Skip to content

Auto-update Homebrew tap on release #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
turlockmike merged 1 commit into from
Feb 20, 2026
Merged

Auto-update Homebrew tap on release #54

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 67 additions & 7 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,33 +12,33 @@ permissions:
jobs:
release:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'

- name: Install build dependencies
run: |
python -m pip install --upgrade pip
pip install build wheel

- name: Build package
run: |
python -m build

- name: Extract version from tag
id: get_version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT

- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
verbose: true

- name: Create Release
uses: softprops/action-gh-release@v2
with:
Expand All @@ -50,3 +50,63 @@ jobs:
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

update-homebrew:
needs: release
runs-on: ubuntu-latest
if: ${{ secrets.HOMEBREW_TAP_TOKEN != '' }}

Comment on lines +54 to +58
Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new update-homebrew job inherits the workflow-level id-token: write permission, but it doesn’t use OIDC. Consider setting job-level permissions for update-homebrew (e.g., contents: read) and/or moving id-token: write to the release job only, to follow least-privilege for the added PAT-based push job.

Copilot uses AI. Check for mistakes.
steps:
- name: Extract version from tag
id: get_version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT

- name: Wait for PyPI to index
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
for i in $(seq 1 30); do
if curl -sf "https://pypi.org/pypi/mcp-curl/${VERSION}/json" > /dev/null 2>&1; then
echo "PyPI has version ${VERSION}"
exit 0
fi
echo "Waiting for PyPI... (attempt $i/30)"
sleep 10
done
echo "::error::Timed out waiting for PyPI"
exit 1

- name: Get sdist URL and SHA256
id: pypi
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
JSON=$(curl -sf "https://pypi.org/pypi/mcp-curl/${VERSION}/json")
URL=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['url'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
SHA=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['digests']['sha256'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
Comment on lines +78 to +84
Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

python3 is used to parse the PyPI JSON, but this job doesn’t set up Python. While ubuntu-latest currently includes Python, pinning via actions/setup-python (or using a tool like jq) would make this job more reliable against runner image changes.

Suggested change
- name: Get sdist URL and SHA256
id: pypi
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
JSON=$(curl -sf "https://pypi.org/pypi/mcp-curl/${VERSION}/json")
URL=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['url'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
SHA=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['digests']['sha256'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Get sdist URL and SHA256
id: pypi
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
JSON=$(curl -sf "https://pypi.org/pypi/mcp-curl/${VERSION}/json")
URL=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['url'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
SHA$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['digests']['sha256'] for u in d['urls'] if u['packagetype']=='sdist'][0])")

Copilot uses AI. Check for mistakes.
echo "URL=${URL}" >> $GITHUB_OUTPUT
echo "SHA=${SHA}" >> $GITHUB_OUTPUT

- name: Checkout homebrew tap
uses: actions/checkout@v4
with:
repository: turlockmike/homebrew-murl
token: ${{ secrets.HOMEBREW_TAP_TOKEN }}

- name: Update formula
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
URL="${{ steps.pypi.outputs.URL }}"
SHA="${{ steps.pypi.outputs.SHA }}"

# Update url, sha256, and test version
sed -i "s|url \"https://files.pythonhosted.org/.*\"|url \"${URL}\"|" Formula/murl.rb
sed -i "s|sha256 \"[a-f0-9]\{64\}\"|sha256 \"${SHA}\"|" Formula/murl.rb
sed -i "s|murl version [0-9.]*|murl version ${VERSION}|" Formula/murl.rb

- name: Commit and push
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add Formula/murl.rb
git commit -m "Update murl to ${VERSION}"
git push
Comment on lines +110 to +112
Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git commit will fail the job with a non-zero exit code when there are no changes (e.g., rerunning the workflow for the same tag, or if the formula was already updated). Add a guard like checking for a clean diff before committing, or allow the no-op commit case to exit successfully.

Copilot uses AI. Check for mistakes.