ci: publish: Remove TODO item (not needed) #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: brew pr-pull | |
on: | |
pull_request_target: | |
types: | |
- labeled | |
workflow_dispatch: | |
inputs: | |
pull_request: | |
description: Pull request number | |
type: number | |
required: true | |
large_runner: | |
description: "Run the upload job on a large runner? (default: false)" | |
type: boolean | |
required: false | |
default: false | |
autosquash: | |
description: "Squash pull request commits according to Homebrew style? (default: false)" | |
type: boolean | |
required: false | |
default: false | |
warn_on_upload_failure: | |
description: "Pass `--warn-on-upload-failure` to `brew pr-pull`? (default: false)" | |
type: boolean | |
required: false | |
default: false | |
message: | |
description: "Message to include when autosquashing revision bumps, deletions, and rebuilds (requires autosquash)" | |
required: false | |
env: | |
PR: ${{ inputs.pull_request || github.event.pull_request.number }} | |
INPUT_MESSAGE: ${{ inputs.message }} | |
# GNUPGHOME: /tmp/gnupghome | |
HOMEBREW_DEVELOPER: 1 | |
HOMEBREW_NO_AUTO_UPDATE: 1 | |
HOMEBREW_NO_INSTALL_FROM_API: 1 | |
GH_NO_UPDATE_NOTIFIER: 1 | |
GH_PROMPT_DISABLED: 1 | |
GH_REPO: ${{ github.repository }} | |
jobs: | |
check: | |
runs-on: ubuntu-latest | |
outputs: | |
bottles: ${{ steps.pr-branch-check.outputs.bottles }} | |
head_sha: ${{ steps.pr-branch-check.outputs.head_sha }} | |
branch: ${{ steps.pr-branch-check.outputs.branch }} | |
remote_branch: ${{ steps.pr-branch-check.outputs.remote_branch }} | |
remote: ${{ steps.pr-branch-check.outputs.remote }} | |
replace: ${{ steps.pr-branch-check.outputs.replace }} | |
requires_merge: ${{ steps.pr-branch-check.outputs.requires_merge }} | |
env: | |
NON_PUSHABLE_MESSAGE: >- | |
:no_entry: It looks like @${{ vars.LYRAPHASE_RUNNER_USER }} cannot push to your PR branch. For future pull requests, please | |
[allow maintainers to edit your PR](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to simplify the merge process. | |
ORG_FORK_MESSAGE: >- | |
:no_entry: It looks like @${{ vars.LYRAPHASE_RUNNER_USER }} cannot push to your PR branch. Please open | |
future pull requests from a non-organization fork to simplify the merge process. | |
steps: | |
- name: Check PR approval | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
if jq --exit-status 'all(.[].state; .!= "APPROVED")' | |
then | |
echo "::error ::PR #$PR is not approved!" | |
exit 1 | |
fi < <( | |
gh api \ | |
--header 'Accept: application/vnd.github+json' \ | |
--header 'X-GitHub-Api-Version: 2022-11-28' \ | |
--paginate \ | |
"repos/$GITHUB_REPOSITORY/pulls/$PR/reviews" | |
) | |
- name: Check PR branch for mergeability | |
id: pr-branch-check | |
env: | |
GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
run: | | |
pr_data="$( | |
gh api \ | |
--header 'Accept: application/vnd.github+json' \ | |
--header 'X-GitHub-Api-Version: 2022-11-28' \ | |
"repos/$GH_REPO/pulls/$PR" | |
)" | |
pushable="$(jq .maintainer_can_modify <<< "$pr_data")" | |
branch="$(jq --raw-output .head.ref <<< "$pr_data")" | |
