GitHub app installation access token. #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# .github/workflows/tag-pushed.yml | |
# | |
--- | |
name: tag-pushed | |
on: | |
push: | |
tags: ["**"] | |
defaults: | |
run: | |
# Force all run commands to not use Rosetta 2 | |
shell: arch -arm64 /bin/zsh -Negku {0} | |
jobs: | |
tag-pushed: | |
if: ${{!github.event.repository.fork}} | |
runs-on: macos-15 | |
steps: | |
- name: π Checkout repo | |
env: | |
GIT_CONFIG_COUNT: 1 | |
GIT_CONFIG_KEY_0: init.defaultBranch | |
GIT_CONFIG_VALUE_0: ${{github.event.repository.default_branch}} | |
uses: actions/checkout@v4 | |
- name: π Delete tag lacking valid signature | |
run: | | |
git fetch --force origin "${GITHUB_REF}:${GITHUB_REF}" | |
if [[\ | |
"$(git cat-file tag "${GITHUB_REF_NAME}")" != *'-----BEGIN SSH SIGNATURE-----'*'-----END SSH SIGNATURE-----'\ | |
]]; then | |
printf $'Error: Deleting tag %s because it does not have a valid signature\n' "${GITHUB_REF_NAME}" >&2 | |
git push -d origin "${GITHUB_REF_NAME}" | |
exit 1 | |
fi | |
- name: π· Exit if not a version tag | |
run: | | |
if [[ ! "${GITHUB_REF_NAME}" =~ '^v[[:digit:]]+(\.[[:digit:]]+)*(-(alpha|beta|rc)\.[[:digit:]]+)?$' ]]; then | |
printf $'Exiting because %s is not a version tag\n' "${GITHUB_REF_NAME}" | |
exit 2 | |
fi | |
- name: π³ Delete version tag not on main | |
env: | |
DEFAULT_BRANCH_NAME: ${{github.event.repository.default_branch}} | |
run: | | |
git fetch --force origin "${DEFAULT_BRANCH_NAME}:${DEFAULT_BRANCH_NAME}" | |
if ! git merge-base --is-ancestor "${GITHUB_REF_NAME}" "${DEFAULT_BRANCH_NAME}"; then | |
printf $'Error: Deleting version tag %s because it is not on the %s branch\n' "${GITHUB_REF_NAME}"\ | |
"${DEFAULT_BRANCH_NAME}" >&2 | |
git push -d origin "${GITHUB_REF_NAME}" | |
exit 3 | |
fi | |
- name: π¦ Build universal executable & package it in an installer | |
run: | | |
script/package | |
- name: π° Bump custom tap formula | |
env: | |
TOKEN_APP_ID: ${{secrets.TOKEN_APP_ID}} | |
TOKEN_APP_INSTALLATION_ID: ${{secrets.TOKEN_APP_INSTALLATION_ID}} | |
TOKEN_APP_PRIVATE_KEY: ${{secrets.TOKEN_APP_PRIVATE_KEY}} | |
run: | | |
export HOMEBREW_GITHUB_API_TOKEN="$(script/generate_token)" | |
echo "${HOMEBREW_GITHUB_API_TOKEN}" | |
brew tap "${GITHUB_REPOSITORY_OWNER}/tap" | |
unsetopt errexit | |
bump_output="$(brew bump-formula-pr\ | |
--tag "${GITHUB_REF_NAME}"\ | |
--revision "${GITHUB_SHA}"\ | |
--no-fork\ | |
--no-browse\ | |
--online\ | |
--strict\ | |
--verbose\ | |
"${GITHUB_REPOSITORY_OWNER}/tap/mas"\ | |
2>&1)" | |
exit_code="${?}" | |
setopt errexit | |
printf %s "${bump_output}" | |
printf %s "${${(f)bump_output}[-1]}" > .build/bump.url | |
exit "${exit_code}" | |
- name: π Create draft release | |
env: | |
GH_TOKEN: ${{github.token}} | |
run: | | |
gh release create\ | |
"${GITHUB_REF_NAME}"\ | |
".build/mas-${GITHUB_REF_NAME#v}.pkg"\ | |
.build/bump.url\ | |
-d\ | |
${"${GITHUB_REF_NAME//[^-]}":+-p}\ | |
-t "${GITHUB_REF_NAME}: ${$(git tag -l "${GITHUB_REF_NAME}" --format='%(contents)')%%$'\n'*}"\ | |
--generate-notes |