mirror of
https://github.com/GAM-team/GAM.git
synced 2026-06-03 22:01:39 +00:00
57 lines
1.6 KiB
YAML
57 lines
1.6 KiB
YAML
name: Check for Google Root CA Updates
|
|
|
|
on:
|
|
push:
|
|
paths-ignore:
|
|
- 'wiki/**'
|
|
pull_request:
|
|
paths-ignore:
|
|
- 'wiki/**'
|
|
schedule:
|
|
- cron: '23 23 * * *'
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
working-directory: src/gam
|
|
|
|
jobs:
|
|
check-certs:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
|
|
with:
|
|
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
|
|
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
|
|
|
|
- name: Get Current cacerts.pem hash
|
|
run: |
|
|
export CURRENT_HASH=$(sha256sum ./cacerts.pem)
|
|
echo "Current hash is: ${CURRENT_HASH}"
|
|
echo "CURRENT_HASH=${CURRENT_HASH}" >> $GITHUB_ENV
|
|
|
|
- name: Get latest cacerts.pem file from Google
|
|
run: |
|
|
curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem
|
|
|
|
- name: Compare hashes
|
|
run: |
|
|
export NEW_HASH=$(sha256sum ./cacerts.pem)
|
|
if [ "$NEW_HASH" == "$CURRENT_HASH" ]; then
|
|
echo "Same file."
|
|
else
|
|
echo "New file content. Was ${CURRENT_HASH} and now is ${NEW_HASH}"
|
|
fi
|
|
|
|
- name: Commit file
|
|
run: |
|
|
git config --local user.email "action@github.com"
|
|
git config --local user.name "GitHub Action"
|
|
git add cacerts.pem
|
|
git diff --quiet && git diff --staged --quiet || git commit -am '[ci skip] Updated cacerts.pem'
|
|
|
|
- name: Push changes
|
|
uses: ad-m/github-push-action@master
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|