From 9be722a2db2d0489b5174ae479a5a3492226c4f5 Mon Sep 17 00:00:00 2001 From: Pierre Chalamet Date: Sat, 14 Dec 2024 22:47:56 +0100 Subject: [PATCH 1/4] homebrew initial commit --- .github/scripts/generate-homebrew-tap | 42 +++++++++++ .github/scripts/terrabuild-tap-template.rb | 37 ++++++++++ .github/workflows/prepare-release.yml | 33 ++++++--- .github/workflows/release-homebrew-tap.yml | 86 ++++++++++++++++++++++ .github/workflows/release.yml | 3 + .gitignore | 1 + 6 files changed, 190 insertions(+), 12 deletions(-) create mode 100755 .github/scripts/generate-homebrew-tap create mode 100644 .github/scripts/terrabuild-tap-template.rb create mode 100644 .github/workflows/release-homebrew-tap.yml diff --git a/.github/scripts/generate-homebrew-tap b/.github/scripts/generate-homebrew-tap new file mode 100755 index 00000000..20fd517a --- /dev/null +++ b/.github/scripts/generate-homebrew-tap @@ -0,0 +1,42 @@ +#! /usr/bin/env bash + +set -euo pipefail + +export TERRABUILD_VERSION="${1}" +TAP_FILE="${2:-"./.github/scripts/homebrew-tap.rb}"}" +TAP_FILE="$(realpath "${TAP_FILE}")" + +cd "$(mktemp -d)" + +>&2 echo "::info Generating Homebrew Tap..." +>&2 echo "::group::Download release assets" +>&2 gh release download --repo MagnusOpera/Terrabuild "${TERRABUILD_VERSION}" -p 'terrabuild*darwin*.zip' -p 'terrabuild*linux*.zip' --skip-existing +>&2 echo "::endgroup::" + +for i in \ + "darwin x64 TERRABUILD_DARWIN_X64" \ + "darwin arm64 TERRABUILD_DARWIN_ARM64" \ + "linux x64 TERRABUILD_LINUX_X64" \ + "linux arm64 TERRABUILD_LINUX_ARM64" \ + ; do + # shellcheck disable=SC2086 # intentional, we want to split the strings + set -- $i # read loop strings as args + OS="$1" + ARCH="$2" + ENV_VAR="$3" + SHA256="$(sha256sum "terrabuild-${TERRABUILD_VERSION}-${OS}-${ARCH}.zip" | cut -f1 -d' ')" + + SHA256_VAR="${ENV_VAR}_SHA256" + URL_VAR="${ENV_VAR}_URL" + printf -v "${SHA256_VAR}" "%s" "${SHA256}" + printf -v "${URL_VAR}" "%s" "https://github.com/MagnusOpera/Terrabuild/releases/download/${TERRABUILD_VERSION}/terrabuild-${TERRABUILD_VERSION}-${OS}-${ARCH}.zip" + + export "${SHA256_VAR?}" + export "${URL_VAR?}" + >&2 echo "${OS}-${ARCH} SHA256: " "${!SHA256_VAR}" + >&2 echo "${OS}-${ARCH} URL: " "${!URL_VAR}" + +done + +# shellcheck disable=SC2016 # intentional, envsubst requires us to pass variable names with $ prefixes. +envsubst '$TERRABUILD_VERSION,$TERRABUILD_DARWIN_X64_URL,$TERRABUILD_DARWIN_X64_SHA256,$TERRABUILD_DARWIN_ARM64_URL,$TERRABUILD_DARWIN_ARM64_SHA256,$TERRABUILD_LINUX_X64_URL,$TERRABUILD_LINUX_X64_SHA256,$TERRABUILD_LINUX_ARM64_URL,$TERRABUILD_LINUX_ARM64_SHA256' < "${TAP_FILE}" diff --git a/.github/scripts/terrabuild-tap-template.rb b/.github/scripts/terrabuild-tap-template.rb new file mode 100644 index 00000000..9ca6dbd2 --- /dev/null +++ b/.github/scripts/terrabuild-tap-template.rb @@ -0,0 +1,37 @@ +# typed: false +# frozen_string_literal: true + +# This file was generated by https://github.com/MagnusOpera/terrabuild/blob/main/.github/scripts/generate-homebrew-tap +cask "terrabuild" do + name "terrabuild" + version "${TERRABUILD_VERSION}" + homepage "https://terrabuild.io" + desc "Fast and low ceremony build & deploy system for monorepos" + binary "terrabuild" + + on_macos do + if Hardware::CPU.intel? + url "${TERRABUILD_DARWIN_X64_URL}" + sha256 "${TERRABUILD_DARWIN_X64_SHA256}" + end + if Hardware::CPU.arm? + url "${TERRABUILD_DARWIN_ARM64_URL}" + sha256 "${TERRABUILD_DARWIN_ARM64_SHA256}" + end + end + + on_linux