Fix checking current version since semantic versioning adoption (v7.0.0)

.forgejo/workflows/release.yaml

@@ -0,0 +1,79 @@
+---
+name: Build and publish Debian package
+on: [create]
+jobs:
+  build:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/debian-python-deb:latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Build Debian package
+        env:
+          MAINTAINER_NAME: ${{ vars.MAINTAINER_NAME }}
+          MAINTAINER_EMAIL: ${{ vars.MAINTAINER_EMAIL }}
+          DEBIAN_CODENAME: ${{ vars.DEBIAN_CODENAME }}
+        run: |
+          echo "${{ secrets.GPG_KEY }}"|base64 -d|gpg --import
+          ./build.sh
+      - name: Upload Debian package files
+        uses: actions/upload-artifact@v3
+        with:
+          name: dist
+          path: |
+            dist
+
+  publish-forgejo:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/debian-python-deb:latest
+    steps:
+      - name: Download Debian package files
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+
+      - name: Create the release
+        id: create-release
+        shell: bash
+        run: |
+          mkdir release
+          mv *.deb release/
+          mv check-forgejo-upgrade-*/check_forgejo_upgrade release/
+          {
+            echo 'release_note<<EOF'
+            cat release_notes.md
+            echo 'EOF'
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Publish release on Forgejo
+        uses: actions/forgejo-release@v1
+        with:
+          direction: upload
+          url: https://gitea.zionetrix.net
+          token: ${{ secrets.forgejo_token }}
+          release-dir: release
+          release-notes: ${{ steps.create-release.outputs.release_note }}
+
+  publish-aptly:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/aptly-publish:latest
+    steps:
+      - name: "Download Debian package files"
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+
+      - name: "Publish Debian package on Aptly repository"
+        uses: https://gitea.zionetrix.net/bn8/aptly-publish@master
+        with:
+          api_url: ${{ vars.apt_api_url }}
+          api_username: ${{ vars.apt_api_username }}
+          api_password: ${{ secrets.apt_api_password }}
+          repo_name: ${{ vars.apt_repo_name }}
+          path: "./"
+          source_name: ${{ vars.apt_source_name }}

.forgejo/workflows/tests.yaml

@@ -0,0 +1,21 @@
+---
+name: Run tests
+on: [push]
+jobs:
+  test-precommit:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/python-pre-commit:latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install python dependencies
+        env:
+          DEBIAN_FRONTEND: noninteractive
+        run: |
+          apt-get update
+          apt-get -y install --no-install-recommends python3-requests
+      - name: Run pre-commit
+        run: pre-commit run --all-files

.pre-commit-config.yaml

@@ -1,31 +1,70 @@
 # Pre-commit hooks to run tests and ensure code is cleaned.
 # See https://pre-commit.com for more information
+---
 repos:
--   repo: local
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.1.6
     hooks:
-    -   id: pylint
+      - id: ruff
+        args: ["--fix"]
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.15.0
+    hooks:
+      - id: pyupgrade
+        args: ["--keep-percent-format", "--py37-plus"]
+  - repo: https://github.com/psf/black
+    rev: 23.11.0
+    hooks:
+      - id: black
+        args: ["--target-version", "py37", "--line-length", "100"]
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.12.0
+    hooks:
+      - id: isort
+        args: ["--profile", "black", "--line-length", "100"]
+  - repo: https://github.com/PyCQA/flake8
+    rev: 6.1.0
+    hooks:
+      - id: flake8
+        args: ["--max-line-length=100"]
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.2.2
+    hooks:
+      - id: codespell
+        args:
+          - --ignore-words-list=fro,hass
+          - --skip="./.*,*.csv,*.json,*.ambr"
+          - --quiet-level=2
+          - --ignore-regex=.*codespell-ignore$
+          # - --write-changes  # Uncomment to write changes
+        exclude_types: [csv, json]
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.32.0
+    hooks:
+      - id: yamllint
+        args: ["-d {extends: relaxed, rules: {line-length: disable}}", "-s"]
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v2.7.1
+    hooks:
+      - id: prettier
+        args: ["--print-width", "100"]
+  - repo: local
+    hooks:
+      - id: pylint
         name: pylint
         entry: pylint
         language: system
         types: [python]
         require_serial: true
--   repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.5
     hooks:
-    -   id: flake8
-        args: ['--max-line-length=100']
--   repo: https://github.com/asottile/pyupgrade
-    rev: v3.3.1
+      - id: bandit
+        args: [--skip, "B101", --recursive]
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
     hooks:
-    - id: pyupgrade
-      args: ['--keep-percent-format', '--py37-plus']
--   repo: https://github.com/psf/black
-    rev: 22.12.0
-    hooks:
-    - id: black
-      args: ['--target-version', 'py37', '--line-length', '100']
--   repo: https://github.com/PyCQA/isort
-    rev: 5.11.4
-    hooks:
-    - id: isort
-      args: ['--profile', 'black', '--line-length', '100']
+      - id: check-executables-have-shebangs
+        stages: [manual]
+minimum_pre_commit_version: 3.2.0

