Update MaxMind Databases #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update MaxMind Databases | |
on: | |
schedule: | |
- cron: "34 1 * * *" # Runs at 1:34am UTC every day (34, just so it doesn't run at the same time as the other workflows) | |
workflow_dispatch: | |
jobs: | |
update-maxmind-databases: | |
strategy: | |
matrix: | |
database: | |
- GeoLite2-ASN-CSV | |
- GeoLite2-Country-CSV | |
- GeoLite2-City-CSV | |
max-parallel: 1 # Otherwise we commit over each other | |
name: Update MaxMind ${{ matrix.database }} Database | |
runs-on: ubuntu-latest | |
if: github.repository == 'ip-lookup/redistribution' | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download checksum file | |
shell: bash | |
run: | | |
curl -s -L "https://download.maxmind.com/app/geoip_download?edition_id=${{ matrix.database }}&license_key=${{ secrets.MAXMIND_LICENSE_KEY }}&suffix=zip.sha256" -o maxmind/${{ matrix.database }}.remote.zip.sha256 | |
- name: Check if update is needed | |
id: check-update | |
shell: bash | |
run: | | |
remote_sha=$(cat maxmind/${{ matrix.database }}.remote.zip.sha256 | awk '{ print $1 }') | |
if [ -f "maxmind/${{ matrix.database }}.zip.sha256" ]; then | |
local_sha=$(cat maxmind/${{ matrix.database }}.zip.sha256 | awk '{ print $1 }') | |
echo "Remote: $remote_sha" | |
echo "Local: $local_sha" | |
if [ "$remote_sha" == "$local_sha" ]; then | |
echo "No changes detected" | |
rm -f maxmind/${{ matrix.database }}.remote.zip.sha256 | |
echo "needs_update=false" >> $GITHUB_OUTPUT | |
exit 0 | |
fi | |
fi | |
echo "needs_update=true" >> $GITHUB_OUTPUT | |
echo "remote_sha=$remote_sha" >> $GITHUB_OUTPUT | |
- name: Clean database file from git history | |
if: steps.check-update.outputs.needs_update == 'true' | |
uses: ./.github/actions/remove-git-history | |
with: | |
glob_pattern: "maxmind/${{ matrix.database }}.zip" | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
ref_name: ${{ github.ref_name }} | |
repository: ${{ github.repository }} | |
- uses: actions/checkout@v4 | |
if: steps.check-update.outputs.needs_update == 'true' | |
- name: Pull latest changes | |
if: steps.check-update.outputs.needs_update == 'true' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
git branch --set-upstream-to=origin/${{ github.ref_name }} ${{ github.ref_name }} | |
git pull --rebase | |
- name: Download database | |
if: steps.check-update.outputs.needs_update == 'true' | |
shell: bash | |
run: | | |
curl -s -L "https://download.maxmind.com/app/geoip_download?edition_id=${{ matrix.database }}&license_key=${{ secrets.MAXMIND_LICENSE_KEY }}&suffix=zip" -o maxmind/${{ matrix.database }}.remote.zip | |
- name: Verify checksum | |
if: steps.check-update.outputs.needs_update == 'true' | |
shell: bash | |
run: | | |
remote_sha=${{ steps.check-update.outputs.remote_sha }} | |
downloaded_sha=$(shasum -a 256 maxmind/${{ matrix.database }}.remote.zip | awk '{ print $1 }') | |
echo "Remote: $remote_sha" | |
echo "Downloaded: $downloaded_sha" | |
if [ "$remote_sha" != "$downloaded_sha" ]; then | |
echo "Checksum mismatch! Exiting..." | |
exit 1 | |
fi | |
echo "$downloaded_sha" > maxmind/${{ matrix.database }}.remote.zip.sha256 | |
echo "Checksum verified successfully" | |
- name: Replace files | |
if: steps.check-update.outputs.needs_update == 'true' | |
shell: bash | |
run: | | |
rm -f maxmind/${{ matrix.database }}.zip | |
rm -f maxmind/${{ matrix.database }}.zip.sha256 | |
mv maxmind/${{ matrix.database }}.remote.zip maxmind/${{ matrix.database }}.zip | |
mv maxmind/${{ matrix.database }}.remote.zip.sha256 maxmind/${{ matrix.database }}.zip.sha256 | |
- name: Commit changes | |
if: steps.check-update.outputs.needs_update == 'true' | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: "chore: update MaxMind ${{ matrix.database }} database" | |
file_pattern: "maxmind/${{ matrix.database }}.zip maxmind/${{ matrix.database }}.zip.sha256" |