name: "[Bot] update TOR binary" on: schedule: - cron: "0 0 1 * *" workflow_dispatch: jobs: update-tor: if: github.repository == 'trezor/trezor-suite' runs-on: macos-latest env: UPDATE_FILE: packages/suite-data/files/bin/tor/update.sh steps: - name: Checkout repo uses: actions/checkout@v4 - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: 20 - name: Get current TOR versions id: versions run: | content=$(cat $UPDATE_FILE) newer_version () { local version=$(echo "$content" | grep "^$1=" | cut -d= -f2) local major=$(echo "$version" | cut -d_ -f1-2)_ local patch=$(echo "$version" | cut -d_ -f3) local next=$((patch+1)) echo "${major}${next}" } crx_next=$(newer_version CRX_VER) arm_next=$(newer_version CRX_LINUX_ARM_VER) echo "crx_next=$crx_next" >> $GITHUB_OUTPUT echo "arm_next=$arm_next" >> $GITHUB_OUTPUT - name: Check if new CRX binary exists id: check_crx run: | url="https://tor.bravesoftware.com/release/cldoidikboihgcjfkhdeidbpclkineef/extension_${{ steps.versions.outputs.crx_next }}.crx" echo "Checking $url" if curl --fail --silent --head "$url" | grep "content-type: application/x-chrome-extension" > /dev/null; then echo "new_crx=true" >> $GITHUB_OUTPUT echo "crx_url=$url" >> $GITHUB_OUTPUT else echo "new_crx=false" >> $GITHUB_OUTPUT fi - name: Check if new Linux ARM binary exists id: check_arm run: | url="https://tor.bravesoftware.com/release/monolafkoghdlanndjfeebmdfkbklejg/extension_${{ steps.versions.outputs.arm_next }}.crx" echo "Checking $url" if curl --fail --silent --head "$url" | grep "content-type: application/x-chrome-extension" > /dev/null; then echo "new_arm=true" >> $GITHUB_OUTPUT echo "arm_url=$url" >> $GITHUB_OUTPUT else echo "new_arm=false" >> $GITHUB_OUTPUT fi - name: Update update.sh if: steps.check_crx.outputs.new_crx == 'true' || steps.check_arm.outputs.new_arm == 'true' run: | if [ "${{ steps.check_crx.outputs.new_crx }}" = "true" ]; then sed -i '' "s/^CRX_VER=.*/CRX_VER=${{ steps.versions.outputs.crx_next }}/" "$UPDATE_FILE" fi if [ "${{ steps.check_arm.outputs.new_arm }}" = "true" ]; then sed -i '' "s/^CRX_LINUX_ARM_VER=.*/CRX_LINUX_ARM_VER=${{ steps.versions.outputs.arm_next }}/" "$UPDATE_FILE" fi - name: Run update.sh if: steps.check_crx.outputs.new_crx == 'true' || steps.check_arm.outputs.new_arm == 'true' run: | bash "$UPDATE_FILE" - name: Build PR body id: pr_body if: steps.check_crx.outputs.new_crx == 'true' || steps.check_arm.outputs.new_arm == 'true' run: | body="New TOR binaries available:\n" if [ "${{ steps.check_crx.outputs.new_crx }}" = "true" ]; then body+="\n- CRX: ${{ steps.versions.outputs.crx_next }} (${{ steps.check_crx.outputs.crx_url }})" fi if [ "${{ steps.check_arm.outputs.new_arm }}" = "true" ]; then body+="\n- Linux ARM: ${{ steps.versions.outputs.arm_next }} (${{ steps.check_arm.outputs.arm_url }})" fi echo "body<> $GITHUB_OUTPUT echo -e "$body" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT - name: Generate GitHub App token if: steps.check_crx.outputs.new_crx == 'true' || steps.check_arm.outputs.new_arm == 'true' id: trezor-bot-token uses: actions/create-github-app-token@v1 with: app-id: ${{ secrets.TREZOR_BOT_APP_ID }} private-key: ${{ secrets.TREZOR_BOT_PRIVATE_KEY }} - name: Create Pull Request if: steps.check_crx.outputs.new_crx == 'true' || steps.check_arm.outputs.new_arm == 'true' uses: peter-evans/create-pull-request@v7 with: token: ${{ steps.trezor-bot-token.outputs.token }} commit-message: "chore(suite-data): update TOR binaries" branch: chore/update-tor-binaries title: "Update TOR binaries" body: ${{ steps.pr_body.outputs.body }} base: ${{ github.ref_name }} delete-branch: true labels: tor, ci