Skip to content

Update MaxMind Databases #67

Update MaxMind Databases

Update MaxMind Databases #67

Workflow file for this run

name: Update MaxMind Databases
on:
schedule:
- cron: "34 1 * * *" # Runs at 1:34am UTC every day (34, just so it doesn't run at the same time as the other workflows)
workflow_dispatch:
jobs:
update-maxmind-databases:
strategy:
matrix:
database:
- GeoLite2-ASN-CSV
- GeoLite2-Country-CSV
- GeoLite2-City-CSV
max-parallel: 1 # Otherwise we commit over each other
name: Update MaxMind ${{ matrix.database }} Database
runs-on: ubuntu-latest
if: github.repository == 'ip-lookup/redistribution'
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- name: Download checksum file
shell: bash
run: |
curl -s -L "https://download.maxmind.com/app/geoip_download?edition_id=${{ matrix.database }}&license_key=${{ secrets.MAXMIND_LICENSE_KEY }}&suffix=zip.sha256" -o maxmind/${{ matrix.database }}.remote.zip.sha256
- name: Check if update is needed
id: check-update
shell: bash
run: |
remote_sha=$(cat maxmind/${{ matrix.database }}.remote.zip.sha256 | awk '{ print $1 }')
if [ -f "maxmind/${{ matrix.database }}.zip.sha256" ]; then
local_sha=$(cat maxmind/${{ matrix.database }}.zip.sha256 | awk '{ print $1 }')
echo "Remote: $remote_sha"
echo "Local: $local_sha"
if [ "$remote_sha" == "$local_sha" ]; then
echo "No changes detected"
rm -f maxmind/${{ matrix.database }}.remote.zip.sha256
echo "needs_update=false" >> $GITHUB_OUTPUT
exit 0
fi
fi
echo "needs_update=true" >> $GITHUB_OUTPUT
echo "remote_sha=$remote_sha" >> $GITHUB_OUTPUT
- name: Clean database file from git history
if: steps.check-update.outputs.needs_update == 'true'
uses: ./.github/actions/remove-git-history
with:
glob_pattern: "maxmind/${{ matrix.database }}.zip"
github_token: ${{ secrets.GITHUB_TOKEN }}
ref_name: ${{ github.ref_name }}
repository: ${{ github.repository }}
- uses: actions/checkout@v4
if: steps.check-update.outputs.needs_update == 'true'
- name: Pull latest changes
if: steps.check-update.outputs.needs_update == 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git branch --set-upstream-to=origin/${{ github.ref_name }} ${{ github.ref_name }}
git pull --rebase
- name: Download database
if: steps.check-update.outputs.needs_update == 'true'
shell: bash
run: |
curl -s -L "https://download.maxmind.com/app/geoip_download?edition_id=${{ matrix.database }}&license_key=${{ secrets.MAXMIND_LICENSE_KEY }}&suffix=zip" -o maxmind/${{ matrix.database }}.remote.zip
- name: Verify checksum
if: steps.check-update.outputs.needs_update == 'true'
shell: bash
run: |
remote_sha=${{ steps.check-update.outputs.remote_sha }}
downloaded_sha=$(shasum -a 256 maxmind/${{ matrix.database }}.remote.zip | awk '{ print $1 }')
echo "Remote: $remote_sha"
echo "Downloaded: $downloaded_sha"
if [ "$remote_sha" != "$downloaded_sha" ]; then
echo "Checksum mismatch! Exiting..."
exit 1
fi
echo "$downloaded_sha" > maxmind/${{ matrix.database }}.remote.zip.sha256
echo "Checksum verified successfully"
- name: Replace files
if: steps.check-update.outputs.needs_update == 'true'
shell: bash
run: |
rm -f maxmind/${{ matrix.database }}.zip
rm -f maxmind/${{ matrix.database }}.zip.sha256
mv maxmind/${{ matrix.database }}.remote.zip maxmind/${{ matrix.database }}.zip
mv maxmind/${{ matrix.database }}.remote.zip.sha256 maxmind/${{ matrix.database }}.zip.sha256
- name: Commit changes
if: steps.check-update.outputs.needs_update == 'true'
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "chore: update MaxMind ${{ matrix.database }} database"
file_pattern: "maxmind/${{ matrix.database }}.zip maxmind/${{ matrix.database }}.zip.sha256"