Summary
github-action-install-senzing-sdk v5 is released. v5 routes macOS and Windows installs through the private Senzing Homebrew tap / Scoop bucket for any version that resolves to staging, which the previous DMG/zip flow did not require auth for. Linux still uses the public apt/yum buckets and is unaffected.
Required changes
-
Bump every uses: pin from @v4 to @v5.
-
In the darwin and windows install workflows (Linux is unchanged), add a token-mint step before the install and pass senzingsdk-token to the action. The mint is skipped for production-v4 rows since the public prod tap/bucket needs no auth:
- name: Mint staging tap token
if: matrix.senzingsdk-version != 'production-v4'
id: staging-token
uses: actions/create-github-app-token@v3.1.1
with:
client-id: ${{ secrets.SENZINGSDK_STAGING_CLIENT_ID }}
private-key: ${{ secrets.SENZINGSDK_STAGING_APP_KEY }}
owner: senzing-factory
repositories: homebrew-senzingsdk-staging # use scoop-senzingsdk-staging on Windows workflows
- name: Install Senzing SDK
uses: senzing-factory/github-action-install-senzing-sdk@v5
with:
senzingsdk-version: ${{ matrix.senzingsdk-version }}
senzingsdk-token: ${{ steps.staging-token.outputs.token || github.token }}
-
Confirm the org-level SENZINGSDK_STAGING_CLIENT_ID and SENZINGSDK_STAGING_APP_KEY secrets are populated for senzing-garage (see Create Senzing SDK Staging GitHub Apps in the internal KB). Both live under Actions Secrets -- not Variables.
-
Tag-triggered release/publish workflows (e.g. make-github-release-assets-*) must install from production, not staging. Pin those workflows' install step to senzingsdk-version: production-v4 and drop any sdk-versions matrix axis -- release builds shouldn't iterate over staging/semver SDKs and shouldn't need auth.
Notes
sdk-versions@v4 outputs ["production-v4", "staging-v4", "4.3.0"]. Two of those three rows now require the staging token on darwin/windows; the third (production-v4) does not.- Semver values from
sdk-versions default to staging. If a future workflow needs a specific prod version, pass senzingsdk-repository: production alongside the semver -- no token required in that case.
- Linux workflows (
runs-on: ubuntu-latest) install via apt/yum from public buckets and don't need the token wiring.
Acceptance
Summary
github-action-install-senzing-sdk v5 is released. v5 routes macOS and Windows installs through the private Senzing Homebrew tap / Scoop bucket for any version that resolves to staging, which the previous DMG/zip flow did not require auth for. Linux still uses the public apt/yum buckets and is unaffected.
Required changes
Bump every
uses:pin from@v4to@v5.In the darwin and windows install workflows (Linux is unchanged), add a token-mint step before the install and pass
senzingsdk-tokento the action. The mint is skipped forproduction-v4rows since the public prod tap/bucket needs no auth:Confirm the org-level
SENZINGSDK_STAGING_CLIENT_IDandSENZINGSDK_STAGING_APP_KEYsecrets are populated for senzing-garage (see Create Senzing SDK Staging GitHub Apps in the internal KB). Both live under Actions Secrets -- not Variables.Tag-triggered release/publish workflows (e.g.
make-github-release-assets-*) must install from production, not staging. Pin those workflows' install step tosenzingsdk-version: production-v4and drop anysdk-versionsmatrix axis -- release builds shouldn't iterate over staging/semver SDKs and shouldn't need auth.Notes
sdk-versions@v4outputs["production-v4", "staging-v4", "4.3.0"]. Two of those three rows now require the staging token on darwin/windows; the third (production-v4) does not.sdk-versionsdefault to staging. If a future workflow needs a specific prod version, passsenzingsdk-repository: productionalongside the semver -- no token required in that case.runs-on: ubuntu-latest) install via apt/yum from public buckets and don't need the token wiring.Acceptance
@v4refs to this action bumped to@v5production-v4row still installs (no token used)production-v4with nosdk-versionsmatrix axis