feat: automate homebrew-tap #3
Conversation
| PACKAGE_NAME="@sunodo/cli" | ||
| PACKAGE_VERSION=$(npm show $PACKAGE_NAME version) | ||
| PACKAGE_URL=$(npm show $PACKAGE_NAME dist.tarball) | ||
| PACKAGE_SHA256=$(npm show $PACKAGE_NAME dist.shasum | awk '{print $1}') |
f122e33 to
4e4ec8d
Compare
| PACKAGE_NAME="@sunodo/cli" | ||
| PACKAGE_VERSION=$(npm show $PACKAGE_NAME version) | ||
| PACKAGE_URL=$(npm show $PACKAGE_NAME dist.tarball) | ||
| npm pack @sunodo/cli@$PACKAGE_VERSION | ||
| PACKAGE_SHA256=$(sha256sum sunodo-cli-$PACKAGE_VERSION.tgz | awk '{print $1}') | ||
|
|
||
| if [ -z "$PACKAGE_VERSION" ] || [ -z "$PACKAGE_URL" ] || [ -z "$PACKAGE_SHA256" ]; then | ||
| echo "Failed to retrieve package information. Exiting..." | ||
| exit 1 | ||
| fi | ||
|
|
||
| echo "PACKAGE_VERSION=$PACKAGE_VERSION" >> $GITHUB_ENV | ||
| echo "PACKAGE_URL=$PACKAGE_URL" >> $GITHUB_ENV | ||
| echo "PACKAGE_SHA256=$PACKAGE_SHA256" >> $GITHUB_ENV |
There was a problem hiding this comment.
Although the hash is the way to check for integrity, defining the hash for the package should come from the package that's already published since this step could have problems during download and we could add the wrong hash.
So, we should use the npm view @sunodo/cli dist.integrity that's a bse64 encoded SHA512.
So the Formula/sunodo.rb should use sha512 instead.
There was a problem hiding this comment.
Note: I'm not sure if homebrew Formula supports sha512. Have to check.
There was a problem hiding this comment.
In case homebrew only supports sha256 we should check the download against sha512 before running sha256 to change the sunodo.rb Formula.
There was a problem hiding this comment.
It looks, it does not support.
Homebrew/legacy-homebrew#38945
bd22adb to
f4a208d
Compare
This PR configures
npm-package-updaterworkflow to automate the updating process of sunodo cli NPM package.The workflow uses
repository_dispatchand this workflow calls fromsunodo/sunodorepository , thecli.yamlworkflow.