Check for upstream releases #356
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check for upstream releases | |
| on: | |
| schedule: | |
| # Check every 6 hours | |
| - cron: "0 */6 * * *" | |
| workflow_dispatch: | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # Must use a PAT here — pushes with GITHUB_TOKEN don't trigger other workflows | |
| token: ${{ secrets.HOMEBREW_TAP_TOKEN }} | |
| submodules: recursive | |
| - name: Get current version | |
| id: current | |
| run: | | |
| CURRENT_VERSION="$(cat version)-$(cat release)" | |
| echo "version=$CURRENT_VERSION" >> "$GITHUB_OUTPUT" | |
| echo "Current version: $CURRENT_VERSION" | |
| - name: Check upstream latest release | |
| id: upstream | |
| run: | | |
| LATEST=$(curl -sf https://codeberg.org/api/v1/repos/librewolf/source/releases/latest | jq -r '.tag_name') | |
| echo "upstream=$LATEST" >> "$GITHUB_OUTPUT" | |
| echo "Upstream version: $LATEST" | |
| - name: Compare versions | |
| id: compare | |
| run: | | |
| if [[ "${{ steps.current.outputs.version }}" == "${{ steps.upstream.outputs.upstream }}" ]]; then | |
| echo "Already up to date." | |
| echo "needs_update=false" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "New upstream release detected: ${{ steps.upstream.outputs.upstream }}" | |
| echo "needs_update=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Sync from upstream | |
| if: steps.compare.outputs.needs_update == 'true' | |
| run: | | |
| UPSTREAM_TAG="${{ steps.upstream.outputs.upstream }}" | |
| echo "Syncing to upstream ${UPSTREAM_TAG}..." | |
| # Clone the upstream repo at the release tag | |
| git clone --depth=1 --branch="${UPSTREAM_TAG}" \ | |
| https://codeberg.org/librewolf/source.git /tmp/upstream | |
| # Copy upstream files over ours, preserving our CI/signing files | |
| # First, sync everything except our custom directories/files | |
| rsync -a --delete \ | |
| --exclude='.git' \ | |
| --exclude='.github' \ | |
| --exclude='scripts/macos-sign.sh' \ | |
| --exclude='scripts/macos-create-universal.sh' \ | |
| --exclude='assets/entitlements.plist' \ | |
| --exclude='assets/mozconfig.macos' \ | |
| /tmp/upstream/ ./ | |
| echo "Synced upstream files. New version: $(cat version)-$(cat release)" | |
| - name: Apply local patches | |
| if: steps.compare.outputs.needs_update == 'true' | |
| run: | | |
| for patch in .github/patches/*.sh; do | |
| echo "Applying $patch..." | |
| bash "$patch" | |
| done | |
| - name: Commit and push | |
| if: steps.compare.outputs.needs_update == 'true' | |
| run: | | |
| UPSTREAM_TAG="${{ steps.upstream.outputs.upstream }}" | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add -A | |
| git diff --cached --quiet && { echo "No changes to commit"; exit 0; } | |
| git commit -m "Sync upstream LibreWolf ${UPSTREAM_TAG}" | |
| git push origin main | |
| echo "Pushed. This will trigger the build workflow." |