remote="$(jq --raw-output .head.repo.clone_url <<< "$pr_data")" | |
head_repo="$(jq --raw-output .head.repo.full_name <<< "$pr_data")" | |
head_repo_owner="$(jq --raw-output .head.repo.owner.login <<< "$pr_data")" | |
head_sha="$(jq --raw-output .head.sha <<< "$pr_data")" | |
fork_type="$(jq --raw-output .head.repo.owner.type <<< "$pr_data")" | |
state="$(jq --raw-output .state <<< "$pr_data")" | |
node_id="$(jq --raw-output .node_id <<< "$pr_data")" | |
merged="$(jq --raw-output .merged <<< "$pr_data")" | |
automerge_enabled="$(jq --raw-output '.auto_merge != null' <<< "$pr_data")" | |
if [[ -z "$pushable" ]] || | |
[[ -z "$branch" ]] || | |
[[ -z "$remote" ]] || | |
[[ -z "$head_repo" ]] || | |
[[ -z "$head_repo_owner" ]] || | |
[[ -z "$head_sha" ]] || | |
[[ -z "$fork_type" ]] || | |
[[ -z "$state" ]] || | |
[[ -z "$merged" ]] || | |
[[ -z "$node_id" ]] || | |
[[ -z "$automerge_enabled" ]] | |
then | |
echo "::error ::Failed to get PR data!" | |
exit 1 | |
fi | |
if [[ "$state" = "closed" ]] | |
then | |
echo "::error ::PR #$PR is closed!" | |
exit 1 | |
fi | |
bottles=true | |
while IFS='' read -r label | |
do | |
if [[ "$label" = "CI-syntax-only" ]] || | |
[[ "$label" = "CI-no-bottles" ]] || | |
[[ "$label" = "CI-published-bottle-commits" ]] | |
then | |
echo '::notice ::No bottles to publish according to PR labels.' | |
bottles=false | |
break | |
fi | |
done < <(jq --raw-output '.labels[].name' <<< "$pr_data") | |
requires_merge=true | |
if [[ "$merged" = "true" || "$automerge_enabled" = "true" ]] | |
then | |
echo '::notice ::Pull request is either already merged or queued to merge.' | |
requires_merge=false | |
fi | |
if [[ "$branch" = "master" ]] | |
then | |
branch="$head_repo_owner/master" | |
remote_branch="master" | |
else | |
remote_branch="$branch" | |
fi | |
{ | |
echo "bottles=$bottles" | |
echo "head_sha=$head_sha" | |
echo "branch=$branch" | |
echo "remote_branch=$remote_branch" | |
echo "remote=$remote" | |
echo "node_id=$node_id" | |
echo "requires_merge=$requires_merge" | |
echo "replace=${{ inputs.autosquash }}" | |
} >> "$GITHUB_OUTPUT" | |
if "$pushable" && [[ "$fork_type" != "Organization" ]] || | |
[[ "$head_repo" = "$GH_REPO" ]] || | |
[[ "$bottles" = "false" ]] | |
then | |
exit 0 | |
elif "$pushable" || [[ "$fork_type" = "Organization" ]] | |
then | |
MESSAGE="$ORG_FORK_MESSAGE" | |
else | |
MESSAGE="$NON_PUSHABLE_MESSAGE" | |
fi | |
echo "replace=true" >> "$GITHUB_OUTPUT" | |
gh pr comment "$PR" --body "$MESSAGE" --repo "$GITHUB_REPOSITORY" | |
gh pr edit --add-label 'no push access' "$PR" --repo "$GITHUB_REPOSITORY" | |
pr-pull: | |
needs: check | |
if: contains(github.event.pull_request.labels.*.name, 'pr-pull') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Configure Git user | |
id: git-user-config | |
uses: Homebrew/actions/git-user-config@master | |
with: | |
username: ${{ (github.actor != 'github-actions[bot]' && github.actor) || vars.LYRAPHASE_RUNNER_USER }} | |
- name: Checkout PR branch | |
working-directory: ${{steps.set-up-homebrew.outputs.repository-path}} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
env | |
