Skip to content

Release to brew

Release to brew #21

Workflow file for this run

# See following documentations for more information -
# Creation and maintenance of personal taps:
# https://docs.brew.sh/How-to-Create-and-Maintain-a-Tap
# More information about bottles:
# https://docs.brew.sh/Bottles
# Create a tap with automatic tests and bottle creation workflows:
# https://brew.sh/2020/11/18/homebrew-tap-with-bottles-uploaded-to-github-releases/
# This workflow can be used to perform certain tasks from main repository rather
# than a Tap -
# - Formula Syntax Check
# - Run brew test-bot for testing and bottle creation
# (and upload bottles to release which triggered this workflow)
# - Add commit on top of PR created by brew bump-formla-pr to add generate
# bottle DSL to formula
# USAGE:
# Copy this workflow to .github/workflows of your repository and update
# following variables in env below -
# - FORMULA
# - TAP
# - BOT_USER
# - BOT_EMAIL
# - BOT_TOKEN
# NOTE:
# In case any other changes are required in the formula such as -
# - Updating python dependencies
# - Updating brew dependencies
# - Updating test
# - Updating Install block etc
# Make sure to merge those changes before this workflow gets triggered as this
# workflow will bump the formula and also create bottles right away
# automatically.
name: Release to brew
on:
release:
types: [created]
env:
FORMULA: cbmc-viewer
TAP: aws/tap
BOT_USER: aws-viewer-for-cbmc-release-ci
RELEASE_TAG: ${GITHUB_REF/refs\/tags\/} # GITHUB_REF = refs/tags/STRING-MAJOR.MINOR
VERSION: $(echo $GITHUB_REF | cut -d "/" -f 3 | cut -d "-" -f 2)
AWS_ROLE: arn:aws:iam::${{secrets.AWS_ACCOUNT}}:role/PublisherTokenReader
AWS_REGION: us-west-2
jobs:
homebrew-pr:
name: Homebrew Bump Formula PR
runs-on: macos-latest
permissions:
id-token: write
steps:
- name: Authenticate GitHub workflow to AWS
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Fetch secrets
run: |
echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV
echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
- name: Configure git user name and email
run: |
git config --global user.name ${{ env.BOT_USER }}
git config --global user.email $BOT_EMAIL
- name: Create homebrew PR
run: |
brew tap ${{ env.TAP }}
brew update-reset
brew bump-formula-pr --tag "${{ env.RELEASE_TAG }}" --revision "$GITHUB_SHA" ${{ env.TAP }}/${{ env.FORMULA }} --force
build-bottle:
needs: homebrew-pr
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: write
steps:
- name: Set up Homebrew
id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Authenticate GitHub workflow to AWS
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Fetch secrets
run: |
echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV
echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
echo "FORK_REPO=https://$HOMEBREW_GITHUB_API_TOKEN@github.com/$BOT_USER/homebrew-$(echo $TAP |cut -d / -f 2).git" >> $GITHUB_ENV
echo "GITHUB_TOKEN=$HOMEBREW_GITHUB_API_TOKEN" >> $GITHUB_ENV
- name: Checkout PR
run: |
brew tap ${{ env.TAP }}
brew update-reset
cd $(brew --repo ${{ env.TAP }})
git remote add fork-repo $FORK_REPO
git fetch fork-repo
git checkout -B bump-${{ env.FORMULA }}-${{ env.VERSION }} fork-repo/bump-${{ env.FORMULA }}-${{ env.VERSION }}
- name: Tap Syntax
run: |
brew audit --online --git --skip-style ${{ env.TAP }}/${{ env.FORMULA }}
brew style ${{ env.TAP }}/${{ env.FORMULA }}
- name: Build bottle
run: |
brew test-bot --tap ${{ env.TAP }} --testing-formulae ${{ env.TAP }}/${{ env.FORMULA }} --only-formulae --root-url=https://github.com/$GITHUB_REPOSITORY/releases/download/${{ env.RELEASE_TAG }}
- name: Get Package Path
id: get_package_path
run: |
echo "bottle_name=$(ls *.tar.gz)" >> $GITHUB_OUTPUT
- name: Get File Name
id: get_file_name
run: |
file_name="$(cat *.json | jq -r '."${{ env.TAP }}/${{ env.FORMULA }}".bottle.tags[].filename')"
echo "file_name=$file_name" >> $GITHUB_OUTPUT
- name: Upload bottles as artifact
uses: actions/upload-artifact@v4
with:
name: bottle-${{ matrix.os }}
path: '*.bottle.*'
- name: Upload release binary
uses: actions/upload-release-asset@v1.0.2
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ${{ steps.get_package_path.outputs.bottle_name }}
asset_name: ${{ steps.get_file_name.outputs.file_name }}
asset_content_type: application/x-gzip
update-pr:
needs: build-bottle
runs-on: macos-latest
permissions:
id-token: write
steps:
- uses: actions/download-artifact@v4
with:
pattern: bottle-*
- name: Authenticate GitHub workflow to AWS
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Fetch secrets
run: |
echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV
echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
echo "FORK_REPO=https://$HOMEBREW_GITHUB_API_TOKEN@github.com/$BOT_USER/homebrew-$(echo $TAP |cut -d / -f 2).git" >> $GITHUB_ENV
- name: Configure git user name and email
run: |
git config --global user.name ${{ env.BOT_USER }}
git config --global user.email BOT_EMAIL
- name: Checkout PR
run: |
brew tap ${{ env.TAP }}
brew update-reset
cd $(brew --repo ${{ env.TAP }})
git remote add fork-repo $FORK_REPO
git fetch fork-repo
git checkout -B bump-${{ env.FORMULA }}-${{ env.VERSION }} fork-repo/bump-${{ env.FORMULA }}-${{ env.VERSION }}
- name: Generate and merge bottle DSL
run: |
brew bottle --merge --write $(ls bottle-*/*.json)
cd $(brew --repo ${{ env.TAP }})
git push fork-repo bump-${{ env.FORMULA }}-${{ env.VERSION }}