Daily Root Certs Update Check #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Daily Root Certs Update Check | ||
| on: | ||
| schedule: | ||
| - cron: "0 0 * * *" # Runs at 00:00 UTC every day | ||
| workflow_dispatch: # Allows manual trigger | ||
| jobs: | ||
| check-and-update: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Bun | ||
| uses: oven-sh/setup-bun@v1 | ||
| with: | ||
| bun-version: latest | ||
| - name: Generate root certs and capture output | ||
| id: generate-certs | ||
| run: | | ||
| cd packages/bun-usockets/ | ||
| OUTPUT=$(bun generate-root-certs.mjs -v) | ||
| echo "cert_output<<EOF" >> $GITHUB_ENV | ||
| echo "$OUTPUT" >> $GITHUB_ENV | ||
| echo "EOF" >> $GITHUB_ENV | ||
| - name: Check for changes and stage files | ||
| id: check-changes | ||
| run: | | ||
| if [[ -n "$(git status --porcelain)" ]]; then | ||
| echo "Found changes, staging modified files..." | ||
| git config --global user.name "github-actions[bot]" | ||
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | ||
| # Get list of modified files and add them | ||
| git status --porcelain | while read -r status file; do | ||
| # Remove leading status and whitespace | ||
| file=$(echo "$file" | sed 's/^.* //') | ||
| echo "Adding changed file: $file" | ||
| git add "$file" | ||
| done | ||
| echo "changes=true" >> $GITHUB_OUTPUT | ||
| # Store the list of changed files | ||
| CHANGED_FILES=$(git status --porcelain) | ||
| echo "changed_files<<EOF" >> $GITHUB_ENV | ||
| echo "$CHANGED_FILES" >> $GITHUB_ENV | ||
| echo "EOF" >> $GITHUB_ENV | ||
| else | ||
| echo "No changes detected" | ||
| echo "changes=false" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Create Pull Request | ||
| if: steps.check-changes.outputs.changes == 'true' | ||
| uses: peter-evans/create-pull-request@v5 | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| commit-message: "update(root_certs): Update root certificates $(date +'%Y-%m-%d')" | ||
| title: "update(root_certs) $(date +'%Y-%m-%d')" | ||
| body: | | ||
| Automated root certificates update | ||
| ${{ env.cert_output }} | ||
| ## Changed Files: | ||
| ``` | ||
| ${{ env.changed_files }} | ||
| ``` | ||
| branch: certs/update-root-certs-${{ github.run_number }} | ||
| base: main | ||
| delete-branch: true | ||
| labels: | ||
| - "automation" | ||
| - "root-certs" | ||
