marketing-shibata50/cmux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cmux/.github/workflows/update-homebrew.yml
Lawrence Chen fc3e3a4d7d Pin all GitHub Actions to full commit SHAs 
Org policy now requires actions pinned to immutable SHAs instead of
mutable version tags. Pin actions/checkout, actions/github-script,
softprops/action-gh-release, and oven-sh/setup-bun across all workflows.
2026-02-24 22:21:40 -08:00

131 lines
4.5 KiB
YAML
Raw Blame History

name: Update Homebrew Cask
on:
# Trigger after the release workflow completes (not on release:published,
# which fires before assets finish uploading — causing SHA mismatch).
workflow_run:
workflows: ["Release macOS app"]
types: [completed]
workflow_dispatch:
inputs:
version:
description: 'Version (e.g., 0.58.0 or v0.58.0)'
required: true
permissions:
contents: read
jobs:
update-cask:
runs-on: ubuntu-latest
# Only run if the release workflow succeeded (or manual trigger)
if: >-
github.event_name == 'workflow_dispatch' ||
github.event.workflow_run.conclusion == 'success'
steps:
- name: Get version
id: version
run: |
if [ -n "${{ github.event.inputs.version }}" ]; then
VERSION="${{ github.event.inputs.version }}"
else
# workflow_run: extract tag from the triggering workflow's head branch
VERSION="${{ github.event.workflow_run.head_branch }}"
fi
VERSION="${VERSION#v}"
if [ -z "$VERSION" ]; then
echo "Could not determine version" >&2
exit 1
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Updating homebrew cask to version $VERSION"
- name: Download DMG and get SHA256
id: sha
run: |
VERSION="${{ steps.version.outputs.version }}"
URL="https://github.com/manaflow-ai/cmux/releases/download/v${VERSION}/cmux-macos.dmg"
MAX_RETRIES=5
for i in $(seq 1 $MAX_RETRIES); do
HTTP_CODE=$(curl -sL -w '%{http_code}' "$URL" -o cmux.dmg)
FILE_SIZE=$(stat --printf="%s" cmux.dmg 2>/dev/null || stat -f%z cmux.dmg)
if [ "$HTTP_CODE" = "200" ] && [ "$FILE_SIZE" -gt 1000000 ]; then
echo "Download OK: HTTP $HTTP_CODE, size $FILE_SIZE bytes"
break
fi
echo "Attempt $i/$MAX_RETRIES: HTTP $HTTP_CODE, size ${FILE_SIZE:-0} bytes"
if [ "$i" -eq "$MAX_RETRIES" ]; then
echo "Failed to download DMG after $MAX_RETRIES attempts" >&2
exit 1
fi
sleep 30
done
SHA256=$(shasum -a 256 cmux.dmg | cut -d' ' -f1)
echo "sha256=$SHA256" >> $GITHUB_OUTPUT
echo "DMG SHA256: $SHA256"
- name: Checkout homebrew-cmux
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
repository: manaflow-ai/homebrew-cmux
token: ${{ secrets.HOMEBREW_TAP_TOKEN }}
path: homebrew-cmux
- name: Update cask formula
env:
VERSION: ${{ steps.version.outputs.version }}
SHA256: ${{ steps.sha.outputs.sha256 }}
run: |
cat > homebrew-cmux/Casks/cmux.rb << CASKEOF
cask "cmux" do
version "${VERSION}"
sha256 "${SHA256}"
url "https://github.com/manaflow-ai/cmux/releases/download/v#{version}/cmux-macos.dmg"
name "cmux"
desc "Lightweight native macOS terminal with vertical tabs for AI coding agents"
homepage "https://cmux.dev"
livecheck do
url :url
strategy :github_latest
end
depends_on macos: ">= :sonoma"
app "cmux.app"
zap trash: [
"~/Library/Application Support/cmux",
"~/Library/Caches/cmux",
"~/Library/Preferences/ai.manaflow.cmuxterm.plist",
]
end
CASKEOF
# Remove leading whitespace from heredoc
sed -i 's/^ //' homebrew-cmux/Casks/cmux.rb
- name: Verify cask SHA matches DMG
run: |
CASK_SHA=$(grep 'sha256' homebrew-cmux/Casks/cmux.rb | sed 's/.*"\(.*\)".*/\1/')
ACTUAL_SHA=$(shasum -a 256 cmux.dmg | cut -d' ' -f1)
if [ "$CASK_SHA" != "$ACTUAL_SHA" ]; then
echo "SHA mismatch! Cask: $CASK_SHA, Actual: $ACTUAL_SHA" >&2
exit 1
fi
echo "SHA verification passed: $CASK_SHA"
- name: Commit and push
env:
VERSION: ${{ steps.version.outputs.version }}
run: |
cd homebrew-cmux
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add Casks/cmux.rb
if git diff --staged --quiet; then
echo "No changes - cask already up to date"
else
git commit -m "Update cmux to ${VERSION}"
git push
fi
Reference in a new issue View git blame Copy permalink