Skip to content

Auto-update Homebrew tap on release#54

Merged
turlockmike merged 1 commit intomasterfrom
ci/auto-update-tap
Feb 20, 2026
Merged

Auto-update Homebrew tap on release#54
turlockmike merged 1 commit intomasterfrom
ci/auto-update-tap

Conversation

@turlockmike
Copy link
Owner

Summary

  • After PyPI publish, new workflow job auto-updates the Homebrew tap formula
  • Waits for PyPI indexing, fetches sdist URL + SHA256, updates Formula/murl.rb
  • Pushes directly to turlockmike/homebrew-murl

Setup required

Add a HOMEBREW_TAP_TOKEN secret — a GitHub PAT with repo scope for turlockmike/homebrew-murl. Skips gracefully if not configured.

Test plan

  • Workflow syntax validated
  • Job depends on release completing first
  • PyPI polling with 30 retry / 10s interval (5 min max wait)
  • sed commands match current formula format

🤖 Generated with Claude Code

After PyPI publish, a new job:
1. Waits for PyPI to index the new version
2. Fetches sdist URL + SHA256
3. Updates Formula/murl.rb in turlockmike/homebrew-murl
4. Pushes directly to the tap repo

Requires HOMEBREW_TAP_TOKEN secret (PAT with repo scope).
Skips gracefully if secret is not set.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings February 20, 2026 23:37
@turlockmike turlockmike merged commit 0b99abd into master Feb 20, 2026
7 checks passed
@turlockmike turlockmike deleted the ci/auto-update-tap branch February 20, 2026 23:38
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an automated post-release step to keep the Homebrew tap formula in sync with newly published PyPI releases, so Homebrew users can install the latest version without manual formula edits.

Changes:

  • Adds a new update-homebrew workflow job that runs after the release job completes.
  • Polls PyPI for the new version, extracts the sdist URL + SHA256, and updates the tap’s Formula/murl.rb.
  • Commits and pushes the formula update directly to turlockmike/homebrew-murl when HOMEBREW_TAP_TOKEN is configured.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +54 to +58
update-homebrew:
needs: release
runs-on: ubuntu-latest
if: ${{ secrets.HOMEBREW_TAP_TOKEN != '' }}

Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new update-homebrew job inherits the workflow-level id-token: write permission, but it doesn’t use OIDC. Consider setting job-level permissions for update-homebrew (e.g., contents: read) and/or moving id-token: write to the release job only, to follow least-privilege for the added PAT-based push job.

Copilot uses AI. Check for mistakes.
Comment on lines +78 to +84
- name: Get sdist URL and SHA256
id: pypi
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
JSON=$(curl -sf "https://pypi.org/pypi/mcp-curl/${VERSION}/json")
URL=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['url'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
SHA=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['digests']['sha256'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

python3 is used to parse the PyPI JSON, but this job doesn’t set up Python. While ubuntu-latest currently includes Python, pinning via actions/setup-python (or using a tool like jq) would make this job more reliable against runner image changes.

Suggested change
- name: Get sdist URL and SHA256
id: pypi
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
JSON=$(curl -sf "https://pypi.org/pypi/mcp-curl/${VERSION}/json")
URL=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['url'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
SHA=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['digests']['sha256'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Get sdist URL and SHA256
id: pypi
run: |
VERSION=${{ steps.get_version.outputs.VERSION }}
JSON=$(curl -sf "https://pypi.org/pypi/mcp-curl/${VERSION}/json")
URL=$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['url'] for u in d['urls'] if u['packagetype']=='sdist'][0])")
SHA$(echo "$JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print([u['digests']['sha256'] for u in d['urls'] if u['packagetype']=='sdist'][0])")

Copilot uses AI. Check for mistakes.
Comment on lines +110 to +112
git add Formula/murl.rb
git commit -m "Update murl to ${VERSION}"
git push
Copy link

Copilot AI Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git commit will fail the job with a non-zero exit code when there are no changes (e.g., rerunning the workflow for the same tag, or if the formula was already updated). Add a guard like checking for a clean diff before committing, or allow the no-op commit case to exit successfully.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants