Skip to content

Commit 12e4e08

Browse files
committed
ci: verify Homebrew tap token before release
1 parent 7564e13 commit 12e4e08

1 file changed

Lines changed: 15 additions & 0 deletions

File tree

.github/workflows/release.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,21 @@ jobs:
3030
- name: Install Cosign
3131
uses: sigstore/cosign-installer@v4.1.2
3232

33+
- name: Verify Homebrew tap token
34+
env:
35+
GH_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
36+
run: |
37+
if [ -z "$GH_TOKEN" ]; then
38+
echo "::error title=Missing HOMEBREW_TAP_GITHUB_TOKEN::Create a GitHub token that can write contents to thedavidweng/homebrew-tap before running a release."
39+
exit 1
40+
fi
41+
42+
can_push="$(gh api repos/thedavidweng/homebrew-tap --jq '.permissions.push')"
43+
if [ "$can_push" != "true" ]; then
44+
echo "::error title=Invalid HOMEBREW_TAP_GITHUB_TOKEN::The token must have write access to thedavidweng/homebrew-tap. For a fine-grained PAT, select that repository and grant Contents: Read and write."
45+
exit 1
46+
fi
47+
3348
- name: Run GoReleaser
3449
uses: goreleaser/goreleaser-action@v7
3550
with:

0 commit comments

Comments
 (0)