chore(deps): update yarn to v4.13.0 (#16) #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| actions: read | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.release.outputs.version }} | |
| tag: ${{ steps.release.outputs.tag }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Authenticate as GitHub App | |
| id: auth | |
| uses: ./.github/actions/github-app-auth | |
| with: | |
| app-id: ${{ secrets.AUTOMATION_GITHUB_APP_ID }} | |
| private-key: ${{ secrets.AUTOMATION_GITHUB_APP_PRIVATE_KEY }} | |
| - name: Fetch tags | |
| run: git fetch --tags --force | |
| - name: Setup mise | |
| uses: jdx/mise-action@v3 | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Run release-it | |
| id: release | |
| env: | |
| GITHUB_TOKEN: ${{ steps.auth.outputs.token }} | |
| run: | | |
| yarn release-it --ci | |
| TAG=$(git describe --tags --abbrev=0) | |
| echo "tag=$TAG" >> "$GITHUB_OUTPUT" | |
| echo "version=${TAG#v}" >> "$GITHUB_OUTPUT" | |
| - name: Upload release assets | |
| env: | |
| GITHUB_TOKEN: ${{ steps.auth.outputs.token }} | |
| run: | | |
| TAG="${{ steps.release.outputs.tag }}" | |
| # op-exec is a platform-independent bash script, but ubi (used by | |
| # mise) expects assets named with OS/arch patterns. Upload copies | |
| # for each supported platform so `mise install ubi:nsheaps/op-exec` | |
| # works out of the box. | |
| for platform in linux-amd64 linux-arm64 darwin-amd64 darwin-arm64; do | |
| cp bin/op-exec "op-exec-${platform}" | |
| done | |
| gh release upload "$TAG" op-exec-linux-amd64 op-exec-linux-arm64 op-exec-darwin-amd64 op-exec-darwin-arm64 | |
| rm -f op-exec-linux-amd64 op-exec-linux-arm64 op-exec-darwin-amd64 op-exec-darwin-arm64 | |
| update-homebrew: | |
| needs: release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: Get job context | |
| id: context | |
| uses: qoomon/actions--context@v5 | |
| - name: Authenticate as GitHub App | |
| id: auth | |
| uses: ./.github/actions/github-app-auth | |
| with: | |
| app-id: ${{ secrets.AUTOMATION_GITHUB_APP_ID }} | |
| private-key: ${{ secrets.AUTOMATION_GITHUB_APP_PRIVATE_KEY }} | |
| - name: Get release info | |
| id: release | |
| run: | | |
| VERSION="${{ needs.release.outputs.version }}" | |
| TAG="${{ needs.release.outputs.tag }}" | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| echo "tag=$TAG" >> "$GITHUB_OUTPUT" | |
| # Download archive tarball and calculate SHA256 | |
| TARBALL_URL="https://github.com/${{ github.repository }}/archive/refs/tags/${TAG}.tar.gz" | |
| echo "Downloading tarball from: $TARBALL_URL" | |
| curl -fsSL "$TARBALL_URL" -o /tmp/archive.tar.gz | |
| SHA256=$(sha256sum /tmp/archive.tar.gz | cut -d' ' -f1) | |
| echo "sha256=$SHA256" >> "$GITHUB_OUTPUT" | |
| echo "Successfully got SHA256: $SHA256" | |
| - name: Clone homebrew-devsetup | |
| run: | | |
| gh repo clone nsheaps/homebrew-devsetup homebrew-devsetup | |
| - name: Install gomplate | |
| run: | | |
| curl -fsSL https://github.com/hairyhenderson/gomplate/releases/latest/download/gomplate_linux-amd64 -o /usr/local/bin/gomplate | |
| chmod +x /usr/local/bin/gomplate | |
| - name: Generate formula from template | |
| env: | |
| Tag: ${{ steps.release.outputs.tag }} | |
| SHA256: ${{ steps.release.outputs.sha256 }} | |
| run: | | |
| gomplate -f Formula/op-exec.rb.gotmpl -o homebrew-devsetup/Formula/op-exec.rb | |
| - name: Close stale formula PRs | |
| run: | | |
| cd homebrew-devsetup | |
| # Close any open PRs from previous formula updates — they're superseded | |
| gh pr list --state open --search "chore: update op-exec to" --json number,title --jq '.[].number' | while read -r pr_num; do | |
| echo "Closing superseded PR #${pr_num}" | |
| gh pr close "$pr_num" --comment "Superseded by v${{ steps.release.outputs.version }} update." | |
| done | |
| - name: Create PR to update formula | |
| id: formula-pr | |
| env: | |
| RELEASE_URL: https://github.com/${{ github.repository }}/releases/tag/${{ steps.release.outputs.tag }} | |
| JOB_URL: ${{ env.GITHUB_JOB_URL }} | |
| VERSION: ${{ steps.release.outputs.version }} | |
| TAG: ${{ steps.release.outputs.tag }} | |
| run: | | |
| cd homebrew-devsetup | |
| BRANCH="bump-op-exec-${VERSION}" | |
| # Delete remote branch if it exists from a previous failed run | |
| git push origin --delete "$BRANCH" 2>/dev/null || true | |
| git checkout -b "$BRANCH" | |
| git add Formula/op-exec.rb | |
| git commit -m "chore: update op-exec to ${VERSION}" | |
| git push -u origin "$BRANCH" | |
| printf 'Automated formula update from op-exec release\n\n**Release:** %s\n**Workflow:** %s\n' "$RELEASE_URL" "$JOB_URL" > /tmp/pr-body.md | |
| PR_URL=$(gh pr create \ | |
| --title "chore: update op-exec to ${VERSION}" \ | |
| --body-file /tmp/pr-body.md \ | |
| --base main) | |
| echo "pr_url=$PR_URL" >> "$GITHUB_OUTPUT" | |
| - name: Enable auto-merge with retry | |
| env: | |
| PR_URL: ${{ steps.formula-pr.outputs.pr_url }} | |
| run: | | |
| # Retry auto-merge — CI checks on the target repo need time to start, | |
| # and the GraphQL API rejects enablePullRequestAutoMerge while the PR | |
| # is in "unstable" (checks pending) status. | |
| for attempt in 1 2 3 4 5; do | |
| if gh pr merge "$PR_URL" --auto --squash; then | |
| echo "Auto-merge enabled successfully on attempt ${attempt}" | |
| exit 0 | |
| fi | |
| wait=$((attempt * 10)) | |
| echo "Auto-merge not ready (attempt ${attempt}/5), waiting ${wait}s..." | |
| sleep "$wait" | |
| done | |
| echo "::warning::Could not enable auto-merge after 5 attempts. PR was created successfully at ${PR_URL} — merge manually or re-run." |