Sync Extension from sentience-chrome #72
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sync Extension from sentience-chrome | |
| on: | |
| repository_dispatch: | |
| types: [extension-updated] | |
| workflow_dispatch: | |
| inputs: | |
| release_tag: | |
| description: 'Release tag from sentience-chrome (e.g., v1.0.0)' | |
| required: true | |
| type: string | |
| schedule: | |
| # Check for new releases daily at 2 AM UTC | |
| - cron: '0 2 * * *' | |
| jobs: | |
| sync-extension: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout sdk-python | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 # Fetch all history for proper branching | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Determine release tag | |
| id: release | |
| run: | | |
| if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
| TAG="${{ github.event.inputs.release_tag }}" | |
| elif [ "${{ github.event_name }}" == "repository_dispatch" ]; then | |
| TAG="${{ github.event.client_payload.release_tag }}" | |
| else | |
| # Scheduled check - get latest release | |
| # Note: This also needs a token with access to the private repo | |
| HTTP_CODE=$(curl -s -o latest_release.json -w "%{http_code}" \ | |
| -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ | |
| "https://api.github.com/repos/${{ secrets.SENTIENCE_CHROME_REPO }}/releases/latest") | |
| if [ "$HTTP_CODE" != "200" ]; then | |
| echo "❌ Failed to fetch latest release. HTTP Code: $HTTP_CODE" | |
| cat latest_release.json | |
| exit 1 | |
| fi | |
| TAG=$(cat latest_release.json | jq -r '.tag_name // empty') | |
| # Check if we already processed this tag | |
| if git ls-remote --exit-code --heads origin "sync-extension-$TAG"; then | |
| echo "Branch for $TAG already exists, skipping." | |
| echo "skip=true" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| fi | |
| if [ -z "$TAG" ]; then | |
| echo "Could not determine release tag." | |
| exit 1 | |
| fi | |
| echo "Syncing tag: $TAG" | |
| echo "tag=$TAG" >> $GITHUB_OUTPUT | |
| - name: Download extension files | |
| if: steps.release.outputs.skip != 'true' | |
| run: | | |
| TAG="${{ steps.release.outputs.tag }}" | |
| REPO="${{ secrets.SENTIENCE_CHROME_REPO }}" | |
| # Setup temp directory | |
| mkdir -p extension-temp | |
| cd extension-temp | |
| echo "⬇️ Fetching release info for $TAG from $REPO..." | |
| # 1. Get Release Info | |
| HTTP_CODE=$(curl -s -w "%{http_code}" -o release.json \ | |
| -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ | |
| "https://api.github.com/repos/$REPO/releases/tags/$TAG") | |
| if [ "$HTTP_CODE" != "200" ]; then | |
| echo "❌ Failed to fetch release info. HTTP Code: $HTTP_CODE" | |
| echo "Response Body:" | |
| cat release.json | |
| exit 1 | |
| fi | |
| # Check for asset URL | |
| ASSET_URL=$(cat release.json | jq -r '.assets[]? | select(.name == "extension-files.tar.gz") | .url') | |
| if [ -z "$ASSET_URL" ] || [ "$ASSET_URL" == "null" ]; then | |
| echo "❌ Critical Error: extension-files.tar.gz not found in release assets!" | |
| echo "Available assets:" | |
| cat release.json | jq -r '.assets[].name' | |
| exit 1 | |
| fi | |
| echo "📦 Downloading tarball from asset API endpoint..." | |
| # NOTE: For private repos, we must use the API URL (.url) with Accept: application/octet-stream header | |
| # Using .browser_download_url often redirects to S3 which breaks auth headers | |