do + # if Hardware::CPU.arm? && Hardware::CPU.is_64_bit? + # url "${TERRABUILD_LINUX_ARM64_URL}" + # sha256 "${TERRABUILD_LINUX_ARM64_SHA256}" + # end + if Hardware::CPU.intel? + url "${TERRABUILD_LINUX_X64_URL}" + sha256 "${TERRABUILD_LINUX_X64_SHA256}" + end + end + + caveats do + license "https://raw.githubusercontent.com/MagnusOpera/Terrabuild/main/LICENSE" + end +end diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index b2700778..989971a2 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -43,9 +43,9 @@ jobs: - name: Pack run: | - (cd .out/dotnet; zip ../terrabuild-dotnet.zip ./*) - (cd .out/windows; zip ../terrabuild-windows-x64.zip ./terrabuild.exe) - (cd .out/linux; zip ../terrabuild-linux-x64.zip ./terrabuild) + (cd .out/dotnet; zip ../terrabuild-${BUILD_VERSION}-dotnet.zip ./*) + (cd .out/windows; zip ../terrabuild-${BUILD_VERSION}-windows-x64.zip ./terrabuild.exe) + (cd .out/linux; zip ../terrabuild-${BUILD_VERSION}-linux-x64.zip ./terrabuild) (cd .out/darwin; zip -r ../terrabuild-darwin-binaries.zip .) - name: Archive .net Outputs @@ -53,7 +53,7 @@ jobs: with: name: outputs-dotnet include-hidden-files: true - path: .out/terrabuild-dotnet.zip + path: .out/terrabuild-*-dotnet.zip - name: Archive NuGet Outputs uses: actions/upload-artifact@v4 @@ -67,14 +67,14 @@ jobs: with: name: outputs-windows include-hidden-files: true - path: .out/terrabuild-windows-x64.zip + path: .out/terrabuild-*-windows-x64.zip - name: Archive Linux Outputs uses: actions/upload-artifact@v4 with: name: outputs-linux include-hidden-files: true - path: .out/terrabuild-linux-x64.zip + path: .out/terrabuild-*-linux-x64.zip - name: Archive macOS outputs uses: actions/upload-artifact@v4 @@ -97,6 +97,18 @@ jobs: - name: Extract Binaries run: unzip -d .out/darwin .out/terrabuild-darwin-binaries.zip + - name: Signing Version/Version Suffix + run: | + s=${{github.ref_name}} + pat="([^-]*)-?([^-]*)" + [[ $s =~ $pat ]] + BUILD_VERSION=${BASH_REMATCH[1]} + BUILD_VERSION_SUFFIX=${BASH_REMATCH[2]} + echo "BUILD_VERSION=$BUILD_VERSION" >> $GITHUB_ENV + echo "BUILD_VERSION_SUFFIX=$BUILD_VERSION_SUFFIX" >> $GITHUB_ENV + echo "BUILD_VERSION: $BUILD_VERSION" + echo "BUILD_VERSION_SUFFIX: $BUILD_VERSION_SUFFIX" + - name: Add Cert to Keychain uses: apple-actions/import-codesign-certs@v3 with: @@ -107,18 +119,15 @@ jobs: run: | codesign --force --timestamp --sign "Developer ID Application: Magnus Opera (${{ secrets.MAC_DEV_TEAM_ID }})" .out/darwin/x64/terrabuild --options=runtime --no-strict --entitlements entitlements.plist codesign --force --timestamp --sign "Developer ID Application: Magnus Opera (${{ secrets.MAC_DEV_TEAM_ID }})" .out/darwin/arm64/terrabuild --options=runtime --no-strict --entitlements entitlements.plist - (cd .out/darwin/x64; zip ../terrabuild-darwin-x64.zip ./terrabuild) - (cd .out/darwin/arm64; zip ../terrabuild-darwin-arm64.zip ./terrabuild) - # lipo -create -output .out/darwin/terrabuild .out/darwin/x64/terrabuild .out/darwin/arm64/terrabuild - # codesign --force --timestamp --sign "Developer ID Application: Magnus Opera (${{ secrets.MAC_DEV_TEAM_ID }})" .out/darwin/terrabuild --options=runtime --no-strict --entitlements entitlements.plist - # (cd .out/darwin; zip ../terrabuild-darwin-universal.zip ./terrabuild) + (cd .out/darwin/x64; zip ../terrabuild-${BUILD_VERSION}-darwin-x64.zip ./terrabuild) + (cd .out/darwin/arm64; zip ../terrabuild-${BUILD_VERSION}-darwin-arm64.zip ./terrabuild) - name: Archive Signed Binaries uses: