-
Notifications
You must be signed in to change notification settings - Fork 0
232 lines (196 loc) · 7.95 KB
/
sync-extension.yml
File metadata and controls
232 lines (196 loc) · 7.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
name: Sync Extension from predicate-chrome
on:
repository_dispatch:
types: [extension-updated]
workflow_dispatch:
inputs:
release_tag:
description: 'Release tag from predicate-chrome (e.g., v1.0.0)'
required: true
type: string
schedule:
# Check for new releases daily at 2 AM UTC
- cron: '0 2 * * *'
jobs:
sync-extension:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout sdk-python
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0 # Fetch all history for proper branching
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Determine release tag
id: release
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
TAG="${{ github.event.inputs.release_tag }}"
elif [ "${{ github.event_name }}" == "repository_dispatch" ]; then
TAG="${{ github.event.client_payload.release_tag }}"
else
# Scheduled check - get latest release
# Note: This also needs a token with access to the private repo
HTTP_CODE=$(curl -L -s -o latest_release.json -w "%{http_code}" \
-H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/${{ secrets.SENTIENCE_CHROME_REPO }}/releases/latest")
if [ "$HTTP_CODE" != "200" ]; then
echo "❌ Failed to fetch latest release. HTTP Code: $HTTP_CODE"
cat latest_release.json
exit 1
fi
TAG=$(cat latest_release.json | jq -r '.tag_name // empty')
# Check if we already processed this tag
if git ls-remote --exit-code --heads origin "sync-extension-$TAG"; then
echo "Branch for $TAG already exists, skipping."
echo "skip=true" >> $GITHUB_OUTPUT
exit 0
fi
fi
if [ -z "$TAG" ]; then
echo "Could not determine release tag."
exit 1
fi
echo "Syncing tag: $TAG"
echo "tag=$TAG" >> $GITHUB_OUTPUT
- name: Download extension files
if: steps.release.outputs.skip != 'true'
run: |
TAG="${{ steps.release.outputs.tag }}"
REPO="${{ secrets.SENTIENCE_CHROME_REPO }}"
# Setup temp directory
mkdir -p extension-temp
cd extension-temp
echo "⬇️ Fetching release info for $TAG from $REPO..."
# 1. Get Release Info
HTTP_CODE=$(curl -L -s -w "%{http_code}" -o release.json \
-H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/$REPO/releases/tags/$TAG")
if [ "$HTTP_CODE" != "200" ]; then
echo "❌ Failed to fetch release info. HTTP Code: $HTTP_CODE"
echo "Response Body:"
cat release.json
exit 1
fi
# Check for asset URL
ASSET_URL=$(cat release.json | jq -r '.assets[]? | select(.name == "extension-files.tar.gz") | .url')
if [ -z "$ASSET_URL" ] || [ "$ASSET_URL" == "null" ]; then
echo "❌ Critical Error: extension-files.tar.gz not found in release assets!"
echo "Available assets:"
cat release.json | jq -r '.assets[].name'
exit 1
fi
echo "📦 Downloading tarball from asset API endpoint..."
# NOTE: For private repos, we must use the API URL (.url) with Accept: application/octet-stream header
# Using .browser_download_url often redirects to S3 which breaks auth headers
HTTP_CODE=$(curl -L -s -w "%{http_code}" -o extension.tar.gz \
-H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \
-H "Accept: application/octet-stream" \
"$ASSET_URL")
if [ "$HTTP_CODE" != "200" ] && [ "$HTTP_CODE" != "302" ]; then
echo "❌ Failed to download asset. HTTP Code: $HTTP_CODE"
# If it's a small file (error message), show it
if [ $(stat -c%s extension.tar.gz) -lt 1000 ]; then
cat extension.tar.gz
fi
exit 1
fi
# 3. Verify File Type before extracting
FILE_TYPE=$(file -b --mime-type extension.tar.gz)
echo "📄 Downloaded file type: $FILE_TYPE"
if [[ "$FILE_TYPE" != *"gzip"* ]] && [[ "$FILE_TYPE" != *"octet-stream"* ]]; then
echo "❌ Error: Downloaded file is not a gzip archive. It is: $FILE_TYPE"
echo "First 100 bytes:"
head -c 100 extension.tar.gz
exit 1
fi
# 4. Extract
echo "📂 Extracting..."
tar -xzf extension.tar.gz
rm extension.tar.gz
if [ ! -f "manifest.json" ]; then
echo "❌ Error: manifest.json missing after extraction"
exit 1
fi
- name: Update extension files
if: steps.release.outputs.skip != 'true'
run: |
# Target directory in sdk-python (inside the package source)
TARGET_DIR="predicate/extension"
# Ensure target directory exists and is clean
rm -rf "$TARGET_DIR"
mkdir -p "$TARGET_DIR"
# Copy files from temp directory
cp -r extension-temp/* "$TARGET_DIR/"
# Verify required files were copied (including WASM pkg artifacts)
REQUIRED_FILES=(
"$TARGET_DIR/manifest.json"
"$TARGET_DIR/content.js"
"$TARGET_DIR/background.js"
"$TARGET_DIR/injected_api.js"
"$TARGET_DIR/pkg/sentience_core.js"
"$TARGET_DIR/pkg/sentience_core_bg.wasm"
)
MISSING_FILES=()
for file in "${REQUIRED_FILES[@]}"; do
if [ ! -f "$file" ]; then
MISSING_FILES+=("$file")
fi
done
if [ ${#MISSING_FILES[@]} -ne 0 ]; then
echo "❌ Extension sync incomplete. Missing required files:"
printf ' - %s\n' "${MISSING_FILES[@]}"
exit 1
fi
# Cleanup
rm -rf extension-temp
echo "✅ Extension files updated in $TARGET_DIR"
ls -la "$TARGET_DIR"
- name: Check for changes
if: steps.release.outputs.skip != 'true'
id: changes
run: |
git add predicate/extension/
if git diff --staged --quiet; then
echo "No changes detected."
echo "changed=false" >> $GITHUB_OUTPUT
else
echo "Changes detected."
echo "changed=true" >> $GITHUB_OUTPUT
# Show staged files
echo "📊 Staged file sizes:"
git diff --staged --name-only | while read file; do
if [ -f "$file" ]; then
size=$(ls -lh "$file" | awk '{print $5}')
echo " $file: $size"
fi
done
fi
- name: Create Pull Request
if: steps.release.outputs.skip != 'true' && steps.changes.outputs.changed == 'true'
uses: peter-evans/create-pull-request@v5
with:
token: ${{ secrets.PR_TOKEN || secrets.GITHUB_TOKEN }}
commit-message: "chore: sync extension files from predicate-chrome ${{ steps.release.outputs.tag }}"
title: "Sync Extension: ${{ steps.release.outputs.tag }}"
body: |
This PR syncs extension files from predicate-chrome release ${{ steps.release.outputs.tag }}.
**Files updated:**
- Extension manifest and scripts
- WASM binary and bindings
**Source:** [sentience-chrome release ${{ steps.release.outputs.tag }}](https://github.com/${{ secrets.SENTIENCE_CHROME_REPO }}/releases/tag/${{ steps.release.outputs.tag }})
branch: sync-extension-${{ steps.release.outputs.tag }}
delete-branch: true
labels: |
automated
extension-sync