Skip to content

Bump step-security/harden-runner from 2.19.0 to 2.19.1 #574

Bump step-security/harden-runner from 2.19.0 to 2.19.1

Bump step-security/harden-runner from 2.19.0 to 2.19.1 #574

Workflow file for this run

name: brew test-bot
on:
push:
branches: [main]
pull_request:
permissions: {}
jobs:
test-bot:
strategy:
fail-fast: false
matrix: { os: [ubuntu-22.04, macos-15-intel, macos-26] }
runs-on: ${{ matrix.os }}
permissions:
actions: read
checks: read
contents: read
packages: read
pull-requests: read
steps:
- uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
with: { egress-policy: audit }
- id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@6c79ae0677a9b0b8046a936b4ada8980885eafb8 # main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ${{ steps.set-up-homebrew.outputs.gems-path }}
key: ${{ matrix.os }}-rubygems-${{ steps.set-up-homebrew.outputs.gems-hash }}
restore-keys: ${{ matrix.os }}-rubygems-
- run: brew test-bot --only-cleanup-before
- run: brew test-bot --only-setup
- run: brew test-bot --only-tap-syntax
- name: Base64-encode GITHUB_TOKEN for HOMEBREW_DOCKER_REGISTRY_TOKEN
id: base64-encode
if: github.event_name == 'pull_request'
env:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
base64_token=$(echo -n "${TOKEN}" | base64 | tr -d "\\n")
echo "::add-mask::${base64_token}"
echo "token=${base64_token}" >> "${GITHUB_OUTPUT}"
- run: brew test-bot --only-formulae --root-url=https://ghcr.io/v2/nodenv/nodenv
if: github.event_name == 'pull_request'
env:
HOMEBREW_DOCKER_REGISTRY_TOKEN: ${{ steps.base64-encode.outputs.token }}
- name: Upload bottles as artifact
if: always() && github.event_name == 'pull_request'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: bottles_${{ matrix.os }}
path: "*.bottle.*"