Sync shared configurations #2094
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sync shared configurations | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| schedule: | |
| # This should be run after dependabot.yml for this repository (Monday) | |
| # and before dependabot.yml for synced repositories (Friday). | |
| # This maximises the chance of a single sync per week handling both any | |
| # changes and any dependabot updates. | |
| - cron: "0 8 * * 3" # Every Wednesday at 8 AM | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: bash -xeuo pipefail {0} | |
| concurrency: | |
| group: "sync-shared-config-${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| generate-matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.generate-matrix.outputs.matrix }} | |
| steps: | |
| - name: Generate matrix | |
| id: generate-matrix | |
| env: | |
| SKIP_PRIVATE: ${{ github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' }} | |
| run: | | |
| repositories=( | |
| Homebrew/.github | |
| Homebrew/actions | |
| Homebrew/brew | |
| Homebrew/brew-pip-audit | |
| Homebrew/brew.sh | |
| Homebrew/ci-orchestrator | |
| Homebrew/discussions | |
| Homebrew/formula-patches | |
| Homebrew/formulae.brew.sh | |
| Homebrew/glibc-bootstrap | |
| Homebrew/homebrew-cask | |
| Homebrew/homebrew-command-not-found | |
| Homebrew/homebrew-core | |
| Homebrew/homebrew-portable-ruby | |
| Homebrew/homebrew-test-bot | |
| Homebrew/install | |
| Homebrew/mass-bottling-tracker-private | |
| Homebrew/private | |
| Homebrew/ruby-macho | |
| Homebrew/rubydoc.brew.sh | |
| Homebrew/user-management | |
| ) | |
| if [[ "${SKIP_PRIVATE}" == true ]]; then | |
| read -r -a repositories <<< "${repositories[@]//*private}" | |
| fi | |
| echo "matrix=$(jq -cn '$ARGS.positional' --args -- "${repositories[@]}")" >> "${GITHUB_OUTPUT}" | |
| sync: | |
| if: github.repository == 'Homebrew/.github' | |
| needs: generate-matrix | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| repo: ${{fromJson(needs.generate-matrix.outputs.matrix)}} | |
| fail-fast: false | |
| steps: | |
| - name: Set up Homebrew | |
| id: set-up-homebrew | |
| uses: Homebrew/actions/setup-homebrew@main | |
| - name: Clone source repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - run: brew install-bundler-gems --groups=style | |
| if: matrix.repo == 'Homebrew/.github' | |
| env: | |
| HOMEBREW_DEVELOPER: 1 | |
| - run: brew style .github/actions/sync/*.rb | |
| if: matrix.repo == 'Homebrew/.github' | |
| env: | |
| HOMEBREW_DEVELOPER: 1 | |
| - name: Clone target repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| repository: ${{ matrix.repo }} | |
| path: target/${{ matrix.repo }} | |
| token: ${{ secrets.HOMEBREW_DOTGITHUB_WORKFLOW_TOKEN || github.token }} | |
| # Intentioanlly persisted to allow `git push` below. | |
| persist-credentials: true | |
| - name: Configure Git user | |
| uses: Homebrew/actions/git-user-config@main | |
| with: | |
| username: BrewTestBot | |
| - name: Set up SSH commit signing | |
| if: github.event_name != 'pull_request' || github.actor != 'dependabot[bot]' | |
| uses: Homebrew/actions/setup-commit-signing@main | |
| with: | |
| signing_key: ${{ secrets.BREWTESTBOT_SSH_SIGNING_KEY }} | |
| - name: Sync initial Ruby version | |
| run: cp /home/linuxbrew/.linuxbrew/Homebrew/Library/Homebrew/.ruby-version . | |
| - name: Install Ruby | |
| uses: ruby/setup-ruby@efbf473cab83af4468e8606cc33eca9281bb213f # v1.256.0 | |
| with: | |
| bundler-cache: true | |
| - name: Detect changes | |
| id: detect_changes | |
| env: | |
| TARGET: target/${{ matrix.repo }} | |
| run: ./.github/actions/sync/shared-config.rb "${TARGET}" '/home/linuxbrew/.linuxbrew/Homebrew' | |
| - name: Create pull request | |
| if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && steps.detect_changes.outputs.pull_request == 'true' | |
| run: | | |
| cd "target/$GH_REPO" | |
| git checkout -b sync-shared-config | |
| # Stagger network calls over the next 10 minutes to minimise errors. | |
| sleep "$(( RANDOM % 60 * 10 ))" | |
| if gh api \ | |
| -X GET \ | |
| --header 'Accept: application/vnd.github+json' \ | |
| --header 'X-GitHub-Api-Version: 2022-11-28' \ | |
| "/repos/${GH_REPO}/pulls" \ | |
| -f head=Homebrew:sync-shared-config \ | |
| -f state=open | | |
| jq --exit-status 'length == 0' | |
| then | |
| git push --set-upstream --force origin sync-shared-config | |
| # We don't want backticks to be expanded. | |
| # shellcheck disable=SC2016 | |
| gh pr create --head sync-shared-config --title "Synchronize shared configuration" --body 'This pull request was created automatically by the [`sync-shared-config`](https://github.com/Homebrew/.github/blob/HEAD/.github/actions/sync/shared-config.rb) workflow.' | |
| else | |
| git fetch origin sync-shared-config | |
| if ! git diff --no-ext-diff --quiet --exit-code origin/sync-shared-config | |
| then | |
| git push --force origin sync-shared-config | |
| fi | |
| fi | |
| env: | |
| GH_REPO: ${{ matrix.repo }} | |
| GH_TOKEN: ${{ secrets.HOMEBREW_DOTGITHUB_WORKFLOW_TOKEN }} | |
| conclusion: | |
| needs: sync | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Result | |
| env: | |
| RESULT: ${{ needs.sync.result }} | |
| run: | | |
| [[ "${RESULT}" == success ]] |