Skip to content

Generate F-Droid repo #207

Generate F-Droid repo

Generate F-Droid repo #207

Workflow file for this run

name: Generate F-Droid repo
on:
workflow_dispatch:
inputs:
dry-run:
description: "Skips pushing changes when enabled. Optional. Defaults to false."
type: boolean
default: false
required: false
schedule:
- cron: "45 2 * * *"
jobs:
apps:
name: "Generate repo from apps listing"
runs-on: ubuntu-24.04
env:
COMMIT_MSG_FILE: "${{ github.workspace }}/commit_message.tmp"
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create basic directory structure
run: mkdir -p fdroid/repo
- name: Restore correct mtime
run: |
sudo apt install git-restore-mtime
git restore-mtime
- name: Login to Azure - CI Subscription
uses: Azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "github-gpg-private-key,
github-gpg-private-key-passphrase,
github-pat-bitwarden-devops-bot-repo-scope"
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
with:
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: Set up Git
run: |
git config --local user.email "[email protected]"
git config --local user.name "bitwarden-devops-bot"
- name: Download secrets
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
run: |
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
--name store_fdroid-keystore.jks --file fdroid/keystore.p12 --output none
- name: Validate secrets
run: |
if [ -f "fdroid/keystore.p12" ]; then
echo "keystore found"
else
echo "keystore not found!"
exit 1
fi
- name: Configure F-Droid server
env:
FDROID_STORE_KEYSTORE_PASSWORD: ${{ secrets.FDROID_STORE_KEYSTORE_PASSWORD }}
run: |
cp base_fdroid_config.yml fdroid/config.yml
chmod 0600 fdroid/config.yml
echo "keypass: '$FDROID_STORE_KEYSTORE_PASSWORD'" >> fdroid/config.yml
echo "keystorepass: '$FDROID_STORE_KEYSTORE_PASSWORD'" >> fdroid/config.yml
- name: Install F-Droid server software
run: |
sudo add-apt-repository ppa:fdroid/fdroidserver
sudo apt-get update
sudo apt-get install fdroidserver
- name: Ignore F-Droid ResParseError
run: |
sudo sed -i 's|raise ResParserError("res0 must be zero!")|log.warning("res0 must be zero!")|g' /usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py
sudo sed -i 's|raise ResParserError("res1 must be zero!")|log.warning("res1 must be zero!")|g' /usr/lib/python3/dist-packages/androguard/core/bytecodes/axml/__init__.py
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: '^1.17.0'
- name: Run metascoop
id: run-metascoop
env:
GH_ACCESS_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
run: |
bash run_metascoop.sh ${{ env.COMMIT_MSG_FILE }}
if [ $? -eq 0 ]; then
echo "Changes detected"
echo "has_changes=true" >> $GITHUB_OUTPUT
elif [ $? -eq 2 ]; then
echo "No changes detected"
echo "has_changes=false" >> $GITHUB_OUTPUT
else
echo "Unexpected exit code: $?"
echo "has_changes=false" >> $GITHUB_OUTPUT
fi
continue-on-error: true
- name: Delete F-Droid server config
run: |
rm -f fdroid/config.yml
- name: Update repo
env:
GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
run: |
if [ "${{ inputs.dry-run }}" = "true" ]; then
echo "Dry run. Changes are not being saved."
elif [ "${{ steps.run-metascoop.outputs.has_changes }}" != "true" ]; then
echo "No changes to save."
else
bash update_repo.sh ${{ env.COMMIT_MSG_FILE }}
fi