Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

publish-commit-bottles: use public action #171085

Merged
merged 11 commits into from
May 8, 2024
Merged

publish-commit-bottles: use public action #171085

Changes from 10 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
cd6f069
publish-commit-bottles: use public action
woodruffw May 7, 2024
bc8d552
publish-commit-bottles: skip last ditch if unneeded
woodruffw May 7, 2024
c678d71
publish-commit-bottles: refactor to avoid retry
woodruffw May 7, 2024
2e99a89
Update .github/workflows/publish-commit-bottles.yml
woodruffw May 8, 2024
f9e2806
Update .github/workflows/publish-commit-bottles.yml
woodruffw May 8, 2024
ebc5093
publish-commit-bottles: drop perms, add GPG env
woodruffw May 8, 2024
340e6ec
publish-commit-bottles: relocate head_sha output
woodruffw May 8, 2024
dc9b857
Update .github/workflows/publish-commit-bottles.yml
woodruffw May 8, 2024
e3bb5ae
Update .github/workflows/publish-commit-bottles.yml
woodruffw May 8, 2024
ce31aba
publish-commit-bottles: remove committer from pull step
woodruffw May 8, 2024
b04538b
Update .github/workflows/publish-commit-bottles.yml
woodruffw May 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 29 additions & 14 deletions .github/workflows/publish-commit-bottles.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,9 +244,8 @@ jobs:
volumes:
- /mnt:/mnt
permissions:
attestations: write # for `generate build provenance`
id-token: write # for `generate build provenance`
contents: write # for `generate build provenance`
packages: write # for `generate build provenance`
actions: read # for `brew pr-pull`
pull-requests: write # for `gh pr edit|review`
repository-projects: write # for `gh pr edit`
Expand Down Expand Up @@ -288,15 +287,12 @@ jobs:
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: gh pr checkout "$PR"

- name: Pull and upload bottles to GitHub Packages
- name: Pull PR bottles
id: pr-pull
working-directory: ${{steps.set-up-homebrew.outputs.repository-path}}
env:
BREWTESTBOT_NAME_EMAIL: "BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>"
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
woodruffw marked this conversation as resolved.
Show resolved Hide resolved
HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_CORE_PUBLIC_REPO_EMAIL_TOKEN}}
HOMEBREW_GITHUB_PACKAGES_USER: brewtestbot
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{secrets.HOMEBREW_CORE_GITHUB_PACKAGES_TOKEN}}
woodruffw marked this conversation as resolved.
Show resolved Hide resolved
EXPECTED_SHA: ${{needs.check.outputs.head_sha}}
LARGE_RUNNER: ${{inputs.large_runner}}
run: |
Expand All @@ -322,24 +318,43 @@ jobs:

# Don't quote arguments that might be empty; this causes errors.
brew pr-pull \
--no-upload \
--debug \
--clean \
--no-cherry-pick \
--workflows=tests.yml \
--committer="$BREWTESTBOT_NAME_EMAIL" \
--root-url="https://ghcr.io/v2/homebrew/core" \
--retain-bottle-dir \
${{inputs.warn_on_upload_failure && '--warn-on-upload-failure' || ''}} \
${{inputs.message && '--message="$INPUT_MESSAGE"' || ''}} \
"$PR"

echo "head_sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"

- name: generate build provenance
uses: github-early-access/generate-build-provenance@main
- name: Generate build provenance
uses: actions/attest-build-provenance@v1
with:
subject-path: '${{steps.pr-pull.outputs.bottle_path}}/*.tar.gz'


- name: Upload bottles to GitHub Packages
id: pr-upload
working-directory: ${{steps.pr-pull.outputs.bottle_path}}
env:
BREWTESTBOT_NAME_EMAIL: "BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>"
woodruffw marked this conversation as resolved.
Show resolved Hide resolved
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
HOMEBREW_GITHUB_PACKAGES_USER: brewtestbot
HOMEBREW_GITHUB_PACKAGES_TOKEN: ${{secrets.HOMEBREW_CORE_GITHUB_PACKAGES_TOKEN}}
REPO_PATH: ${{steps.set-up-homebrew.outputs.repository-path}}
run: |
# Don't quote arguments that might be empty; this causes errors when `brew`
# interprets them as empty arguments when we want `brew` to ignore them instead.
brew pr-upload \
--debug \
--committer="$BREWTESTBOT_NAME_EMAIL" \
--root-url="https://ghcr.io/v2/homebrew/core" \
${{inputs.warn_on_upload_failure && '--warn-on-upload-failure' || ''}} \
"$PR"

echo "head_sha=$(git -C "$REPO_PATH" rev-parse HEAD)" >> "$GITHUB_OUTPUT"

- name: Push commits
uses: Homebrew/actions/git-try-push@master
with:
Expand Down Expand Up @@ -373,7 +388,7 @@ jobs:
id: wait-until-in-sync
working-directory: ${{steps.set-up-homebrew.outputs.repository-path}}
env:
EXPECTED_SHA: ${{steps.pr-pull.outputs.head_sha}}
EXPECTED_SHA: ${{steps.pr-upload.outputs.head_sha}}
run: |
echo "::notice ::Local repository HEAD: $EXPECTED_SHA"

Expand Down Expand Up @@ -413,7 +428,7 @@ jobs:
id: automerge
env:
GH_TOKEN: ${{secrets.HOMEBREW_GITHUB_PUBLIC_REPO_TOKEN}}
EXPECTED_SHA: ${{steps.pr-pull.outputs.head_sha}}
EXPECTED_SHA: ${{steps.pr-upload.outputs.head_sha}}
working-directory: ${{steps.set-up-homebrew.outputs.repository-path}}
run: |
local_git_head="$(git rev-parse HEAD)"
Expand Down
Loading