saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cryptography/.github/workflows/boring-open-version-bump.yml
Paul Kehrer 6074586002
branch name change for boring (#12327) 
* branch name change for boring

* fix (part 1)

* fix (part 2)
2025-01-22 20:26:07 -05:00

78 lines
4 KiB
YAML
Raw Blame History

name: Bump BoringSSL and/or OpenSSL
permissions:
contents: read
on:
workflow_dispatch:
schedule:
# Run daily
- cron: "0 0 * * *"
jobs:
bump:
if: github.repository_owner == 'pyca'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# Needed so we can push back to the repo
persist-credentials: true
- id: check-sha-boring
run: |
SHA=$(git ls-remote https://boringssl.googlesource.com/boringssl refs/heads/main | cut -f1)
LAST_COMMIT=$(grep boringssl .github/workflows/ci.yml | grep TYPE | grep -oE '[a-f0-9]{40}')
if ! grep -q "$SHA" .github/workflows/ci.yml; then
echo "COMMIT_SHA=${SHA}" >> $GITHUB_OUTPUT
echo "COMMIT_MSG<<EOF" >> $GITHUB_OUTPUT
echo -e "## BoringSSL\n[Commit: ${SHA}](https://boringssl.googlesource.com/boringssl/+/${SHA})\n\n[Diff](https://boringssl.googlesource.com/boringssl/+/${LAST_COMMIT}..${SHA}) between the last commit hash merged to this repository and the new commit." >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
fi
- id: check-sha-openssl
run: |
SHA=$(git ls-remote https://github.com/openssl/openssl refs/heads/master | cut -f1)
LAST_COMMIT=$(grep openssl .github/workflows/ci.yml | grep TYPE | grep -oE '[a-f0-9]{40}')
if ! grep -q "$SHA" .github/workflows/ci.yml; then
echo "COMMIT_SHA=${SHA}" >> $GITHUB_OUTPUT
echo "COMMIT_MSG<<EOF" >> $GITHUB_OUTPUT
echo -e "## OpenSSL\n[Commit: ${SHA}](https://github.com/openssl/openssl/commit/${SHA})\n\n[Diff](https://github.com/openssl/openssl/compare/${LAST_COMMIT}...${SHA}) between the last commit hash merged to this repository and the new commit." >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
fi
- name: Update boring
run: |
set -xe
CURRENT_DATE=$(date "+%b %d, %Y")
sed -E -i "s/Latest commit on the BoringSSL main branch.*/Latest commit on the BoringSSL main branch, as of ${CURRENT_DATE}./" .github/workflows/ci.yml
sed -E -i "s/TYPE: \"boringssl\", VERSION: \"[0-9a-f]{40}\"/TYPE: \"boringssl\", VERSION: \"${COMMIT_SHA}\"/" .github/workflows/ci.yml
git status
if: steps.check-sha-boring.outputs.COMMIT_SHA
env:
COMMIT_SHA: ${{ steps.check-sha-boring.outputs.COMMIT_SHA }}
- name: Update OpenSSL
run: |
set -xe
CURRENT_DATE=$(date "+%b %d, %Y")
sed -E -i "s/Latest commit on the OpenSSL master branch.*/Latest commit on the OpenSSL master branch, as of ${CURRENT_DATE}./" .github/workflows/ci.yml
sed -E -i "s/TYPE: \"openssl\", VERSION: \"[0-9a-f]{40}\"/TYPE: \"openssl\", VERSION: \"${COMMIT_SHA}\"/" .github/workflows/ci.yml
git status
if: steps.check-sha-openssl.outputs.COMMIT_SHA
env:
COMMIT_SHA: ${{ steps.check-sha-openssl.outputs.COMMIT_SHA }}
- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
id: generate-token
with:
app_id: ${{ secrets.BORINGBOT_APP_ID }}
private_key: ${{ secrets.BORINGBOT_PRIVATE_KEY }}
if: steps.check-sha-boring.outputs.COMMIT_SHA || steps.check-sha-openssl.outputs.COMMIT_SHA
- name: Create Pull Request
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
with:
branch: "bump-openssl-boringssl"
commit-message: "Bump BoringSSL and/or OpenSSL in CI"
title: "Bump BoringSSL and/or OpenSSL in CI"
author: "pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>"
body: |
${{ steps.check-sha-boring.outputs.COMMIT_MSG }}
${{ steps.check-sha-openssl.outputs.COMMIT_MSG }}
token: ${{ steps.generate-token.outputs.token }}
if: steps.check-sha-boring.outputs.COMMIT_SHA || steps.check-sha-openssl.outputs.COMMIT_SHA
Reference in a new issue View git blame Copy permalink