mirror of https://github.com/YOURLS/YOURLS
62 lines
1.9 KiB
YAML
62 lines
1.9 KiB
YAML
name: Update certificates
|
|
|
|
on:
|
|
# Run every Monday at 13:37
|
|
schedule:
|
|
- cron: '37 13 * * 1'
|
|
# And manually
|
|
workflow_dispatch:
|
|
|
|
# Cancels all previous workflow runs for the same branch that have not yet completed.
|
|
concurrency:
|
|
# The concurrency group contains the workflow name and the branch name.
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
certificate-check:
|
|
name: "Check for updated certificate bundle"
|
|
# Don't run the cron job on forks.
|
|
if: ${{ github.event_name != 'schedule' || github.repository == 'YOURLS/YOURLS' }}
|
|
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Get current certificate bundle
|
|
working-directory: ./includes/vendor/rmccue/requests/certificates
|
|
run: |
|
|
curl --remote-name https://curl.se/ca/cacert.pem
|
|
curl --remote-name https://curl.se/ca/cacert.pem.sha256
|
|
|
|
- name: Verify the checksum of the downloaded bundle
|
|
working-directory: ./includes/vendor/rmccue/requests/certificates
|
|
run: sha256sum --check cacert.pem.sha256
|
|
|
|
- name: "Debug info: Show git status"
|
|
run: git status -vv --untracked=all
|
|
|
|
- name: "Get date"
|
|
id: get-date
|
|
run: echo "DATE=$(/bin/date -u "+%F")" >> $GITHUB_OUTPUT
|
|
|
|
- name: Create pull request
|
|
uses: peter-evans/create-pull-request@v6
|
|
with:
|
|
base: master
|
|
branch: auto-update-cacert
|
|
delete-branch: true
|
|
commit-message: "Update certificates"
|
|
title: "Update certificates"
|
|
body: |
|
|
Updated certificates, last verified on ${{ steps.get-date.outputs.DATE }}.
|
|
|
|
Source: https://curl.se/docs/caextract.html
|
|
labels: |
|
|
dependencies
|
|
reviewers: |
|
|
ozh
|
|
LeoColomb
|
|
dgw
|