-
Notifications
You must be signed in to change notification settings - Fork 0
170 lines (144 loc) · 5.82 KB
/
check-upstream.yml
File metadata and controls
170 lines (144 loc) · 5.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: Check Upstream Codex Version
on:
schedule:
- cron: "23 2 * * *"
workflow_dispatch:
permissions:
contents: write
jobs:
check-and-tag:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: "20"
cache: npm
cache-dependency-path: package.json
- name: Install DMG tooling
run: |
sudo apt-get update
sudo apt-get install -y 7zip dmg2img
- name: Install dependencies
run: npm install
- name: Determine latest local tag
id: latest_tag
run: |
TAG="$(git tag -l 'v*' | sort -V | tail -n 1 || true)"
TAG="${TAG#v}"
echo "version=${TAG}" >> "${GITHUB_OUTPUT}"
- name: Check upstream DMG ETag
id: etag
run: |
set -euo pipefail
URL="https://persistent.oaistatic.com/codex-app-prod/Codex.dmg"
STORED_ETAG=""
if [[ -f upstream-etag.txt ]]; then
STORED_ETAG="$(tr -d '\r\n' < upstream-etag.txt)"
fi
HEADER_FILE="$(mktemp)"
STATUS_CODE=""
if [[ -n "${STORED_ETAG}" ]]; then
STATUS_CODE="$(curl -sS -I -D "${HEADER_FILE}" -o /dev/null -w '%{http_code}' -H "If-None-Match: ${STORED_ETAG}" "${URL}")"
else
STATUS_CODE="$(curl -sS -I -D "${HEADER_FILE}" -o /dev/null -w '%{http_code}' "${URL}")"
fi
if [[ "${STATUS_CODE}" == "304" ]]; then
echo "changed=false" >> "${GITHUB_OUTPUT}"
echo "etag=${STORED_ETAG}" >> "${GITHUB_OUTPUT}"
echo "No upstream DMG update (304 Not Modified)."
exit 0
fi
if [[ "${STATUS_CODE}" != "200" ]]; then
echo "Unexpected status from upstream HEAD: ${STATUS_CODE}" >&2
cat "${HEADER_FILE}" >&2 || true
exit 1
fi
CURRENT_ETAG="$(
awk 'BEGIN{IGNORECASE=1} /^etag:/ {sub(/\r$/,"",$2); print $2; exit}' "${HEADER_FILE}"
)"
if [[ -z "${CURRENT_ETAG}" ]]; then
echo "Missing ETag header from upstream; cannot do safe change detection." >&2
cat "${HEADER_FILE}" >&2 || true
exit 1
fi
echo "etag=${CURRENT_ETAG}" >> "${GITHUB_OUTPUT}"
if [[ "${CURRENT_ETAG}" == "${STORED_ETAG}" ]]; then
echo "changed=false" >> "${GITHUB_OUTPUT}"
echo "No upstream DMG update (ETag unchanged)."
else
echo "changed=true" >> "${GITHUB_OUTPUT}"
echo "Upstream DMG changed: ${STORED_ETAG} -> ${CURRENT_ETAG}"
fi
- name: Download Codex DMG
if: steps.etag.outputs.changed == 'true'
run: curl -fL "https://persistent.oaistatic.com/codex-app-prod/Codex.dmg" -o Codex.dmg
- name: Read upstream Codex version
if: steps.etag.outputs.changed == 'true'
id: upstream
run: |
VERSION="$(bash scripts/get-codex-version.sh ./Codex.dmg)"
echo "version=${VERSION}" >> "${GITHUB_OUTPUT}"
- name: Create commit and optional tag when upstream changed
if: steps.etag.outputs.changed == 'true'
env:
RELEASE_PAT: ${{ secrets.RELEASE_PAT }}
run: |
set -euo pipefail
NEW_ETAG="${{ steps.etag.outputs.etag }}"
NEW_VERSION="${{ steps.upstream.outputs.version }}"
LATEST_LOCAL_VERSION="${{ steps.latest_tag.outputs.version }}"
VERSION_CHANGED="false"
if [[ "${NEW_VERSION}" != "${LATEST_LOCAL_VERSION}" ]]; then
VERSION_CHANGED="true"
fi
if [[ "${VERSION_CHANGED}" == "true" && -z "${RELEASE_PAT}" ]]; then
echo "RELEASE_PAT secret is required to push version tags that trigger release workflow." >&2
echo "Set Settings -> Secrets and variables -> Actions -> RELEASE_PAT with repo+workflow scopes." >&2
exit 1
fi
echo "${NEW_ETAG}" > upstream-etag.txt
if [[ "${VERSION_CHANGED}" == "true" ]]; then
echo "${NEW_VERSION}" > upstream-version.txt
fi
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
if [[ -n "${RELEASE_PAT}" ]]; then
git config --local --unset-all http.https://github.com/.extraheader || true
git remote set-url origin "https://x-access-token:${RELEASE_PAT}@github.com/${GITHUB_REPOSITORY}.git"
fi
git add upstream-etag.txt
if [[ "${VERSION_CHANGED}" == "true" ]]; then
git add upstream-version.txt
fi
if ! git diff --cached --quiet; then
if [[ "${VERSION_CHANGED}" == "true" ]]; then
COMMIT_MSG="chore: bump upstream Codex to ${NEW_VERSION}"
else
COMMIT_MSG="chore: update upstream Codex etag"
fi
git commit -m "${COMMIT_MSG}"
git push origin HEAD:${GITHUB_REF_NAME}
else
echo "Tracking files unchanged, skipping commit."
fi
if [[ "${VERSION_CHANGED}" == "true" ]]; then
NEW_TAG="v${NEW_VERSION}"
if git rev-parse "${NEW_TAG}" >/dev/null 2>&1; then
echo "Tag ${NEW_TAG} already exists. Nothing to do."
exit 0
fi
git tag "${NEW_TAG}"
git push origin "${NEW_TAG}"
else
echo "Upstream DMG changed but app version stayed at ${NEW_VERSION}; skipping tag."
fi
- name: No update
if: steps.etag.outputs.changed != 'true'
run: |
echo "Upstream DMG unchanged (ETag: ${{ steps.etag.outputs.etag }})"