chore(release): harden Homebrew tap publishing#353
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ce5ebdc9a0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if: env.DRY_RUN != 'true' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | ||
| GH_TOKEN: ${{ secrets.HOMEBREW_TAP_GH_TOKEN }} |
There was a problem hiding this comment.
This step overwrites GH_TOKEN with secrets.HOMEBREW_TAP_GH_TOKEN, so if the new secret is not present yet the value becomes empty and update-homebrew.sh aborts in non-dry-run mode (HOMEBREW_TAP_GH_TOKEN (or GH_TOKEN) is required). Because prior releases used secrets.GH_TOKEN and the script still supports that fallback, this change can block nodeup (and the same pattern in derun/dexdex) releases during secret migration. Use a workflow-level fallback so existing GH_TOKEN continues to work until all environments are updated.
Useful? React with 👍 / 👎.
1 participant
Summary
nodeupHomebrew packaging to prebuilt release archives for macOS amd64/arm64 and Linux amd64mainpushes, including empty-tap bootstrap supportTesting
derun,dexdex-main-server,dexdex-worker-server, anddexdexupdate-homebrew.shrehearsal against an empty bare tap remote, including bootstrap and idempotent re-runNotes
delinoio/homebrew-tapstill depends on the newHOMEBREW_TAP_GH_TOKENsecret being configured in GitHub Actions