Add a workflow to automatically update Enos Homebrew formula file and…

… open a PR for it on hashicorp/homebrew-internal (#41) Add a reusable workflow to automatically update Enos Homebrew formula file after a release is completed, and open a PR for it on our internal Homebrew tap (hashicorp/homebrew-internal)
hashicorp · Apr 29, 2022 · 5a67328 · 5a67328
1 parent 52f969a
commit 5a67328
Show file tree

Hide file tree

Showing 4 changed files with 128 additions and 5 deletions.
diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml
@@ -27,7 +27,8 @@ on:
         description: To mark this as a pre-release, check this box.
 
 jobs:
-  create_release:
+  create-release:
+    name: Create Release
     runs-on: ubuntu-latest
     env:
       GOPRIVATE: 'github.com/hashicorp/*'
@@ -58,7 +59,7 @@ jobs:
           -user=${{ secrets.QUALITY_TEAM_ARTIFACTORY_USER }} \
           -channel ${{ env.CHANNEL }} \
           -commit=${{ env.SHA }} \
-          -product-name=${{env.PRODUCT }} \
+          -product-name=${{ env.PRODUCT }} \
           -product-version=${{ env.VERSION }} \
           -pattern="${{ env.PRODUCT }}_${{ env.VERSION }}_*_*.zip"
 
