Update get-cacerts.yml #1215
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Check for Google Root CA Updates | |
on: | |
push: | |
pull_request: | |
schedule: | |
- cron: '23 23 * * *' | |
defaults: | |
run: | |
shell: bash | |
working-directory: src | |
jobs: | |
check-apis: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
with: | |
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token | |
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo | |
- name: Get Current cacerts.pem hash | |
run: | | |
export CURRENT_HASH=$(sha256sum ./cacerts.pem) | |
echo "Current hash is: ${CURRENT_HASH}" | |
echo "CURRENT_HASH=${CURRENT_HASH}" >> $GITHUB_ENV | |
- name: Get latest cacerts.pem file from Google | |
run: | | |
curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem | |
- name: Compare hashes | |
run: | | |
export NEW_HASH=$(sha256sum ./cacerts.pem) | |
if [ "$NEW_HASH" == "$CURRENT_HASH" ]; then | |
echo "Same file." | |
else | |
echo "New file content. Was ${CURRENT_HASH} and now is ${NEW_HASH}" | |
fi | |
- name: Commit file | |
run: | | |
git config --local user.email "action@github.com" | |
git config --local user.name "GitHub Action" | |
git add cacerts.pem | |
git diff --quiet && git diff --staged --quiet || git commit -am '[ci skip] Updated cacerts.pem' | |
- name: Push changes | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} |