Codey/.github/workflows/update-codey.yml at main · Codey-LAB/Codey · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# =============================================================================
# WORKFLOW: Codey Integrity Guard - [Update Codey] Version 2.3.0
# PART OF:  Codey - No Mercy EDITION
# =============================================================================
# Role:        Automated Audit & Compliance (ESOL v1.1)
# Copyright:   (c) 2026 VolkanSah
# License:     Apache 2.0 + ESOL v1.1 (https://github.com/VolkanSah/ESOL)
# Enforcement: Jurisdiction Berlin, Germany (StGB & DSGVO)
# =============================================================================

# Define the name of the workflow as it appears in the Actions tab
name: Update Codey v.2.3

# Define the triggers for this workflow
on:
  # Run automatically at 06:00 UTC every day (Cron syntax)
  # You can also run codey in +6h interval ,
  # to avoid miscalculation there ist ther RUN GURAD function in core >2.2.3
  schedule:
    - cron: '0 6 * * *'
  # Allow manual triggering of the workflow from the UI
  workflow_dispatch:

# Define the execution logic
jobs:
  # Job identifier
  update-codey:
    # Use the latest Ubuntu runner provided by GitHub
    runs-on: ubuntu-latest
    # Grant permission to write/push changes back to the repository
    permissions:
      contents: write

    steps:
    # Step 1: Clone the repository to the runner
    - uses: actions/checkout@v4
      with:
        # Use the default GITHUB_TOKEN for authentication
        token: ${{ secrets.GITHUB_TOKEN }}
        # Keep credentials stored to allow git commands later
        persist-credentials: true

    # Step 2: Prepare the Python environment
    - uses: actions/setup-python@v4
      with:
        # Specify the exact Python version for consistency
        python-version: '3.11'

    # Step 3: Setup required libraries
    - name: Install dependencies
      run: |
        # Upgrade the package installer first
        python -m pip install --upgrade pip
        # Install from file if it exists, otherwise fallback to 'requests'
        if [ -f requirements.txt ]; then pip install -r requirements.txt; else pip install requests; fi

    # Step 4: Execute the actual "No Mercy" audit/update script
    - name: Update Codey
      env:
        # Pass secrets and variables as environment variables to Python
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
        GIT_REPOSITORY: ${{ vars.GIT_REPOSITORY }}
        CODEY_FALLBACK: 'true'   # set false to bypass fallback for dev
      run: python update_codey.py

    # Step 5: Save changes back to the repository
    - name: Commit
      run: |
        # Set local identity for the commit
        git config --local user.name "Codey Bot"
        git config --local user.email "action@github.com"

        # Stage generated assets (suppress errors if files don't exist yet)
        git add codey.svg codey.json 2>/dev/null || true

        # Skip commit if nothing changed
        if git diff --cached --quiet; then
          echo "No changes to commit — skipping."
          exit 0
        fi

        # Commit the update
        git commit -m "🐾 Codey updated 🐾"

        # Pull remote changes first to avoid push conflicts
        # Uses current branch name automatically — works on main, PRs, test branches
        git pull --rebase origin ${{ github.ref_name }}

        # Push — never fails the workflow (e.g. protected branches, race conditions)
        git push || echo "⚠️ Push skipped (protected branch or no permission)"