update-jre.yml

# This is a basic workflow to help you get started with Actions

name: Check for JRE updates

# Controls when the workflow will run
on:
  schedule:
    - cron: '11 11 * * 3'
  push:
    branches: [ main ]
    paths:
      - '.github/workflows/update-jre.yml'
      - 'scripts/jre-update'
#  push:
#    branches: [ main ]
#    paths-ignore:
#      - '.github/workflows/gh-pages.yml'
#      - '.github/workflows/update-release.yml'
#      - '.github/workflows/codeql-analysis.yml'
#      - '.github/*.yml'
#      - 'website/**'

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

env:
  GH_TOKEN: ${{secrets.PUBLISH_GH_TOKEN}}

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  update-bundled-jre:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
   
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3

      - uses: actions/setup-node@master
        with:
          node-version: 18

      - name: Install NPM dev dependencies
        run: npm install -D

      - name: Check for latest JRE versions
        id: jre-version-check
        run: |
          OUTPUT=$(npm run -s deps:jre:check)
          if [[ $? -ne 0 ]]; then
            echo "Checking for latest JRE versions failed."
            exit 1
          else
            LAST_LINE=$(echo "$OUTPUT" | tail -n 1)
            echo "UPDATED_VERSION<<EOF" >> $GITHUB_ENV
            echo $LAST_LINE >> $GITHUB_ENV
            echo EOF >> $GITHUB_ENV
          fi

      - name: Check if JRE versions were updated
        id: jre-updated
        run: |
          STATUS=$(git status --porcelain jre-version.json)
          echo "STATUS=$STATUS" >> $GITHUB_ENV
          
      - name: Create pull request for updated JRE versions
        uses: peter-evans/create-pull-request@v4
        id: create-pull-request
        if: ${{ env.STATUS != '' }}
        with:
          token: ${{secrets.PUBLISH_GH_TOKEN}}
          author: GitHub Actions <noreply@github.com>
          add-paths: jre-version.json
          commit-message: Update bundled JRE to ${{ env.UPDATED_VERSION }}
          branch: update-bundled-jre
          delete-branch: true
          title: Update bundled JRE to ${{ env.UPDATED_VERSION }}
          body: |
            This automated pull request updates the bundled JRE versions to the new security patch release ${{ env.UPDATED_VERSION }}.
            
      - name: Send alert email
        uses: dawidd6/action-send-mail@v3
        if: ${{ steps.create-pull-request.outputs.pull-request-operation == 'updated' || steps.create-pull-request.outputs.pull-request-operation == 'created' }}
        with:
          server_address: ${{secrets.MAIL_SMTP_SERVER}}
          server_port: 465
          from: GitHub Actions <noreply@github.com>
          username: ${{secrets.MAIL_USER}}
          password: ${{secrets.MAIL_PASSWORD}}
          subject: New JRE security update
          to: ${{secrets.ALTERT_RECIPIENT_ADDRESS}}
          secure: true
          body: New JRE security update ${{ env.UPDATED_VERSION }}. Created pull request ${{ steps.create-pull-request.outputs.pull-request-url }}.