Fix checking current version since semantic versioning adoption (v7.0.0)

Use Codeberg API to retreive latest release info
Upgrade pre-commit hooks
2024-04-25 23:34:56 +02:00 · 2024-03-24 09:07:27 +01:00 · 2024-03-13 23:33:46 +01:00 · 2024-03-10 19:54:29 +01:00
7 changed files with 158 additions and 116 deletions
--- a/.forgejo/workflows/release.yaml
+++ b/.forgejo/workflows/release.yaml
@ -0,0 +1,79 @@
+---
+name: Build and publish Debian package
+on: [create]
+jobs:
+  build:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/debian-python-deb:latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Build Debian package
+        env:
+          MAINTAINER_NAME: ${{ vars.MAINTAINER_NAME }}
+          MAINTAINER_EMAIL: ${{ vars.MAINTAINER_EMAIL }}
+          DEBIAN_CODENAME: ${{ vars.DEBIAN_CODENAME }}
+        run: |
+          echo "${{ secrets.GPG_KEY }}"|base64 -d|gpg --import
+          ./build.sh
+      - name: Upload Debian package files
+        uses: actions/upload-artifact@v3
+        with:
+          name: dist
+          path: |
+            dist
+
+  publish-forgejo:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/debian-python-deb:latest
+    steps:
+      - name: Download Debian package files
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+
+      - name: Create the release
+        id: create-release
+        shell: bash
+        run: |
+          mkdir release
+          mv *.deb release/
+          mv check-forgejo-upgrade-*/check_forgejo_upgrade release/
+          {
+            echo 'release_note<<EOF'
+            cat release_notes.md
+            echo 'EOF'
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Publish release on Forgejo
+        uses: actions/forgejo-release@v1
+        with:
+          direction: upload
+          url: https://gitea.zionetrix.net
+          token: ${{ secrets.forgejo_token }}
+          release-dir: release
+          release-notes: ${{ steps.create-release.outputs.release_note }}
+
+  publish-aptly:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/aptly-publish:latest
+    steps:
+      - name: "Download Debian package files"
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+
+      - name: "Publish Debian package on Aptly repository"
+        uses: https://gitea.zionetrix.net/bn8/aptly-publish@master
+        with:
+          api_url: ${{ vars.apt_api_url }}
+          api_username: ${{ vars.apt_api_username }}
+          api_password: ${{ secrets.apt_api_password }}
+          repo_name: ${{ vars.apt_repo_name }}
+          path: "./"
+          source_name: ${{ vars.apt_source_name }}
--- a/.forgejo/workflows/tests.yaml
+++ b/.forgejo/workflows/tests.yaml
@ -0,0 +1,21 @@
+---
+name: Run tests
+on: [push]
+jobs:
+  test-precommit:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/python-pre-commit:latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install python dependencies
+        env:
+          DEBIAN_FRONTEND: noninteractive
+        run: |
+          apt-get update
+          apt-get -y install --no-install-recommends python3-requests
+      - name: Run pre-commit
+        run: pre-commit run --all-files
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -6,25 +6,24 @@ repos:
    rev: v0.1.6
    hooks:
      - id: ruff
-        args:
-          - --fix
+        args: ["--fix"]
  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.3.1
+    rev: v3.15.0
    hooks:
      - id: pyupgrade
        args: ["--keep-percent-format", "--py37-plus"]
  - repo: https://github.com/psf/black
-    rev: 22.12.0
+    rev: 23.11.0
    hooks:
      - id: black
        args: ["--target-version", "py37", "--line-length", "100"]
  - repo: https://github.com/PyCQA/isort
-    rev: 5.11.5
+    rev: 5.12.0
    hooks:
      - id: isort
        args: ["--profile", "black", "--line-length", "100"]
  - repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
+    rev: 6.1.0
    hooks:
      - id: flake8
        args: ["--max-line-length=100"]
@ -36,6 +35,8 @@ repos:
          - --ignore-words-list=fro,hass
          - --skip="./.*,*.csv,*.json,*.ambr"
          - --quiet-level=2
+          - --ignore-regex=.*codespell-ignore$
+          # - --write-changes  # Uncomment to write changes
        exclude_types: [csv, json]
  - repo: https://github.com/adrienverge/yamllint
    rev: v1.32.0
@ -46,6 +47,7 @@ repos:
    rev: v2.7.1
    hooks:
      - id: prettier
+        args: ["--print-width", "100"]
  - repo: local
    hooks:
      - id: pylint
@ -54,14 +56,15 @@ repos:
        language: system
        types: [python]
