From b49fc3124a7c385dcb5c556937a0a706ec0af48e Mon Sep 17 00:00:00 2001 From: William Martin Date: Thu, 21 May 2026 14:52:59 +0200 Subject: [PATCH 1/3] Stop bumping homebrew on release --- .github/workflows/deployment.yml | 12 +----------- .github/workflows/homebrew-bump.yml | 26 -------------------------- docs/release-process-deep-dive.md | 17 +++-------------- docs/releasing.md | 16 ++++++++-------- 4 files changed, 12 insertions(+), 59 deletions(-) delete mode 100644 .github/workflows/homebrew-bump.yml diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index 4e56fb0bf24..c6295df841c 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -414,14 +414,4 @@ jobs: else git log --oneline @{upstream}.. git diff --name-status @{upstream}.. - fi - - name: Bump homebrew-core formula - uses: mislav/bump-homebrew-formula-action@ccf2332299a883f6af50a1d2d41e5df7904dd769 - if: inputs.environment == 'production' && !contains(inputs.tag_name, '-') - with: - formula-name: gh - formula-path: Formula/g/gh.rb - tag-name: ${{ inputs.tag_name }} - push-to: williammartin/homebrew-core - env: - COMMITTER_TOKEN: ${{ secrets.HOMEBREW_PR_PAT }} + fi \ No newline at end of file diff --git a/.github/workflows/homebrew-bump.yml b/.github/workflows/homebrew-bump.yml deleted file mode 100644 index eccf933dd77..00000000000 --- a/.github/workflows/homebrew-bump.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: homebrew-bump-debug - -permissions: - contents: write - -on: - workflow_dispatch: - inputs: - tag_name: - required: true - type: string - environment: - default: production - type: environment -jobs: - bump: - runs-on: ubuntu-latest - steps: - - name: Bump homebrew-core formula - uses: mislav/bump-homebrew-formula-action@ccf2332299a883f6af50a1d2d41e5df7904dd769 - if: inputs.environment == 'production' && !contains(inputs.tag_name, '-') - with: - formula-name: gh - tag-name: ${{ inputs.tag_name }} - env: - COMMITTER_TOKEN: ${{ secrets.HOMEBREW_PR_PAT }} diff --git a/docs/release-process-deep-dive.md b/docs/release-process-deep-dive.md index 4d060841a5a..f3da2775b18 100644 --- a/docs/release-process-deep-dive.md +++ b/docs/release-process-deep-dive.md @@ -11,7 +11,6 @@ From a high level, the [release workflow](https://github.com/cli/cli/blob/537a22 * Builds and updates the [manual](https://cli.github.com/manual) and repository packages * Creates GitHub Attestations for the artifacts * Creates a GitHub Release and attaches the artifacts - * Bumps the `gh` [homebrew-core formula](https://github.com/Homebrew/homebrew-core/blob/2df031cbd8f7bc9b9a380e941ccefcf3c8f3d02b/Formula/g/gh.rb) # Jobs Deep Dive @@ -569,16 +568,6 @@ release: git log --oneline @{upstream}.. git diff --name-status @{upstream}.. fi - - name: Bump homebrew-core formula - uses: mislav/bump-homebrew-formula-action@v3 - if: inputs.environment == 'production' && !contains(inputs.tag_name, '-') - with: - formula-name: gh - formula-path: Formula/g/gh.rb - tag-name: ${{ inputs.tag_name }} - push-to: williammartin/homebrew-core - env: - COMMITTER_TOKEN: ${{ secrets.HOMEBREW_PR_PAT }} ``` @@ -647,11 +636,11 @@ In previous steps, a git commit was made for the manual, and files had moved int Occasionally, the repository can become unwieldy due to hosting so many large binary artifacts. Instructions can be found in the README for that repository. -#### Homebrew Formula +#### Homebrew -Using [`mislav/bump-homebrew-formula-action`](https://github.com/mislav/bump-homebrew-formula-action), a PR for the `gh` [`homebrew-core` formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/g/gh.rb) is created. The fork repository is currently owned by `williammartin` as PRs are [not accepted from organizations.](https://github.com/cli/cli/pull/7953) +Historically, we used [`mislav/bump-homebrew-formula-action`](https://github.com/mislav/bump-homebrew-formula-action), a PR for the `gh` [`homebrew-core` formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/g/gh.rb) is created. The fork repository was owned by `williammartin` as PRs are [not accepted from organizations.](https://github.com/cli/cli/pull/7953) -`Homebrew/formulae.brew.sh` makes new formula versions available every 15 minutes through scheduled CI workflow. For more information, see https://docs.brew.sh/Formula-Cookbook#an-introduction +However, since this required a legacy PAT token to open a PR between this repos, it was deemed too much risk for our security. As such, we now rely on [homebrew's autobump](https://docs.brew.sh/Autobump). ## Deepest Dive diff --git a/docs/releasing.md b/docs/releasing.md index b424266d4ff..403f88ec1ed 100644 --- a/docs/releasing.md +++ b/docs/releasing.md @@ -21,13 +21,14 @@ What this does is: - Uploads all release artifacts to a new GitHub