@@ -77,3 +78,20 @@ jobs:
             TAG=v${{ env.VERSION }}-pre+$( echo ${{ env.SHA }} | head -c 5 )
           fi
           gh release create $TAG --target ${{ env.SHA }} --generate-notes $PRERELEASE ./.bob/artifacts/*.zip
+
+  # If not a pre-release, generate an updated Homebrew formula definition file
+  # and open a PR on hashicorp/homebrew-internal with the updated file
+  trigger-homebrew-formula-update:
+    if: ${{ github.event.inputs.pre_release == 'false' }}
+    name: Trigger update to Homebrew formula
+    needs: create-release
+    uses: ./.github/workflows/update_homebrew_formula.yml
+    with:
+      channel: ${{ github.event.inputs.channel }}
+      sha: ${{ github.event.inputs.sha }}
+      product: ${{ github.event.repository.name }}
+      version: ${{ github.event.inputs.version }}
+    secrets:
+      GH_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+      ARTIFACTORY_TOKEN: ${{ secrets.QUALITY_TEAM_ARTIFACTORY_TOKEN }}
+      ARTIFACTORY_USER: ${{ secrets.QUALITY_TEAM_ARTIFACTORY_USER }}
diff --git a/.github/workflows/update_homebrew_formula.yml b/.github/workflows/update_homebrew_formula.yml
@@ -0,0 +1,105 @@
+name: Update Homebrew Formula
+
+# NOTE
+# This is a reusable workflow that is intended to be called by the `create_release` workflow
+# after a Github release is successfully created. This workflow generates an updated
+# version of the Enos Homebrew formula file, opens a PR on HashiCorp's internal Homebrew
+# tap (hashicorp/homebrew-internal), and tags `quality-team` for review.
+
+on:
+  workflow_call:
+    inputs:
+      channel:
+        required: true
+        type: string
+      sha:
+        required: true
+        type: string
+      product:
+        required: true
+        type: string
+      version:
+        required: true
+        type: string
+    secrets:
+      GH_TOKEN:
+        required: true
+      ARTIFACTORY_TOKEN:
+        required: true
+      ARTIFACTORY_USER:
+        required: true
+
+jobs:
+
+  update-formula:
+    name: "Update Homebrew formula definition"
+    runs-on: ubuntu-latest
+    env:
+      # Note: `gh` CLI automatically looks for and uses `env.GH_TOKEN` for authentication.
+      # This token must have read:org scope in order to authenticate on a different repo.
+      GH_TOKEN: ${{ secrets.GH_TOKEN }}
+      TARGET_REPO: hashicorp/homebrew-internal
+      TARGET_REPO_FILEPATH: homebrew-internal-checkout
+      BASE_BRANCH: main
+      PR_BRANCH: enos_homebrew_formula_update_v${{ inputs.version }}
+      PR_TITLE: "Homebrew formula update for Enos version v${{ inputs.version }}"
+      PR_BODY: "This is an automatically generated PR to update the Homebrew formula for Enos after a release has been completed. It must be manually approved and merged by a reviewer."
+      COMMIT_MSG: "Update Homebrew formula for Enos version v${{ inputs.version }}"
+      GIT_USER_EMAIL: [email protected]
+      GIT_USER_NAME: Secure Quality Team
+      REVIEWER: quality-team
+    steps:
+      # Checkout Enos repo and place it in the specified relative path within the runner's main directory,
+      # in order to accommodate checking out multiple repos.
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          path: enos-checkout
+
+      # Set up bob CLI
+      - name: Setup bob CLI
+        uses: hashicorp/action-setup-bob@v1
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+
+      # Use bob to download SHA256SUMS file from Artifactory
+      - name: Download artifacts
+        run: |
+          bob download artifactory \
+          -token=${{ secrets.ARTIFACTORY_TOKEN }} \
+          -user=${{ secrets.ARTIFACTORY_USER }} \
+          -channel ${{ inputs.channel }} \
+          -commit=${{ inputs.sha }} \
+          -product-name=${{ inputs.product }} \
+          -product-version=${{ inputs.version }} \
+          -pattern="${{ inputs.product }}_${{ inputs.version }}_SHA256SUMS"
+
+      # Generate Homebrew formula file (enos.rb)
+      - name: Generate Homebrew formula file
+        run: |
+          cd enos-checkout
+          go run ./tools/homebrew/... create -p ../.bob/artifacts/${{ inputs.product }}_${{ inputs.version }}_SHA256SUMS -o enos.rb
+
+      # Checkout target repo and place it in the specified relative path within the runner's main directory,
+      # in order to accommodate checking out multiple repos.
+      # A token with sufficient permissions for the target repo is required.
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ env.TARGET_REPO }}
+          path: ${{ env.TARGET_REPO_FILEPATH }}
+          token: ${{ secrets.GH_TOKEN }}
+
+      # Create PR
+      - name: Create PR
+        run: |
+          cd ${{ env.TARGET_REPO_FILEPATH }}
+          git config user.email "${{ env.GIT_USER_EMAIL }}"
+          git config user.name "${{ env.GIT_USER_NAME }}"
+          git checkout -b ${{ env.PR_BRANCH }}
+          mv ../enos-checkout/enos.rb ./HomebrewFormula/enos.rb
+          git add HomebrewFormula/enos.rb
+          git commit -m "${{ env.COMMIT_MSG }}"
+          git push origin ${{ env.PR_BRANCH }}
+
+          gh pr create --repo ${{ env.TARGET_REPO }} --base ${{ env.BASE_BRANCH }} --head ${{ env.PR_BRANCH }} --title "${{ env.PR_TITLE }}" --body "${{ env.PR_BODY }}" --reviewer ${{ env.REVIEWER }}
diff --git a/README.md b/README.md
@@ -549,3 +549,5 @@ To create the release, the workflow downloads the release assets from Artifactor
 - **Bug Fixes 🐛** category includes PRs with the label `changelog/bug`
 - **Other Changes 😎** category includes PRs with the label `changelog/other`
 - PRs with the label `changelog/none` will be excluded from release notes.
+
+After the release workflow completes, it automatically triggers another workflow. This workflow creates an updated version of the Enos Homebrew formula file and opens a PR for it in HashiCorp's internal Homebrew tap, `hashicorp/homebrew-internal`.
diff --git a/tools/homebrew/main.go b/tools/homebrew/main.go
@@ -99,9 +99,7 @@ func newCreateFormulaCommand() *cobra.Command {
 	}
 
 	createFormula.PersistentFlags().StringVarP(&createFormulaConfigs.path, "path", "p", "", "the path to the SHA265SUMS file")
-	createFormula.PersistentFlags().StringVarP(&createFormulaConfigs.version, "version", "v", "", "the version of the release")
-	createFormula.PersistentFlags().StringVarP(&createFormulaConfigs.versionTag, "version-tag", "t", "", "the version tag of the release")
-	createFormula.PersistentFlags().StringVarP(&createFormulaConfigs.outPath, "outpath", "o", "", "the pat")
+	createFormula.PersistentFlags().StringVarP(&createFormulaConfigs.outPath, "outpath", "o", "", "the path to the output file")
 
 	return createFormula
 }