Add GitHub Action for Tor update check #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check for and commit Tor package updates | |
| # TODO: Switch to nightly | |
| on: [pull_request] | |
| jobs: | |
| buildinfo: | |
| runs-on: ubuntu-latest | |
| container: debian:bullseye-backports | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| apt-get update && apt-get install --yes reprepro ca-certificates dctrl-tools \ | |
| git git-lfs openssh-client python3 gh | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| fetch-depth: 0 | |
| token: ${{ secrets.PUSH_TOKEN }} | |
| - name: Check for and commit Tor package updates | |
| run: | | |
| git config --global --add safe.directory '*' | |
| git config user.email "securedrop@freedom.press" | |
| git config user.name "sdcibot" | |
| # Import the Tor repo signing key | |
| gpg --import repo/conf/updates-keys/*.gpg | |
| # Run reprepro update, skip export since we just want the debs (and we don't have | |
| # the repo signing key anyways) | |
| REPREPRO_BASE_DIR=repo reprepro --export=never update | |
| # Move the new packages over, intentionally leaving the old ones around | |
| mv repo/pool/main/t/tor/*.deb core/focal/ | |
| git add core/focal/*.deb | |
| git diff-index --quiet HEAD | |
| # If there are changes, diff-index will fail, so we commit and push | |
| # git diff-index --quiet HEAD || | |
| ./scripts/new-tor-issue | |
| # (git commit -m "Automatically updating Tor packages" \ | |
| # && git push origin main && |