gs-stack-status/.github/workflows/release.yaml at a03a1a15e2633c79fa58723bde1d8eaf000c398a · nsheaps/gs-stack-status · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Release

on:
  push:
    branches:
      - main

permissions:
  contents: write
  actions: read

jobs:
  release:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.release.outputs.version }}
      tag: ${{ steps.release.outputs.tag }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Authenticate as GitHub App
        id: auth
        uses: ./.github/actions/github-app-auth
        with:
          app-id: ${{ secrets.AUTOMATION_GITHUB_APP_ID }}
          private-key: ${{ secrets.AUTOMATION_GITHUB_APP_PRIVATE_KEY }}

      - name: Fetch tags
        run: git fetch --tags --force

      - name: Setup mise
        uses: jdx/mise-action@v2

      - name: Install dependencies
        run: yarn install

      - name: Run release-it
        id: release
        env:
          GITHUB_TOKEN: ${{ steps.auth.outputs.token }}
        run: |
          yarn release-it --ci
          TAG=$(git describe --tags --abbrev=0)
          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
          echo "version=${TAG#v}" >> "$GITHUB_OUTPUT"

  update-homebrew:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Get job context
        id: context
        uses: qoomon/actions--context@v4

      - name: Authenticate as GitHub App
        id: auth
        uses: ./.github/actions/github-app-auth
        with:
          app-id: ${{ secrets.AUTOMATION_GITHUB_APP_ID }}
          private-key: ${{ secrets.AUTOMATION_GITHUB_APP_PRIVATE_KEY }}

      - name: Get release info
        id: release
        run: |
          VERSION="${{ needs.release.outputs.version }}"
          TAG="${{ needs.release.outputs.tag }}"
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          echo "tag=$TAG" >> "$GITHUB_OUTPUT"

          # Download archive tarball and calculate SHA256
          TARBALL_URL="https://github.com/${{ github.repository }}/archive/refs/tags/${TAG}.tar.gz"
          echo "Downloading tarball from: $TARBALL_URL"
          curl -fsSL "$TARBALL_URL" -o /tmp/archive.tar.gz
          SHA256=$(sha256sum /tmp/archive.tar.gz | cut -d' ' -f1)
          echo "sha256=$SHA256" >> "$GITHUB_OUTPUT"
          echo "Successfully got SHA256: $SHA256"

      - name: Clone homebrew-devsetup
        run: |
          gh repo clone nsheaps/homebrew-devsetup homebrew-devsetup

      - name: Install gomplate
        run: |
          curl -fsSL https://github.com/hairyhenderson/gomplate/releases/latest/download/gomplate_linux-amd64 -o /usr/local/bin/gomplate
          chmod +x /usr/local/bin/gomplate

      - name: Generate formula from template
        env:
          Tag: ${{ steps.release.outputs.tag }}
          SHA256: ${{ steps.release.outputs.sha256 }}
        run: |
          gomplate -f Formula/gs-stack-status.rb.gotmpl -o homebrew-devsetup/Formula/gs-stack-status.rb

      - name: Close stale formula PRs
        run: |
          cd homebrew-devsetup
          # Close any open PRs from previous formula updates — they're superseded
          gh pr list --state open --search "chore: update gs-stack-status to" --json number,title --jq '.[].number' | while read -r pr_num; do
            echo "Closing superseded PR #${pr_num}"
            gh pr close "$pr_num" --comment "Superseded by v${{ steps.release.outputs.version }} update."
          done

      - name: Create PR to update formula
        id: formula-pr
        env:
          RELEASE_URL: https://github.com/${{ github.repository }}/releases/tag/${{ steps.release.outputs.tag }}
          JOB_URL: ${{ env.GITHUB_JOB_URL }}
          VERSION: ${{ steps.release.outputs.version }}
          TAG: ${{ steps.release.outputs.tag }}
        run: |
          cd homebrew-devsetup
          BRANCH="bump-gs-stack-status-${VERSION}"

          # Delete remote branch if it exists from a previous failed run
          git push origin --delete "$BRANCH" 2>/dev/null || true

          git checkout -b "$BRANCH"
          git add Formula/gs-stack-status.rb
          git commit -m "chore: update gs-stack-status to ${VERSION}"
          git push -u origin "$BRANCH"

          cat > /tmp/pr-body.md <<BODY_EOF
Automated formula update from gs-stack-status release

**Release:** ${RELEASE_URL}
**Workflow:** ${JOB_URL}
BODY_EOF

          PR_URL=$(gh pr create \
            --title "chore: update gs-stack-status to ${VERSION}" \
            --body-file /tmp/pr-body.md \
            --base main)
          echo "pr_url=$PR_URL" >> "$GITHUB_OUTPUT"

      - name: Enable auto-merge with retry
        env:
          PR_URL: ${{ steps.formula-pr.outputs.pr_url }}
        run: |
          # Retry auto-merge — CI checks on the target repo need time to start,
          # and the GraphQL API rejects enablePullRequestAutoMerge while the PR
          # is in "unstable" (checks pending) status.
          for attempt in 1 2 3 4 5; do
            if gh pr merge "$PR_URL" --auto --squash; then
              echo "Auto-merge enabled successfully on attempt ${attempt}"
              exit 0
            fi
            wait=$((attempt * 10))
            echo "Auto-merge not ready (attempt ${attempt}/5), waiting ${wait}s..."
            sleep "$wait"
          done
          echo "::warning::Could not enable auto-merge after 5 attempts. PR was created successfully at ${PR_URL} — merge manually or re-run."