actions/upload-artifact@v4 with: name: outputs-macos include-hidden-files: true - path: .out/darwin/terrabuild-darwin-*.zip + path: .out/darwin/terrabuild-*-darwin-*.zip create-release: runs-on: ubuntu-latest diff --git a/.github/workflows/release-homebrew-tap.yml b/.github/workflows/release-homebrew-tap.yml new file mode 100644 index 00000000..9a1c6f62 --- /dev/null +++ b/.github/workflows/release-homebrew-tap.yml @@ -0,0 +1,86 @@ +name: Post-Release Homebrew Tap + +permissions: + contents: read + +on: + workflow_call: + inputs: + ref: + required: true + description: "GitHub ref to use" + type: string + version: + required: true + description: "Version to produce" + type: string + dry-run: + required: false + default: true + description: "Whether to run in dry-run mode and skip pushing the commit" + type: boolean + workflow_dispatch: + inputs: + ref: + required: true + description: "GitHub ref to use" + type: string + version: + required: true + description: "Version to produce" + type: string + dry-run: + required: false + default: true + description: "Whether to run in dry-run mode and skip pushing the commit" + type: boolean + +env: + PULUMI_VERSION: ${{ inputs.version }} + GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + +jobs: + update-homebrew-tap: + name: Update Homebrew Tap + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} + path: terrabuild + - name: Checkout tap repo + uses: actions/checkout@v4 + with: + repository: MagnusOpera/homebrew-tap + path: homebrew-tap + token: ${{ secrets.GIT_PAT }} + - name: Update Homebrew Tap + run: | + set -euo pipefail + + # Can simulate this by cloning MagnusOpera/terrabuild & MagnusOpera/homebrew-tap to adacent directories + # and running from their parent: + + ./terrabuild/.github/scripts/generate-homebrew-tap \ + "${TERRABUILD_VERSION}" ./terrabuild/.github/scripts/terrabuild-tap-template.rb \ + > ./homebrew-tap/Casks/terrabuild.rb + - name: Commit updated formula + working-directory: homebrew-tap + run: | + set -euo pipefail + + git config user.name magnusopera-bot + git config user.email bot@magnusopera.io + git add Formula/terrabuild.rb + echo "::group::git diff" + git --no-pager diff + echo "::endgroup::" + git commit -m "Brew formula update for Terrabuild version ${PULUMI_VERSION}" + - name: Push formula + working-directory: homebrew-tap + if: ${{ !inputs.dry-run }} + run: | + set -euo pipefail + + git push origin HEAD:main diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 587bdc7f..46cacabd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -64,3 +64,6 @@ jobs: team_id: ${{ secrets.MAC_DEV_TEAM_ID }} xcode_path: '/Applications/Xcode_15.3.app' staple: false + + brew: + \ No newline at end of file diff --git a/.gitignore b/.gitignore index 98d2d016..5c8b6e0c 100644 --- a/.gitignore +++ b/.gitignore @@ -418,3 +418,4 @@ terrabuild-debug.md .out .nuget .mono +*.zip From 227ab5175fbb94aa122102855afac9ebe52a84fe Mon Sep 17 00:00:00 2001 From: Pierre Chalamet Date: Sat, 14 Dec 2024 23:22:29 +0100 Subject: [PATCH 2/4] fix homebrew --- .github/workflows/release-homebrew-tap.yml | 8 ++++---- .github/workflows/release.yml | 6 ++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release-homebrew-tap.yml b/.github/workflows/release-homebrew-tap.yml index 9a1c6f62..87c39429 100644 --- a/.github/workflows/release-homebrew-tap.yml +++ b/.github/workflows/release-homebrew-tap.yml @@ -36,8 +36,8 @@ on: type: boolean env: - PULUMI_VERSION: ${{ inputs.version }} - GITHUB_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }} + TERRABUILD_VERSION: ${{ inputs.version }} + GITHUB_TOKEN: ${{ secrets.GIT_PAT }} jobs: update-homebrew-tap: @@ -72,11 +72,11 @@ jobs: git config user.name magnusopera-bot git config user.email bot@magnusopera.io - git add Formula/terrabuild.rb + git add Casks/terrabuild.rb echo "::group::git diff" git --no-pager diff echo "::endgroup::" - git commit -m "Brew formula update for Terrabuild version ${PULUMI_VERSION}" + git commit -m "Brew formula update for Terrabuild version ${TERRABUILD_VERSION}" - name: Push formula working-directory: homebrew-tap if: ${{ !inputs.dry-run }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 46cacabd..f37ae6a9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,7 +35,7 @@ jobs: uses: robinraju/release-downloader@v1.11 with: tag: ${{github.ref_name}} - fileName: 'terrabuild-darwin-*.zip' + fileName: 'terrabuild-*-darwin-*.zip' - name: Add Cert to Keychain uses: apple-actions/import-codesign-certs@v3 @@ -47,7 +47,7 @@ jobs: uses: GuillaumeFalourd/notary-tools@v1 timeout-minutes: 5 with: - product_path: "terrabuild-darwin-x64.zip" + product_path: "terrabuild-*-darwin-x64.zip" apple_id: ${{ secrets.MAC_DEV_LOGIN }} password: ${{ secrets.MAC_DEV_PASSWORD }} team_id: ${{ secrets.MAC_DEV_TEAM_ID }} @@ -64,6 +64,4 @@ jobs: team_id: ${{ secrets.MAC_DEV_TEAM_ID }} xcode_path: '/Applications/Xcode_15.3.app' staple: false - - brew: \ No newline at end of file From 67260b6b3f3d9f07cc7774eee4f6b105a295cd4a Mon Sep 17 00:00:00 2001 From: Pierre Chalamet Date: Sat, 14 Dec 2024 23:25:46 +0100 Subject: [PATCH 3/4] rename workflows --- .github/workflows/{prepare-release.yml => on-push-tag.yml} | 0 .github/workflows/{build.yml => on-push.yml} | 0 .github/workflows/{release.yml => on-release-published.yml} | 0 .github/workflows/{build-with-version.yml => self-build.yml} | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{prepare-release.yml => on-push-tag.yml} (100%) rename .github/workflows/{build.yml => on-push.yml} (100%) rename .github/workflows/{release.yml => on-release-published.yml} (100%) rename .github/workflows/{build-with-version.yml => self-build.yml} (100%) diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/on-push-tag.yml similarity index 100% rename from .github/workflows/prepare-release.yml rename to .github/workflows/on-push-tag.yml diff --git a/.github/workflows/build.yml b/.github/workflows/on-push.yml similarity index 100% rename from .github/workflows/build.yml rename to .github/workflows/on-push.yml diff --git a/.github/workflows/release.yml b/.github/workflows/on-release-published.yml similarity index 100% rename from .github/workflows/release.yml rename to .github/workflows/on-release-published.yml diff --git a/.github/workflows/build-with-version.yml b/.github/workflows/self-build.yml similarity index 100% rename from .github/workflows/build-with-version.yml rename to .github/workflows/self-build.yml From f4f54809db78b6fda00a2a9703dc31fe0235b7bf Mon Sep 17 00:00:00 2001 From: Pierre Chalamet Date: Sat, 14 Dec 2024 23:27:03 +0100 Subject: [PATCH 4/4] rename workflow --- .github/workflows/{on-push.yml => on-push-branch.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{on-push.yml => on-push-branch.yml} (100%) diff --git a/.github/workflows/on-push.yml b/.github/workflows/on-push-branch.yml similarity index 100% rename from .github/workflows/on-push.yml rename to .github/workflows/on-push-branch.yml