Fix checking current version since semantic versioning adoption (v7.0.0)

.forgejo/workflows/release.yaml

@@ -0,0 +1,79 @@
+---
+name: Build and publish Debian package
+on: [create]
+jobs:
+  build:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/debian-python-deb:latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Build Debian package
+        env:
+          MAINTAINER_NAME: ${{ vars.MAINTAINER_NAME }}
+          MAINTAINER_EMAIL: ${{ vars.MAINTAINER_EMAIL }}
+          DEBIAN_CODENAME: ${{ vars.DEBIAN_CODENAME }}
+        run: |
+          echo "${{ secrets.GPG_KEY }}"|base64 -d|gpg --import
+          ./build.sh
+      - name: Upload Debian package files
+        uses: actions/upload-artifact@v3
+        with:
+          name: dist
+          path: |
+            dist
+
+  publish-forgejo:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/debian-python-deb:latest
+    steps:
+      - name: Download Debian package files
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+
+      - name: Create the release
+        id: create-release
+        shell: bash
+        run: |
+          mkdir release
+          mv *.deb release/
+          mv check-forgejo-upgrade-*/check_forgejo_upgrade release/
+          {
+            echo 'release_note<<EOF'
+            cat release_notes.md
+            echo 'EOF'
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Publish release on Forgejo
+        uses: actions/forgejo-release@v1
+        with:
+          direction: upload
+          url: https://gitea.zionetrix.net
+          token: ${{ secrets.forgejo_token }}
+          release-dir: release
+          release-notes: ${{ steps.create-release.outputs.release_note }}
+
+  publish-aptly:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/aptly-publish:latest
+    steps:
+      - name: "Download Debian package files"
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+
+      - name: "Publish Debian package on Aptly repository"
+        uses: https://gitea.zionetrix.net/bn8/aptly-publish@master
+        with:
+          api_url: ${{ vars.apt_api_url }}
+          api_username: ${{ vars.apt_api_username }}
+          api_password: ${{ secrets.apt_api_password }}
+          repo_name: ${{ vars.apt_repo_name }}
+          path: "./"
+          source_name: ${{ vars.apt_source_name }}

.forgejo/workflows/tests.yaml

@@ -0,0 +1,21 @@
+---
+name: Run tests
+on: [push]
+jobs:
+  test-precommit:
+    runs-on: docker
+    container:
+      image: docker.io/brenard/python-pre-commit:latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install python dependencies
+        env:
+          DEBIAN_FRONTEND: noninteractive
+        run: |
+          apt-get update
+          apt-get -y install --no-install-recommends python3-requests
+      - name: Run pre-commit
+        run: pre-commit run --all-files

.pre-commit-config.yaml

@@ -6,25 +6,24 @@ repos:
     rev: v0.1.6
     hooks:
       - id: ruff
-        args:
+        args: ["--fix"]
-          - --fix
   - repo: https://github.com/asottile/pyupgrade
-    rev: v3.3.1
+    rev: v3.15.0
     hooks:
       - id: pyupgrade
         args: ["--keep-percent-format", "--py37-plus"]
   - repo: https://github.com/psf/black
-    rev: 22.12.0
+    rev: 23.11.0
     hooks:
       - id: black
         args: ["--target-version", "py37", "--line-length", "100"]
   - repo: https://github.com/PyCQA/isort
-    rev: 5.11.5
+    rev: 5.12.0
     hooks:
       - id: isort
         args: ["--profile", "black", "--line-length", "100"]
   - repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
+    rev: 6.1.0
     hooks:
       - id: flake8
         args: ["--max-line-length=100"]
@@ -36,6 +35,8 @@ repos:
           - --ignore-words-list=fro,hass
           - --skip="./.*,*.csv,*.json,*.ambr"
           - --quiet-level=2
+          - --ignore-regex=.*codespell-ignore$
+          # - --write-changes  # Uncomment to write changes
         exclude_types: [csv, json]
   - repo: https://github.com/adrienverge/yamllint
     rev: v1.32.0
@@ -46,6 +47,7 @@ repos:
     rev: v2.7.1
     hooks:
       - id: prettier
+        args: ["--print-width", "100"]
   - repo: local
     hooks:
       - id: pylint
@@ -54,14 +56,15 @@ repos:
         language: system
         types: [python]
         require_serial: true
-  - repo: https://github.com/Lucas-C/pre-commit-hooks-bandit
+  - repo: https://github.com/PyCQA/bandit
-    rev: v1.0.5
+    rev: 1.7.5
     hooks:
-      - id: python-bandit-vulnerability-check
+      - id: bandit
-        name: bandit
+        args: [--skip, "B101", --recursive]
-        args: [--skip, "B101", --recursive, mylib]
+
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.4.0
     hooks:
       - id: check-executables-have-shebangs
         stages: [manual]
+minimum_pre_commit_version: 3.2.0

