From 79f4748ea648b01ea0d89f6bcf699023514fb096 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Fri, 17 Apr 2026 15:56:04 +0100 Subject: [PATCH] package manager GHA init to allow workflow dispatch testing (#6129) --- .github/workflows/package-managers.yml | 197 +++++++++++++++++++++++++ 1 file changed, 197 insertions(+) create mode 100644 .github/workflows/package-managers.yml diff --git a/.github/workflows/package-managers.yml b/.github/workflows/package-managers.yml new file mode 100644 index 0000000000..a1c3de0227 --- /dev/null +++ b/.github/workflows/package-managers.yml @@ -0,0 +1,197 @@ +name: Update Package Manager Manifests + +on: + # release: + # types: [released] + workflow_dispatch: + inputs: + version: + description: "Version to test (e.g. 2.9.2 — no v prefix)" + required: true + type: string + dry_run: + description: "Skip the git push at the end (safe test)" + type: boolean + default: true + +permissions: + contents: read + +jobs: + get-release-info: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.info.outputs.version }} + dmg_arm64_sha256: ${{ steps.hashes.outputs.dmg_arm64_sha256 }} + dmg_x86_64_sha256: ${{ steps.hashes.outputs.dmg_x86_64_sha256 }} + msi_sha256: ${{ steps.hashes.outputs.msi_sha256 }} + deb_sha256: ${{ steps.hashes.outputs.deb_sha256 }} + jar_sha256: ${{ steps.hashes.outputs.jar_sha256 }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + + - name: Extract version from tag or manual input + id: info + env: + DISPATCH_VERSION: ${{ inputs.version }} + RELEASE_TAG: ${{ github.event.release.tag_name }} + run: | + if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then + VERSION="$DISPATCH_VERSION" + else + VERSION="$RELEASE_TAG" + fi + VERSION="${VERSION#v}" + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + + - name: Download release assets and compute SHA256 + id: hashes + env: + VERSION: ${{ steps.info.outputs.version }} + GH_TOKEN: ${{ github.token }} + run: | + BASE="https://github.com/Stirling-Tools/Stirling-PDF/releases/download/v${VERSION}" + + download_sha256() { + local url="$1" + local file + file=$(basename "$url") + curl -fsSL --retry 3 -o "$file" "$url" + sha256sum "$file" | awk '{print $1}' + } + + DMG_ARM64_SHA=$(download_sha256 "${BASE}/Stirling-PDF-macos-aarch64.dmg") + DMG_X64_SHA=$(download_sha256 "${BASE}/Stirling-PDF-macos-x86_64.dmg") + MSI_SHA=$(download_sha256 "${BASE}/Stirling-PDF-windows-x86_64.msi") + DEB_SHA=$(download_sha256 "${BASE}/Stirling-PDF-linux-x86_64.deb") + JAR_SHA=$(download_sha256 "${BASE}/Stirling-PDF-with-login.jar") + + echo "dmg_arm64_sha256=$DMG_ARM64_SHA" >> "$GITHUB_OUTPUT" + echo "dmg_x86_64_sha256=$DMG_X64_SHA" >> "$GITHUB_OUTPUT" + echo "msi_sha256=$MSI_SHA" >> "$GITHUB_OUTPUT" + echo "deb_sha256=$DEB_SHA" >> "$GITHUB_OUTPUT" + echo "jar_sha256=$JAR_SHA" >> "$GITHUB_OUTPUT" + + update-homebrew: + needs: get-release-info + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Harden Runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + + - name: Checkout homebrew tap + uses: actions/checkout@v4 + with: + repository: Stirling-Tools/homebrew-stirling-pdf + token: ${{ secrets.HOMEBREW_TAP_TOKEN }} + path: homebrew-tap + + - name: Update cask (stirling-pdf.rb) + env: + VERSION: ${{ needs.get-release-info.outputs.version }} + ARM64_SHA: ${{ needs.get-release-info.outputs.dmg_arm64_sha256 }} + X64_SHA: ${{ needs.get-release-info.outputs.dmg_x86_64_sha256 }} + run: | + CASK="homebrew-tap/Casks/stirling-pdf.rb" + sed -i "s/version \".