|
| 1 | +name: Test Homebrew Tap Auth |
| 2 | + |
| 3 | +# One-off smoke test. Verifies that the GitHub App referenced by |
| 4 | +# vars.HOMEBREW_TAP_APP_CLIENT_ID + secrets.HOMEBREW_TAP_APP_PRIVATE_KEY can |
| 5 | +# mint a token scoped to dataiku/homebrew-tap and both push to and delete |
| 6 | +# from it. Safe to delete this workflow file once the publish-homebrew-tap |
| 7 | +# job in release.yml is proven end-to-end. |
| 8 | + |
| 9 | +on: |
| 10 | + workflow_dispatch: |
| 11 | + inputs: |
| 12 | + cleanup: |
| 13 | + description: "Delete the test branch from the tap after pushing" |
| 14 | + required: false |
| 15 | + default: true |
| 16 | + type: boolean |
| 17 | + |
| 18 | +jobs: |
| 19 | + smoke-test: |
| 20 | + name: Verify App can push to dataiku/homebrew-tap |
| 21 | + runs-on: ubuntu-latest |
| 22 | + permissions: |
| 23 | + contents: read |
| 24 | + |
| 25 | + steps: |
| 26 | + - name: Mint App installation token |
| 27 | + id: app-token |
| 28 | + uses: actions/create-github-app-token@v2 |
| 29 | + with: |
| 30 | + app-id: ${{ vars.HOMEBREW_TAP_APP_CLIENT_ID }} |
| 31 | + private-key: ${{ secrets.HOMEBREW_TAP_APP_PRIVATE_KEY }} |
| 32 | + owner: dataiku |
| 33 | + repositories: homebrew-tap |
| 34 | + |
| 35 | + - name: Read tap metadata via App token |
| 36 | + env: |
| 37 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
| 38 | + run: | |
| 39 | + set -euo pipefail |
| 40 | + echo "App slug: ${{ steps.app-token.outputs.app-slug }}" |
| 41 | + echo "Installation id: ${{ steps.app-token.outputs.installation-id }}" |
| 42 | + echo |
| 43 | + gh api repos/dataiku/homebrew-tap \ |
| 44 | + --jq '{full_name, default_branch, visibility, permissions}' |
| 45 | +
|
| 46 | + - name: Checkout tap |
| 47 | + uses: actions/checkout@v6 |
| 48 | + with: |
| 49 | + repository: dataiku/homebrew-tap |
| 50 | + token: ${{ steps.app-token.outputs.token }} |
| 51 | + path: homebrew-tap |
| 52 | + |
| 53 | + - name: Push marker commit to throwaway branch |
| 54 | + env: |
| 55 | + APP_SLUG: ${{ steps.app-token.outputs.app-slug }} |
| 56 | + BRANCH: test-auth-${{ github.run_id }} |
| 57 | + run: | |
| 58 | + set -euo pipefail |
| 59 | + cd homebrew-tap |
| 60 | + git config user.name "${APP_SLUG}[bot]" |
| 61 | + git config user.email "${APP_SLUG}[bot]@users.noreply.github.com" |
| 62 | +
|
| 63 | + git checkout -b "${BRANCH}" |
| 64 | + mkdir -p .smoke-tests |
| 65 | + cat > ".smoke-tests/${{ github.run_id }}.txt" <<EOF |
| 66 | + Auth smoke test from kiji-proxy run ${{ github.run_id }} |
| 67 | + Actor: ${{ github.actor }} |
| 68 | + Timestamp: $(date -u +"%Y-%m-%dT%H:%M:%SZ") |
| 69 | + App slug: ${APP_SLUG} |
| 70 | + EOF |
| 71 | +
|
| 72 | + git add ".smoke-tests/${{ github.run_id }}.txt" |
| 73 | + git commit -m "smoke: auth test from kiji-proxy run ${{ github.run_id }}" |
| 74 | + git push origin "${BRANCH}" |
| 75 | +
|
| 76 | + echo "::notice::Pushed ${BRANCH} to dataiku/homebrew-tap" |
| 77 | + echo "URL: https://github.com/dataiku/homebrew-tap/tree/${BRANCH}" |
| 78 | +
|
| 79 | + - name: Delete test branch |
| 80 | + if: ${{ inputs.cleanup }} |
| 81 | + env: |
| 82 | + GH_TOKEN: ${{ steps.app-token.outputs.token }} |
| 83 | + BRANCH: test-auth-${{ github.run_id }} |
| 84 | + run: | |
| 85 | + set -euo pipefail |
| 86 | + gh api -X DELETE "repos/dataiku/homebrew-tap/git/refs/heads/${BRANCH}" |
| 87 | + echo "::notice::Deleted ${BRANCH} (also proves the App has write access to refs)" |
0 commit comments