fix(#49): github actions permission denied

Oscaner · Oscaner · commit 210e81116c54 · 2024-01-13T19:10:29.000+08:00
diff --git a/.github/actions/brew-tap/action.yml b/.github/actions/brew-tap/action.yml
@@ -0,0 +1,38 @@
+name: Brew Tap
+
+inputs:
+  HOMEBREW_GITHUB_API_TOKEN:
+    description: 'Homebrew GitHub API Token'
+    required: true
+
+runs:
+  using: 'composite'
+
+  steps:
+    - name: Add Tap
+      env:
+        HOMEBREW_GITHUB_API_TOKEN: ${{ inputs.HOMEBREW_GITHUB_API_TOKEN }}
+      shell: bash
+      run: |
+        brew tap brewforge/chinese
+        brew update
+
+    - name: Install Homebrew's dependencies
+      shell: bash
+      run: |
+        brew install ripgrep sd gcc parallel coreutils
+        brew unlink coreutils && brew link coreutils
+        brew install-bundler-gems --groups "audit,style"
+
+    - uses: oleksiyrudenko/gha-git-credentials@v2-latest
+      with:
+        global: true
+        name: 'Brewforge-Bot'
+        email: 'brewforge-bot@aliyun.com'
+        token: '${{ inputs.HOMEBREW_GITHUB_API_TOKEN }}'
+
+    - name: show git context
+      shell: bash
+      run: |
+        cat $HOME/.gitconfig
+        cat $GITHUB_ENV
diff --git a/.github/actions/bump-casks/action.yml b/.github/actions/bump-casks/action.yml
@@ -12,9 +12,14 @@ runs:
     - name: Bump outdated casks
       # continue-on-error: true
       env:
+        HOMEBREW_DEVELOPER: '1'
         HOMEBREW_GITHUB_API_TOKEN: ${{ inputs.HOMEBREW_GITHUB_API_TOKEN }}
       shell: bash
+      # https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-authenticated-users
+      # Github Actions: 5000 requests per hour
+      # 1 * 60 * 24 = 1440 (because bump-pr will checkout a new branch and push to remote)
+      # 1 concurrent parallel jobs, 1 second delay between jobs.
       run: |
-        parallel -j0 --group --halt now,fail=1 \
-          './.github/actions/bump-casks/script.sh {}' \
+        parallel -j1 --delay 1s --group --halt now,fail=1 \
+          "./.github/actions/bump-casks/script.sh {}" \
           ::: $(ls $(brew --repository brewforge/chinese)/Casks/*.rb | xargs -I {} basename {} .rb)
diff --git a/.github/actions/bump-casks/script.sh b/.github/actions/bump-casks/script.sh
@@ -27,6 +27,6 @@ toV=${cleanCheck#*==>}
 
 echo "Updating $cask from $fromV to $toV"
 if [[ "$fromV" != "$toV" ]]; then
-  brew bump-cask-pr "$cask" --version "$toV" --verbose --force
+  brew bump-cask-pr "$cask" --version "$toV" --verbose --force --fork-org Brewforge-Bot
 fi
 echo "Done for $cask"
diff --git a/.github/actions/bump-formulas/action.yml b/.github/actions/bump-formulas/action.yml
@@ -12,9 +12,14 @@ runs:
     - name: Bump outdated formulas
       # continue-on-error: true
       env:
+        HOMEBREW_DEVELOPER: '1'
         HOMEBREW_GITHUB_API_TOKEN: ${{ inputs.HOMEBREW_GITHUB_API_TOKEN }}
       shell: bash
+      # https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-authenticated-users
+      # Github Actions: 5000 requests per hour
+      # 1 * 60 * 24 = 1440 (because bump-pr will checkout a new branch and push to remote)
+      # 1 concurrent parallel jobs, 1 second delay between jobs.
       run: |
-        parallel -j0 --group --halt now,fail=1 \
-          './.github/actions/bump-formulas/script.sh {}' \
+        parallel -j1 --delay 1s --group --halt now,fail=1 \
+          "./.github/actions/bump-formulas/script.sh {}" \
           ::: $(ls $(brew --repository brewforge/chinese)/Formula/*.rb | xargs -I {} basename {} .rb)
diff --git a/.github/actions/bump-formulas/script.sh b/.github/actions/bump-formulas/script.sh
@@ -27,6 +27,6 @@ toV=${cleanCheck#*==>}
 
