mirror of
https://github.com/bitwarden/android.git
synced 2026-04-28 03:48:14 -05:00
100 lines
3.7 KiB
YAML
100 lines
3.7 KiB
YAML
name: Cron / Sync Google Privileged Browsers List
|
|
|
|
on:
|
|
schedule:
|
|
# Run weekly on Sunday at 00:00 UTC
|
|
- cron: '0 0 * * 0'
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
SOURCE_URL: https://www.gstatic.com/gpm-passkeys-privileged-apps/apps.json
|
|
GOOGLE_FILE: app/src/main/assets/fido2_privileged_google.json
|
|
COMMUNITY_FILE: app/src/main/assets/fido2_privileged_community.json
|
|
|
|
jobs:
|
|
sync-privileged-browsers:
|
|
name: Sync Google Privileged Browsers List
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
with:
|
|
persist-credentials: true
|
|
|
|
- name: Download Google Privileged Browsers List
|
|
run: curl -s "$SOURCE_URL" -o "$GOOGLE_FILE"
|
|
|
|
- name: Check for changes
|
|
id: check-changes
|
|
run: |
|
|
if git diff --quiet -- "$GOOGLE_FILE"; then
|
|
echo "👀 No changes detected, skipping..."
|
|
echo "has_changes=false" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
echo "has_changes=true" >> "$GITHUB_OUTPUT"
|
|
echo "👀 Changes detected, validating fido2_privileged_google.json..."
|
|
|
|
if ! python .github/scripts/validate-json/validate_json.py validate "$GOOGLE_FILE"; then
|
|
echo "::error::JSON validation failed for $GOOGLE_FILE"
|
|
exit 1
|
|
fi
|
|
|
|
echo "👀 fido2_privileged_google.json is valid, checking for duplicates..."
|
|
|
|
# Check for duplicates between Google and Community files
|
|
python .github/scripts/validate-json/validate_json.py duplicates "$GOOGLE_FILE" "$COMMUNITY_FILE" duplicates.txt
|
|
|
|
if [ -f duplicates.txt ]; then
|
|
echo "::warning::Duplicate package names found between Google and Community files."
|
|
echo "duplicates_found=true" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "✅ No duplicate package names found between Google and Community files"
|
|
echo "duplicates_found=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Create branch and commit
|
|
if: steps.check-changes.outputs.has_changes == 'true'
|
|
run: |
|
|
echo "👀 Committing fido2_privileged_google.json..."
|
|
|
|
BRANCH_NAME="cron-sync-privileged-browsers/$GITHUB_RUN_NUMBER-sync"
|
|
git config user.name "GitHub Actions Bot"
|
|
git config user.email "actions@github.com"
|
|
git checkout -b "$BRANCH_NAME"
|
|
git add "$GOOGLE_FILE"
|
|
git commit -m "Update Google privileged browsers list"
|
|
git push origin "$BRANCH_NAME"
|
|
echo "BRANCH_NAME=$BRANCH_NAME" >> "$GITHUB_ENV"
|
|
echo "🌱 Branch created: $BRANCH_NAME"
|
|
|
|
- name: Create Pull Request
|
|
if: steps.check-changes.outputs.has_changes == 'true'
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
DUPLICATES_FOUND: ${{ steps.check-changes.outputs.duplicates_found }}
|
|
BASE_PR_URL: ${{ github.server_url }}/${{ github.repository }}/pull/
|
|
run: |
|
|
PR_BODY="Updates the Google privileged browsers list with the latest data from $SOURCE_URL"
|
|
|
|
if [ "$DUPLICATES_FOUND" = "true" ]; then
|
|
PR_BODY="$PR_BODY\n\n> [!WARNING]\n> :suspect: The following package(s) appear in both Google and Community files:"
|
|
while IFS= read -r line; do
|
|
PR_BODY="$PR_BODY\n> - $line"
|
|
done < duplicates.txt
|
|
fi
|
|
|
|
# Use echo -e to interpret escape sequences and pipe to gh pr create
|
|
echo -e "$PR_BODY" | gh pr create \
|
|
--title "Update Google privileged browsers list" \
|
|
--body-file - \
|
|
--base main \
|
|
--head "$BRANCH_NAME" \
|
|
--label "automated-pr" \
|
|
--label "t:ci"
|