diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8e96c7d3c..a938faf78 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,8 +2,6 @@ on: push: branches: - master - repository_dispatch: - types: [release_event] jobs: build-and-push-base: diff --git a/.github/workflows/scorpio_auto_update.yml b/.github/workflows/scorpio_auto_update.yml new file mode 100644 index 000000000..96286b90d --- /dev/null +++ b/.github/workflows/scorpio_auto_update.yml @@ -0,0 +1,87 @@ +on: + repository_dispatch: + types: [release_event] + +jobs: + validate-webhook-signature: + runs-on: ubuntu-latest + steps: + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '16' + + - name: Install dependencies + run: npm install @octokit/webhooks + + - name: Validate Webhook Signature + id: validate_signature + env: + WEBHOOK_SECRET: ${{ secrets.SCORPIO_WEBHOOOK_RELEASE_KEY }} # Your secret key for webhook + run: | + echo "const { Webhooks } = require('@octokit/webhooks');" > verify-webhook.js + echo "const webhooks = new Webhooks({ secret: process.env.WEBHOOK_SECRET });" >> verify-webhook.js + echo "const signature = process.env.GITHUB_SIGNATURE;" >> verify-webhook.js + echo "const body = process.env.GITHUB_EVENT_PAYLOAD;" >> verify-webhook.js + echo "webhooks.verify(body, signature).then(isValid => {" >> verify-webhook.js + echo " if (!isValid) { console.error('Webhook validation failed'); process.exit(1); }" >> verify-webhook.js + echo " else { console.log('Webhook validation successful'); }" >> verify-webhook.js + echo "}).catch(err => { console.error('Error in webhook validation', err); process.exit(1); });" >> verify-webhook.js + + # Export necessary environment variables for the Node.js script + echo "GITHUB_SIGNATURE=${{ github.event.client_payload.headers['x-hub-signature-256'] }}" >> $GITHUB_ENV + echo "GITHUB_EVENT_PAYLOAD=$(cat $GITHUB_EVENT_PATH)" >> $GITHUB_ENV + + # Run the validation script + node verify-webhook.js + + update-scorpio-version-with-pr: + runs-on: ubuntu-latest + needs: validate-webhook-signature # Ensure this job only runs if validation passes + steps: + - name: Check out repository + uses: actions/checkout@v3 + + - name: Extract release version from webhook + id: extract_release_version + run: | + RELEASE_VERSION=$(echo ${{ github.event.client_payload.release.tag_name }}) + echo "Release version: $RELEASE_VERSION" + echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV + + - name: Replace number in file with release version + run: | + FILE_PATH="images/base-ide/package.json" + OLD_VERSION=$(grep -oP '(?<=https://open-vsx.org/api/tum-aet/artemis-scorpio/)[0-9]+\.[0-9]+\.[0-9]+' $FILE_PATH) + sed -i "s|https://open-vsx.org/api/tum-aet/artemis-scorpio/${OLD_VERSION}/file/tum-aet.artemis-scorpio-${OLD_VERSION}.vsix|https://open-vsx.org/api/tum-aet/artemis-scorpio/${{ env.RELEASE_VERSION }}/file/tum-aet.artemis-scorpio-${{ env.RELEASE_VERSION }}.vsix|g" $FILE_PATH + + + cat $FILE_PATH + + - name: Create a new branch + run: | + BRANCH_NAME="update-scorpio-release-version-${{ env.RELEASE_VERSION }}" + git checkout -b $BRANCH_NAME + + - name: Commit changes + run: | + git config --local user.name "github-actions" + git config --local user.email "github-actions@github.com" + git add images/base-ide/package.json + git commit -m "Update file with release version ${{ env.RELEASE_VERSION }}" + + - name: Push changes to new branch + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + BRANCH_NAME="update-scorpio-release-version-${{ env.RELEASE_VERSION }}" + git push origin $BRANCH_NAME + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + branch: update-scorpio-release-version-${{ env.RELEASE_VERSION }} + title: "Update scorpio with release version ${{ env.RELEASE_VERSION }}" + body: "This PR updates the verion of the scorpio plugin to the new release version ${{ env.RELEASE_VERSION }}." + base: master # Change this if your target branch is different \ No newline at end of file