From 6a5e99588a9698f95a21cdda63c83da84a4e4ec6 Mon Sep 17 00:00:00 2001
From: Tim Beyer <tim.beyer@gmail.com>
Date: Wed, 13 Sep 2023 12:17:54 +0200
Subject: [PATCH] chore: automatically release brew for both ARM and AMD builds
 (#5062)

* chore: automatically release brew for both ARM and AMD builds

Brings the template into the garden repo so any changes to the process only need to go through here and will always be consistent.

* fix: run release in ubuntu

* fix: ensure we grab things relative to the github workspace

* debug: help

* fix: checkout current branch instead of main

* fix: remaining templates

* chore: test failing of hashing

* chore: fail when binary cannot be fetched

* chore: test failing again

* chore: error handling removed because of bash

* chore: maybe fail now?

* chore: maybe error now?

* chore: properly error when binaries cannot be fetched

* fix: linter

* chore: remove redundant message

* chore: pin actions with commit hash

* chore: remove redundant templates
---
 .../workflows/manually-create-homebrew-pr.yml |   4 +-
 .github/workflows/publish-release.yml         |   4 +-
 .../workflows/reusable-create-homebrew-pr.yml | 102 +++++++++++++++---
 .github/workflows/test-create-homebrew-pr.yml |   6 +-
 ...brew-formula.rb => homebrew-formula.rb.j2} |  16 ++-
 5 files changed, 103 insertions(+), 29 deletions(-)
 rename support/{homebrew-formula.rb => homebrew-formula.rb.j2} (52%)

diff --git a/.github/workflows/manually-create-homebrew-pr.yml b/.github/workflows/manually-create-homebrew-pr.yml
index 7b62238ed9..1e8098683b 100644
--- a/.github/workflows/manually-create-homebrew-pr.yml
+++ b/.github/workflows/manually-create-homebrew-pr.yml
@@ -17,9 +17,7 @@ jobs:
     with:
       release-version: ${{ inputs.release-version }}
       commit-message: |
-        Bump {{formulaName}} to {{version}}.
-
         This PR has been generated by the "Manually release Garden to Homebrew" workflow.
         
-        @${{ github.triggering_actor }} Please review this PR carefully and merge once Garden {{version}} should be released to Homebrew.
+        @${{ github.triggering_actor }} Please review this PR carefully and merge once Garden should be released to Homebrew.
     secrets: inherit
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index cb3b990618..be34a9d2a4 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -47,9 +47,7 @@ jobs:
       release-condition: ${{ github.event.release.prerelease != true }}
       release-version: ${{ github.event.release.tag_name }}
       commit-message: |
-        Bump {{formulaName}} to {{version}}.
-
         This PR has been generated by the publish-release workflow after the new release
 
-        @${{ github.triggering_actor }} Please review this PR carefully and merge once Garden {{version}} should be released to Homebrew.
+        @${{ github.triggering_actor }} Please review this PR carefully and merge once Garden should be released to Homebrew.
     secrets: inherit
diff --git a/.github/workflows/reusable-create-homebrew-pr.yml b/.github/workflows/reusable-create-homebrew-pr.yml
index f9bdeb8e89..bf54818d1e 100644
--- a/.github/workflows/reusable-create-homebrew-pr.yml
+++ b/.github/workflows/reusable-create-homebrew-pr.yml
@@ -14,37 +14,107 @@ on:
         type: string
         description: "Commit message for homebrew repository."
         default: |
-          Bump {{formulaName}} to {{version}}.
-
           For more info: https://github.com/garden-io/garden
 
 permissions:
   contents: read
 
 jobs:
-  homebrew-create-pr:
-    runs-on: macos-latest
+  fetch-release-checksums:
+    runs-on: ubuntu-latest
+    env:
+      ARM_TARBALL_URL: https://download.garden.io/core/${{ inputs.release-version }}/garden-${{ inputs.release-version }}-macos-arm64.tar.gz
+      AMD_TARBALL_URL: https://download.garden.io/core/${{ inputs.release-version }}/garden-${{ inputs.release-version }}-macos-amd64.tar.gz
+    outputs:
+      arm-sha256: ${{ steps.fetch-arm-sha256.outputs.sha256 }}
+      amd-sha256: ${{ steps.fetch-amd-sha256.outputs.sha256 }}
+      arm-tarball-url: ${{ env.ARM_TARBALL_URL }}
+      amd-tarball-url: ${{ env.AMD_TARBALL_URL }}
+    steps:
+      - name: Fetch arm sha256
+        id: fetch-arm-sha256
+        if: inputs.release-condition != 'false'
+        run: |
+          set -o pipefail
+
+          if ! checksum=$(curl -sSL --fail ${{ env.ARM_TARBALL_URL }} | shasum -a 256 | cut -d ' ' -f 1);
+          then
+            echo "Failed to fetch binary from ${{ env.ARM_TARBALL_URL }}"
+            exit 1
+          fi
 
