diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 3185517144..70736ee37b 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -1,18 +1,19 @@ -name: actionlint +# This file is synced from the `.github` repository, do not modify it directly. +name: Actionlint on: push: branches: + - main - master + paths: + - '.github/workflows/*.ya?ml' + - 'Formula/a/actionlint.rb' + - 'Formula/s/shellcheck.rb' + - 'Formula/z/zizmor.rb' pull_request: paths: - '.github/workflows/*.ya?ml' - - '.github/actionlint.yaml' - -env: - HOMEBREW_DEVELOPER: 1 - HOMEBREW_NO_AUTO_UPDATE: 1 - HOMEBREW_NO_ENV_HINTS: 1 defaults: run: @@ -22,12 +23,19 @@ concurrency: group: "actionlint-${{ github.ref }}" cancel-in-progress: ${{ github.event_name == 'pull_request' }} +env: + HOMEBREW_DEVELOPER: 1 + HOMEBREW_NO_AUTO_UPDATE: 1 + HOMEBREW_NO_ENV_HINTS: 1 + permissions: {} jobs: workflow_syntax: if: github.repository_owner == 'Homebrew' runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Set up Homebrew id: setup-homebrew @@ -40,31 +48,34 @@ jobs: - name: Install tools run: brew install actionlint shellcheck zizmor - - name: Set up GITHUB_WORKSPACE - env: - HOMEBREW_REPOSITORY: ${{ steps.setup-homebrew.outputs.repository-path }} - run: | - # Annotations work only relative to GITHUB_WORKSPACE - (shopt -s dotglob; rm -rf "${GITHUB_WORKSPACE:?}"/*; mv "${HOMEBREW_REPOSITORY:?}"/* "$GITHUB_WORKSPACE") - rmdir "$HOMEBREW_REPOSITORY" - ln -vs "$GITHUB_WORKSPACE" "$HOMEBREW_REPOSITORY" + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - echo "::add-matcher::.github/actionlint-matcher.json" - - - run: | - # NOTE: exit code intentionally suppressed here - zizmor --format sarif . > results.sarif || true + - run: zizmor --format sarif . > results.sarif - name: Upload SARIF file uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + # We can't use the SARIF file when triggered by `merge_group` so we don't upload it. + if: always() && github.event_name != 'merge_group' with: name: results.sarif path: results.sarif + - name: Set up actionlint + run: echo "::add-matcher::$(brew --repository)/.github/actionlint-matcher.json" + - run: actionlint upload_sarif: needs: workflow_syntax + # We want to always upload this even if `actionlint` failed. + # This is only available on public repositories. + if: > + always() && + !contains(fromJSON('["cancelled", "skipped"]'), needs.workflow_syntax.result) && + !github.event.repository.private && + github.event_name != 'merge_group' runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a3386e59c4..b762d60ed9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -3,10 +3,9 @@ name: "CodeQL" on: push: branches: + - main - master pull_request: - branches: - - master defaults: run: diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 81c9c7ad86..fd52efede6 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -4,6 +4,7 @@ on: pull_request: push: branches: + - main - master merge_group: release: @@ -38,8 +39,8 @@ jobs: fetch-depth: 0 persist-credentials: false - - name: Fetch origin/master from Git - run: git fetch origin master + - name: Fetch origin/HEAD from Git + run: git fetch origin HEAD - name: Determine build attributes id: attributes @@ -83,12 +84,16 @@ jobs: ) fi elif [[ "${GITHUB_EVENT_NAME}" == "push" && - "${GITHUB_REF}" == "refs/heads/master" && + ("${GITHUB_REF}" == "refs/heads/master" || "${GITHUB_REF}" == "refs/heads/main") && "${version}" == "22.04" ]]; then tags+=( + "ghcr.io/homebrew/brew:main" "ghcr.io/homebrew/brew:master" + "ghcr.io/homebrew/ubuntu${version}:main" "ghcr.io/homebrew/ubuntu${version}:master" + "homebrew/brew:main" "homebrew/brew:master" + "homebrew/ubuntu${version}:main" "homebrew/ubuntu${version}:master" ) fi @@ -160,8 +165,8 @@ jobs: fetch-depth: 0 persist-credentials: false - - name: Fetch origin/master from Git - run: git fetch