Files
HackBrowserData/.github/workflows/release.yml
moonD4rk f8e34d50b6 ci: unify bot automation on the shared GitHub App
Point contributors.yml at the shared app via client-id (was the old hackbrowserdata-bot app), and replace the long-lived Homebrew PAT with a short-lived app token scoped to homebrew-tap for the formula push.
2026-07-05 00:46:09 +08:00

106 lines
2.9 KiB
YAML

name: Release
on:
workflow_dispatch:
inputs:
mode:
description: 'Run mode'
type: choice
options:
- snapshot
- release
default: snapshot
tag:
description: 'Release tag (required for release mode, e.g., v0.5.0)'
required: false
type: string
draft:
description: 'Publish as draft (release mode only)'
required: false
type: boolean
default: true
permissions:
contents: write
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- name: Validate inputs
if: inputs.mode == 'release' && inputs.tag == ''
run: |
echo "::error::tag is required when mode=release"
exit 1
- name: Check out code
uses: actions/checkout@v7
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: go.mod
- name: Set up Zig
uses: mlugg/setup-zig@v2
with:
version: 0.16.0
- name: Build ABE payload
run: make payload
- name: Mint homebrew-tap token
id: tap-token
uses: actions/create-github-app-token@v3
with:
client-id: ${{ vars.MOOND4RK_CI_RELEASE_APP_CLIENT_ID }}
private-key: ${{ secrets.MOOND4RK_CI_RELEASE_APP_PRIVATE_KEY }}
owner: moonD4rk
repositories: homebrew-tap
- name: Create and push tag
if: inputs.mode == 'release'
env:
TAG: ${{ inputs.tag }}
run: |
if git rev-parse -q --verify "refs/tags/$TAG" >/dev/null 2>&1; then
echo "::error::Tag '$TAG' already exists locally"
exit 1
fi
if git ls-remote --tags --exit-code origin "refs/tags/$TAG" >/dev/null 2>&1; then
echo "::error::Tag '$TAG' already exists on origin"
exit 1
fi
git tag -- "$TAG"
git push origin -- "$TAG"
- name: Run GoReleaser (snapshot)
if: inputs.mode == 'snapshot'
uses: goreleaser/goreleaser-action@v7
with:
version: '~> v2'
args: release --snapshot --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.tap-token.outputs.token }}
- name: Run GoReleaser (release)
if: inputs.mode == 'release'
uses: goreleaser/goreleaser-action@v7
with:
version: '~> v2'
args: release --clean ${{ inputs.draft && '--draft' || '' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.tap-token.outputs.token }}
- name: Upload snapshot artifacts
if: inputs.mode == 'snapshot'
uses: actions/upload-artifact@v7
with:
name: snapshot-dist
path: dist/
retention-days: 7