forked from git-for-windows/git
-
Notifications
You must be signed in to change notification settings - Fork 98
51 lines (49 loc) · 1.55 KB
/
release-homebrew.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
name: Update Homebrew Tap
on:
release:
types: [released]
permissions:
id-token: write # required for Azure login via OIDC
jobs:
release:
runs-on: ubuntu-latest
environment: release
steps:
- id: version
name: Compute version number
run: |
echo "result=$(echo $GITHUB_REF | sed -e "s/^refs\/tags\/v//")" >>$GITHUB_OUTPUT
- id: hash
name: Compute release asset hash
uses: mjcheetham/[email protected]
with:
asset: /git-(.*)\.pkg/
hash: sha256
token: ${{ secrets.GITHUB_TOKEN }}
- name: Log into Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Retrieve token
id: token
run: |
az keyvault secret show \
--name ${{ secrets.HOMEBREW_TOKEN_SECRET_NAME }} \
--vault-name ${{ secrets.AZURE_VAULT }} \
--query "value" -o tsv >token &&
# avoid outputting the token under `set -x` by using `sed` instead of `echo`
sed s/^/::add-mask::/ <token &&
sed s/^/result=/ <token >>$GITHUB_OUTPUT &&
rm token
- name: Update scalar Cask
uses: mjcheetham/[email protected]
with:
token: ${{ steps.token.outputs.result }}
tap: microsoft/git
name: microsoft-git
type: cask
version: ${{ steps.version.outputs.result }}
sha256: ${{ steps.hash.outputs.result }}
alwaysUsePullRequest: false