|
| 1 | +name: Update Mozilla Nightly sha256s |
| 2 | + |
| 3 | +on: |
| 4 | + schedule: |
| 5 | + - cron: '0 6 * * *' # Monday 6am UTC |
| 6 | + workflow_dispatch: |
| 7 | + |
| 8 | +permissions: |
| 9 | + contents: write |
| 10 | + |
| 11 | +jobs: |
| 12 | + update-sha256s: |
| 13 | + runs-on: ubuntu-24.04 |
| 14 | + steps: |
| 15 | + - name: Checkout |
| 16 | + uses: actions/checkout@v4 |
| 17 | + |
| 18 | + - name: Update firefox-nightly x86_64 sha256 |
| 19 | + id: ff-x86_64 |
| 20 | + run: | |
| 21 | + URL="https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-central/firefox-150.0a1.en-US.linux-x86_64.tar.xz" |
| 22 | + curl -sL --output /tmp/firefox-x86_64.tar.xz "$URL" |
| 23 | + NEW_SHA256=$(sha256sum /tmp/firefox-x86_64.tar.xz | cut -d' ' -f1) |
| 24 | + echo "new=$NEW_SHA256" >> "$GITHUB_OUTPUT" |
| 25 | + OLD_SHA256=$(grep -A1 'firefox-150.0a1.en-US.linux-x86_64.tar.xz' flatpaks/firefox-nightly/manifest.yaml | grep 'sha256:' | awk '{print $2}') |
| 26 | + echo "old=$OLD_SHA256" >> "$GITHUB_OUTPUT" |
| 27 | + if [ "$NEW_SHA256" != "$OLD_SHA256" ]; then |
| 28 | + sed -i "/url:.*firefox-150.0a1.en-US.linux-x86_64.tar.xz/{n;s/sha256:.*/sha256: $NEW_SHA256/}" flatpaks/firefox-nightly/manifest.yaml |
| 29 | + echo "changed=true" >> "$GITHUB_OUTPUT" |
| 30 | + else |
| 31 | + echo "changed=false" >> "$GITHUB_OUTPUT" |
| 32 | + fi |
| 33 | +
|
| 34 | + - name: Update firefox-nightly aarch64 sha256 |
| 35 | + id: ff-aarch64 |
| 36 | + run: | |
| 37 | + URL="https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-central/firefox-150.0a1.en-US.linux-aarch64.tar.xz" |
| 38 | + curl -sL --output /tmp/firefox-aarch64.tar.xz "$URL" |
| 39 | + NEW_SHA256=$(sha256sum /tmp/firefox-aarch64.tar.xz | cut -d' ' -f1) |
| 40 | + echo "new=$NEW_SHA256" >> "$GITHUB_OUTPUT" |
| 41 | + OLD_SHA256=$(grep -A1 'firefox-150.0a1.en-US.linux-aarch64.tar.xz' flatpaks/firefox-nightly/manifest.yaml | grep 'sha256:' | awk '{print $2}') |
| 42 | + echo "old=$OLD_SHA256" >> "$GITHUB_OUTPUT" |
| 43 | + if [ "$NEW_SHA256" != "$OLD_SHA256" ]; then |
| 44 | + sed -i "/url:.*firefox-150.0a1.en-US.linux-aarch64.tar.xz/{n;s/sha256:.*/sha256: $NEW_SHA256/}" flatpaks/firefox-nightly/manifest.yaml |
| 45 | + echo "changed=true" >> "$GITHUB_OUTPUT" |
| 46 | + else |
| 47 | + echo "changed=false" >> "$GITHUB_OUTPUT" |
| 48 | + fi |
| 49 | +
|
| 50 | + - name: Update thunderbird-nightly x86_64 sha256 |
| 51 | + id: tb-x86_64 |
| 52 | + run: | |
| 53 | + URL="https://download-installer.cdn.mozilla.net/pub/thunderbird/nightly/latest-comm-central/thunderbird-150.0a1.en-US.linux-x86_64.tar.xz" |
| 54 | + curl -sL --output /tmp/thunderbird-x86_64.tar.xz "$URL" |
| 55 | + NEW_SHA256=$(sha256sum /tmp/thunderbird-x86_64.tar.xz | cut -d' ' -f1) |
