Automating Distro Updates in CI Published: Sep 12, 2025 Updated: Sep 12, 2025 Author: Neyts Zupan (Pareto Security co-founder and Tech Lead) Category: Engineering --- Summary Managing Linux distribution support and testing can be tedious and error-prone when done manually. To solve this, Pareto Security automated the process of updating their CI (Continuous Integration) matrix based on supported Linux distros, eliminating manual monthly tasks and avoiding late updates or unsupported versions in testing. --- Key Steps to Automate Distro Updates Step 1: Get the Source of Truth Used the API from endoflife.date, which provides lifecycle information for many projects, including various Linux distros. The API supplies structured JSON data showing which distro releases are supported or deprecated. This serves as a reliable, centralized source to track "alive" vs. "dead" distro versions. Step 2: Update CI Automatically Developed a GitHub Action that: Queries the endoflife.date API weekly. Parses distro versions. Updates the CI test matrix automatically. The action ensures the testing setup is always current without manual intervention. The Python script used is available on GitHub. Step 3: Open a Pull Request (PR), Not a Mystery Commit The automated action opens a PR instead of committing directly to the main branch. Benefits: Visibility into which versions were added or removed. Usual tests run on the PR ensuring safety. A human reviews and merges, keeping control in place. Avoids silent updates that can cause unnoticed errors in the main branch. Step 4: Watchdog for the Watchdog To avoid unnoticed failures of the automation itself, integrated with Dead Man’s Snitch. If the action stops running or reporting, the team gets notified on Slack. This ensures the automation continues to operate reliably. --- Outcome Eliminated monthly manual reminders and busywork for distro version updates. CI matrix now always reflects the current stable Linux distros. Development efforts can focus on engineering rather than maintenance. Overall better reliability and efficiency through automation. --- This automation example highlights a practical approach to maintaining up-to-date testing environments using public APIs, scheduled workflows, and human-in-the-loop pull requests for safety.