Check Package Updates #223
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Package Updates | |
| on: | |
| schedule: | |
| - cron: "0 8 * * *" # Daily at 8am UTC | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| check-packages: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| - name: Check latest package versions | |
| run: | | |
| get_latest_version() { | |
| local url="$1" pkg="$2" latest="" | |
| while IFS= read -r ver; do | |
| if [ -z "$latest" ] || dpkg --compare-versions "$ver" gt "$latest"; then | |
| latest="$ver" | |
| fi | |
| done < <(curl --retry 3 --connect-timeout 10 -fsSL "${url}" | gunzip | awk -v pkg="$pkg" ' | |
| /^Package: / { current = $2 } | |
| /^Version: / && current == pkg { print $2 } | |
| ') | |
| if [ -z "$latest" ]; then | |
| echo "ERROR: no version found for ${pkg}" >&2 | |
| return 1 | |
| fi | |
| echo "$latest" | |
| } | |
| { | |
| echo "code=$(get_latest_version \ | |
| 'https://packages.microsoft.com/repos/code/dists/stable/main/binary-amd64/Packages.gz' \ | |
| 'code')" | |
| echo "docker-ce=$(get_latest_version \ | |
| 'https://download.docker.com/linux/debian/dists/trixie/stable/binary-amd64/Packages.gz' \ | |
| 'docker-ce')" | |
| echo "1password-cli=$(get_latest_version \ | |
| 'https://downloads.1password.com/linux/debian/amd64/dists/stable/main/binary-amd64/Packages.gz' \ | |
| '1password-cli')" | |
| echo "himmelblau=$(get_latest_version \ | |
| 'https://packages.himmelblau-idm.org/nightly/latest/deb/debian13/Packages.gz' \ | |
| 'himmelblau')" | |
| } > latest-versions.txt | |
| cat latest-versions.txt | |
| - name: Compare and update versions | |
| id: compare | |
| run: | | |
| VERSIONS_FILE="shared/download/package-versions.json" | |
| HAS_UPDATES=false | |
| SUMMARY="" | |
| while IFS='=' read -r pkg version; do | |
| [ -z "$pkg" ] && continue | |
| [ "$version" = "(none)" ] && continue | |
| [ -z "$version" ] && continue | |
| current=$(jq -r --arg p "$pkg" '.[$p] // ""' "$VERSIONS_FILE") | |
| if [ "$current" != "$version" ]; then | |
| HAS_UPDATES=true | |
| if [ -z "$current" ]; then | |
| SUMMARY="${SUMMARY}${pkg}: (new) -> ${version}\n" | |
| else | |
| SUMMARY="${SUMMARY}${pkg}: ${current} -> ${version}\n" | |
| fi | |
| jq --arg p "$pkg" --arg v "$version" '.[$p] = $v' "$VERSIONS_FILE" > tmp.json && mv tmp.json "$VERSIONS_FILE" | |
| fi | |
| done < latest-versions.txt | |
| echo "has_updates=$HAS_UPDATES" >> "$GITHUB_OUTPUT" | |
| if [ "$HAS_UPDATES" = "true" ]; then | |
| echo -e "Updates found:\n$SUMMARY" | |
| { | |
| echo "summary<<EOF" | |
| echo -e "$SUMMARY" | |
| echo "EOF" | |
| } >> "$GITHUB_OUTPUT" | |
| else | |
| echo "All packages up to date" | |
| fi | |
| - name: Create Pull Request | |
| if: steps.compare.outputs.has_updates == 'true' | |
| uses: peter-evans/create-pull-request@4e1beaa7521e8b457b572c090b25bd3db56bf1c5 # v5 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| commit-message: "chore: update package versions" | |
| title: "chore: update package versions" | |
| body: | | |
| Automated update of pinned package versions. | |
| ${{ steps.compare.outputs.summary }} | |
| **Please verify the builds work before merging.** | |
| branch: auto-update-packages | |
| delete-branch: true |