origin master + - name: Fetch origin/HEAD from Git + run: git fetch origin HEAD - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 diff --git a/.github/workflows/rubydoc.yml b/.github/workflows/rubydoc.yml index 2c0399ed56..862bd4dde5 100644 --- a/.github/workflows/rubydoc.yml +++ b/.github/workflows/rubydoc.yml @@ -3,6 +3,7 @@ name: Ruby Documentation CI on: push: branches: + - main - master pull_request: diff --git a/.github/workflows/schemas.yml b/.github/workflows/schemas.yml index 43b47a31f4..2fa4a8a4f5 100644 --- a/.github/workflows/schemas.yml +++ b/.github/workflows/schemas.yml @@ -4,6 +4,7 @@ on: paths: - .github/workflows/schemas.yml branches-ignore: + - main - master schedule: - cron: "0 0 * * *" @@ -55,7 +56,7 @@ jobs: git checkout "${BRANCH}" git checkout "Library/Homebrew/data/schemas" else - git checkout --no-track -B "${BRANCH}" origin/master + git checkout --no-track -B "${BRANCH}" origin/HEAD fi # Intentionally tracking 2.3.x to match what we output in sbom.rb. 3.0 also doesn't have a JSON Schema. @@ -67,9 +68,10 @@ jobs: if ! git diff --exit-code Library/Homebrew/data/schemas then git add "Library/Homebrew/data/schemas" - git commit -m "data/schemas: update schema data." -m "Autogenerated by [a scheduled GitHub Action](https://github.com/Homebrew/brew/blob/master/.github/workflows/schemas.yml)." + git commit -m "data/schemas: update schema data." -m "Autogenerated by [a scheduled GitHub Action](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/schemas.yml)." + echo "committed=true" >> "$GITHUB_OUTPUT" - PULL_REQUEST_STATE="$(gh pr view --json=state | jq -r ".state")" + PULL_REQUEST_STATE="$(gh pr view --json=state | jq -r ".state" || true)" if [[ "${PULL_REQUEST_STATE}" != "OPEN" ]] then echo "pull_request=true" >> "$GITHUB_OUTPUT" @@ -84,7 +86,7 @@ jobs: directory: ${{ steps.set-up-homebrew.outputs.repository-path }} branch: ${{ steps.update.outputs.branch }} force: true - origin_branch: "master" + origin_branch: "HEAD" - name: Open a pull request if: steps.update.outputs.pull_request == 'true' diff --git a/.github/workflows/sorbet.yml b/.github/workflows/sorbet.yml index d9ce901d48..00532ba0ba 100644 --- a/.github/workflows/sorbet.yml +++ b/.github/workflows/sorbet.yml @@ -10,6 +10,7 @@ on: paths: - .github/workflows/sorbet.yml branches-ignore: + - main - master schedule: - cron: "0 0 * * *" @@ -63,7 +64,7 @@ jobs: git checkout "${BRANCH}" git checkout "Library/Homebrew/sorbet" else - git checkout --no-track -B "${BRANCH}" origin/master + git checkout --no-track -B "${BRANCH}" origin/HEAD fi fi @@ -80,17 +81,17 @@ jobs: then git add "Library/Homebrew/sorbet" git commit -m "sorbet: Update RBI files." \ - -m "Autogenerated by the [sorbet](https://github.com/Homebrew/brew/blob/master/.github/workflows/sorbet.yml) workflow." + -m "Autogenerated by the [sorbet](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/sorbet.yml) workflow." if ! git diff --stat --exit-code "Library/Homebrew" then git add "Library/Homebrew/" git commit -m "sorbet: Autobump sigils via Spoom" \ - -m "Autogenerated by the [sorbet](https://github.com/Homebrew/brew/blob/master/.github/workflows/sorbet.yml) workflow." + -m "Autogenerated by the [sorbet](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/sorbet.yml) workflow." fi echo "committed=true" >> "$GITHUB_OUTPUT" - PULL_REQUEST_STATE="$(gh pr view --json=state | jq -r ".state")" + PULL_REQUEST_STATE="$(gh pr view --json=state | jq -r ".state" || true)" if [[ "${PULL_REQUEST_STATE}" != "OPEN" ]] then echo "pull_request=true" >> "$GITHUB_OUTPUT" @@ -105,7 +106,7 @@ jobs: directory: ${{ steps.set-up-homebrew.outputs.repository-path }} branch: ${{ steps.update.outputs.branch }} force: true - origin_branch: "master" + origin_branch: "HEAD" - name: Open a pull request if: steps.commit.outputs.pull_request == 'true' diff --git a/.github/workflows/spdx.yml b/.github/workflows/spdx.yml index a67f827e3c..8cfc790313 100644 --- a/.github/workflows/spdx.yml +++ b/.github/workflows/spdx.yml @@ -4,6 +4,7 @@ on: paths: - .github/workflows/spdx.yml branches-ignore: + - main - master schedule: - cron: "0 0 * * *" @@ -55,15 +56,16 @@ jobs: git checkout "${BRANCH}" git checkout "Library/Homebrew/data/spdx" else - git checkout --no-track -B "${BRANCH}" origin/master + git checkout --no-track -B "${BRANCH}" origin/HEAD fi if brew update-license-data then git add "Library/Homebrew/data/spdx" - git commit -m "spdx: update license data." -m "Autogenerated by [a scheduled GitHub Action](https://github.com/Homebrew/brew/blob/master/.github/workflows/spdx.yml)." + git commit -m "spdx: update license data." -m "Autogenerated by [a scheduled GitHub Action](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/spdx.yml)." + echo "committed=true" >> "$GITHUB_OUTPUT" - PULL_REQUEST_STATE="$(gh pr view --json=state | jq -r ".state")" + PULL_REQUEST_STATE="$(gh pr view --json=state | jq -r ".state" || true)" if [[ "${PULL_REQUEST_STATE}" != "OPEN" ]] then echo "pull_request=true" >> "$GITHUB_OUTPUT" @@ -78,7 +80,7 @@ jobs: directory: ${{ steps.set-up-homebrew.outputs.repository-path }} branch: ${{ steps.update.outputs.branch }} force: true - origin_branch: "master" + origin_branch: "HEAD" - name: Open a pull request if: steps.update.outputs.pull_request == 'true' diff --git a/.github/workflows/sponsors-maintainers-man-completions.yml b/.github/workflows/sponsors-maintainers-man-completions.yml index 214964efa2..6d8ebb2dc8 100644 --- a/.github/workflows/sponsors-maintainers-man-completions.yml +++ b/.github/workflows/sponsors-maintainers-man-completions.yml @@ -3,6 +3,7 @@ name: Update sponsors, maintainers, manpage and completions on: push: branches: + - main - master paths: - .github/workflows/sponsors-maintainers-man-completions.yml @@ -60,7 +61,7 @@ jobs: run: | git fetch origin - if [[ -n "$GITHUB_REF_NAME" && "$GITHUB_REF_NAME" != "master" ]] + if [[ -n "$GITHUB_REF_NAME" && "$GITHUB_REF_NAME" != "master" && "$GITHUB_REF_NAME" != "main" ]] then BRANCH="$GITHUB_REF_NAME" else @@ -76,7 +77,7 @@ jobs: "manpages/brew.1" \ "completions" else - git checkout --force --no-track -B "${BRANCH}" origin/master + git checkout --force --no-track -B "${BRANCH}" origin/HEAD fi if brew update-sponsors @@ -111,7 +112,7 @@ jobs: if [[ -n "${COMMITTED-}" ]] then echo "committed=true" >> "$GITHUB_OUTPUT" - PULL_REQUEST_STATE="$(gh pr view --json=state | jq -r ".state")" + PULL_REQUEST_STATE="$(gh pr view --json=state | jq -r ".state" || true)" if [[ "${PULL_REQUEST_STATE}" != "OPEN" ]] then echo "pull_request=true" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 5ee26c11ff..2174cdb377 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -3,6 +3,7 @@ name: CI on: push: branches: + - main - master pull_request: merge_group: @@ -135,6 +136,7 @@ jobs: if: github.repository_owner == 'Homebrew' && github.event_name != 'push' runs-on: ubuntu-latest container: + # TODO: switch to main when we're pushing those images image: ghcr.io/homebrew/brew:master steps: - name: Set up Homebrew @@ -355,6 +357,7 @@ jobs: container: ghcr.io/homebrew/ubuntu24.04:latest - name: test-bot (Linux x86_64) runs-on: ubuntu-latest + # TODO: switch to main when we've migrated to it container: ghcr.io/homebrew/ubuntu22.04:master # Use Debian Old Stable for testing Homebrew's glibc support. - name: test-bot (Linux Homebrew glibc) diff --git a/.github/workflows/vendor-gems.yml b/.github/workflows/vendor-gems.yml index f931fcc13d..d70fc0168c 100644 --- a/.github/workflows/vendor-gems.yml +++ b/.github/workflows/vendor-gems.yml @@ -9,6 +9,7 @@ on: paths: - .github/workflows/vendor-gems.yml branches-ignore: + - main - master workflow_dispatch: inputs: