johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9bf159af1492c54de3e541b95d292a4e48a67aa
beads/.github/workflows/update-homebrew.yml
matt wilkie 625ac5dff2 Add repository guards to deployment workflows (#877) 
- Guard deploy-docs job to only run in canonical repository
- Guard goreleaser job to only run in canonical repository
- Guard update-homebrew job to only run in canonical repository
- Guard test-pypi job to only run in canonical repository

Prevents fork workflows from attempting to deploy, release, or publish to external services.
2026-01-03 21:16:09 -08:00

108 lines
4.0 KiB
YAML
Raw Blame History

name: Update Homebrew Formula
on:
release:
types: [published]
workflow_dispatch:
inputs:
tag:
description: 'Release tag (e.g., v0.22.0)'
required: true
permissions:
contents: read
jobs:
update-formula:
# Guard: only run homebrew update in the canonical repository (not in forks)
if: ${{ github.repository == 'steveyegge/beads' }}
runs-on: ubuntu-latest
steps:
- name: Checkout beads repo
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Get release info
id: release
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
TAG="${{ github.event.inputs.tag }}"
else
TAG="${GITHUB_REF#refs/tags/}"
fi
echo "tag=${TAG}" >> $GITHUB_OUTPUT
echo "version=${TAG#v}" >> $GITHUB_OUTPUT
- name: Download checksums
run: |
curl -sL "https://github.com/steveyegge/beads/releases/download/${{ steps.release.outputs.tag }}/checksums.txt" -o checksums.txt
- name: Extract checksums
id: checksums
run: |
echo "darwin_amd64=$(grep 'darwin_amd64.tar.gz' checksums.txt | awk '{print $1}')" >> $GITHUB_OUTPUT
echo "darwin_arm64=$(grep 'darwin_arm64.tar.gz' checksums.txt | awk '{print $1}')" >> $GITHUB_OUTPUT
echo "linux_amd64=$(grep 'linux_amd64.tar.gz' checksums.txt | awk '{print $1}')" >> $GITHUB_OUTPUT
echo "linux_arm64=$(grep 'linux_arm64.tar.gz' checksums.txt | awk '{print $1}')" >> $GITHUB_OUTPUT
- name: Update Homebrew formula
run: |
cat > Formula/bd.rb <<'EOF'
class Bd < Formula
desc "AI-supervised issue tracker for coding workflows"
homepage "https://github.com/steveyegge/beads"
version "${{ steps.release.outputs.version }}"
license "MIT"
on_macos do
if Hardware::CPU.arm?
url "https://github.com/steveyegge/beads/releases/download/v#{version}/beads_#{version}_darwin_arm64.tar.gz"
sha256 "${{ steps.checksums.outputs.darwin_arm64 }}"
else
url "https://github.com/steveyegge/beads/releases/download/v#{version}/beads_#{version}_darwin_amd64.tar.gz"
sha256 "${{ steps.checksums.outputs.darwin_amd64 }}"
end
end
on_linux do
if Hardware::CPU.arm? && Hardware::CPU.is_64_bit?
url "https://github.com/steveyegge/beads/releases/download/v#{version}/beads_#{version}_linux_arm64.tar.gz"
sha256 "${{ steps.checksums.outputs.linux_arm64 }}"
else
url "https://github.com/steveyegge/beads/releases/download/v#{version}/beads_#{version}_linux_amd64.tar.gz"
sha256 "${{ steps.checksums.outputs.linux_amd64 }}"
end
end
def install
bin.install "bd"
end
test do
system "#{bin}/bd", "version"
end
end
EOF
- name: Push to homebrew-beads
env:
HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
run: |
if [ -z "$HOMEBREW_TAP_TOKEN" ]; then
echo "::warning::HOMEBREW_TAP_TOKEN not set - skipping Homebrew update"
echo "To enable automatic Homebrew updates:"
echo "1. Create a Personal Access Token with 'repo' scope"
echo "2. Add it as HOMEBREW_TAP_TOKEN in repository secrets"
exit 0
fi
git clone "https://x-access-token:${HOMEBREW_TAP_TOKEN}@github.com/steveyegge/homebrew-beads.git" tap
cp Formula/bd.rb tap/Formula/bd.rb
cd tap
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add Formula/bd.rb
git commit -m "Update bd to ${{ steps.release.outputs.version }}"
git push
Reference in New Issue View Git Blame Copy Permalink