MT update SSL cert #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: MT update SSL cert | |
| on: | |
| workflow_dispatch: # manual | |
| schedule: | |
| - cron: '0 18 2 * *' # Monthly on the 2nd @ 6pm UTC # WEEKLY https://crontab.guru/#0_18_2_*_* | |
| # gh workflow run mt-update-ssl-cert.yml --ref <branch> | |
| # gh run list --workflow=mt-update-ssl-cert.yml | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| # git commit & push | |
| MT_ORG_GIT_COMMIT_ON: ${{ secrets.MT_ORG_GIT_COMMIT_ON }} | |
| MT_ORG_GIT_COMMIT_OFF: ${{ secrets.MT_ORG_GIT_COMMIT_OFF }} | |
| MT_GIT_COMMIT_ON: ${{ secrets.MT_GIT_COMMIT_ON }} | |
| MT_GIT_COMMIT_OFF: ${{ secrets.MT_GIT_COMMIT_OFF }} | |
| jobs: | |
| MT-UPDATE-SSL-CERT-JOB: | |
| name: "MT Update SSL cert" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: MT check out main repository code (with submodule) | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true # required to set right token | |
| token: ${{ secrets.MT_PAT }} | |
| fetch-depth: 0 # fetch all (not required util release build) | |
| - name: MT check out submodules | |
| run: ./checkout_submodules.sh | |
| - name: MT setup MT_GIT_BRANCH env | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| echo "MT_GIT_BRANCH=${GITHUB_REF##*/}" >> $GITHUB_ENV | |
| - name: MT code sync | |
| # if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }} | |
| run: ./commons/code_sync.sh | |
| - name: MT set is commit enabled | |
| run: | | |
| source ./commons/commons.sh | |
| setGitCommitEnabled | |
| setGitUser | |
| echo "MT_GIT_COMMIT_ENABLED=$MT_GIT_COMMIT_ENABLED" >> "$GITHUB_ENV" | |
| # Should update all <network-security-config> <trust-anchors> <certificates> in /app-android/src/main/res/xml/network_security_config.xml | |
| - name: MT files paths | |
| run: | | |
| echo "COM_OCTRANSPO_PEM_FILE=app-android/src/main/res/raw/com_octranspo_pem" >> "$GITHUB_ENV" | |
| - name: MT fetch latest SSL cert | |
| run: | | |
| openssl s_client -connect octranspo.com:443 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > "$COM_OCTRANSPO_PEM_FILE" | |
| - name: MT commit change | |
| if: env.MT_GIT_COMMIT_ENABLED == 'true' | |
| run: | | |
| git add "$COM_OCTRANSPO_PEM_FILE" | |
| git diff --staged --quiet || git commit -m "CI: Update octranspo.com SSL cert" | |
| git push | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.MT_PAT }} |