.woodpecker.yml

@@ -1,64 +0,0 @@
-clone:
-  git:
-    image: woodpeckerci/plugin-git
-    tags: true
-
-steps:
-  tests:
-    image: brenard/python-pre-commit:latest
-    commands:
-      - DEBIAN_FRONTEND=noninteractive apt-get -qq update < /dev/null > /dev/null
-      - DEBIAN_FRONTEND=noninteractive apt-get -qq -y install --no-install-recommends python3-requests python3-xmltodict < /dev/null > /dev/null
-      - pre-commit run --all-files
-
-  build:
-    image: brenard/debian-python-deb
-    when:
-      event: tag
-    depends_on: [tests]
-    commands:
-      - echo "$GPG_KEY"|base64 -d|gpg --import
-      - ./build.sh --quiet
-    secrets: [maintainer_name, maintainer_email, gpg_key, debian_codename]
-
-  publish-dryrun:
-    image: alpine
-    when:
-      event: tag
-    depends_on: [build]
-    commands:
-      - ls dist/* dist/check-forgejo-upgrade-*/check_forgejo_upgrade
-
-  publish-gitea:
-    image: plugins/gitea-release
-    when:
-      event: tag
-    depends_on: [build]
-    settings:
-      api_key:
-        from_secret: gitea_token
-      base_url: https://gitea.zionetrix.net
-      note: dist/release_notes.md
-      files:
-        - dist/check-forgejo-upgrade-*/check_forgejo_upgrade
-        - dist/*.deb
-      checksum:
-        - md5
-        - sha512
-
-  publish-apt:
-    image: brenard/aptly-publish
-    when:
-      event: tag
-    depends_on: [build]
-    settings:
-      api_url:
-        from_secret: apt_api_url
-      api_username:
-        from_secret: apt_api_username
-      api_password:
-        from_secret: apt_api_password
-      repo_name:
-        from_secret: apt_repo_name
-      path: dist
-      source_name: check-forgejo-upgrade

README.md

@@ -5,7 +5,7 @@ This Icinga/Nagios check plugin permit to check Forgejo instance upgrade status
 ## Installation
 
 ```
-apt install git python3-requests python3-xmltodict
+apt install git python3-requests
 git clone https://gitea.zionetrix.net/bn8/check_forgejo_upgrade.git /usr/local/src/check_forgejo_upgrade
 mkdir -p /usr/local/lib/nagios/plugins
 ln -s /usr/local/src/check_forgejo_upgrade/check_forgejo_upgrade /usr/local/lib/nagios/plugins/
@@ -18,20 +18,22 @@ service nagios-nrpe-server reload
 ## Usage
 
 ```
-usage: check_forgejo_upgrade [-h] [-d] [-p PATH] [-U URL] [--rc]
+usage: check_forgejo_upgrade [-h] [-d] [-p PATH] [-U URL] [--pre-release] [--draft] [-t TIMEOUT]
 
