Release to brew #20
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See following documentations for more information - | |
# Creation and maintenance of personal taps: | |
# https://docs.brew.sh/How-to-Create-and-Maintain-a-Tap | |
# More information about bottles: | |
# https://docs.brew.sh/Bottles | |
# Create a tap with automatic tests and bottle creation workflows: | |
# https://brew.sh/2020/11/18/homebrew-tap-with-bottles-uploaded-to-github-releases/ | |
# This workflow can be used to perform certain tasks from main repository rather | |
# than a Tap - | |
# - Formula Syntax Check | |
# - Run brew test-bot for testing and bottle creation | |
# (and upload bottles to release which triggered this workflow) | |
# - Add commit on top of PR created by brew bump-formla-pr to add generate | |
# bottle DSL to formula | |
# USAGE: | |
# Copy this workflow to .github/workflows of your repository and update | |
# following variables in env below - | |
# - FORMULA | |
# - TAP | |
# - BOT_USER | |
# - BOT_EMAIL | |
# - BOT_TOKEN | |
# NOTE: | |
# In case any other changes are required in the formula such as - | |
# - Updating python dependencies | |
# - Updating brew dependencies | |
# - Updating test | |
# - Updating Install block etc | |
# Make sure to merge those changes before this workflow gets triggered as this | |
# workflow will bump the formula and also create bottles right away | |
# automatically. | |
name: Release to brew | |
on: | |
release: | |
types: [created] | |
env: | |
FORMULA: cbmc-viewer | |
TAP: aws/tap | |
BOT_USER: aws-viewer-for-cbmc-release-ci | |
RELEASE_TAG: ${GITHUB_REF/refs\/tags\/} # GITHUB_REF = refs/tags/STRING-MAJOR.MINOR | |
VERSION: $(echo $GITHUB_REF | cut -d "/" -f 3 | cut -d "-" -f 2) | |
AWS_ROLE: arn:aws:iam::${{secrets.AWS_ACCOUNT}}:role/PublisherTokenReader | |
AWS_REGION: us-west-2 | |
jobs: | |
homebrew-pr: | |
name: Homebrew Bump Formula PR | |
runs-on: macos-latest | |
permissions: | |
id-token: write | |
steps: | |
- name: Authenticate GitHub workflow to AWS | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Fetch secrets | |
run: | | |
echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV | |
echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV | |
- name: Configure git user name and email | |
run: | | |
git config --global user.name ${{ env.BOT_USER }} | |
git config --global user.email $BOT_EMAIL | |
- name: Create homebrew PR | |
run: | | |
brew tap ${{ env.TAP }} | |
brew update-reset | |
brew bump-formula-pr --tag "${{ env.RELEASE_TAG }}" --revision "$GITHUB_SHA" ${{ env.TAP }}/${{ env.FORMULA }} --force | |
build-bottle: | |
needs: homebrew-pr | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest] | |
runs-on: ${{ matrix.os }} | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Authenticate GitHub workflow to AWS | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Fetch secrets | |
run: | | |
echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV | |
echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV | |
echo "FORK_REPO=https://$HOMEBREW_GITHUB_API_TOKEN@github.com/$BOT_USER/homebrew-$(echo $TAP |cut -d / -f 2).git" >> $GITHUB_ENV | |
echo "GITHUB_TOKEN=$HOMEBREW_GITHUB_API_TOKEN" >> $GITHUB_ENV | |
- name: Checkout PR | |
run: | | |
brew tap ${{ env.TAP }} | |
brew update-reset | |
cd $(brew --repo ${{ env.TAP }}) | |
git remote add fork-repo $FORK_REPO | |
git fetch fork-repo | |
git checkout -B bump-${{ env.FORMULA }}-${{ env.VERSION }} fork-repo/bump-${{ env.FORMULA }}-${{ env.VERSION }} | |
- name: Tap Syntax | |
run: | | |
brew audit --online --git --skip-style ${{ env.TAP }}/${{ env.FORMULA }} | |
brew style ${{ env.TAP }}/${{ env.FORMULA }} | |
- name: Build bottle | |
run: | | |
brew test-bot --tap ${{ env.TAP }} --testing-formulae ${{ env.TAP }}/${{ env.FORMULA }} --only-formulae --root-url=https://github.com/$GITHUB_REPOSITORY/releases/download/${{ env.RELEASE_TAG }} | |
- name: Get Package Path | |
id: get_package_path | |
run: | | |
echo "bottle_name=$(ls *.tar.gz)" >> $GITHUB_OUTPUT | |
- name: Get File Name | |
id: get_file_name | |
run: | | |
file_name="$(cat *.json | jq -r '."${{ env.TAP }}/${{ env.FORMULA }}".bottle.tags[].filename')" | |
echo "file_name=$file_name" >> $GITHUB_OUTPUT | |
- name: Upload bottles as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: bottle-${{ matrix.os }} | |
path: '*.bottle.*' | |
- name: Upload release binary | |
uses: actions/upload-release-asset@v1.0.2 | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ${{ steps.get_package_path.outputs.bottle_name }} | |
asset_name: ${{ steps.get_file_name.outputs.file_name }} | |
asset_content_type: application/x-gzip | |
update-pr: | |
needs: build-bottle | |
runs-on: macos-latest | |
permissions: | |
id-token: write | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
pattern: bottle-* | |
- name: Authenticate GitHub workflow to AWS | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Fetch secrets | |
run: | | |
echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV | |
echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV | |
echo "FORK_REPO=https://$HOMEBREW_GITHUB_API_TOKEN@github.com/$BOT_USER/homebrew-$(echo $TAP |cut -d / -f 2).git" >> $GITHUB_ENV | |
- name: Configure git user name and email | |
run: | | |
git config --global user.name ${{ env.BOT_USER }} | |
git config --global user.email BOT_EMAIL | |
- name: Checkout PR | |
run: | | |
brew tap ${{ env.TAP }} | |
brew update-reset | |
cd $(brew --repo ${{ env.TAP }}) | |
git remote add fork-repo $FORK_REPO | |
git fetch fork-repo | |
git checkout -B bump-${{ env.FORMULA }}-${{ env.VERSION }} fork-repo/bump-${{ env.FORMULA }}-${{ env.VERSION }} | |
- name: Generate and merge bottle DSL | |
run: | | |
brew bottle --merge --write $(ls bottle-*/*.json) | |
cd $(brew --repo ${{ env.TAP }}) | |
git push fork-repo bump-${{ env.FORMULA }}-${{ env.VERSION }} |