        require_serial: true
-  - repo: https://github.com/Lucas-C/pre-commit-hooks-bandit
-    rev: v1.0.5
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.5
    hooks:
-      - id: python-bandit-vulnerability-check
-        name: bandit
-        args: [--skip, "B101", --recursive, mylib]
+      - id: bandit
+        args: [--skip, "B101", --recursive]
+
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.4.0
    hooks:
      - id: check-executables-have-shebangs
        stages: [manual]
+minimum_pre_commit_version: 3.2.0
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -1,64 +0,0 @@
-clone:
-  git:
-    image: woodpeckerci/plugin-git
-    tags: true
-
-steps:
-  tests:
-    image: brenard/python-pre-commit:latest
-    commands:
-      - DEBIAN_FRONTEND=noninteractive apt-get -qq update < /dev/null > /dev/null
-      - DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends python3-requests python3-xmltodict < /dev/null > /dev/null
-      - pre-commit run --all-files
-
-  build:
-    image: brenard/debian-python-deb
-    when:
-      event: tag
-    depends_on: [tests]
-    commands:
-      - echo "$GPG_KEY"|base64 -d|gpg --import
-      - ./build.sh --quiet
-    secrets: [maintainer_name, maintainer_email, gpg_key, debian_codename]
-
-  publish-dryrun:
-    image: alpine
-    when:
-      event: tag
-    depends_on: [build]
-    commands:
-      - ls dist/* dist/check-forgejo-upgrade-*/check_forgejo_upgrade
-
-  publish-gitea:
-    image: plugins/gitea-release
-    when:
-      event: tag
-    depends_on: [build]
-    settings:
-      api_key:
-        from_secret: gitea_token
-      base_url: https://gitea.zionetrix.net
-      note: dist/release_notes.md
-      files:
-        - dist/check-forgejo-upgrade-*/check_forgejo_upgrade
-        - dist/*.deb
-      checksum:
-        - md5
-        - sha512
-
-  publish-apt:
-    image: brenard/aptly-publish
-    when:
-      event: tag
-    depends_on: [build]
-    settings:
-      api_url:
-        from_secret: apt_api_url
-      api_username:
-        from_secret: apt_api_username
-      api_password:
-        from_secret: apt_api_password
-      repo_name:
-        from_secret: apt_repo_name
-      path: dist
-      source_name: check-forgejo-upgrade
--- a/README.md
+++ b/README.md
@ -5,7 +5,7 @@ This Icinga/Nagios check plugin permit to check Forgejo instance upgrade status
 ## Installation

 ```
-apt install git python3-requests python3-xmltodict
+apt install git python3-requests
 git clone https://gitea.zionetrix.net/bn8/check_forgejo_upgrade.git /usr/local/src/check_forgejo_upgrade
 mkdir -p /usr/local/lib/nagios/plugins
 ln -s /usr/local/src/check_forgejo_upgrade/check_forgejo_upgrade /usr/local/lib/nagios/plugins/
@ -18,20 +18,22 @@ service nagios-nrpe-server reload
 ## Usage

 ```
-usage: check_forgejo_upgrade [-h] [-d] [-p PATH] [-U URL] [--rc]
+usage: check_forgejo_upgrade [-h] [-d] [-p PATH] [-U URL] [--pre-release] [--draft] [-t TIMEOUT]

-optional arguments:
+options:
  -h, --help            show this help message and exit
  -d, --debug
  -p PATH, --path PATH  Forgejo bin path
-  -U URL, --url URL     Forgejo releases RSS URL
-  --rc                  Allow release candidate (default: only stable release are
-                        considered)
+  -U URL, --url URL     Forgejo releases URL
+  --pre-release         Allow pre-release (default: only stable release are considered)
+  --draft               Allow draft release (default: only stable release are considered)
+  -t TIMEOUT, --timeout TIMEOUT
+                        Specify timeout for HTTP requests (default: 20)
 ```

 ## Copyright

-Copyright (c) 2023 Benjamin Renard <brenard@zionetrix.net>
+Copyright (c) 2023-2024 Benjamin Renard <brenard@zionetrix.net>

 ## License

--- a/67
+++ b/67
@ -25,7 +25,6 @@ import subprocess  # nosec
 import sys

 import requests
-import xmltodict

 parser = argparse.ArgumentParser()

@ -35,14 +34,18 @@ parser.add_argument(
    "-U",
    "--url",
    type=str,
-    help="Forgejo releases RSS URL",
-    default="https://forgejo.org/releases/rss.xml",
+    help="Forgejo releases URL",
+    default="https://codeberg.org/api/v1/repos/forgejo/forgejo/releases",
 )
 parser.add_argument(
-    "--rc",
+    "--pre-release",
    action="store_true",
-    dest="include_rc",
-    help="Allow release candidate (default: only stable release are considered)",
+    help="Allow pre-release (default: only stable release are considered)",
+)
+parser.add_argument(
+    "--draft",
+    action="store_true",