-optional arguments:
+options:
   -h, --help            show this help message and exit
   -d, --debug
   -p PATH, --path PATH  Forgejo bin path
-  -U URL, --url URL     Forgejo releases RSS URL
+  -U URL, --url URL     Forgejo releases URL
-  --rc                  Allow release candidate (default: only stable release are
+  --pre-release         Allow pre-release (default: only stable release are considered)
-                        considered)
+  --draft               Allow draft release (default: only stable release are considered)
+  -t TIMEOUT, --timeout TIMEOUT
+                        Specify timeout for HTTP requests (default: 20)
 ```
 
 ## Copyright
 
-Copyright (c) 2023 Benjamin Renard <brenard@zionetrix.net>
+Copyright (c) 2023-2024 Benjamin Renard <brenard@zionetrix.net>
 
 ## License
 

check_forgejo_upgrade

@@ -25,7 +25,6 @@ import subprocess  # nosec
 import sys
 
 import requests
-import xmltodict
 
 parser = argparse.ArgumentParser()
 
@@ -35,14 +34,18 @@ parser.add_argument(
     "-U",
     "--url",
     type=str,
-    help="Forgejo releases RSS URL",
+    help="Forgejo releases URL",
-    default="https://forgejo.org/releases/rss.xml",
+    default="https://codeberg.org/api/v1/repos/forgejo/forgejo/releases",
 )
 parser.add_argument(
-    "--rc",
+    "--pre-release",
     action="store_true",
-    dest="include_rc",
+    help="Allow pre-release (default: only stable release are considered)",
-    help="Allow release candidate (default: only stable release are considered)",
+)
+parser.add_argument(
+    "--draft",
+    action="store_true",
+    help="Allow draft release (default: only stable release are considered)",
 )
 parser.add_argument(
     "-t", "--timeout", type=int, help="Specify timeout for HTTP requests (default: 20)", default=20
@@ -61,7 +64,7 @@ EXCEPTION = None
 try:
     OUTPUT = subprocess.check_output(cmd)  # nosec
     logging.debug("Output:\n%s", OUTPUT)
-    m = re.search("version ([^ ]+) built", OUTPUT.decode("utf8", errors="ignore"))
+    m = re.search(r"version ([^ ]+)(\+gitea-| built)", OUTPUT.decode("utf8", errors="ignore"))
     if m:
         CURRENT = m.group(1)
 except Exception as err:  # pylint: disable=broad-except
@@ -81,45 +84,43 @@ CURRENT = CURRENT.replace("+", "-")
 logging.debug("Cleaned current version: %s", CURRENT)
 
 LATEST = None
-LATEST_INT = None
+LATEST_NAME = None
 try:
-    logging.debug("Get releases RSS feed from %s...", options.url)
+    logging.debug("Get releases from %s...", options.url)
     r = requests.get(options.url, timeout=options.timeout)
-    logging.debug("Data retrieve:\n%s", r.text)
+    data = r.json()
-    data = xmltodict.parse(r.text)
+    logging.debug("Data retrieve:\n%s", data)
-    versions = {}
+    for item in data:
-    for item in data["rss"]["channel"]["item"]:
+        if not options.pre_release and item["prerelease"]:
-        version = re.sub("^v", "", item["title"])
+            logging.debug("Ignore pre-release %s", item["name"])
-        if not options.include_rc and "-rc" in version:
-            logging.debug("Ignore release candidate %s", version)
             continue
-        version_int = int(re.sub(r"[\.-]", "000", version))
+        if not options.draft and item["draft"]:
-        logging.debug("Found version %s (%s)", version, version_int)
+            logging.debug("Ignore draft release %s", item["name"])
-        if not LATEST_INT or LATEST_INT < version_int:
+            continue
-            if LATEST:
+        LATEST = item
-                logging.debug(
+        LATEST_NAME = re.sub("^v", "", item["name"])
-                    "Version %s considered as newer than %s, override latest version",
+        break
-                    version,
-                    LATEST,
-                )
-            LATEST = version
-            LATEST_INT = version_int
-        else:
-            logging.debug("Version %s considered as oldest than %s", version, LATEST)
 except Exception:  # pylint: disable=broad-except  # nosec
     pass
-logging.debug("Latest version: %s", LATEST)
 
 if not LATEST:
     print("UNKNOWN - Fail to retrieve latest Forgejo release from the project RSS feed")
     print(f"Current version: {CURRENT}")
     sys.exit(3)
 
-if LATEST == CURRENT:
+logging.debug("Latest version is %s", LATEST_NAME)
-    print(f"OK - The latest release of Forgejo is currently used ({LATEST})")
+
+if LATEST_NAME == CURRENT:
+    print(
+        f"OK - The latest release of Forgejo is currently used "
+        f"({LATEST_NAME}, published on {LATEST['published_at']})"
+    )
     sys.exit(0)
 
 print(
-    "WARNING - The version of Forgejo currently used is not the latest " f"({CURRENT} vs {LATEST})"
+    "WARNING - The version of Forgejo currently used is not the latest "
+    f"({CURRENT} vs {LATEST_NAME}), published on {LATEST['published_at']})"
 )
+print(LATEST["body"])
+print(f"URL: {LATEST['html_url']}")
 sys.exit(1)

debian/control

@@ -7,7 +7,7 @@ Standards-Version: 3.9.6
 
 Package: check-forgejo-upgrade
 Architecture: all
-Depends: ${misc:Depends}, python3, python3-requests, python3-xmltodict
+Depends: ${misc:Depends}, python3, python3-requests
 Description: Monitoring plugin to check Forgejo instance upgrade status
  This Icinga/Nagios check plugin permit to check Forgejo instance upgrade
  status by comparing the local forgejo binary version against the latest