.woodpecker.yml

@@ -1,63 +0,0 @@
-clone:
-  git:
-    image: woodpeckerci/plugin-git
-    tags: true
-
-pipeline:
-  tests:
-    image: debian:stable-slim
-    commands:
-      - DEBIAN_FRONTEND=noninteractive apt-get -qq update < /dev/null > /dev/null
-      - DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends python3-requests python3-xmltodict pylint3 git pre-commit < /dev/null > /dev/null
-      - pre-commit run --all-files
-
-  build:
-    image: brenard/debian-python-deb
-    when:
-      event: tag
-    commands:
-      - echo "$GPG_KEY"|base64 -d|gpg --import
-      - ./build.sh --quiet
-    secrets: [ maintainer_name, maintainer_email, gpg_key, debian_codename ]
-
-  publish-dryrun:
-    group: publish
-    image: alpine
-    when:
-      event: tag
-    commands:
-      - ls dist/* dist/check-forgejo-upgrade-*/check_forgejo_upgrade
-
-  publish-gitea:
-    group: publish
-    image: plugins/gitea-release
-    when:
-      event: tag
-    settings:
-      api_key:
-        from_secret: gitea_token
-      base_url: https://gitea.zionetrix.net
-      note: dist/release_notes.md
-      files:
-        - dist/check-forgejo-upgrade-*/check_forgejo_upgrade
-        - dist/*.deb
-      checksum:
-        - md5
-        - sha512
-
-  publish-apt:
-    group: publish
-    image: brenard/aptly-publish
-    when:
-      event: tag
-    settings:
-      api_url:
-        from_secret: apt_api_url
-      api_username:
-        from_secret: apt_api_username
-      api_password:
-        from_secret: apt_api_password
-      repo_name:
-        from_secret: apt_repo_name
-      path: dist
-      source_name: check-forgejo-upgrade

README.md

@@ -5,37 +5,40 @@ This Icinga/Nagios check plugin permit to check Forgejo instance upgrade status
 ## Installation
 
 ```
-apt install git
+apt install git python3-requests
 git clone https://gitea.zionetrix.net/bn8/check_forgejo_upgrade.git /usr/local/src/check_forgejo_upgrade
 mkdir -p /usr/local/lib/nagios/plugins
 ln -s /usr/local/src/check_forgejo_upgrade/check_forgejo_upgrade /usr/local/lib/nagios/plugins/
-echo "command[check_forgejo_upgrade]=/usr/local/lib/nagios/plugins/check_forgejo_upgrade" > /etc/nagios/nrpe.d/forgejo.cfg
+echo "nagios ALL=NOPASSWD: /usr/local/lib/nagios/plugins/check_forgejo_upgrade" > /etc/sudoers.d/nagios-gitea
+chmod 0400 /etc/sudoers.d/nagios-gitea
+echo "command[check_forgejo_upgrade]=sudo /usr/local/lib/nagios/plugins/check_forgejo_upgrade" > /etc/nagios/nrpe.d/forgejo.cfg
 service nagios-nrpe-server reload
 ```
 
 ## Usage
 
 ```
-usage: check_forgejo_upgrade [-h] [-d] [-p PATH] [-U URL] [--rc]
+usage: check_forgejo_upgrade [-h] [-d] [-p PATH] [-U URL] [--pre-release] [--draft] [-t TIMEOUT]
 
-optional arguments:
+options:
   -h, --help            show this help message and exit
   -d, --debug
   -p PATH, --path PATH  Forgejo bin path
-  -U URL, --url URL     Forgejo releases RSS URL
-  --rc                  Allow release candidate (default: only stable release are
-                        considered)
+  -U URL, --url URL     Forgejo releases URL
+  --pre-release         Allow pre-release (default: only stable release are considered)
+  --draft               Allow draft release (default: only stable release are considered)
+  -t TIMEOUT, --timeout TIMEOUT
+                        Specify timeout for HTTP requests (default: 20)
 ```
 
 ## Copyright
 
-Copyright (c) 2023 Benjamin Renard <brenard@zionetrix.net>
+Copyright (c) 2023-2024 Benjamin Renard <brenard@zionetrix.net>
 
 ## License
 
 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation.
 
