Update Mozilla Nightly sha256s #66

Workflow file for this run

.github/workflows/update-mozilla-nightly.yml at 637b353

	name: Update Mozilla Nightly sha256s

	on:
	schedule:
	- cron: '0 /12 * *' # Every 12 hours
	workflow_dispatch:

	# contents:write to push directly to main.
	# actions:write to trigger build.yml via workflow_dispatch after pushing.
	# GITHUB_TOKEN pushes do not trigger on:push — we must dispatch build.yml explicitly.
	permissions:
	contents: write
	actions: write

	jobs:
	update-sha256s:
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Download latest Mozilla nightly tarballs
	run: \|
	FF_VERSION=$(curl -sf https://product-details.mozilla.org/1.0/firefox_versions.json \
	\| python3 -c "import json,sys; print(json.load(sys.stdin)['FIREFOX_NIGHTLY'])")
	TB_VERSION=$(curl -sf https://product-details.mozilla.org/1.0/thunderbird_versions.json \
	\| python3 -c "import json,sys; print(json.load(sys.stdin)['LATEST_THUNDERBIRD_NIGHTLY_VERSION'])")
	echo "FF_VERSION=${FF_VERSION}" >> "$GITHUB_ENV"
	echo "TB_VERSION=${TB_VERSION}" >> "$GITHUB_ENV"

	FF_X86_URL="https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-central/firefox-${FF_VERSION}.en-US.linux-x86_64.tar.xz"
	FF_ARM_URL="https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-central/firefox-${FF_VERSION}.en-US.linux-aarch64.tar.xz"
	# Use ftp.mozilla.org (not CDN) — CDN caused HTTP/2 stream errors (exit code 92).
	TB_X86_URL="https://ftp.mozilla.org/pub/thunderbird/nightly/latest-comm-central/thunderbird-${TB_VERSION}.en-US.linux-x86_64.tar.xz"

	download() {
	local name="$1" url="$2"
	echo "$name: downloading latest nightly tarball"
	if ! curl -fsSL --retry 3 --retry-delay 5 --output "/tmp/${name}.tar.xz" "$url"; then
	echo "$name: Download failed (non-2xx response), aborting." >&2
	exit 1
	fi
	}

	download ff_x86 "$FF_X86_URL"
	download ff_arm "$FF_ARM_URL"
	download tb_x86 "$TB_X86_URL"

	- name: Update firefox-nightly x86_64 sha256
	run: \|
	NEW=$(sha256sum /tmp/ff_x86.tar.xz \| cut -d' ' -f1)
	sed -i "s\|url:.firefox.linux-x86_64\.tar\.xz\|url: https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-central/firefox-${{ env.FF_VERSION }}.en-US.linux-x86_64.tar.xz\|" flatpaks/firefox-nightly/manifest.yaml
	sed -i "/url:.linux-x86_64\.tar\.xz/{n;s/sha256:./sha256: $NEW/}" flatpaks/firefox-nightly/manifest.yaml
	sed -i "s/^x-version: .*/x-version: \"${{ env.FF_VERSION }}\"/" flatpaks/firefox-nightly/manifest.yaml

	- name: Update firefox-nightly aarch64 sha256
	run: \|
	NEW=$(sha256sum /tmp/ff_arm.tar.xz \| cut -d' ' -f1)
	sed -i "s\|url:.firefox.linux-aarch64\.tar\.xz\|url: https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-central/firefox-${{ env.FF_VERSION }}.en-US.linux-aarch64.tar.xz\|" flatpaks/firefox-nightly/manifest.yaml
	sed -i "/url:.linux-aarch64\.tar\.xz/{n;s/sha256:./sha256: $NEW/}" flatpaks/firefox-nightly/manifest.yaml

	- name: Update thunderbird-nightly x86_64 sha256
	run: \|
	NEW=$(sha256sum /tmp/tb_x86.tar.xz \| cut -d' ' -f1)
	sed -i "s\|url:.thunderbird.linux-x86_64\.tar\.xz\|url: https://ftp.mozilla.org/pub/thunderbird/nightly/latest-comm-central/thunderbird-${{ env.TB_VERSION }}.en-US.linux-x86_64.tar.xz\|" flatpaks/thunderbird-nightly/manifest.yaml
	sed -i "/url:.thunderbird.linux-x86_64\.tar\.xz/{n;s/sha256:.*/sha256: $NEW/}" flatpaks/thunderbird-nightly/manifest.yaml
	sed -i "s/^x-version: .*/x-version: \"${{ env.TB_VERSION }}\"/" flatpaks/thunderbird-nightly/manifest.yaml

	- name: Commit and push sha256 updates to main
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	git config user.name "github-actions[bot]"
	git config user.email "41898282+github-actions[bot]@users.noreply.github.com"

	if git diff --quiet; then
	echo "No sha256 changes; dispatching targeted nightly builds anyway."
	gh workflow run build.yml --ref main -f app=firefox-nightly
	gh workflow run build.yml --ref main -f app=thunderbird-nightly
	exit 0
	fi

	git add flatpaks/firefox-nightly/manifest.yaml flatpaks/thunderbird-nightly/manifest.yaml
	printf 'chore(nightly): update Mozilla nightly sha256s\n\nAuto-refresh sha256 for firefox-nightly and/or thunderbird-nightly.\nMozilla rebuilds nightly at the same URL; ETag changed so new build\nis available. Renovate cannot track this.\n\nCo-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>\n' > /tmp/commit-msg.txt
	git commit -F /tmp/commit-msg.txt
	git push origin main

	# GITHUB_TOKEN pushes do not trigger on:push in other workflows.
	# Explicitly dispatch targeted app builds after pushing checksum updates.
	gh workflow run build.yml --ref main -f app=firefox-nightly
	gh workflow run build.yml --ref main -f app=thunderbird-nightly

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Mozilla Nightly sha256s #66

Workflow file

Update Mozilla Nightly sha256s #66

Uh oh!

Workflow file for this run