update-cacert-bundle.yml 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. name: Update CA certificate bundle
  2. on:
  3. workflow_dispatch:
  4. schedule:
  5. - cron: "5 2 * * *"
  6. jobs:
  7. update-ca-certificate-bundle:
  8. runs-on: ubuntu-latest
  9. strategy:
  10. fail-fast: false
  11. matrix:
  12. branches: ["master", "stable28", "stable27", "stable26", "stable25", "stable24", "stable23", "stable22"]
  13. name: update-ca-certificate-bundle-${{ matrix.branches }}
  14. steps:
  15. - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  16. with:
  17. ref: ${{ matrix.branches }}
  18. submodules: true
  19. - name: Download CA certificate bundle from curl
  20. run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem
  21. - name: Create Pull Request
  22. uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38
  23. with:
  24. token: ${{ secrets.COMMAND_BOT_PAT }}
  25. commit-message: "fix(security): Update CA certificate bundle"
  26. committer: GitHub <noreply@github.com>
  27. author: nextcloud-command <nextcloud-command@users.noreply.github.com>
  28. signoff: true
  29. branch: automated/noid/${{ matrix.branches }}-update-ca-cert-bundle
  30. title: "[${{ matrix.branches }}] fix(security): Update CA certificate bundle"
  31. body: |
  32. Auto-generated update of CA certificate bundle from [https://curl.se/docs/caextract.html](https://curl.se/docs/caextract.html)
  33. labels: |
  34. dependencies
  35. 3. to review