ci: partial integration with new script to fetch new versions

.github/check-update.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+repo_tags=$(curl 'https://api.github.com/repos/zen-browser/desktop/tags' -s)
+
+twilight_tag=$(echo "$repo_tags" | jq -r '.[]|select(.name|test("twilight"))')
+beta_tag=$(echo "$repo_tags" | jq -r '(map(select(.name | test("-b.")))) | first')
+
+check_update() {
+    name=$1
+    arch=$2
+    target_tag_meta=$3
+
+    meta=$(jq ".[\"$name\"][\"$arch-linux\"]" <sources.json)
+
+    local_sha1=$(echo "$meta" | jq -r '.sha1')
+    remote_sha1=$(echo "$target_tag_meta" | jq -r '.commit.sha')
+
+    echo "Checking $name version @ $arch... local=$local_sha1 remote=$remote_sha1"
+
+    if [ "$local_sha1" = "$remote_sha1" ]; then
+        echo "Local $name version is up to date"
+    else
+        echo "should_update=true" >>"$GITHUB_OUTPUT"
+        return
+    fi
+}
+
+set -e
+
+check_update "beta" "x86_64" "$beta_tag"
+check_update "beta" "aarch64" "$beta_tag"
+check_update "twilight" "x86_64" "$twilight_tag"
+check_update "twilight" "aarch64" "$twilight_tag"

.github/new-version.sh

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-echo "Fetching upstream version from GitHub API..." >&2
-upstream_data=$(curl -s https://api.github.com/repos/zen-browser/desktop/releases/latest)
-echo "Upstream data: $upstream_data" >&2
-
-upstream=$(echo "$upstream_data" | tr -d '\000-\037\177' | jq -r '.tag_name')
-echo "Upstream version is: $upstream" >&2
-
-local=$(grep -oP 'beta_version = "\K[^"]+' flake.nix)
-echo "Current version (local) is: $local" >&2 # first!
-
-if [ "$upstream" != "$local" ]; then
-    echo "new_version=true" >>"$GITHUB_OUTPUT"
-    echo "upstream=$upstream" >>"$GITHUB_OUTPUT"
-fi
-
-echo "$upstream"

.github/update-zen-browser.bash

@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-
-script_dir="$(dirname -- "$0")"
-
-upstream="null"
-
-max_attempts=10
-attempts=1
-
-while [ "$upstream" == "null" ]; do
-    upstream=$("$script_dir/new-version.sh")
-
-    if [ "$upstream" != "null" ]; then
-        break
-    elif [ $attempts -ge $max_attempts ]; then
-        echo "Unable to determine new upstream version"
-        exit 1
-    fi
-
-    echo "[attempt #${attempts}] Unable to determine new upstream version, retrying in 5 seconds..."
-    attempts=$((attempts + 1))
-    sleep 5
-done
-
-upstream=$("$script_dir/new-version.sh" | cat -)
-if [ "$upstream" == "null" ]; then
-    echo "Unable to determine new upstream version"
-    return 1
-fi
-
-echo "Updating to $upstream"
-
-base_url="https://github.com/zen-browser/desktop/releases/download/$upstream"
-
-# Modify with sed the nix file
-sed -i "s/beta_version = \".*\"/beta_version = \"$upstream\"/" ./flake.nix
-
-# Update the hash sha256
-hash=$(nix-prefetch-url --type sha256 --unpack "$base_url/zen.linux-x86_64.tar.bz2")
-sed -i "s/beta_hash = \".*\"/beta_hash = \"$hash\"/" ./flake.nix
-
-nix flake update
-nix build .#beta

.github/update.sh

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+repo_tags=$(curl 'https://api.github.com/repos/zen-browser/desktop/tags' -s)
+
+twilight_tag=$(echo "$repo_tags" | jq -r '.[]|select(.name|test("twilight"))')
+beta_tag=$(echo "$repo_tags" | jq -r '(map(select(.name | test("-b.")))) | first')
+
+try_to_update() {
+    name=$1
+    arch=$2
+    target_tag_meta=$3
+
+    meta=$(jq ".[\"$name\"][\"$arch-linux\"]" <sources.json)
+
+    local_sha1=$(echo "$meta" | jq -r '.sha1')
+    remote_sha1=$(echo "$target_tag_meta" | jq -r '.commit.sha')
+
+    echo "Checking $name version @ $arch... local=$local_sha1 remote=$remote_sha1"
+
+    if [ "$local_sha1" = "$remote_sha1" ]; then
+        echo "Local $name version is up to date"
+    else
+        echo "Local $name version is outdated"
+
+        version=$(echo "$target_tag_meta" | jq -r '.name')
+        download_url="https://github.com/zen-browser/desktop/releases/download/$version/zen.linux-$arch.tar.bz2"
+
+        prefetch_output=$(nix store prefetch-file --hash-type sha256 --json "$download_url")
+        sha256=$(echo "$prefetch_output" | jq -r '.hash')
+
+        jq ".[\"$name\"][\"$arch-linux\"] = {\"name\":\"$name\",\"version\":\"$version\",\"sha1\":\"$remote_sha1\",\"url\":\"$download_url\",\"sha256\":\"$sha256\"}" <sources.json >sources.json.tmp
+        mv sources.json.tmp sources.json
+
+        echo "$name was updated to $version" # missing nix build!
+    fi
+}
+
+set -e
+
+try_to_update "beta" "x86_64" "$beta_tag"
+try_to_update "beta" "aarch64" "$beta_tag"
+try_to_update "twilight" "x86_64" "$twilight_tag"
+try_to_update "twilight" "aarch64" "$twilight_tag"

.github/workflows/zen-update.yml

@@ -13,28 +13,28 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Check new version
-        id: new-version
+      - name: Check if update is needed
+        id: check
         run: |
-          .github/new-version.sh
+          .github/check-update.sh
 
       - name: Install Nix
-        if: steps.new-version.outputs.new_version == 'true'
+        if: steps.check.outputs.should_update == 'true'
         uses: cachix/install-nix-action@v27
         with:
           nix_path: nixpkgs=channel:nixpkgs-unstable
 
       - name: Setup Nix Magic Cache
-        if: steps.new-version.outputs.new_version == 'true'
+        if: steps.check.outputs.should_update == 'true'
         uses: DeterminateSystems/magic-nix-cache-action@main
 
-      - name: Update hashes and test build
-        if: steps.new-version.outputs.new_version == 'true'
+      - name: Update versions
+        if: steps.check.outputs.should_update == 'true'
         run: |
-          .github/update-zen-browser.bash
+          .github/update.sh
 
       - name: Commit changes
-        if: steps.new-version.outputs.new_version == 'true'
+        if: steps.check.outputs.should_update == 'true'
         uses: stefanzweifel/git-auto-commit-action@v5
         with:
           commit_message: "Update Zen Browser to v${{ steps.new-version.outputs.upstream }}"