From f2e436e244f07d9c295f0eaf060ba3719905f27c Mon Sep 17 00:00:00 2001 From: Oscaner Miao Date: Sat, 13 Jan 2024 19:58:52 +0800 Subject: [PATCH] fix(#49): github actions permission denied --- .github/actions/brew-tap/action.yml | 38 +++++++++++++++ .github/actions/bump-casks/action.yml | 11 +++-- .github/actions/bump-formulas/action.yml | 11 +++-- .github/actions/homebrew-env/action.yml | 31 +++---------- .github/actions/linuxbrew-env/action.yml | 18 +++++++ .github/workflows/{main.yml => schedule.yml} | 49 ++++++++++++++++---- 6 files changed, 119 insertions(+), 39 deletions(-) create mode 100644 .github/actions/brew-tap/action.yml create mode 100644 .github/actions/linuxbrew-env/action.yml rename .github/workflows/{main.yml => schedule.yml} (55%) diff --git a/.github/actions/brew-tap/action.yml b/.github/actions/brew-tap/action.yml new file mode 100644 index 0000000..9dc8b5f --- /dev/null +++ b/.github/actions/brew-tap/action.yml @@ -0,0 +1,38 @@ +name: Brew Tap + +inputs: + HOMEBREW_GITHUB_API_TOKEN: + description: 'Homebrew GitHub API Token' + required: true + +runs: + using: 'composite' + + steps: + - name: Add Tap + env: + HOMEBREW_GITHUB_API_TOKEN: ${{ inputs.HOMEBREW_GITHUB_API_TOKEN }} + shell: bash -ieo pipefail {0} + run: | + brew tap brewforge/chinese + brew update + + - name: Install Homebrew's dependencies + shell: bash -ieo pipefail {0} + run: | + brew install ripgrep sd gcc parallel coreutils + brew unlink coreutils && brew link coreutils + brew install-bundler-gems --groups "audit,style" + + - uses: oleksiyrudenko/gha-git-credentials@v2-latest + with: + global: true + name: 'Brewforge-Bot' + email: 'brewforge-bot@aliyun.com' + token: '${{ inputs.HOMEBREW_GITHUB_API_TOKEN }}' + + - name: show git context + shell: bash -ieo pipefail {0} + run: | + cat $HOME/.gitconfig + cat $GITHUB_ENV diff --git a/.github/actions/bump-casks/action.yml b/.github/actions/bump-casks/action.yml index 5080082..e70ebb2 100644 --- a/.github/actions/bump-casks/action.yml +++ b/.github/actions/bump-casks/action.yml @@ -12,9 +12,14 @@ runs: - name: Bump outdated casks # continue-on-error: true env: + HOMEBREW_DEVELOPER: '1' HOMEBREW_GITHUB_API_TOKEN: ${{ inputs.HOMEBREW_GITHUB_API_TOKEN }} - shell: bash + shell: bash -ieo pipefail {0} + # https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-authenticated-users + # Github Actions: 5000 requests per hour + # 1 * 60 * 24 = 1440 (because bump-pr will checkout a new branch and push to remote) + # 1 concurrent parallel jobs, 1 second delay between jobs. run: | - parallel -j0 --group --halt now,fail=1 \ - './.github/actions/bump-casks/script.sh {}' \ + parallel -j1 --delay 1s --group --halt now,fail=1 \ + "./.github/actions/bump-casks/script.sh {}" \ ::: $(ls $(brew --repository brewforge/chinese)/Casks/*.rb | xargs -I {} basename {} .rb) diff --git a/.github/actions/bump-formulas/action.yml b/.github/actions/bump-formulas/action.yml index e7077ec..de1b64a 100644 --- a/.github/actions/bump-formulas/action.yml +++ b/.github/actions/bump-formulas/action.yml @@ -12,9 +12,14 @@ runs: - name: Bump outdated formulas # continue-on-error: true env: + HOMEBREW_DEVELOPER: '1' HOMEBREW_GITHUB_API_TOKEN: ${{ inputs.HOMEBREW_GITHUB_API_TOKEN }} - shell: bash + shell: bash -ieo pipefail {0} + # https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-authenticated-users + # Github Actions: 5000 requests per hour + # 1 * 60 * 24 = 1440 (because bump-pr will checkout a new branch and push to remote) + # 1 concurrent parallel jobs, 1 second delay between jobs. run: | - parallel -j0 --group --halt now,fail=1 \ - './.github/actions/bump-formulas/script.sh {}' \ + parallel -j1 --delay 1s --group --halt now,fail=1 \ + "./.github/actions/bump-formulas/script.sh {}" \ ::: $(ls $(brew --repository brewforge/chinese)/Formula/*.rb | xargs -I {} basename {} .rb) diff --git a/.github/actions/homebrew-env/action.yml b/.github/actions/homebrew-env/action.yml index 977d4d1..02dc9bb 100644 --- a/.github/actions/homebrew-env/action.yml +++ b/.github/actions/homebrew-env/action.yml @@ -1,34 +1,17 @@ name: Homebrew Action -inputs: - HOMEBREW_GITHUB_API_TOKEN: - description: 'Homebrew GitHub API Token' - required: true - runs: using: 'composite' steps: - name: Set up Homebrew - id: set-up-homebrew - uses: Homebrew/actions/setup-homebrew@master - with: - core: true - cask: true - test-bot: false - - - name: Add parallel cli - shell: bash + shell: bash -ieo pipefail {0} run: | - brew install parallel - # makesure brew livecheck works - brew livecheck parallel + /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" - - name: Add Tap - env: - HOMEBREW_GITHUB_API_TOKEN: ${{ inputs.HOMEBREW_GITHUB_API_TOKEN }} - shell: bash + - name: Add Homebrew to PATH + shell: bash -ieo pipefail {0} run: | - brew tap brewforge/chinese - brew update - brew install ripgrep sd + touch $HOME/.bash_profile + (echo; echo 'eval "$(/usr/local/bin/brew shellenv)"') >> $HOME/.bash_profile + eval "$(/usr/local/bin/brew shellenv)" diff --git a/.github/actions/linuxbrew-env/action.yml b/.github/actions/linuxbrew-env/action.yml new file mode 100644 index 0000000..bd2e0d1 --- /dev/null +++ b/.github/actions/linuxbrew-env/action.yml @@ -0,0 +1,18 @@ +name: Linuxbrew Action + +runs: + using: 'composite' + + steps: + - name: Set up Linuxbrew + shell: bash -ieo pipefail {0} + run: | + sudo apt-get install build-essential procps curl file git + /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" + + - name: Add Linuxbrew to PATH + shell: bash -ieo pipefail {0} + run: | + touch $HOME/.bashrc + (echo; echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"') >> $HOME/.bashrc + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" diff --git a/.github/workflows/main.yml b/.github/workflows/schedule.yml similarity index 55% rename from .github/workflows/main.yml rename to .github/workflows/schedule.yml index 8db98d2..5099314 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/schedule.yml @@ -1,17 +1,19 @@ -name: CI +name: schedule on: - pull_request: - branches: [main, bump-*] - push: - branches: [fix-*] + # pull_request: + # branches: [main] + # push: + # branches: [fix-*] schedule: # run every 12 hours # - cron: "20 */12 * * *" # Every day at 6am - cron: "0 6 * * *" # allow run manually - workflow_dispatch: {} + workflow_dispatch: + +permissions: write-all jobs: casks: @@ -24,11 +26,13 @@ jobs: os: [macos-latest] steps: - # checkout myself. - uses: actions/checkout@v3 - name: Homebrew env uses: ./.github/actions/homebrew-env + + - name: Brew Tap + uses: ./.github/actions/brew-tap with: HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} @@ -44,14 +48,16 @@ jobs: strategy: matrix: - os: [macos-latest, ubuntu-latest] + os: [macos-latest] steps: - # checkout myself. - uses: actions/checkout@v3 - name: Homebrew env uses: ./.github/actions/homebrew-env + + - name: Brew Tap + uses: ./.github/actions/brew-tap with: HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} @@ -59,3 +65,28 @@ jobs: uses: ./.github/actions/bump-formulas with: HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} + + # formulas-linuxbrew: + # name: Bump Formulas in parallel (Linuxbrew) + # if: github.repository == 'brewforge/homebrew-chinese' + # runs-on: ${{ matrix.os }} + + # strategy: + # matrix: + # os: [ubuntu-latest] + + # steps: + # - uses: actions/checkout@v3 + + # - name: Linuxbrew env + # uses: ./.github/actions/linuxbrew-env + + # - name: Brew Tap + # uses: ./.github/actions/brew-tap + # with: + # HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} + + # - name: Bump formulas + # uses: ./.github/actions/bump-formulas + # with: + # HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}