openclaw/crabbox
openclaw/crabbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

ci: require homebrew tap updates on release

Browse Source
This commit is contained in:
Peter Steinberger 2026-05-07 03:14:36 +01:00
parent c3c111ba35
commit 8c69be33a6
No known key found for this signature in database
2 changed files with 36 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
.github/workflows/release.yml vendored
View File

@ -39,29 +39,38 @@ jobs:
RELEASE_TAG: ${{ inputs.tag }}
run: git checkout "$RELEASE_TAG"
- name: Check Homebrew tap token
id: homebrew
- name: Resolve release tag
id: release
env:
DISPATCH_TAG: ${{ inputs.tag }}
REF_NAME: ${{ github.ref_name }}
run: |
tag="${DISPATCH_TAG:-$REF_NAME}"
if [ -z "$tag" ]; then
echo "::error::could not resolve release tag"
exit 1
fi
echo "tag=$tag" >>"$GITHUB_OUTPUT"
echo "version=${tag#v}" >>"$GITHUB_OUTPUT"
- name: Verify Homebrew tap token
env:
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
run: |
if [ -z "$HOMEBREW_TAP_GITHUB_TOKEN" ]; then
echo "skip=true" >>"$GITHUB_OUTPUT"
echo "::warning::HOMEBREW_TAP_GITHUB_TOKEN is missing; skipping Homebrew tap publish"
exit 0
echo "::error::HOMEBREW_TAP_GITHUB_TOKEN is missing; cannot publish Homebrew formula"
exit 1
fi
code="$(curl -sS -o /dev/null -w '%{http_code}' \
-H "Authorization: Bearer $HOMEBREW_TAP_GITHUB_TOKEN" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/openclaw/homebrew-tap || true)"
if [ "$code" != "200" ]; then
echo "skip=true" >>"$GITHUB_OUTPUT"
echo "::warning::HOMEBREW_TAP_GITHUB_TOKEN cannot access openclaw/homebrew-tap (HTTP $code); skipping Homebrew tap publish"
exit 0
echo "::error::HOMEBREW_TAP_GITHUB_TOKEN cannot access openclaw/homebrew-tap (HTTP $code)"
exit 1
fi
echo "skip=false" >>"$GITHUB_OUTPUT"
- name: GoReleaser
if: ${{ steps.homebrew.outputs.skip != 'true' }}
uses: goreleaser/goreleaser-action@v7
with:
distribution: goreleaser
@ -71,12 +80,17 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
- name: GoReleaser without Homebrew
if: ${{ steps.homebrew.outputs.skip == 'true' }}
uses: goreleaser/goreleaser-action@v7
with:
distribution: goreleaser
version: "~> v2"
args: release --clean --config /tmp/.goreleaser.yaml --skip=homebrew
- name: Verify Homebrew formula
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
RELEASE_VERSION: ${{ steps.release.outputs.version }}
run: |
formula="$(gh api repos/openclaw/homebrew-tap/contents/Formula/crabbox.rb --jq '.content' | base64 --decode)"
if ! grep -q "version \"$RELEASE_VERSION\"" <<<"$formula"; then
echo "::error::openclaw/homebrew-tap Formula/crabbox.rb was not updated to $RELEASE_VERSION"
exit 1
fi
if ! grep -q "releases/download/v$RELEASE_VERSION/" <<<"$formula"; then
echo "::error::openclaw/homebrew-tap Formula/crabbox.rb does not point at v$RELEASE_VERSION assets"
exit 1
fi

5
docs/operations.md
View File

@ -225,7 +225,10 @@ Before tagging a release:
- Live smoke at least one coordinator-backed `crabbox run`, then verify
`crabbox attach`, `crabbox events`, `crabbox logs`, and lease cleanup.
- Push, pull, and wait for CI green on the release commit.
- Tag and push `vX.Y.Z`, then wait for the release workflow.
- Tag and push `vX.Y.Z`, then wait for the release workflow. The workflow
publishes GitHub release assets and directly pushes the generated
`Formula/crabbox.rb` update to `openclaw/homebrew-tap` with
`HOMEBREW_TAP_GITHUB_TOKEN`; missing tap access is a release failure.
- Verify the GitHub release assets and Homebrew formula update.
- `brew update`, install or upgrade `openclaw/tap/crabbox`, run
`crabbox --version`, and run a short live smoke from the installed binary.