+          echo "sha256=$checksum" >> "$GITHUB_OUTPUT"
+      - name: Fetch amd sha256
+        id: fetch-amd-sha256
+        if: inputs.release-condition != 'false'
+        run: |
+          set -o pipefail
+
+          if ! checksum=$(curl -sSL --fail ${{ env.AMD_TARBALL_URL }} | shasum -a 256 | cut -d ' ' -f 1);
+          then
+            echo "Failed to fetch binary from ${{ env.AMD_TARBALL_URL }}"
+            exit 1
+          fi
+
+          echo "sha256=$checksum" >> "$GITHUB_OUTPUT"
+  homebrew-create-pr:
+    runs-on: ubuntu-latest
+    needs: fetch-release-checksums
     steps:
       - name: Checks release pre-condition
         if: inputs.release-condition == 'false'
         run: |
           echo The release-condition evaluated to false.
           echo Skipping all the next steps.
-      - name: Create PR on Homebrew Formula repository
+
+      - name: Checkout garden repo
         if: inputs.release-condition != 'false'
-        uses: stefreak/bump-homebrew-formula-action@82352c3cbbc2acdec5a064502447b555f18496fc
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # 4.0.0
         with:
-          tag-name: ${{ inputs.release-version }}
-          formula-name: garden-cli
-          formula-path: Formula/garden-cli.rb
-          homebrew-tap: garden-io/homebrew-garden
-          base-branch: main
-          create-pullrequest: true
-          download-url: https://download.garden.io/core/${{ inputs.release-version }}/garden-${{ inputs.release-version }}-macos-amd64.tar.gz
-          commit-message: ${{ inputs.commit-message }}
-        env:
-          COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
+          repository: garden-io/garden
+          path: garden
+
+      - name: Checkout homebrew repo
+        if: inputs.release-condition != 'false'
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # 4.0.0
+        with:
+          repository: garden-io/homebrew-garden
+          ref: main
+          path: homebrew-garden
+          token: ${{ secrets.COMMITTER_TOKEN }}
+
+      - name: Template Homebrew Formula
+        if: inputs.release-condition != 'false'
+        uses: cuchi/jinja2-action@3fa06acb38601d3caea4c5ce0416e268a8799d71 # 1.2.1
+        with:
+          template: garden/support/homebrew-formula.rb.j2
+          output_file: homebrew-garden/Formula/garden-cli.rb
+          strict: true
+          variables: |
+            version=${{ inputs.release-version }}
+            armTarballUrl=${{ needs.fetch-release-checksums.outputs.arm-tarball-url }}
+            amdTarballUrl=${{ needs.fetch-release-checksums.outputs.amd-tarball-url }}
+            armSha256=${{ needs.fetch-release-checksums.outputs.arm-sha256 }}
+            amdSha256=${{ needs.fetch-release-checksums.outputs.amd-sha256 }}
+      
+      - name: Create PR on Homebrew Repository
+        if: inputs.release-condition != 'false'
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # 5.0.2
+        with:
+          path: ${{ github.workspace }}/homebrew-garden
+          token: ${{ secrets.COMMITTER_TOKEN }}
+          commit-message: |
+            Bump garden-cli.rb to ${{ inputs.release-version }}
+
+            ${{ inputs.commit-message }}
+          title: Bump garden-cli to ${{ inputs.release-version }}
+          body:  |
+            Bump garden-cli.rb to ${{ inputs.release-version }}
+
+            ${{ inputs.commit-message}}
+          branch: garden-cli-${{ inputs.release-version }}
+          reviewers: ${{ github.triggering_actor }}
+
       - name: Adding markdown summary
         if: inputs.release-condition != 'false'
         run: |
diff --git a/.github/workflows/test-create-homebrew-pr.yml b/.github/workflows/test-create-homebrew-pr.yml
index 194361aaaf..8af12c23f4 100644
--- a/.github/workflows/test-create-homebrew-pr.yml
+++ b/.github/workflows/test-create-homebrew-pr.yml
@@ -12,14 +12,12 @@ jobs:
   test:
     uses: ./.github/workflows/reusable-create-homebrew-pr.yml
     with:
-      release-version: edge
+      release-version: edge-bonsai
       commit-message: |
         This is just a test. DO NOT MERGE
 
         You can safely close this PR. This is a test PR created by https://github.com/${{ github.repository }}/pull/${{ github.event.number }}
 
-        TEST: Bump {{formulaName}} to {{version}}.
-
         @${{ github.triggering_actor }} Please close this pull request.
     secrets: inherit
 
@@ -27,7 +25,7 @@ jobs:
     uses: ./.github/workflows/reusable-create-homebrew-pr.yml
     with:
       release-condition: false
-      release-version: edge
+      release-version: edge-bonsai
       commit-message: |
         Do not merge. This PR should not exist.
 
diff --git a/support/homebrew-formula.rb b/support/homebrew-formula.rb.j2
similarity index 52%
rename from support/homebrew-formula.rb
rename to support/homebrew-formula.rb.j2
index 2bae3002ad..1b5219adb8 100644
--- a/support/homebrew-formula.rb
+++ b/support/homebrew-formula.rb.j2
@@ -1,12 +1,22 @@
 class GardenCli < Formula
   desc "Development engine for Kubernetes"
   homepage "https://garden.io"
-  url "{{{tarballUrl}}}"
+
   version "{{version}}"
-  sha256 "{{sha256}}"
+
+  depends_on "rsync"
+
+  # Determine architecture
+  if Hardware::CPU.arm?
+    url "{{armTarballUrl}}"
+    sha256 "{{armSha256}}"
+  else
+    url "{{amdTarballUrl}}"
+    sha256 "{{amdSha256}}"
+  end
 
   def install
-    libexec.install "garden", "fsevents.node", "static", "pty.node"
+    libexec.install "garden", "fsevents.node", "static"
     bin.install_symlink libexec/"garden"
   end