chore: helper scripts for updating chocolatey#1360
Conversation
lidel
left a comment
lidel
left a comment
There was a problem hiding this comment.
Thank you, automating this is super useful!
Before we merge, I want to address a small concern below.
appveyor.yml
Outdated
|
|
||
| on_success: | ||
| - ps: | | ||
| if ($env:APPVEYOR_REPO_COMMIT_MESSAGE -Match "pubchoco") { |
There was a problem hiding this comment.
Ugh, github lost my comment, so writing again...
@hacdias Appveyor runs on every PR. In theory someone could PR a downgrade attack with nuspec pointing at older version. What would Cocolatey do in that case? Reject? Override latest version with old one?
Perhaps we could harden this to run only if branch name is master and build is not a PR
There was a problem hiding this comment.
Changed. However, couldn't someone just change the code? And mame a PR and hijack the releases anyways? There's a way to define scripts that does not include .appveyor.yml (see docs). However, someone with enough knowledge could trigger the update too...
There was a problem hiding this comment.
Actually not, if we define like they do on the docs (on the UI itself), it won't be on .appveyor.yml thus it will be locked to master.
|
@lidel so I removed that bit from .appveyor.yml and added it to the interface:
This way no one can change it! |
License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com>
License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com>
lidel
force-pushed
the
chore/semi-auto-choco
branch
2 times, most recently
from
6c4f075 to
333bae2
Compare
lidel
changed the title
|
@hacdias I tried I know you don't have bandwidth for looking into this, so let's leave automation for now. |
|
@lidel done. I'm sad it didn't work. Looking at the logs, it doesn't even seem that the script was executed... |
Automation set up on AppVeyor is broken, let's go with manual steps for now: #1360 (comment) License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
Automation set up on AppVeyor is broken, let's go with manual steps for now: #1360 (comment) License: MIT Signed-off-by: Marcin Rataj <lidel@lidel.org>
2 participants
This PR creates an helper script to help with the chocolatey update procedure. After releasing a version, wait for the binaries to be available on the releases page. Then:
node pkgs/chocolatey/update.js $versiongit commit -m "chore: update choco [pubchoco]"- thepubchocopart must be theregit pushand wait for AppVeyor which should publish the package.Obviously I could not test this. The script for updating the nuspec file works well. We just need to test the third step on the next release.