*\"/version \"${VERSION}\"/" "$CASK" + # Update ARM64 sha256 (line following on_arm block) + awk -v arm="$ARM64_SHA" -v x64="$X64_SHA" ' + /on_arm/ { in_arm=1 } + /on_intel/ { in_arm=0; in_intel=1 } + /end/ { in_arm=0; in_intel=0 } + in_arm && /sha256/ { sub(/sha256 ".*"/, "sha256 \"" arm "\"") } + in_intel && /sha256/ { sub(/sha256 ".*"/, "sha256 \"" x64 "\"") } + { print } + ' "$CASK" > tmp && mv tmp "$CASK" + + - name: Update formula (stirling-pdf-server.rb) + env: + VERSION: ${{ needs.get-release-info.outputs.version }} + JAR_SHA: ${{ needs.get-release-info.outputs.jar_sha256 }} + run: | + FORMULA="homebrew-tap/Formula/stirling-pdf-server.rb" + sed -i "s/version \".*\"/version \"${VERSION}\"/" "$FORMULA" + sed -i "s/sha256 \".*\"/sha256 \"${JAR_SHA}\"/" "$FORMULA" + + - name: Show homebrew tap diff (for dry-run visibility) + working-directory: homebrew-tap + run: | + echo "--- diff --stat ---" + git diff --stat + echo "--- full diff ---" + git diff + + - name: Commit and push homebrew tap updates + if: ${{ github.event_name == 'release' || inputs.dry_run == false }} + working-directory: homebrew-tap + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add Casks/stirling-pdf.rb Formula/stirling-pdf-server.rb + git diff --cached --quiet && echo "No changes" && exit 0 + git commit -m "chore: bump Stirling-PDF to v${{ needs.get-release-info.outputs.version }}" + git push + + update-scoop: + needs: get-release-info + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Harden Runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + + - name: Checkout Scoop bucket (shared with Homebrew tap) + uses: actions/checkout@v4 + with: + repository: Stirling-Tools/homebrew-stirling-pdf + token: ${{ secrets.SCOOP_BUCKET_TOKEN }} + path: scoop-bucket + + - name: Update stirling-pdf.json + env: + VERSION: ${{ needs.get-release-info.outputs.version }} + MSI_SHA: ${{ needs.get-release-info.outputs.msi_sha256 }} + run: | + MANIFEST="scoop-bucket/scoop/stirling-pdf.json" + jq --arg v "$VERSION" --arg h "$MSI_SHA" \ + '.version = $v | .architecture["64bit"].url = "https://github.com/Stirling-Tools/Stirling-PDF/releases/download/v\($v)/Stirling-PDF-windows-x86_64.msi" | .architecture["64bit"].hash = $h' \ + "$MANIFEST" > tmp.json && mv tmp.json "$MANIFEST" + + - name: Update stirling-pdf-server.json + env: + VERSION: ${{ needs.get-release-info.outputs.version }} + JAR_SHA: ${{ needs.get-release-info.outputs.jar_sha256 }} + run: | + MANIFEST="scoop-bucket/scoop/stirling-pdf-server.json" + jq --arg v "$VERSION" --arg h "$JAR_SHA" \ + '.version = $v | .url = "https://github.com/Stirling-Tools/Stirling-PDF/releases/download/v\($v)/Stirling-PDF-with-login.jar" | .hash = $h' \ + "$MANIFEST" > tmp.json && mv tmp.json "$MANIFEST" + + - name: Show Scoop bucket diff (for dry-run visibility) + working-directory: scoop-bucket + run: | + echo "--- diff --stat ---" + git diff --stat + echo "--- full diff ---" + git diff + + - name: Commit and push Scoop bucket updates + if: ${{ github.event_name == 'release' || inputs.dry_run == false }} + working-directory: scoop-bucket + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add scoop/stirling-pdf.json scoop/stirling-pdf-server.json + git diff --cached --quiet && echo "No changes" && exit 0 + git commit -m "chore: bump Stirling-PDF to v${{ needs.get-release-info.outputs.version }}" + git push