-This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 
+You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

build.sh

@@ -24,7 +24,7 @@ sed -i "s/^VERSION *=.*$/VERSION = '$VERSION'/" $BDIR/check_forgejo_upgrade
 
 if [ -z "$DEBIAN_CODENAME" ]
 then
-	echo "Retreive debian codename using lsb_release..."
+	echo "Retrieve debian codename using lsb_release..."
 	DEBIAN_CODENAME=$( lsb_release -c -s )
 else
 	echo "Use debian codename from environment ($DEBIAN_CODENAME)"

check_forgejo_upgrade

@@ -21,11 +21,10 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 import argparse
 import logging
 import re
-import subprocess
+import subprocess  # nosec
 import sys
 
 import requests
-import xmltodict
 
 parser = argparse.ArgumentParser()
 
@@ -35,14 +34,21 @@ parser.add_argument(
     "-U",
     "--url",
     type=str,
-    help="Forgejo releases RSS URL",
-    default="https://forgejo.org/releases/rss.xml",
+    help="Forgejo releases URL",
+    default="https://codeberg.org/api/v1/repos/forgejo/forgejo/releases",
 )
 parser.add_argument(
-    "--rc",
+    "--pre-release",
     action="store_true",
-    dest="include_rc",
-    help=("Allow release candidate (default: only stable release are " "considered)"),
+    help="Allow pre-release (default: only stable release are considered)",
+)
+parser.add_argument(
+    "--draft",
+    action="store_true",
+    help="Allow draft release (default: only stable release are considered)",
+)
+parser.add_argument(
+    "-t", "--timeout", type=int, help="Specify timeout for HTTP requests (default: 20)", default=20
 )
 
 options = parser.parse_args()
@@ -52,13 +58,13 @@ logging.basicConfig(level=logging.DEBUG if options.debug else logging.WARNING)
 CURRENT = None
 
 cmd = [options.path, "--version"]
-logging.debug("Command use to retreive current version of Forgejo: %s", " ".join(cmd))
+logging.debug("Command use to retrieve current version of Forgejo: %s", " ".join(cmd))
 OUTPUT = None
 EXCEPTION = None
 try:
-    OUTPUT = subprocess.check_output(cmd)
+    OUTPUT = subprocess.check_output(cmd)  # nosec
     logging.debug("Output:\n%s", OUTPUT)
-    m = re.search("version ([^ ]+) built", OUTPUT.decode("utf8", errors="ignore"))
+    m = re.search(r"version ([^ ]+)(\+gitea-| built)", OUTPUT.decode("utf8", errors="ignore"))
     if m:
         CURRENT = m.group(1)
 except Exception as err:  # pylint: disable=broad-except
@@ -66,7 +72,7 @@ except Exception as err:  # pylint: disable=broad-except
 logging.debug("Current version: %s", CURRENT)
 
 if not CURRENT:
-    print("UNKNOWN - Fail to retreive current Forgejo")
+    print("UNKNOWN - Fail to retrieve current Forgejo")
     print(f'Command: {" ".join(cmd)}')
     print("Output:")
     print(OUTPUT if OUTPUT else "")
@@ -74,33 +80,47 @@ if not CURRENT:
     print(EXCEPTION if EXCEPTION else "")
     sys.exit(3)
 
+CURRENT = CURRENT.replace("+", "-")
+logging.debug("Cleaned current version: %s", CURRENT)
+
 LATEST = None
+LATEST_NAME = None
 try:
-    logging.debug("Get releases RSS feed from %s...", options.url)
-    r = requests.get(options.url)
-    logging.debug("Data retreive:\n%s", r.text)
-    data = xmltodict.parse(r.text)
-    for item in data["rss"]["channel"]["item"]:
-        version = re.sub("^v", "", item["title"])
-        if not options.include_rc and "-rc" in version:
-            logging.debug("Ignore release candidate %s", version)
+    logging.debug("Get releases from %s...", options.url)
+    r = requests.get(options.url, timeout=options.timeout)
+    data = r.json()
+    logging.debug("Data retrieve:\n%s", data)
+    for item in data:
+        if not options.pre_release and item["prerelease"]:
+            logging.debug("Ignore pre-release %s", item["name"])
             continue
-        LATEST = version
+        if not options.draft and item["draft"]:
+            logging.debug("Ignore draft release %s", item["name"])
+            continue
+        LATEST = item
+        LATEST_NAME = re.sub("^v", "", item["name"])
         break
-except Exception:  # pylint: disable=broad-except
+except Exception:  # pylint: disable=broad-except  # nosec
     pass
-logging.debug("Latest version: %s", LATEST)
 
 if not LATEST:
-    print("UNKNOWN - Fail to retreive latest Forgejo release from the project " "RSS feed")
+    print("UNKNOWN - Fail to retrieve latest Forgejo release from the project RSS feed")
     print(f"Current version: {CURRENT}")
     sys.exit(3)
 
-if LATEST == CURRENT:
-    print(f"OK - The latest release of Forgejo is currently used ({LATEST})")
+logging.debug("Latest version is %s", LATEST_NAME)
+
+if LATEST_NAME == CURRENT:
+    print(
+        f"OK - The latest release of Forgejo is currently used "
+        f"({LATEST_NAME}, published on {LATEST['published_at']})"
+    )
     sys.exit(0)
 
 print(
-    "WARNING - The version of Forgejo currently used is not the latest " f"({CURRENT} vs {LATEST})"
+    "WARNING - The version of Forgejo currently used is not the latest "
+    f"({CURRENT} vs {LATEST_NAME}), published on {LATEST['published_at']})"
 )
+print(LATEST["body"])
+print(f"URL: {LATEST['html_url']}")
 sys.exit(1)