elixir-mint / castore

Up-to-date certificate store for Elixir. ๐Ÿ”
161 stars 20 forks source link

CI creates a new release when curl command fails #68

Closed antedeguemon closed 1 month ago

antedeguemon commented 6 months ago

Hey folks!

As noted by @cgrothaus in https://github.com/elixir-mint/castore/pull/67#issuecomment-2068543434, the Outdated CI pipeline mistakenly bumps the library version and creates a new release whenever the curl command fails: https://github.com/elixir-mint/castore/actions/runs/8761722399/job/24048599140

SHA256 of old file: 0
Downloading certdata.txt ...
Get certdata with curl!
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to hg.mozilla.org:443 
Failed downloading via HTTPS with curl
Falling back to HTTP
URLs other than HTTPS are disabled by default, to enable use -k
** (File.Error) could not remove file "ca-bundle.crt": no such file or directory
    (elixir 1.14.3) lib/file.ex:1182: File.rm!/1
    (castore 1.0.6) lib/mix/tasks/certdata.ex:[90](https://github.com/elixir-mint/castore/actions/runs/8761722399/job/24048599140#step:4:91): Mix.Tasks.Certdata.fetch_ca_bundle/0
    (castore 1.0.6) lib/mix/tasks/certdata.ex:55: Mix.Tasks.Certdata.run/1
    (mix 1.14.3) lib/mix/task.ex:421: anonymous fn/3 in Mix.Task.run_task/4
    (mix 1.14.3) lib/mix/cli.ex:84: Mix.CLI.run_task/2
[outdated [91](https://github.com/elixir-mint/castore/actions/runs/8761722399/job/24048599140#step:4:92)2f587] Update certificates
 1 file changed, 1 insertion(+), 1 deletion(-)
remote: 
remote: Create a pull request for 'outdated' on GitHub by visiting:        
remote:      https://github.com/elixir-mint/castore/pull/new/outdated        
remote: 
To https://github.com/elixir-mint/castore
 * [new branch]      outdated -> outdated
branch 'outdated' set up to track 'origin/outdated'.

This happens because the exit code of mix certdata --check-outdated is the same when there are outdated certificates and when some failure occurs with fetching the certificates.

ericmj commented 6 months ago

I think we should use a specific exit code for outdated certs. We use exceptions to stop the task in case of some error and they always set the exit code to 1. So as long as we use a different than 0 or 1 and check for that exit code specifically in outdated.sh we should be good.

@antedeguemon Would you be interested in sending a PR with a fix?

antedeguemon commented 6 months ago

@ericmj I sure am! I will try to push a fix this week. ๐Ÿ˜

whatyouhide commented 1 month ago

@antedeguemon ping ๐Ÿ™ƒ

antedeguemon commented 1 month ago

@whatyouhide oops, my apologies for the delay - life got a bit more busy these past months.

We can close this issue since @vshev4enko already handled it in https://github.com/elixir-mint/castore/pull/71. Thank you all! ๐Ÿซถ