Skip to content

build(deps): bump github/codeql-action from 319cdb9fa619417d07cc37a964f0502bfbc5e8a9 to 4fa2a7953630fd2f3fb380f21be14ede0169dd4f #17278

build(deps): bump github/codeql-action from 319cdb9fa619417d07cc37a964f0502bfbc5e8a9 to 4fa2a7953630fd2f3fb380f21be14ede0169dd4f

build(deps): bump github/codeql-action from 319cdb9fa619417d07cc37a964f0502bfbc5e8a9 to 4fa2a7953630fd2f3fb380f21be14ede0169dd4f #17278

Workflow file for this run

name: Vendor Gems
on:
pull_request:
paths:
- Library/Homebrew/dev-cmd/vendor-gems.rb
- Library/Homebrew/Gemfile*
push:
paths:
- .github/workflows/vendor-gems.yml
branches-ignore:
- master
pull_request_target:
workflow_dispatch:
inputs:
pull_request:
description: Pull request number
required: true
permissions:
contents: read
pull-requests: read
jobs:
vendor-gems:
if: >
github.repository_owner == 'Homebrew' && (
github.event_name == 'workflow_dispatch' ||
github.event_name == 'pull_request' ||
github.event_name == 'push' || (
github.event.pull_request.user.login == 'dependabot[bot]' &&
contains(github.event.pull_request.title, '/Library/Homebrew')
)
)
runs-on: macos-14
steps:
- name: Set up Homebrew
id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@master
with:
core: false
cask: false
test-bot: false
- name: Configure Git user
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch'
uses: Homebrew/actions/git-user-config@master
with:
username: BrewTestBot
- name: Set up commit signing
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch'
uses: Homebrew/actions/setup-commit-signing@master
with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
- name: Check out pull request
id: checkout
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch'
run: |
gh pr checkout "${PR}"
branch="$(git branch --show-current)"
echo "branch=${branch}" >> "$GITHUB_OUTPUT"
gem_name="$(echo "${branch}" | sed -E 's|.*/||;s|(.*)-.*$|\1|')"
echo "gem_name=${gem_name}" >> "$GITHUB_OUTPUT"
env:
PR: ${{ github.event.pull_request.number || github.event.inputs.pull_request }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
working-directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
- name: Vendor Gems
env:
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
run: |
if [[ "${GITHUB_EVENT_NAME}" == "pull_request_target" || "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]
then
brew vendor-gems --non-bundler-gems
else
brew vendor-gems --non-bundler-gems --no-commit
fi
- name: Update RBI files
run: brew typecheck --update
- name: Commit RBI changes
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch'
env:
GEM_NAME: ${{ steps.checkout.outputs.gem_name }}
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
working-directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
run: |
if ! git diff --stat --exit-code "Library/Homebrew/sorbet"
then
git add "Library/Homebrew/sorbet"
git commit -m "Update RBI files for ${GEM_NAME}." \
-m "Autogenerated by the [vendor-gems](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/vendor-gems.yml) workflow."
fi
- name: Generate push token
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1
id: app-token
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch'
with:
app-id: ${{ vars.BREW_COMMIT_APP_ID }}
private-key: ${{ secrets.BREW_COMMIT_APP_KEY }}
- name: Push to pull request
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch'
uses: Homebrew/actions/git-try-push@master
with:
token: ${{ steps.app-token.outputs.token }}
directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
branch: ${{ steps.checkout.outputs.branch }}
force: true