+    help="Allow draft release (default: only stable release are considered)",
 )
 parser.add_argument(
    "-t", "--timeout", type=int, help="Specify timeout for HTTP requests (default: 20)", default=20
@ -61,7 +64,7 @@ EXCEPTION = None
 try:
    OUTPUT = subprocess.check_output(cmd)  # nosec
    logging.debug("Output:\n%s", OUTPUT)
-    m = re.search("version ([^ ]+) built", OUTPUT.decode("utf8", errors="ignore"))
+    m = re.search(r"version ([^ ]+)(\+gitea-| built)", OUTPUT.decode("utf8", errors="ignore"))
    if m:
        CURRENT = m.group(1)
 except Exception as err:  # pylint: disable=broad-except
@ -81,45 +84,43 @@ CURRENT = CURRENT.replace("+", "-")
 logging.debug("Cleaned current version: %s", CURRENT)

 LATEST = None
-LATEST_INT = None
+LATEST_NAME = None
 try:
-    logging.debug("Get releases RSS feed from %s...", options.url)
+    logging.debug("Get releases from %s...", options.url)
    r = requests.get(options.url, timeout=options.timeout)
-    logging.debug("Data retrieve:\n%s", r.text)
-    data = xmltodict.parse(r.text)
-    versions = {}
-    for item in data["rss"]["channel"]["item"]:
-        version = re.sub("^v", "", item["title"])
-        if not options.include_rc and "-rc" in version:
-            logging.debug("Ignore release candidate %s", version)
+    data = r.json()
+    logging.debug("Data retrieve:\n%s", data)
+    for item in data:
+        if not options.pre_release and item["prerelease"]:
+            logging.debug("Ignore pre-release %s", item["name"])
            continue
-        version_int = int(re.sub(r"[\.-]", "000", version))
-        logging.debug("Found version %s (%s)", version, version_int)
-        if not LATEST_INT or LATEST_INT < version_int:
-            if LATEST:
-                logging.debug(
-                    "Version %s considered as newer than %s, override latest version",
-                    version,
-                    LATEST,
-                )
-            LATEST = version
-            LATEST_INT = version_int
-        else:
-            logging.debug("Version %s considered as oldest than %s", version, LATEST)
+        if not options.draft and item["draft"]:
+            logging.debug("Ignore draft release %s", item["name"])
+            continue
+        LATEST = item
+        LATEST_NAME = re.sub("^v", "", item["name"])
+        break
 except Exception:  # pylint: disable=broad-except  # nosec
    pass
-logging.debug("Latest version: %s", LATEST)

 if not LATEST:
    print("UNKNOWN - Fail to retrieve latest Forgejo release from the project RSS feed")
    print(f"Current version: {CURRENT}")
    sys.exit(3)

-if LATEST == CURRENT:
-    print(f"OK - The latest release of Forgejo is currently used ({LATEST})")
+logging.debug("Latest version is %s", LATEST_NAME)
+
+if LATEST_NAME == CURRENT:
+    print(
+        f"OK - The latest release of Forgejo is currently used "
+        f"({LATEST_NAME}, published on {LATEST['published_at']})"
+    )
    sys.exit(0)

 print(
-    "WARNING - The version of Forgejo currently used is not the latest " f"({CURRENT} vs {LATEST})"
+    "WARNING - The version of Forgejo currently used is not the latest "
+    f"({CURRENT} vs {LATEST_NAME}), published on {LATEST['published_at']})"
 )
+print(LATEST["body"])
+print(f"URL: {LATEST['html_url']}")
 sys.exit(1)
--- a/debian/control
+++ b/debian/control
@ -7,7 +7,7 @@ Standards-Version: 3.9.6

 Package: check-forgejo-upgrade
 Architecture: all
-Depends: ${misc:Depends}, python3, python3-requests, python3-xmltodict
+Depends: ${misc:Depends}, python3, python3-requests
 Description: Monitoring plugin to check Forgejo instance upgrade status
 This Icinga/Nagios check plugin permit to check Forgejo instance upgrade
 status by comparing the local forgejo binary version against the latest
Author	SHA1	Message	Date
Benjamin Renard	27a7385bed	Fix checking current version since semantic versioning adoption (v7.0.0) All checks were successful Run tests / test-precommit (push) Successful in 1m2s Details	2024-04-25 23:34:56 +02:00
Benjamin Renard	50fa7c3bf5	Use Codeberg API to retreive latest release info All checks were successful Run tests / test-precommit (push) Successful in 1m15s Details	2024-03-24 09:07:27 +01:00
Benjamin Renard	be72d13cc0	Upgrade pre-commit hooks All checks were successful Run tests / test-precommit (push) Successful in 1m15s Details	2024-03-13 23:33:46 +01:00
Benjamin Renard	cda28c3484	Switch from Woodpecker CI to Forgejo Actions All checks were successful Run tests / test-precommit (push) Successful in 1m8s Details	2024-03-10 19:54:29 +01:00