Skip to content

build(deps): bump github/codeql-action from 3.27.7 to 3.27.9 #1777

build(deps): bump github/codeql-action from 3.27.7 to 3.27.9

build(deps): bump github/codeql-action from 3.27.7 to 3.27.9 #1777

name: Sync shared configurations
on:
push:
branches:
- master
pull_request:
schedule:
- cron: "0 8 * * 1" # Every Monday at 8 AM
workflow_dispatch:
permissions:
contents: read
defaults:
run:
shell: bash -xeuo pipefail {0}
concurrency:
group: "sync-shared-config-${{ github.ref }}"
cancel-in-progress: true
jobs:
sync:
if: github.repository == 'Homebrew/.github'
runs-on: ubuntu-latest
strategy:
matrix:
repo:
- Homebrew/.github
- Homebrew/actions
- Homebrew/brew
- Homebrew/brew-pip-audit
- Homebrew/brew.sh
- Homebrew/ci-orchestrator
- Homebrew/discussions
- Homebrew/formula-patches
- Homebrew/formulae.brew.sh
- Homebrew/glibc-bootstrap
- Homebrew/homebrew-aliases
- Homebrew/homebrew-bundle
- Homebrew/homebrew-cask
- Homebrew/homebrew-command-not-found
- Homebrew/homebrew-core
- Homebrew/homebrew-formula-analytics
- Homebrew/homebrew-linux-fonts
- Homebrew/homebrew-portable-ruby
- Homebrew/homebrew-services
- Homebrew/homebrew-test-bot
- Homebrew/install
- Homebrew/orka_api_client
- Homebrew/ruby-macho
- Homebrew/rubydoc.brew.sh
- Homebrew/mass-bottling-tracker-private
- Homebrew/governance-private
- Homebrew/security-private
- Homebrew/ops-private
fail-fast: false
steps:
- name: Set up Homebrew
id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Clone source repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- run: brew install-bundler-gems --groups=style
if: matrix.repo == 'Homebrew/.github'
env:
HOMEBREW_DEVELOPER: 1
- run: brew style .github/actions/sync/*.rb
if: matrix.repo == 'Homebrew/.github'
env:
HOMEBREW_DEVELOPER: 1
- name: Clone target repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: ${{ matrix.repo }}
path: target/${{ matrix.repo }}
token: ${{ secrets.HOMEBREW_DOTGITHUB_WORKFLOW_TOKEN }}
# Intentioanlly persisted to allow `git push` below.
persist-credentials: true
- name: Configure Git user
uses: Homebrew/actions/git-user-config@master
with:
username: BrewTestBot
- name: Set up GPG commit signing
uses: Homebrew/actions/setup-commit-signing@master
with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
- name: Sync initial Ruby version
run: cp /home/linuxbrew/.linuxbrew/Homebrew/Library/Homebrew/.ruby-version .
- name: Install Ruby
uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
with:
bundler-cache: true
- name: Detect changes
id: detect_changes
env:
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
TARGET: target/${{ matrix.repo }}
run: ./.github/actions/sync/shared-config.rb "${TARGET}" '/home/linuxbrew/.linuxbrew/Homebrew'
- name: Create pull request
if: github.ref == 'refs/heads/master' && steps.detect_changes.outputs.pull_request == 'true'
run: |
cd "target/$GH_REPO"
git checkout -b sync-shared-config
# Stagger network calls over the next 10 minutes to minimise errors.
sleep "$(( RANDOM % 60 * 10 ))"
if gh api \
-X GET \
--header 'Accept: application/vnd.github+json' \
--header 'X-GitHub-Api-Version: 2022-11-28' \
"/repos/${GH_REPO}/pulls" \
-f head=Homebrew:sync-shared-config \
-f state=open |
jq --exit-status 'length == 0'
then
git push --set-upstream --force origin sync-shared-config
# We don't want backticks to be expanded.
# shellcheck disable=SC2016
gh pr create --head sync-shared-config --title "Synchronize shared configuration" --body 'This pull request was created automatically by the [`sync-shared-config`](https://github.com/Homebrew/.github/blob/HEAD/.github/actions/sync/shared-config.rb) workflow.'
else
git fetch origin sync-shared-config
if ! git diff --no-ext-diff --quiet --exit-code origin/sync-shared-config
then
git push --force origin sync-shared-config
fi
fi
env:
GH_REPO: ${{ matrix.repo }}
GH_TOKEN: ${{ secrets.HOMEBREW_DOTGITHUB_WORKFLOW_TOKEN }}
conclusion:
needs: sync
runs-on: ubuntu-latest
if: always()
steps:
- name: Result
env:
RESULT: ${{ needs.sync.result }}
run: |
[[ "${RESULT}" == success ]]