| 56 | + echo "new=$NEW_SHA256" >> "$GITHUB_OUTPUT" |
| 57 | + OLD_SHA256=$(grep -A1 'thunderbird-150.0a1.en-US.linux-x86_64.tar.xz' flatpaks/thunderbird-nightly/manifest.yaml | grep 'sha256:' | awk '{print $2}') |
| 58 | + echo "old=$OLD_SHA256" >> "$GITHUB_OUTPUT" |
| 59 | + if [ "$NEW_SHA256" != "$OLD_SHA256" ]; then |
| 60 | + sed -i "/url:.*thunderbird-150.0a1.en-US.linux-x86_64.tar.xz/{n;s/sha256:.*/sha256: $NEW_SHA256/}" flatpaks/thunderbird-nightly/manifest.yaml |
| 61 | + echo "changed=true" >> "$GITHUB_OUTPUT" |
| 62 | + else |
| 63 | + echo "changed=false" >> "$GITHUB_OUTPUT" |
| 64 | + fi |
| 65 | +
|
| 66 | + - name: Commit and push if changed |
| 67 | + id: commit |
| 68 | + env: |
| 69 | + FF_CHANGED: ${{ steps.ff-x86_64.outputs.changed == 'true' || steps.ff-aarch64.outputs.changed == 'true' }} |
| 70 | + TB_CHANGED: ${{ steps.tb-x86_64.outputs.changed == 'true' }} |
| 71 | + run: | |
| 72 | + git config user.name "github-actions[bot]" |
| 73 | + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" |
| 74 | + git diff --quiet && echo "ff_changed=false" >> "$GITHUB_OUTPUT" && echo "tb_changed=false" >> "$GITHUB_OUTPUT" && exit 0 |
| 75 | +
|
| 76 | + # Determine which apps changed |
| 77 | + FF_MANIFEST_CHANGED=false |
| 78 | + TB_MANIFEST_CHANGED=false |
| 79 | + if ! git diff --quiet -- flatpaks/firefox-nightly/manifest.yaml; then |
| 80 | + FF_MANIFEST_CHANGED=true |
| 81 | + fi |
| 82 | + if ! git diff --quiet -- flatpaks/thunderbird-nightly/manifest.yaml; then |
| 83 | + TB_MANIFEST_CHANGED=true |
| 84 | + fi |
| 85 | + echo "ff_changed=$FF_MANIFEST_CHANGED" >> "$GITHUB_OUTPUT" |
| 86 | + echo "tb_changed=$TB_MANIFEST_CHANGED" >> "$GITHUB_OUTPUT" |
| 87 | +
|
| 88 | + git add flatpaks/firefox-nightly/manifest.yaml flatpaks/thunderbird-nightly/manifest.yaml |
| 89 | + git commit -m "chore(nightly): update Mozilla nightly sha256s |
| 90 | +
|
| 91 | +Auto-refresh sha256 for firefox-nightly and thunderbird-nightly. |
| 92 | +Mozilla rebuilds nightly at the same URL daily; version string stays |
| 93 | +150.0a1 so Renovate cannot track this. |
| 94 | + |
| 95 | +Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>" |
| 96 | + git pull --rebase |
| 97 | + git push |
| 98 | + |
| 99 | + - name: Trigger firefox-nightly build |
| 100 | + if: steps.commit.outputs.ff_changed == 'true' |
| 101 | + run: gh workflow run build.yml -f app=firefox-nightly |
| 102 | + env: |
| 103 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 104 | + |
| 105 | + - name: Trigger thunderbird-nightly build |
| 106 | + if: steps.commit.outputs.tb_changed == 'true' |
| 107 | + run: gh workflow run build.yml -f app=thunderbird-nightly |
| 108 | + env: |
| 109 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
0 commit comments