Fix update-pr workflow

We cannot rely on values in GITHUB_ENV that were stored earlier in the same step. Instead, directly query secretsmanager as needed. Also fixes the committer-email that used the literal `BOT_EMAIL` string rather than the variable.
model-checking · Jul 31, 2024 · f56936e · f56936e
1 parent a35eb35
commit f56936e
Showing 1 changed file with 4 additions and 12 deletions.
diff --git a/.github/workflows/release-brew.yaml b/.github/workflows/release-brew.yaml
@@ -102,10 +102,8 @@ jobs:
 
  - name: Fetch secrets
  run: |
- echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV
- echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
- echo "FORK_REPO=https://$HOMEBREW_GITHUB_API_TOKEN@github.com/$BOT_USER/homebrew-$(echo $TAP |cut -d / -f 2).git" >> $GITHUB_ENV
- echo "GITHUB_TOKEN=$HOMEBREW_GITHUB_API_TOKEN" >> $GITHUB_ENV
+ echo "FORK_REPO=https://$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')@github.com/$BOT_USER/homebrew-$(echo $TAP |cut -d / -f 2).git" >> $GITHUB_ENV
+ echo "GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
 
  - name: Checkout PR
  run: |
@@ -161,10 +159,6 @@ jobs:
  with:
  pattern: bottle-*
 
- - name: Set up Homebrew
- id: set-up-homebrew
- uses: Homebrew/actions/setup-homebrew@master
-
  - name: Authenticate GitHub workflow to AWS
  uses: aws-actions/configure-aws-credentials@v4
  with:
@@ -174,14 +168,12 @@ jobs:
  - name: Fetch secrets
  run: |
  echo "BOT_EMAIL=$(aws secretsmanager get-secret-value --secret-id BOT_EMAIL | jq -r '.SecretString')" >> $GITHUB_ENV
- echo "HOMEBREW_GITHUB_API_TOKEN=$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')" >> $GITHUB_ENV
- echo "FORK_REPO=https://$HOMEBREW_GITHUB_API_TOKEN@github.com/$BOT_USER/homebrew-$(echo $TAP |cut -d / -f 2).git" >> $GITHUB_ENV
- echo "GITHUB_TOKEN=$HOMEBREW_GITHUB_API_TOKEN" >> $GITHUB_ENV
+ echo "FORK_REPO=https://$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN | jq -r '.SecretString')@github.com/$BOT_USER/homebrew-$(echo $TAP |cut -d / -f 2).git" >> $GITHUB_ENV
 
  - name: Configure git user name and email
  run: |
  git config --global user.name ${{ env.BOT_USER }}
- git config --global user.email BOT_EMAIL
+ git config --global user.email $BOT_EMAIL
 
  - name: Checkout PR
  run: |