Update Slicer.crt certificate bundle #94
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Slicer.crt certificate bundle | |
| on: | |
| schedule: | |
| # Every tuesday at 11.30am UTC (7.30am ET) | |
| - cron: "30 11 * * 2" | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| update-slicer-certificate-bundle: | |
| name: Update Slicer.crt certificate bundle | |
| runs-on: ubuntu-latest | |
| env: | |
| CERTDATA_OWNER: mozilla | |
| CERTDATA_REPO: gecko-dev | |
| CERTDATA_PATH: security/nss/lib/ckfw/builtins/certdata.txt | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Get sha and canonical download url for latest version of certdata.txt file | |
| id: latest_certdata | |
| run: | | |
| sha=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| "https://api.github.com/repos/${{ env.CERTDATA_OWNER }}/${{ env.CERTDATA_REPO }}/commits?path=${{ env.CERTDATA_PATH }}&sha=master&per_page=1" | jq ".[0] | .sha" -r) | |
| echo "sha=${sha}" >> $GITHUB_OUTPUT | |
| download_url="https://github.com/${{ env.CERTDATA_OWNER }}/${{ env.CERTDATA_REPO }}/blob/${sha}/${{ env.CERTDATA_PATH }}?raw=true" | |
| echo "download_url=${download_url}" >> $GITHUB_OUTPUT | |
| - name: Download certdata.txt from https://github.com/mozilla/gecko-dev | |
| run: | | |
| cd Base/QTCore/Resources/Certs && | |
| curl -L# -o certdata.txt ${{ steps.latest_certdata.outputs.download_url }} | |
| - name: Generate Slicer.crt | |
| run: | | |
| cd Base/QTCore/Resources/Certs && | |
| ./make-ca.sh | |
| - name: Cleanup | |
| run: | | |
| cd Base/QTCore/Resources/Certs && | |
| rm certdata.txt | |
| - name: Get SHA of the branch that triggered the workflow run | |
| id: head_branch | |
| run: | | |
| sha=$(git rev-parse ${{ github.ref }}) | |
| echo "sha=${sha}" >> $GITHUB_OUTPUT | |
| - name: Create Pull Request | |
| id: cpr | |
| uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 | |
| with: | |
| token: ${{ secrets.SLICERBOT_GITHUB_TOKEN }} | |
| commit-message: | | |
| ENH: Update Slicer.crt CA bundle | |
| This commit updates Slicer.crt certificate bundle with [make-ca.sh][1] script using the | |
| content of [certdata][2] associated with ${{ env.CERTDATA_OWNER }}/${{ env.CERTDATA_REPO }}@${{ steps.latest_certdata.outputs.sha }}, | |
| It was auto-generated by the [update-slicer-certificate-bundle][3] GitHub action workflow. | |
| [1]: https://github.com/${{ github.repository }}/blob/${{ steps.head_branch.outputs.sha }}/Base/QTCore/Resources/Certs/make-ca.sh | |
| [2]: ${{ steps.latest_certdata.outputs.download_url }} | |
| [3]: https://github.com/${{ github.repository }}/blob/${{ steps.head_branch.outputs.sha }}/.github/workflows/update-slicer-certificate-bundle.yml | |
| committer: Slicer Bot <[email protected]> | |
| author: Slicer Bot <[email protected]> | |
| signoff: false | |
| branch: slicerbot/update-slicer-certificate-bundle | |
| delete-branch: true | |
| title: "Update Slicer.crt CA bundle" | |
| body: | | |
| This pull-request was auto-generated by the [update-slicer-certificate-bundle][1] GitHub action workflow. | |
| [1]: https://github.com/${{ github.repository }}/blob/${{ steps.head_branch.outputs.sha }}/.github/workflows/update-slicer-certificate-bundle.yml | |
| draft: false |