gh pr checkout "$PR" --repo "$GITHUB_REPOSITORY" | |
- name: Pull bottles | |
id: pr-pull | |
env: | |
BREWTESTBOT_NAME_EMAIL: ${{ vars.LYRAPHASE_RUNNER_NAME_EMAIL }} | |
HOMEBREW_GITHUB_PACKAGES_USER: ${{ vars.LYRAPHASE_RUNNER_USER }} | |
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }} | |
HOMEBREW_GITHUB_API_TOKEN: ${{ github.token }} | |
run: | | |
brew pr-pull \ | |
--debug \ | |
--no-upload \ | |
--clean \ | |
--autosquash \ | |
--tap="$GITHUB_REPOSITORY" \ | |
--github-org="${GITHUB_REPOSITORY_OWNER}" \ | |
--committer="$BREWTESTBOT_NAME_EMAIL" \ | |
--root-url="https://ghcr.io/v2/${GITHUB_REPOSITORY_OWNER}/${GITHUB_REPOSITORY#*/homebrew-}" \ | |
--retain-bottle-dir \ | |
"$PR" | |
- name: Generate build provenance | |
uses: actions/attest-build-provenance@v1 | |
with: | |
github-token: '${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }}' | |
subject-path: '${{steps.pr-pull.outputs.bottle_path}}/*.tar.gz' | |
- name: Upload bottles to GitHub Packages | |
id: pr-upload | |
working-directory: ${{steps.pr-pull.outputs.bottle_path}} | |
env: | |
BREWTESTBOT_NAME_EMAIL: ${{ vars.LYRAPHASE_RUNNER_NAME_EMAIL }} | |
HOMEBREW_GITHUB_PACKAGES_USER: ${{ vars.LYRAPHASE_RUNNER_USER }} | |
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{ secrets.LYRAPHASE_RUNNER_PACKAGES_TOKEN }} | |
REPO_PATH: ${{steps.set-up-homebrew.outputs.repository-path}} | |
run: | | |
# Don't quote arguments that might be empty; this causes errors when `brew` | |
# interprets them as empty arguments when we want `brew` to ignore them instead. | |
brew pr-upload \ | |
--debug \ | |
--committer="$BREWTESTBOT_NAME_EMAIL" \ | |
--root-url="https://ghcr.io/v2/${GITHUB_REPOSITORY_OWNER}/${GITHUB_REPOSITORY#*/homebrew-}" \ | |
${{inputs.warn_on_upload_failure && '--warn-on-upload-failure' || ''}} | |
echo "head_sha=$(git -C "$REPO_PATH" rev-parse HEAD)" >> "$GITHUB_OUTPUT" | |
- name: Push commits | |
uses: Homebrew/actions/git-try-push@master | |
with: | |
token: ${{ secrets.LYRAPHASE_RUNNER_AUTOMERGE_TOKEN }} | |
directory: ${{ steps.set-up-homebrew.outputs.repository-path }} | |
remote: ${{ needs.check.outputs.remote }} | |
branch: ${{ needs.check.outputs.branch }} | |
remote_branch: ${{ needs.check.outputs.remote_branch }} | |
env: | |
GIT_COMMITTER_NAME: ${{ vars.LYRAPHASE_RUNNER_USER }} | |
GIT_COMMITTER_EMAIL: ${{ vars.LYRAPHASE_RUNNER_EMAIL }} | |
# HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }} | |
- name: Post comment on failure | |
if: failure() | |
uses: Homebrew/actions/post-comment@master | |
env: | |
RUN_URL: ${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }} | |
with: | |
token: ${{secrets.GITHUB_TOKEN}} | |
issue: ${{ inputs.pull_request || github.event.pull_request.number }} | |
body: ":warning: @${{github.actor}} bottle publish [failed](${{env.RUN_URL}})." | |
bot_body: ":warning: Bottle publish [failed](${{env.RUN_URL}})." | |
bot: github-actions[bot] | |
# - name: Delete branch | |
# if: github.event.pull_request.head.repo.fork == false | |
# env: | |
# BRANCH: ${{ github.event.pull_request.head.ref }} | |
# run: git push --delete origin $BRANCH |