Auto-merge GoReleaser cask PRs #16

Workflow file for this run

.github/workflows/auto-merge-goreleaser.yml at 5d67234

	name: Auto-merge GoReleaser cask PRs

	on:
	workflow_run:
	workflows:
	- Validate cask
	types:
	- completed

	permissions: {}

	concurrency:
	group: goreleaser-automerge-${{ github.event.workflow_run.head_branch }}
	cancel-in-progress: false

	jobs:
	verify:
	name: Verify trusted GoReleaser PR
	if: >
	github.event.workflow_run.conclusion == 'success' &&
	github.event.workflow_run.event == 'pull_request'
	runs-on: ubuntu-latest
	permissions:
	actions: read
	checks: read
	contents: read
	pull-requests: read
	outputs:
	pr-number: ${{ steps.verify.outputs.pr-number }}

	steps:
	- name: Verify PR is an eligible GoReleaser cask update
	id: verify
	env:
	GH_TOKEN: ${{ github.token }}
	PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
	REPO: ${{ github.repository }}
	VALIDATED_HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
	VALIDATED_SHA: ${{ github.event.workflow_run.head_sha }}
	run: \|
	set -euo pipefail

	if [ -z "${PR_NUMBER}" ]; then
	echo "No pull request was attached to this workflow_run event."
	exit 1
	fi

	data="$(gh pr view "${PR_NUMBER}" --repo "${REPO}" \
	--json author,baseRefName,body,files,headRefName,headRefOid,headRepositoryOwner,isCrossRepository,isDraft,state,statusCheckRollup)"

	echo "${data}" \| jq -e \
	--arg sha "${VALIDATED_SHA}" \
	--arg head_branch "${VALIDATED_HEAD_BRANCH}" \
	'
	.state == "OPEN" and
	.isDraft == false and
	.author.login == "app/openai-homebrew-releaser" and
	.baseRefName == "main" and
	.headRefName == $head_branch and
	(.headRefName \| test("^openai-[0-9]+\\.[0-9]+\\.[0-9]+$")) and
	.headRefOid == $sha and
	.headRepositoryOwner.login == "openai" and
	.isCrossRepository == false and
	((.body // "") \| contains("Automated with [GoReleaser]")) and
	(.files \| length == 1) and
	(.files[0].path == "Casks/openai.rb") and
	any(.statusCheckRollup[]?;
	.__typename == "CheckRun" and
	.workflowName == "Validate cask" and
	.name == "validate-cask" and
	.status == "COMPLETED" and
	.conclusion == "SUCCESS"
	)
	'

	changed_files="$(gh pr diff "${PR_NUMBER}" --repo "${REPO}" --name-only)"
	if [ "${changed_files}" != "Casks/openai.rb" ]; then
	echo "Unexpected changed files:"
	printf '%s\n' "${changed_files}"
	exit 1
	fi

	echo "pr-number=${PR_NUMBER}" >> "${GITHUB_OUTPUT}"

	automerge:
	name: Auto-merge trusted GoReleaser PR
	needs: verify
	runs-on: ubuntu-latest
	environment: goreleaser-automerge
	permissions:
	contents: read

	steps:
	- name: Create GoReleaser app token
	id: app-token
	uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2
	with:
	app-id: ${{ secrets.RELEASE_APP_ID }}
	private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}

	- name: Squash merge PR
	env:
	GH_TOKEN: ${{ steps.app-token.outputs.token }}
	PR_NUMBER: ${{ needs.verify.outputs.pr-number }}
	REPO: ${{ github.repository }}
	VALIDATED_SHA: ${{ github.event.workflow_run.head_sha }}
	run: \|
	set -euo pipefail

	gh pr merge "${PR_NUMBER}" \
	--repo "${REPO}" \
	--squash \
	--admin \
	--delete-branch \
	--match-head-commit "${VALIDATED_SHA}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Auto-merge GoReleaser cask PRs #16

Workflow file

Auto-merge GoReleaser cask PRs #16

Uh oh!

Workflow file for this run