Release; - A new git tag `vX.Y.Z` is created in the remote repository; - The changelog is [generated from the list of merged pull requests](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes); -- Updates [GitHub CLI marketing site](https://cli.github.com) with the contents of the new release; -- Updates the [`gh` Homebrew formula](https://github.com/williammartin/homebrew-core/blob/master/Formula/g/gh.rb) in the [`homebrew/homebrew-core` repo](https://github.com/search?q=repo%3AHomebrew%2Fhomebrew-core+%22gh%22+in%3Atitle&type=pullrequests). +- Updates [GitHub CLI marketing site](https://cli.github.com) with the contents of the new release. -> [!NOTE] -> `Homebrew/formulae.brew.sh` makes new formula versions available every 15 minutes through scheduled [CI workflow](https://github.com/Homebrew/formulae.brew.sh/actions/workflows/tests.yml). -> -> For more information, see https://docs.brew.sh/Formula-Cookbook#an-introduction +## Bumping Homebrew + +Homebrew bumps are handled by [autobump](https://docs.brew.sh/Autobump), which runs periodically every 3 hours. In cases where a quicker rollout is required, a pull request can be opened manually with the following steps: + 1. Replace the version number in the urlĀ to point ot the updated version. + 2. Calculate and replace the sha256 value. + 3. Open the PR. To test out the build system while avoiding creating an actual release: @@ -60,6 +61,5 @@ Occasionally, it might be necessary to clean up a bad release and re-release. 1. Delete the release and associated tag 2. Re-release and monitor the workflow run logs -3. Open pull request updating [`gh` Homebrew formula](https://github.com/williammartin/homebrew-core/blob/master/Formula/g/gh.rb) - with new SHA versions, linking the previous PR +3. Open pull request updating [`gh` Homebrew formula](https://github.com/williammartin/homebrew-core/blob/master/Formula/g/gh.rb) with new SHA versions, linking the previous PR 4. Verify resulting Debian and RPM packages, Homebrew formula From 69148fb32921d3332b07cc6fafbf190d0d0a3862 Mon Sep 17 00:00:00 2001 From: William Martin Date: Thu, 21 May 2026 17:15:32 +0200 Subject: [PATCH 2/3] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- docs/release-process-deep-dive.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/release-process-deep-dive.md b/docs/release-process-deep-dive.md index f3da2775b18..4e4928be776 100644 --- a/docs/release-process-deep-dive.md +++ b/docs/release-process-deep-dive.md @@ -638,9 +638,9 @@ Occasionally, the repository can become unwieldy due to hosting so many large bi #### Homebrew -Historically, we used [`mislav/bump-homebrew-formula-action`](https://github.com/mislav/bump-homebrew-formula-action), a PR for the `gh` [`homebrew-core` formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/g/gh.rb) is created. The fork repository was owned by `williammartin` as PRs are [not accepted from organizations.](https://github.com/cli/cli/pull/7953) +Historically, we used [`mislav/bump-homebrew-formula-action`](https://github.com/mislav/bump-homebrew-formula-action). It created a PR for the `gh` [`homebrew-core` formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/g/gh.rb). The fork repository was owned by `williammartin` because PRs are [not accepted from organizations.](https://github.com/cli/cli/pull/7953) -However, since this required a legacy PAT token to open a PR between this repos, it was deemed too much risk for our security. As such, we now rely on [homebrew's autobump](https://docs.brew.sh/Autobump). +However, since this required a legacy PAT token to open a PR between these repositories, it was deemed too much risk for our security. As such, we now rely on [Homebrew's autobump](https://docs.brew.sh/Autobump). ## Deepest Dive From 230498e917293e3b6d4e123f4608904cecb9eb8e Mon Sep 17 00:00:00 2001 From: William Martin Date: Thu, 21 May 2026 17:15:55 +0200 Subject: [PATCH 3/3] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- docs/releasing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/releasing.md b/docs/releasing.md index 403f88ec1ed..9f304699127 100644 --- a/docs/releasing.md +++ b/docs/releasing.md @@ -61,5 +61,5 @@ Occasionally, it might be necessary to clean up a bad release and re-release. 1. Delete the release and associated tag 2. Re-release and monitor the workflow run logs -3. Open pull request updating [`gh` Homebrew formula](https://github.com/williammartin/homebrew-core/blob/master/Formula/g/gh.rb) with new SHA versions, linking the previous PR +3. Open pull request updating [`gh` Homebrew formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/g/gh.rb) with new SHA versions, linking the previous PR 4. Verify resulting Debian and RPM packages, Homebrew formula