fix brew audit test #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: brew pr-pull | |
on: | |
pull_request_target: | |
types: | |
- labeled | |
workflow_dispatch: | |
inputs: | |
pull_request: | |
description: Pull request number | |
type: number | |
required: true | |
large_runner: | |
description: "Run the upload job on a large runner? (default: false)" | |
type: boolean | |
required: false | |
default: false | |
autosquash: | |
description: "Squash pull request commits according to Homebrew style? (default: false)" | |
type: boolean | |
required: false | |
default: false | |
warn_on_upload_failure: | |
description: "Pass `--warn-on-upload-failure` to `brew pr-pull`? (default: false)" | |
type: boolean | |
required: false | |
default: false | |
message: | |
description: "Message to include when autosquashing revision bumps, deletions, and rebuilds (requires autosquash)" | |
required: false | |
jobs: | |
pr-pull: | |
if: contains(github.event.pull_request.labels.*.name, 'pr-pull') | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-12, macos-13, macos-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Configure Git user | |
id: git-user-config | |
uses: Homebrew/actions/git-user-config@master | |
with: | |
username: ${{ (github.actor != 'github-actions[bot]' && github.actor) || vars.LYRAPHASE_RUNNER_USER }} | |
- name: Checkout PR branch | |
working-directory: ${{steps.set-up-homebrew.outputs.repository-path}} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: gh pr checkout "$PR" --repo "$GITHUB_REPOSITORY" | |
- name: Pull bottles | |
id: pr-pull | |
env: | |
HOMEBREW_NO_AUTO_UPDATE: 1 | |
BREWTESTBOT_NAME_EMAIL: ${{ vars.LYRAPHASE_RUNNER_NAME_EMAIL }} | |
HOMEBREW_GITHUB_PACKAGES_USER: ${{ vars.LYRAPHASE_RUNNER_USER }} | |
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }} | |
HOMEBREW_GITHUB_API_TOKEN: ${{ github.token }} | |
PULL_REQUEST: ${{ github.event.pull_request.number }} | |
run: | | |
brew pr-pull \ | |
--debug \ | |
--no-upload \ | |
--clean \ | |
--autosquash \ | |
--tap="$GITHUB_REPOSITORY" \ | |
--github-org="${GITHUB_REPOSITORY_OWNER}" \ | |
--committer="$BREWTESTBOT_NAME_EMAIL" \ | |
--root-url="https://ghcr.io/v2/${GITHUB_REPOSITORY_OWNER}/${GITHUB_REPOSITORY#*/homebrew-}" \ | |
--retain-bottle-dir \ | |
"$PULL_REQUEST" | |
- name: Generate build provenance | |
uses: actions/attest-build-provenance@v1 | |
with: | |
github-token: '${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }}' | |
subject-path: '${{steps.pr-pull.outputs.bottle_path}}/*.tar.gz' | |
- name: Upload bottles to GitHub Packages | |
id: pr-upload | |
working-directory: ${{steps.pr-pull.outputs.bottle_path}} | |
env: | |
HOMEBREW_NO_AUTO_UPDATE: 1 | |
BREWTESTBOT_NAME_EMAIL: ${{ vars.LYRAPHASE_RUNNER_NAME_EMAIL }} | |
HOMEBREW_GITHUB_PACKAGES_USER: ${{ vars.LYRAPHASE_RUNNER_USER }} | |
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }} | |
REPO_PATH: ${{steps.set-up-homebrew.outputs.repository-path}} | |
run: | | |
# Don't quote arguments that might be empty; this causes errors when `brew` | |
# interprets them as empty arguments when we want `brew` to ignore them instead. | |
brew pr-upload \ | |
--debug \ | |
--committer="$BREWTESTBOT_NAME_EMAIL" \ | |
--root-url="https://ghcr.io/v2/${GITHUB_REPOSITORY_OWNER}/${GITHUB_REPOSITORY#*/homebrew-}" \ | |
${{inputs.warn_on_upload_failure && '--warn-on-upload-failure' || ''}} | |
echo "head_sha=$(git -C "$REPO_PATH" rev-parse HEAD)" >> "$GITHUB_OUTPUT" | |
- name: Push commits | |
uses: Homebrew/actions/git-try-push@master | |
with: | |
token: ${{ secrets.LYRAPHASE_RUNNER_AUTOMERGE_TOKEN }} | |
branch: test-publish | |
env: | |
GIT_COMMITTER_NAME: ${{ vars.LYRAPHASE_RUNNER_USER }} | |
GIT_COMMITTER_EMAIL: ${{ vars.LYRAPHASE_RUNNER_EMAIL }} | |
# TODO: Find out if this permission is needed? | |
# id-token: write | |
# OIDC JWT token request access | |
# Reference: https://github.com/github/docs/issues/25952#issuecomment-1616560496 | |
- name: Post comment on failure | |
if: failure() | |
uses: Homebrew/actions/post-comment@master | |
with: | |
token: ${{secrets.GITHUB_TOKEN}} | |
issue: ${{ inputs.pull_request || github.event.pull_request.number }} | |
body: ":warning: @${{github.actor}} bottle publish [failed](${{env.RUN_URL}})." | |
bot_body: ":warning: Bottle publish [failed](${{env.RUN_URL}})." | |
bot: github-actions[bot] | |
# - name: Delete branch | |
# if: github.event.pull_request.head.repo.fork == false | |
# env: | |
# BRANCH: ${{ github.event.pull_request.head.ref }} | |
# run: git push --delete origin $BRANCH |