Varnish Version Check #915

Workflow file for this run

.github/workflows/varnish-version-check.yml at 4cde786

	name: Varnish Version Check

	on:
	schedule:
	- cron: '0 * * * *' # every hour on the hour
	workflow_dispatch: # allow manual trigger from the Actions tab
	branches:
	- main

	jobs:
	check:
	name: Check latest varnish tag vs pkg.env
	runs-on: ubuntu-latest
	permissions:
	contents: write # to push a branch
	pull-requests: write # to open a PR
	issues: write # to open an issue if pkg.env is ahead of latest tag

	steps:
	- name: Checkout all-packager
	uses: actions/checkout@v6

	- name: Run version check (and open PR if out of date)
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	set -x
	PKG_ENV_FILE=pkg.env

	LATEST_TAG=$(gh api repos/varnish/varnish/tags --paginate --jq '.[].name' \
	\| grep '^varnish-' \| sort -V \| tail -1)
	TAG_VERSION="${LATEST_TAG#varnish-}"

	PKG_VERSION=$(. "$PKG_ENV_FILE"; echo "${VARS[varnish_version]}")
	PKG_SHA512=$(. "$PKG_ENV_FILE"; echo "${VARS[varnish_sha512]}")

	# Version ahead of latest tag — open an issue
	LOWER=$(printf '%s\n' "$PKG_VERSION" "$TAG_VERSION" \| sort -V \| head -1)
	if [[ "$PKG_VERSION" != "$TAG_VERSION" && "$LOWER" == "$TAG_VERSION" ]]; then
	ISSUE_TITLE="varnish version in pkg.env ($PKG_VERSION) is ahead of latest tag ($TAG_VERSION)"
	EXISTING=$(gh issue list --state open --search "$ISSUE_TITLE" --json url --jq '.[0].url')
	if [[ -n "$EXISTING" ]]; then
	echo "Issue already open: $EXISTING"
	exit 0
	fi
	gh issue create \
	--title "$ISSUE_TITLE" \
	--body "pkg.env contains \`${PKG_VERSION}\` but the latest tag is \`${TAG_VERSION}\`. This requires manual review."
	exit 0
	fi

	# Version behind latest tag — open a version bump PR
	if [[ "$PKG_VERSION" == "$TAG_VERSION" ]]; then
	echo "pkg.env is already using the latest Varnish version"
	exit 0
	fi

	BRANCH="varnish-version-bump-${TAG_VERSION}"
	git fetch origin
	if git ls-remote --exit-code --heads origin "$BRANCH" > /dev/null 2>&1; then
	echo "Branch $BRANCH already exists, version PR is awaiting review."
	exit 0
	fi
	echo "Updating version"
	sed \
	-i \
	-e "s/VARS\[varnish_version\]=.*/VARS[varnish_version]=${TAG_VERSION}/" \
	"$PKG_ENV_FILE"
	echo "Computing sha512 for varnish-${TAG_VERSION}..."
	ACTUAL_SHA512=$(. "$PKG_ENV_FILE"; curl -sL "${VARS[varnish_source]}" \| sha512sum \| awk '{print $1}')
	sed \
	-i \
	-e "s/VARS\[varnish_sha512\]=.*/VARS[varnish_sha512]=${ACTUAL_SHA512}/" \
	"$PKG_ENV_FILE"
	git config user.email "github-actions[bot]@users.noreply.github.com"
	git config user.name "github-actions[bot]"
	git switch -c "$BRANCH"
	git add "$PKG_ENV_FILE"
	git commit -m "bump: varnish version ${PKG_VERSION} -> ${TAG_VERSION}"
	git push origin "$BRANCH"
	gh pr create \
	--title "bump: varnish version ${PKG_VERSION} → ${TAG_VERSION}" \
	--body "Automated version bump from \`${PKG_VERSION}\` to \`${TAG_VERSION}\` with updated sha512 checksum." \
	--base main \
	--head "$BRANCH"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Varnish Version Check #915

Workflow file

Varnish Version Check #915

Uh oh!

Workflow file for this run