search

flathub-infra / flatpak-external-data-checker

A tool for checking if the external data used in Flatpak manifests is still up to date
GNU General Public License v2.0
115 stars 34 forks source link

FlatHub PR bot not running on com.quexten.Goldwarden & github workflow whitelist too restrictive #416

Closed quexten closed 5 months ago

quexten commented 5 months ago

Trying to automate https://github.com/flathub/com.quexten.Goldwarden, I encountered two issues.

Running this tool locally on the default (master) branch gives:

INFO    src.manifest: Loading module from python3-requirements.json
INFO    src.manifest: Checking 4 external data items
INFO    src.manifest: Skipped check [1/4] file python3-tendo/tendo-0.3.0-py3-none-any.whl (from python3-requirements.json)
INFO    src.manifest: Started check [2/4] archive goldwarden-python-ui/v0.2.15.tar.gz (from com.quexten.Goldwarden.yml)
INFO    src.manifest: Started check [3/4] file goldwarden-core-daemon/goldwarden_linux_x86_64 (from com.quexten.Goldwarden.yml)
INFO    src.manifest: Started check [4/4] file goldwarden-core-daemon/goldwarden_linux_arm64 (from com.quexten.Goldwarden.yml)
INFO    src.lib.externaldata: Source v0.2.15.tar.gz: got new version v0.2.16
INFO    src.manifest: Finished check [2/4] archive goldwarden-python-ui/v0.2.15.tar.gz (from com.quexten.Goldwarden.yml)
INFO    src.lib.externaldata: Source goldwarden_linux_arm64: got new version v0.2.16
INFO    src.manifest: Finished check [3/4] file goldwarden-core-daemon/goldwarden_linux_arm64 (from com.quexten.Goldwarden.yml)
INFO    src.lib.externaldata: Source goldwarden_linux_x86_64: got new version v0.2.16
INFO    src.manifest: Finished check [4/4] file goldwarden-core-daemon/goldwarden_linux_x86_64 (from com.quexten.Goldwarden.yml)
OUTDATED: v0.2.15.tar.gz
 Has a new version:
  URL:       https://api.github.com/repos/quexten/goldwarden/tarball/v0.2.16
  MD5:       1dc18f9e0bc62ac673a9e3565078efd2
  SHA1:      63eec54f80c1d5e6291b1118a168f111989bd3a3
  SHA256:    79074dc4b0113c3ab9800e16f3818ed7fde7c0487fd47989890575bc3ccfa0f9
  SHA512:    9fa39debe38723bb2c497744ec39f623a894a49561058612a7d1f3864c5e6743130c1e61cd46b825e2848476fe7b3db1e020445602298b22172cf7d4b15aa7cd
  Size:      82092
  Version:   v0.2.16
  Timestamp: 2024-04-30 13:10:31

OUTDATED: goldwarden_linux_x86_64
 Has a new version:
  URL:       https://github.com/quexten/goldwarden/releases/download/v0.2.16/goldwarden_linux_x86_64
  MD5:       e94c3470e1ab7e21669d4a333b0ace2d
  SHA1:      04bf4d76db0ade7b29309f853817afc677fdc426
  SHA256:    6cecdd6b3a04b19e28d8359646a342ee6ed79edcf6375e0cfa290f6520fa5c73
  SHA512:    44c60039a882a5144d358065dcce99698f2ca421776a858506ae5d45238055c38c419be55615e822132fd56e82873f54aa717a0b7be99f66a80f5f3507531d87
  Size:      13741688
  Version:   v0.2.16
  Timestamp: 2024-04-29 22:58:36

OUTDATED: goldwarden_linux_arm64
 Has a new version:
  URL:       https://github.com/quexten/goldwarden/releases/download/v0.2.16/goldwarden_linux_arm64
  MD5:       f4188412639a7b2c97d2bd92378b59b6
  SHA1:      f2a4da938e3e9e0298eec4efd6223d5b0b45b2ab
  SHA256:    2d97a3bc1c21bfa9bca0478bf308c7f54b1515c6daa6c4c567a64f8a4bc4aa7d
  SHA512:    2ab244c724b3aa532256e0ab1dad9cee3b65dd63d65efee472c1b7d5a1c76c5629b50de837f4b95d3bb72157d649a419ad5e543613b3ef1da127c0d2843956be
  Size:      13192247
  Version:   v0.2.16
  Timestamp: 2024-04-29 22:57:11

INFO    src.main: Check finished with 0 error(s)

So the x-checker metadata seems to be configured correctly. However, despite the Readme saying the checker runs hourly, there has been no PR in the last ~12 hours. Does my repo need to be whitelisted? The bot seemingly still creates PR's fine on other repositories: https://github.com/flathub/com.jetbrains.GoLand/pull/91

Because of that I tried setting up a GitHub workflow, as described in the section below the FlatHub section, but the action is prevented from running (https://github.com/flathub/com.quexten.Goldwarden/actions/runs/8895293953) due to:

docker://ghcr.io/flathub-infra/flatpak-external-data-checker:latest is not allowed to be used in flathub/com.quexten.Goldwarden. Actions in this workflow must be: within a repository owned by flathub, created by GitHub, or matching the following: distributhor/workflow-webhook@*, docker/*, docker://ghcr.io/flathub/*, flathub/*, getsentry/action-release@v1, peter-evans/create-pull-request@*, actions-rs/*.

Changing the pattern to include docker://ghcr.io/flathub-infra/* would help here.

quexten commented 5 months ago

Still not sure why the FlatHub infra is/was not picking up the changes but I got the GitHub workflow runnig by changing the image to the one under flathub/ instead of flathub-infra/ and created #417 to make the Readme link to the correct image.

wjt commented 5 months ago

The Flathub-wide job is currently broken due to the sheer number of repositories being checked.

quexten commented 5 months ago

Thanks for the info! Weird that the repo I linked had PRs opened just hours before I tried. Must have been timing coincidence.

razzeee commented 5 months ago

Thanks for the info! Weird that the repo I linked had PRs opened just hours before I tried. Must have been timing coincidence.

It's not generally broken, it times out after 6 hours, so if your projects are early in the list, they might get processed