Skip to content
Check Upstream OpenSSL

Check Upstream OpenSSL #23

Sign in to view logs

Check Upstream OpenSSL

Check Upstream OpenSSL #23

Workflow file for this run

.github/workflows/check-upstream.yml at 613e34a
name: Check Upstream OpenSSL
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
permissions:
actions: write
contents: read
jobs:
check-and-trigger:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Check for New OpenSSL Release
id: check_version
env:
# Use PAT for API calls to avoid rate limits and ensure scope
GH_TOKEN: ${{ secrets.RBPW_PAT }}
run: |
echo "Fetching latest OpenSSL 3.x release..."
# 1. Get upstream tag
LATEST_UPSTREAM=$(gh api repos/openssl/openssl/releases --jq 'map(select(.tag_name | startswith("openssl-3."))) | .[0].tag_name')
if [ -z "$LATEST_UPSTREAM" ] || [ "$LATEST_UPSTREAM" == "null" ]; then
echo "::error::Could not fetch upstream version."
exit 1
fi
CLEAN_VERSION=${LATEST_UPSTREAM#openssl-}
echo "Latest Upstream Version: $CLEAN_VERSION"
# 2. Check local releases
LOCAL_MATCH=$(gh release list --limit 10 | grep "$CLEAN_VERSION" || true)
if [ -n "$LOCAL_MATCH" ]; then
echo "We already have a release for $CLEAN_VERSION. Nothing to do."
echo "trigger_build=false" >> $GITHUB_OUTPUT
else
echo "New version detected ($CLEAN_VERSION)! Preparing to trigger build."
echo "trigger_build=true" >> $GITHUB_OUTPUT
echo "new_version=$CLEAN_VERSION" >> $GITHUB_OUTPUT
fi
- name: Trigger Build Workflow
if: steps.check_version.outputs.trigger_build == 'true'
env:
# MUST use PAT to ensure the triggered build can trigger the Release workflow later
GH_TOKEN: ${{ secrets.RBPW_PAT }}
run: |
echo "Triggering 'Build OpenSSL 3.x' workflow for version ${{ steps.check_version.outputs.new_version }}..."
gh workflow run build-openssl.yml -f version="${{ steps.check_version.outputs.new_version }}"
echo "✅ Build triggered successfully."