diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml index cd80e8db3..ebecd3103 100644 --- a/.github/workflows/publish_release.yml +++ b/.github/workflows/publish_release.yml @@ -1,4 +1,4 @@ -name: NPM Release +name: Publish Release on: workflow_dispatch: release: @@ -10,6 +10,47 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: false jobs: + homebrew_release: + name: Publish Homebrew formula + runs-on: ubuntu-latest + steps: + - name: "Generate a GitHub token" + id: github-token + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 + with: + client-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: | + ${{ github.repository }} + homebrew-tap + permission-contents: write + - name: "Download Homebrew formula artifact" + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 + with: + workflow: tag_to_draft_release.yml + name: homebrew-formula-${{ github.event.release.tag_name }} + github_token: ${{ steps.github-token.outputs.token }} + - name: "Checkout homebrew-tap repository" + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + with: + repository: fastly/homebrew-tap + token: ${{ steps.github-token.outputs.token }} + persist-credentials: true + path: homebrew-tap + - name: "Copy formula to homebrew-tap repository" + run: | + cp fastly.rb homebrew-tap/Formula/fastly.rb + - name: "Commit and push Homebrew formula" + working-directory: homebrew-tap + env: + RELEASE_TAG: ${{ github.event.release.tag_name }} + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add Formula/fastly.rb + git commit -m "Update fastly formula to ${RELEASE_TAG}" + git push npm_release: name: Publish npm packages runs-on: ubuntu-latest diff --git a/.github/workflows/tag_to_draft_release.yml b/.github/workflows/tag_to_draft_release.yml index 8a603460b..6be0e76b0 100644 --- a/.github/workflows/tag_to_draft_release.yml +++ b/.github/workflows/tag_to_draft_release.yml @@ -13,6 +13,8 @@ jobs: goreleaser: name: Run goreleaser runs-on: ubuntu-latest + permissions: + contents: write steps: - name: "Checkout code" uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 @@ -33,22 +35,6 @@ jobs: rustflags: "" - name: "Generate static app config" run: make config - # Passing the raw SSH private key causes an error: - # Load key "/tmp/id_*": invalid format - # - # Testing locally we discovered that storing in a file and passing the file path works. - # - # NOTE: - # The file aur_key must be added to .gitignore otherwise a 'dirty state' error is triggered in goreleaser. - # https://github.com/goreleaser/goreleaser/blob/9505cf7054b05a6e9a4a36f806d525bc33660e9e/www/docs/errors/dirty.md - # - # You must also reduce the permissions from a default of 0644 to 600 to avoid a 'bad permissions' error. - - name: "Store AUR_KEY in local file" - env: - AUR_KEY_SECRET: ${{ secrets.AUR_KEY }} - run: | - printf '%s\n' "$AUR_KEY_SECRET" > "$GITHUB_WORKSPACE/aur_key" - chmod 600 "$GITHUB_WORKSPACE/aur_key" - name: "Run GoReleaser" uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2 with: @@ -57,5 +43,10 @@ jobs: version: '~> v2' args: release --clean env: - AUR_KEY: '${{ github.workspace }}/aur_key' - GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: "Upload Homebrew formula as artifact" + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: homebrew-formula-${{ github.ref_name }} + path: dist/fastly.rb + if-no-files-found: error diff --git a/.gitignore b/.gitignore index 5370bf679..8600936ce 100644 --- a/.gitignore +++ b/.gitignore @@ -60,9 +60,6 @@ build/ # Ignore application configuration vendor/ -# Ignore generated file for AUR_KEY which is passed to goreleaser as an environment variable. -aur_key - # Ignore static config that is embedded into the CLI # All Makefile targets use the 'config' as a prerequisite (which generates the config) pkg/config/config.toml diff --git a/.goreleaser.yml b/.goreleaser.yml index eda2343e4..a7015deb6 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -72,43 +72,6 @@ archives: <<: *archive_defaults wrap_in_directory: false formats: [zip] -# https://goreleaser.com/customization/aur/ -aurs: - - homepage: "https://github.com/fastly/cli" - description: "A CLI for interacting with the Fastly platform" - maintainers: - - 'oss@fastly.com' - license: "Apache license 2.0" - skip_upload: auto - provides: - - fastly - conflicts: - - fastly - - # The SSH private key that should be used to commit to the Git repository. - # This can either be a path or the key contents. - # - # WARNING: do not expose your private key in the config file! - private_key: '{{ .Env.AUR_KEY }}' - - # The AUR Git URL for this package. - # Defaults to empty. - git_url: 'ssh://aur@aur.archlinux.org/fastly-bin.git' - - # List of packages that are not needed for the software to function, - # but provide additional features. - # - # Must be in the format `package: short description of the extra functionality`. - # - # Defaults to empty. - optdepends: - - 'viceroy: for running service locally' - - # The value to be passed to `GIT_SSH_COMMAND`. - # - # - # Defaults to `ssh -i {{ .KeyPath }} -o StrictHostKeyChecking=accept-new -F /dev/null`. - git_ssh_command: 'ssh -i {{ .KeyPath }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -F /dev/null' # https://goreleaser.com/customization/homebrew/ brews: @@ -117,7 +80,7 @@ brews: repository: owner: fastly name: homebrew-tap - skip_upload: auto + skip_upload: true # Formula will be uploaded by publish_release workflow description: A CLI for interacting with the Fastly platform homepage: https://github.com/fastly/cli directory: Formula