utools/.github/workflows/maxmind-update.yml

name: Update MaxMind GeoLite2 DBs

on:
  workflow_dispatch:
  schedule:
    - cron: '0 0 1 * *'

jobs:
  update-db:
    runs-on: ubuntu-latest
    permissions:
      contents: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          lfs: true

      - name: Download latest geoipupdate
        run: |
          GEOIPUPDATE_VERSION=$(curl -fsSL https://api.github.com/repos/maxmind/geoipupdate/releases/latest | jq -r '.tag_name | ltrimstr("v")')
          echo "Installing geoipupdate v${GEOIPUPDATE_VERSION}"
          wget -q "https://github.com/maxmind/geoipupdate/releases/download/v${GEOIPUPDATE_VERSION}/geoipupdate_${GEOIPUPDATE_VERSION}_linux_amd64.tar.gz"
          tar -xzf "geoipupdate_${GEOIPUPDATE_VERSION}_linux_amd64.tar.gz"
          sudo mv "geoipupdate_${GEOIPUPDATE_VERSION}_linux_amd64/geoipupdate" /usr/local/bin/
          geoipupdate -V

      - name: Create GeoIP.conf
        run: |
          cat << EOF > GeoIP.conf
          AccountID ${{ secrets.MAXMIND_ACCOUNT_ID }}
          LicenseKey ${{ secrets.MAXMIND_LICENSE_KEY }}
          EditionIDs GeoLite2-ASN GeoLite2-City
          EOF
        env:
          MAXMIND_ACCOUNT_ID: ${{ secrets.MAXMIND_ACCOUNT_ID }}
          MAXMIND_LICENSE_KEY: ${{ secrets.MAXMIND_LICENSE_KEY }}

      - name: Run geoipupdate
        run: geoipupdate -f GeoIP.conf -d ./backend/data -v

      - name: Configure Git and LFS
        run: |
          git config --global user.name 'github-actions[bot]'
          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
          git lfs install

      - name: Commit and push updated databases
        run: |
          git lfs track "backend/data/*.mmdb"
          git add .gitattributes ./backend/data/*.mmdb
          if git diff --staged --quiet; then
            echo "No changes detected in MaxMind databases."
          else
            git commit -m "Update MaxMind GeoLite2 databases (LFS) ($(date -u +%Y-%m-%d))"
            git push
          fi
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}