Skip to content

fix brew audit test

fix brew audit test #6

Workflow file for this run

name: brew pr-pull
on:
pull_request_target:
types:
- labeled
workflow_dispatch:
inputs:
pull_request:
description: Pull request number
type: number
required: true
large_runner:
description: "Run the upload job on a large runner? (default: false)"
type: boolean
required: false
default: false
autosquash:
description: "Squash pull request commits according to Homebrew style? (default: false)"
type: boolean
required: false
default: false
warn_on_upload_failure:
description: "Pass `--warn-on-upload-failure` to `brew pr-pull`? (default: false)"
type: boolean
required: false
default: false
message:
description: "Message to include when autosquashing revision bumps, deletions, and rebuilds (requires autosquash)"
required: false
jobs:
pr-pull:
if: contains(github.event.pull_request.labels.*.name, 'pr-pull')
strategy:
matrix:
os: [ubuntu-latest, macos-12, macos-13, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Set up Homebrew
id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Configure Git user
id: git-user-config
uses: Homebrew/actions/git-user-config@master
with:
username: ${{ (github.actor != 'github-actions[bot]' && github.actor) || vars.LYRAPHASE_RUNNER_USER }}
- name: Checkout PR branch
working-directory: ${{steps.set-up-homebrew.outputs.repository-path}}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr checkout "$PR" --repo "$GITHUB_REPOSITORY"
- name: Pull bottles
id: pr-pull
env:
HOMEBREW_NO_AUTO_UPDATE: 1
BREWTESTBOT_NAME_EMAIL: ${{ vars.LYRAPHASE_RUNNER_NAME_EMAIL }}
HOMEBREW_GITHUB_PACKAGES_USER: ${{ vars.LYRAPHASE_RUNNER_USER }}
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }}
HOMEBREW_GITHUB_API_TOKEN: ${{ github.token }}
PULL_REQUEST: ${{ github.event.pull_request.number }}
run: |
brew pr-pull \
--debug \
--no-upload \
--clean \
--autosquash \
--tap="$GITHUB_REPOSITORY" \
--github-org="${GITHUB_REPOSITORY_OWNER}" \
--committer="$BREWTESTBOT_NAME_EMAIL" \
--root-url="https://ghcr.io/v2/${GITHUB_REPOSITORY_OWNER}/${GITHUB_REPOSITORY#*/homebrew-}" \
--retain-bottle-dir \
"$PULL_REQUEST"
- name: Generate build provenance
uses: actions/attest-build-provenance@v1
with:
github-token: '${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }}'
subject-path: '${{steps.pr-pull.outputs.bottle_path}}/*.tar.gz'
- name: Upload bottles to GitHub Packages
id: pr-upload
working-directory: ${{steps.pr-pull.outputs.bottle_path}}
env:
HOMEBREW_NO_AUTO_UPDATE: 1
BREWTESTBOT_NAME_EMAIL: ${{ vars.LYRAPHASE_RUNNER_NAME_EMAIL }}
HOMEBREW_GITHUB_PACKAGES_USER: ${{ vars.LYRAPHASE_RUNNER_USER }}
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }}
REPO_PATH: ${{steps.set-up-homebrew.outputs.repository-path}}
run: |
# Don't quote arguments that might be empty; this causes errors when `brew`
# interprets them as empty arguments when we want `brew` to ignore them instead.
brew pr-upload \
--debug \
--committer="$BREWTESTBOT_NAME_EMAIL" \
--root-url="https://ghcr.io/v2/${GITHUB_REPOSITORY_OWNER}/${GITHUB_REPOSITORY#*/homebrew-}" \
${{inputs.warn_on_upload_failure && '--warn-on-upload-failure' || ''}}
echo "head_sha=$(git -C "$REPO_PATH" rev-parse HEAD)" >> "$GITHUB_OUTPUT"
- name: Push commits
uses: Homebrew/actions/git-try-push@master
with:
token: ${{ secrets.LYRAPHASE_RUNNER_AUTOMERGE_TOKEN }}
branch: test-publish
env:
GIT_COMMITTER_NAME: ${{ vars.LYRAPHASE_RUNNER_USER }}
GIT_COMMITTER_EMAIL: ${{ vars.LYRAPHASE_RUNNER_EMAIL }}
# TODO: Find out if this permission is needed?
# id-token: write
# OIDC JWT token request access
# Reference: https://github.com/github/docs/issues/25952#issuecomment-1616560496
- name: Post comment on failure
if: failure()
uses: Homebrew/actions/post-comment@master
with:
token: ${{secrets.GITHUB_TOKEN}}
issue: ${{ inputs.pull_request || github.event.pull_request.number }}
body: ":warning: @${{github.actor}} bottle publish [failed](${{env.RUN_URL}})."
bot_body: ":warning: Bottle publish [failed](${{env.RUN_URL}})."
bot: github-actions[bot]
# - name: Delete branch
# if: github.event.pull_request.head.repo.fork == false
# env:
# BRANCH: ${{ github.event.pull_request.head.ref }}
# run: git push --delete origin $BRANCH