diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index f9e3d393e00..da8b6193f7a 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -414,14 +414,4 @@ jobs: else git log --oneline @{upstream}.. git diff --name-status @{upstream}.. - fi - - name: Bump homebrew-core formula - uses: mislav/bump-homebrew-formula-action@ccf2332299a883f6af50a1d2d41e5df7904dd769 - if: inputs.environment == 'production' && !contains(inputs.tag_name, '-') - with: - formula-name: gh - formula-path: Formula/g/gh.rb - tag-name: ${{ inputs.tag_name }} - push-to: williammartin/homebrew-core - env: - COMMITTER_TOKEN: ${{ secrets.HOMEBREW_PR_PAT }} + fi \ No newline at end of file diff --git a/.github/workflows/homebrew-bump.yml b/.github/workflows/homebrew-bump.yml deleted file mode 100644 index eccf933dd77..00000000000 --- a/.github/workflows/homebrew-bump.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: homebrew-bump-debug - -permissions: - contents: write - -on: - workflow_dispatch: - inputs: - tag_name: - required: true - type: string - environment: - default: production - type: environment -jobs: - bump: - runs-on: ubuntu-latest - steps: - - name: Bump homebrew-core formula - uses: mislav/bump-homebrew-formula-action@ccf2332299a883f6af50a1d2d41e5df7904dd769 - if: inputs.environment == 'production' && !contains(inputs.tag_name, '-') - with: - formula-name: gh - tag-name: ${{ inputs.tag_name }} - env: - COMMITTER_TOKEN: ${{ secrets.HOMEBREW_PR_PAT }} diff --git a/docs/release-process-deep-dive.md b/docs/release-process-deep-dive.md index 4d060841a5a..4e4928be776 100644 --- a/docs/release-process-deep-dive.md +++ b/docs/release-process-deep-dive.md @@ -11,7 +11,6 @@ From a high level, the [release workflow](https://github.com/cli/cli/blob/537a22 * Builds and updates the [manual](https://cli.github.com/manual) and repository packages * Creates GitHub Attestations for the artifacts * Creates a GitHub Release and attaches the artifacts - * Bumps the `gh` [homebrew-core formula](https://github.com/Homebrew/homebrew-core/blob/2df031cbd8f7bc9b9a380e941ccefcf3c8f3d02b/Formula/g/gh.rb) # Jobs Deep Dive @@ -569,16 +568,6 @@ release: git log --oneline @{upstream}.. git diff --name-status @{upstream}.. fi - - name: Bump homebrew-core formula - uses: mislav/bump-homebrew-formula-action@v3 - if: inputs.environment == 'production' && !contains(inputs.tag_name, '-') - with: - formula-name: gh - formula-path: Formula/g/gh.rb - tag-name: ${{ inputs.tag_name }} - push-to: williammartin/homebrew-core - env: - COMMITTER_TOKEN: ${{ secrets.HOMEBREW_PR_PAT }} ``` @@ -647,11 +636,11 @@ In previous steps, a git commit was made for the manual, and files had moved int Occasionally, the repository can become unwieldy due to hosting so many large binary artifacts. Instructions can be found in the README for that repository. -#### Homebrew Formula +#### Homebrew -Using [`mislav/bump-homebrew-formula-action`](https://github.com/mislav/bump-homebrew-formula-action), a PR for the `gh` [`homebrew-core` formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/g/gh.rb) is created. The fork repository is currently owned by `williammartin` as PRs are [not accepted from organizations.](https://github.com/cli/cli/pull/7953) +Historically, we used [`mislav/bump-homebrew-formula-action`](https://github.com/mislav/bump-homebrew-formula-action). It created a PR for the `gh` [`homebrew-core` formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/g/gh.rb). The fork repository was owned by `williammartin` because PRs are [not accepted from organizations.](https://github.com/cli/cli/pull/7953) -`Homebrew/formulae.brew.sh` makes new formula versions available every 15 minutes through scheduled CI workflow. For more information, see https://docs.brew.sh/Formula-Cookbook#an-introduction +However, since this required a legacy PAT token to open a PR between these repositories, it was deemed too much risk for our security. As such, we now rely on [Homebrew's autobump](https://docs.brew.sh/Autobump). ## Deepest Dive diff --git a/docs/releasing.md b/docs/releasing.md index b424266d4ff..9f304699127 100644 --- a/docs/releasing.md +++ b/docs/releasing.md @@ -21,13 +21,14 @@ What this does is: - Uploads all release artifacts to a new GitHub Release; - A new git tag `vX.Y.Z` is created in the remote repository; - The changelog is [generated from the list of merged pull requests](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes); -- Updates [GitHub CLI marketing site](https://cli.github.com) with the contents of the new release; -- Updates the [`gh` Homebrew formula](https://github.com/williammartin/homebrew-core/blob/master/Formula/g/gh.rb) in the [`homebrew/homebrew-core` repo](https://github.com/search?q=repo%3AHomebrew%2Fhomebrew-core+%22gh%22+in%3Atitle&type=pullrequests). +- Updates [GitHub CLI marketing site](https://cli.github.com) with the contents of the new release. -> [!NOTE] -> `Homebrew/formulae.brew.sh` makes new formula versions available every 15 minutes through scheduled [CI workflow](https://github.com/Homebrew/formulae.brew.sh/actions/workflows/tests.yml). -> -> For more information, see https://docs.brew.sh/Formula-Cookbook#an-introduction +## Bumping Homebrew + +Homebrew bumps are handled by [autobump](https://docs.brew.sh/Autobump), which runs periodically every 3 hours. In cases where a quicker rollout is required, a pull request can be opened manually with the following steps: + 1. Replace the version number in the urlĀ to point ot the updated version. + 2. Calculate and replace the sha256 value. + 3. Open the PR. To test out the build system while avoiding creating an actual release: @@ -60,6 +61,5 @@ Occasionally, it might be necessary to clean up a bad release and re-release. 1. Delete the release and associated tag 2. Re-release and monitor the workflow run logs -3. Open pull request updating [`gh` Homebrew formula](https://github.com/williammartin/homebrew-core/blob/master/Formula/g/gh.rb) - with new SHA versions, linking the previous PR +3. Open pull request updating [`gh` Homebrew formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/g/gh.rb) with new SHA versions, linking the previous PR 4. Verify resulting Debian and RPM packages, Homebrew formula