| HTTP_CODE=$(curl -L -s -w "%{http_code}" -o extension.tar.gz \ | |
| -H "Authorization: token ${{ secrets.SENTIENCE_CHROME_TOKEN }}" \ | |
| -H "Accept: application/octet-stream" \ | |
| "$ASSET_URL") | |
| if [ "$HTTP_CODE" != "200" ] && [ "$HTTP_CODE" != "302" ]; then | |
| echo "❌ Failed to download asset. HTTP Code: $HTTP_CODE" | |
| # If it's a small file (error message), show it | |
| if [ $(stat -c%s extension.tar.gz) -lt 1000 ]; then | |
| cat extension.tar.gz | |
| fi | |
| exit 1 | |
| fi | |
| # 3. Verify File Type before extracting | |
| FILE_TYPE=$(file -b --mime-type extension.tar.gz) | |
| echo "📄 Downloaded file type: $FILE_TYPE" | |
| if [[ "$FILE_TYPE" != *"gzip"* ]] && [[ "$FILE_TYPE" != *"octet-stream"* ]]; then | |
| echo "❌ Error: Downloaded file is not a gzip archive. It is: $FILE_TYPE" | |
| echo "First 100 bytes:" | |
| head -c 100 extension.tar.gz | |
| exit 1 | |
| fi | |
| # 4. Extract | |
| echo "📂 Extracting..." | |
| tar -xzf extension.tar.gz | |
| rm extension.tar.gz | |
| if [ ! -f "manifest.json" ]; then | |
| echo "❌ Error: manifest.json missing after extraction" | |
| exit 1 | |
| fi | |
| - name: Update extension files | |
| if: steps.release.outputs.skip != 'true' | |
| run: | | |
| # Target directory in sdk-python (inside the package source) | |
| TARGET_DIR="sentience/extension" | |
| # Ensure target directory exists and is clean | |
| rm -rf "$TARGET_DIR" | |
| mkdir -p "$TARGET_DIR" | |
| # Copy files from temp directory | |
| cp -r extension-temp/* "$TARGET_DIR/" | |
| # Verify copy | |
| if [ ! -f "$TARGET_DIR/manifest.json" ]; then | |
| echo "❌ Failed to copy manifest.json to $TARGET_DIR" | |
| exit 1 | |
| fi | |
| # Cleanup | |
| rm -rf extension-temp | |
| echo "✅ Extension files updated in $TARGET_DIR" | |
| ls -la "$TARGET_DIR" | |
| - name: Check for changes | |
| if: steps.release.outputs.skip != 'true' | |
| id: changes | |
| run: | | |
| git add sentience/extension/ | |
| if git diff --staged --quiet; then | |
| echo "No changes detected." | |
| echo "changed=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Changes detected." | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| # Show staged files | |
| echo "📊 Staged file sizes:" | |
| git diff --staged --name-only | while read file; do | |
| if [ -f "$file" ]; then | |
| size=$(ls -lh "$file" | awk '{print $5}') | |
| echo " $file: $size" | |
| fi | |
| done | |
| fi | |
| - name: Create Pull Request | |
| if: steps.release.outputs.skip != 'true' && steps.changes.outputs.changed == 'true' | |
| uses: peter-evans/create-pull-request@v5 | |
| with: | |
| token: ${{ secrets.PR_TOKEN || secrets.GITHUB_TOKEN }} | |
| commit-message: "chore: sync extension files from sentience-chrome ${{ steps.release.outputs.tag }}" | |
| title: "Sync Extension: ${{ steps.release.outputs.tag }}" | |
| body: | | |
| This PR syncs extension files from sentience-chrome release ${{ steps.release.outputs.tag }}. | |
| **Files updated:** | |
| - Extension manifest and scripts | |
| - WASM binary and bindings | |
| **Source:** [sentience-chrome release ${{ steps.release.outputs.tag }}](https://github.com/${{ secrets.SENTIENCE_CHROME_REPO }}/releases/tag/${{ steps.release.outputs.tag }}) | |
| branch: sync-extension-${{ steps.release.outputs.tag }} | |
| delete-branch: true | |
| labels: | | |
| automated | |
| extension-sync |