" ]; then | |
| echo "iOS IPSW changed: $LAST_IOS -> $IOS_URL" | |
| SHOULD_UPDATE_IOS="true" | |
| SHOULD_UPDATE_ANY="true" | |
| fi | |
| if [ -n "$MACOS_URL" ] && [ "$LAST_MACOS" != "$MACOS_URL" ]; then | |
| echo "macOS IPSW changed: $LAST_MACOS -> $MACOS_URL" | |
| SHOULD_UPDATE_MACOS="true" | |
| SHOULD_UPDATE_ANY="true" | |
| fi | |
| # Force update if requested | |
| if [ "${{ github.event.inputs.force_update }}" = "true" ]; then | |
| echo "Force update requested" | |
| SHOULD_UPDATE_ANY="true" | |
| if [ -n "$IOS_URL" ]; then SHOULD_UPDATE_IOS="true"; fi | |
| if [ -n "$MACOS_URL" ]; then SHOULD_UPDATE_MACOS="true"; fi | |
| fi | |
| # Export update flags | |
| echo "should_update_ios=$SHOULD_UPDATE_IOS" >> $GITHUB_OUTPUT | |
| echo "should_update_macos=$SHOULD_UPDATE_MACOS" >> $GITHUB_OUTPUT | |
| echo "should_update_any=$SHOULD_UPDATE_ANY" >> $GITHUB_OUTPUT | |
| if [ "$SHOULD_UPDATE_ANY" = "true" ]; then | |
| echo "Will proceed with database updates" | |
| else | |
| echo "No new IPSWs found; skipping updates" | |
| fi | |
| - name: Download IPSWs | |
| if: steps.check-ipsws.outputs.should_update_any == 'true' | |
| run: | | |
| echo "Downloading new IPSWs..." | |
| # Download iOS IPSW | |
| if [ "${{ steps.check-ipsws.outputs.should_update_ios }}" = "true" ] && [ -n "$IOS_URL" ]; then | |
| echo "Downloading iOS IPSW: $IOS_URL" | |
| curl -L "$IOS_URL" -o ios_latest.ipsw | |
| echo "iOS IPSW downloaded: $(ls -lh ios_latest.ipsw)" | |
| fi | |
| # Download macOS IPSW | |
| if [ "${{ steps.check-ipsws.outputs.should_update_macos }}" = "true" ] && [ -n "$MACOS_URL" ]; then | |
| echo "Downloading macOS IPSW: $MACOS_URL" | |
| curl -L "$MACOS_URL" -o macos_latest.ipsw | |
| echo "macOS IPSW downloaded: $(ls -lh macos_latest.ipsw)" | |
| fi | |
| - name: Update entitlements database | |
| if: steps.check-ipsws.outputs.should_update_any == 'true' | |
| run: | | |
| echo "Updating Supabase entitlements database with replacement support..." | |
| # Function to update database for a platform | |
| update_platform() { | |
| local platform="$1" | |
| local ipsw_file="$2" | |
| if [ -f "$ipsw_file" ]; then | |
| echo "Processing $platform IPSW: $ipsw_file" | |
| ./ipsw ent --ipsw "$ipsw_file" --replace \ | |
| --pg-host "${{ secrets.SUPABASE_HOST }}" \ | |
| --pg-port 5432 \ | |
| --pg-user "${{ secrets.SUPABASE_USER }}" \ | |
| --pg-password "${{ secrets.SUPABASE_PASSWORD }}" \ | |
| --pg-database postgres \ | |
| --pg-sslmode require \ | |
| --pg-poolmode session | |
| echo "$platform database update completed successfully" | |
| else | |
| echo "Skipping $platform (no IPSW file: $ipsw_file)" | |
| fi | |
| } | |
| # Process each platform that needs updating | |
| if [ "${{ steps.check-ipsws.outputs.should_update_ios }}" = "true" ]; then | |
| update_platform "iOS" "ios_latest.ipsw" | |
| fi | |
| if [ "${{ steps.check-ipsws.outputs.should_update_macos }}" = "true" ]; then | |
| update_platform "macOS" "macos_latest.ipsw" | |
| fi | |
| echo "All database updates completed successfully" | |
| - name: Update cache and commit | |
| if: steps.check-ipsws.outputs.should_update_any == 'true' | |
| run: | | |
| # Update the cache file with new IPSW URLs | |
| echo "Updating cache with new IPSW URLs..." | |
| # Create temporary cache with current URLs | |
| jq --arg ios_url "$IOS_URL" \ | |
| --arg macos_url "$MACOS_URL" \ | |
| '.latest_ipsw = { | |
| "ios_url": (if $ios_url != "" then $ios_url else .latest_ipsw.ios_url // "" end), | |
| "macos_url": (if $macos_url != "" then $macos_url else .latest_ipsw.macos_url // "" end), | |
| "url": (if $ios_url != "" then $ios_url else .latest_ipsw.url // "" end) | |
| }' hack/.watch_cache > hack/.watch_cache.tmp | |
| mv hack/.watch_cache.tmp hack/.watch_cache | |
| # Configure git | |
| git config --local user.name "github-actions[bot]" | |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
| # Create commit message with updated platforms | |
| UPDATED_PLATFORMS="" | |
| if [ "${{ steps.check-ipsws.outputs.should_update_ios }}" = "true" ]; then | |
| UPDATED_PLATFORMS="${UPDATED_PLATFORMS}iOS " | |
| fi | |
| if [ "${{ steps.check-ipsws.outputs.should_update_macos }}" = "true" ]; then | |
| UPDATED_PLATFORMS="${UPDATED_PLATFORMS}macOS " | |
| fi | |
| COMMIT_MSG="chore(ents): update entitlements DB for ${UPDATED_PLATFORMS}[skip ci]" | |
| # Commit cache file changes | |
| git add hack/.watch_cache | |
| git commit -m "$COMMIT_MSG" || echo "No changes to commit" | |
| # Pull latest changes and rebase before pushing to avoid conflicts | |
| git pull --rebase origin master || { | |
| echo "Rebase failed, attempting to continue..." | |
| git rebase --abort | |
| git pull --no-rebase origin master | |
| } | |
| git push |