Update Deb #485
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a basic workflow to help you get started with Actions | |
| name: Update Deb | |
| # Controls when the workflow will run | |
| on: | |
| schedule: | |
| - cron: '0 0 */2 * *' | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| update: | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| env: | |
| PUSH: 1 | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Import GPG key | |
| id: import_gpg | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| - name: GPG user IDs | |
| run: | | |
| echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}" | |
| echo "keyid: ${{ steps.import_gpg.outputs.keyid }}" | |
| echo "name: ${{ steps.import_gpg.outputs.name }}" | |
| echo "email: ${{ steps.import_gpg.outputs.email }}" | |
| # Runs a set of commands using the runners shell | |
| - name: Install dependencies | |
| run: | | |
| sudo apt install reprepro | |
| - name: Check Update | |
| run: | | |
| function update_repo() { | |
| reprepro --basedir "$(pwd)/meta" includedeb stable "./MullvadVPN-$1_amd64.deb" "./MullvadVPN-$1_arm64.deb" | |
| if [ -d dists ]; then rm -r dists; fi | |
| if [ -d pool ]; then rm -r pool; fi | |
| mv meta/dists ./ | |
| mv meta/pool ./ | |
| checksum_amd64=$(sha256sum pool/main/m/mullvad-vpn/mullvad-vpn_$1_amd64.deb) | |
| checksum_arm64=$(sha256sum pool/main/m/mullvad-vpn/mullvad-vpn_$1_arm64.deb) | |
| sed -i -E "s,[a-f0-9]{64}[ ]+pool/main/m/mullvad-vpn/mullvad-vpn_[0-9]{4}.[0-9]_amd64.deb,$checksum_amd64," README.md | |
| sed -i -E "s,[a-f0-9]{64}[ ]+pool/main/m/mullvad-vpn/mullvad-vpn_[0-9]{4}.[0-9]_arm64.deb,$checksum_arm64," README.md | |
| echo "PUSH=0" >> $GITHUB_ENV | |
| } | |
| function download_update() { | |
| if [ -f /tmp/verify.log ]; then rm /tmp/verify.log; fi | |
| wget -q "https://github.com/mullvad/mullvadvpn-app/releases/download/$1/MullvadVPN-$1_amd64.deb" --show-progress | |
| wget -q "https://github.com/mullvad/mullvadvpn-app/releases/download/$1/MullvadVPN-$1_amd64.deb.asc" --show-progress | |
| wget -q "https://github.com/mullvad/mullvadvpn-app/releases/download/$1/MullvadVPN-$1_arm64.deb" --show-progress | |
| wget -q "https://github.com/mullvad/mullvadvpn-app/releases/download/$1/MullvadVPN-$1_arm64.deb.asc" --show-progress | |
| gpg2 --keyserver hkps://keyserver.ubuntu.com --recv-keys A1198702FC3E0A09A9AE5B75D5A1D4F266DE8DDF | |
| gpg2 --verify "MullvadVPN-$1_amd64.deb.asc" "MullvadVPN-$1_amd64.deb" 2>&1 | tee /tmp/verify.log | |
| grep 'Good signature from "Mullvad (code signing) <[email protected]>"' /tmp/verify.log | |
| if [ "$?" -eq "0" ]; then | |
| echo 'Good signature (amd64)' | |
| : > /tmp/verify.log | |
| gpg2 --verify "MullvadVPN-$1_arm64.deb.asc" "MullvadVPN-$1_arm64.deb" 2>&1 | tee /tmp/verify.log | |
| grep 'Good signature from "Mullvad (code signing) <[email protected]>"' /tmp/verify.log | |
| if [ "$?" -eq "0" ]; then | |
| echo 'Good signature (arm64)' | |
| echo "$1" > last_update | |
| return 0 | |
| fi | |
| fi | |
| echo 'Bad signature' | |
| return 1 | |
| } | |
| function compare (){ | |
| last_big=$(echo "$1" | cut -d "." -f 1) | |
| last_small=$(echo "$1" | cut -d "." -f 2) | |
| latest_big=$(echo "$2" | cut -d "." -f 1) | |
| latest_small=$(echo "$2" | cut -d "." -f 2) | |
| if [ "$latest_big" -gt "$last_big" ]; then | |
| return 0 | |
| else | |
| if [ "$latest_small" -gt "$last_small" ]; then | |
| return 0 | |
| fi | |
| fi | |
| return 1 | |
| } | |
| echo 'Checking update...' | |
| releases=$(git ls-remote --tags https://github.com/mullvad/mullvadvpn-app.git | egrep -o 'refs/tags/[0-9]{4}\.[0-9]$') | |
| latest=$(echo -n $releases | egrep -o '[0-9]{4}\.[0-9]$' | sort | tail -1 | tr -d '\n') | |
| echo "PUSH=1" >> $GITHUB_ENV | |
| if [ -f 'last_update' ]; then | |
| last_update=$(cat last_update) | |
| if compare "$last_update" "$latest"; then | |
| echo 'Update available, downloading latest deb' | |
| if download_update "$latest"; then | |
| update_repo "$latest" | |
| fi | |
| else | |
| echo 'No update available' | |
| fi | |
| else | |
| echo 'No version file found, assuming update available' | |
| if download_update "$latest"; then | |
| update_repo "$latest" | |
| fi | |
| fi | |
| - name: Commit repo changes | |
| if: ${{ env.PUSH == 0 }} | |
| run: | | |
| git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ GITHUB.REPOSITORY }} | |
| git status | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config --global user.name "github-actions[bot]" | |
| git add last_update dists pool README.md | |
| git commit -m "Update packages" | |
| git push |