From 97427830c6e82ab23c665616b064127e8611f5f1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 29 Dec 2023 11:28:21 -0500 Subject: [PATCH] ci: add cert-update cron workflow This commit adds a CI workflow that runs once a week to create a PR updating the real world verification test certificates (if required). This will help prevent CI breaking when the vendored Let's Encrypt exemplar certificate expires. --- .github/workflows/cert-update.yml | 47 +++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/cert-update.yml diff --git a/.github/workflows/cert-update.yml b/.github/workflows/cert-update.yml new file mode 100644 index 00000000..d6a363cd --- /dev/null +++ b/.github/workflows/cert-update.yml @@ -0,0 +1,47 @@ +on: + workflow_dispatch: + schedule: + # Run on wednesdays at 12:10 UTC + - cron: '10 12 * * 3' + +name: cert-update +permissions: + contents: read + +jobs: + test-cert-update: + name: Update test certificates + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + persist-credentials: false + + # Note: presently need Rust nightly to use the Cargo scripting feature. + - name: Install Rust nightly + uses: dtolnay/rust-toolchain@nightly + + - name: Run update script + run: src/tests/verification_real_world/update_valid_ee_certs.rs + + - name: Create pull-request + id: cpr + uses: peter-evans/create-pull-request@v4 + with: + commit-message: "tests: update verification_real_world test certificates" + title: "tests: update verification_real_world test certificates" + body: ":robot: This PR was automatically generated by the cert-update workflow." + committer: "GitHub " + author: "GitHub " + branch: test-cert-update + branch-suffix: timestamp + delete-branch: true + + - name: Check outputs + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"