 echo "Updating $formula from $fromV to $toV"
 if [[ "$fromV" != "$toV" ]]; then
-  brew bump-formula-pr "$formula" --version "$toV" --verbose --force
+  brew bump-formula-pr "$formula" --version "$toV" --verbose --force --fork-org Brewforge-Bot
 fi
 echo "Done for $formula"
diff --git a/.github/actions/homebrew-env/action.yml b/.github/actions/homebrew-env/action.yml
@@ -1,34 +1,17 @@
 name: Homebrew Action
 
-inputs:
-  HOMEBREW_GITHUB_API_TOKEN:
-    description: 'Homebrew GitHub API Token'
-    required: true
-
 runs:
   using: 'composite'
 
   steps:
     - name: Set up Homebrew
-      id: set-up-homebrew
-      uses: Homebrew/actions/setup-homebrew@master
-      with:
-        core: true
-        cask: true
-        test-bot: false
-
-    - name: Add parallel cli
       shell: bash
       run: |
-        brew install parallel
-        # makesure brew livecheck works
-        brew livecheck parallel
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
 
-    - name: Add Tap
-      env:
-        HOMEBREW_GITHUB_API_TOKEN: ${{ inputs.HOMEBREW_GITHUB_API_TOKEN }}
+    - name: Add Homebrew to PATH
       shell: bash
       run: |
-        brew tap brewforge/chinese
-        brew update
-        brew install ripgrep sd
+        touch $HOME/.bash_profile
+        (echo; echo 'eval "$(/usr/local/bin/brew shellenv)"') >> $HOME/.bash_profile
+        eval "$(/usr/local/bin/brew shellenv)"
diff --git a/.github/actions/linuxbrew-env/action.yml b/.github/actions/linuxbrew-env/action.yml
@@ -0,0 +1,22 @@
+name: Linuxbrew Action
+
+runs:
+  using: 'composite'
+
+  steps:
+    - name: Set up Linuxbrew
+      shell: bash
+      run: |
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
+
+    - name: Add Linuxbrew to PATH
+      shell: bash
+      run: |
+        touch $HOME/.bashrc
+        (echo; echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"') >> $HOME/.bashrc
+        eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
+
+    - name: Install Homebrew's dependencies
+      shell: bash
+      run: |
+        sudo apt-get install build-essential
diff --git a/.github/workflows/schedule.yml b/.github/workflows/schedule.yml
@@ -1,8 +1,8 @@
-name: CI
+name: schedule
 
 on:
-  pull_request:
-    branches: [main, bump-*]
+  # pull_request:
+  #   branches: [main]
   push:
     branches: [fix-*]
   schedule:
@@ -11,7 +11,9 @@ on:
     # Every day at 6am
     - cron: "0 6 * * *"
   # allow run manually
-  workflow_dispatch: {}
+  workflow_dispatch:
+
+permissions: write-all
 
 jobs:
   casks:
@@ -24,11 +26,13 @@ jobs:
         os: [macos-latest]
 
     steps:
-      # checkout myself.
       - uses: actions/checkout@v3
 
       - name: Homebrew env
         uses: ./.github/actions/homebrew-env
+
+      - name: Brew Tap
+        uses: ./.github/actions/brew-tap
         with:
           HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
 
@@ -44,14 +48,41 @@ jobs:
 
     strategy:
       matrix:
-        os: [macos-latest, ubuntu-latest]
+        os: [macos-latest]
 
     steps:
-      # checkout myself.
       - uses: actions/checkout@v3
 
       - name: Homebrew env
         uses: ./.github/actions/homebrew-env
+
+      - name: Brew Tap
+        uses: ./.github/actions/brew-tap
+        with:
+          HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
+
+      - name: Bump formulas
+        uses: ./.github/actions/bump-formulas
+        with:
+          HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
+
+  formulas-linuxbrew:
+    name: Bump Formulas in parallel (Linuxbrew)
+    if: github.repository == 'brewforge/homebrew-chinese'
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Homebrew env
+        uses: ./.github/actions/linuxbrew-env
+
+      - name: Brew Tap
+        uses: ./.github/actions/brew-tap
         with:
           HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
 
