Generate homebrew formula during imgpkg release

.github/workflows/release.yml

@@ -11,30 +11,25 @@ jobs:
     permissions:
       contents: write
     steps:
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
-      -
-        name: Set up Go
+      - name: Set up Go
         uses: actions/setup-go@v2
         with:
           go-version: 1.17.0
-      -
-        name: Run GoReleaser
+      - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@5e15885530fb01d81d1f24e8a6f54ebbd0fed7eb
         if: startsWith(github.ref, 'refs/tags/')
         with:
           version: 0.162.0
-          args: release --rm-dist --debug
+          args: release --rm-dist --debug ${{ env.SKIP_PUBLISH }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      -
-        uses: actions/github-script@v4
+      - uses: actions/github-script@v4
         id: get-checksums-from-draft-release
-        if: startsWith(github.ref, 'refs/tags/')
+        if: startsWith(github.ref, 'refs/tags/') && ${{ !env.ACT }}
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           result-encoding: string
@@ -83,9 +78,8 @@ jobs:
             ${checksums['imgpkg-linux-amd64']}  ./imgpkg-linux-amd64
             ${checksums['imgpkg-windows-amd64.exe']}  ./imgpkg-windows-amd64.exe`
 
-      -
-        name: verify uploaded artifacts
-        if: startsWith(github.ref, 'refs/tags/')
+      - name: verify uploaded artifacts
+        if: startsWith(github.ref, 'refs/tags/') && ${{ !env.ACT }}
         env:
           GITHUB_CONTEXT: ${{ toJson(github) }}
         run: |
@@ -98,3 +92,118 @@ jobs:
           ${{steps.get-checksums-from-draft-release.outputs.result}}
           EOF
           )
+
+      - name: Upload Checksums
+        uses: actions/upload-artifact@v2
+        with:
+          name: checksums
+          path: ./go-checksums
+
+  carvel-release-scripts:
+    needs: goreleaser
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
+          repository: vmware-tanzu/carvel-release-scripts
+          ref: main
+          ssh-key: ${{ secrets.CARVEL_RELEASE_SCRIPTS_DEPLOY_PRIVATE_KEY }}
+      - name: Download checksums
+        uses: actions/download-artifact@v2
+        id: download-checksums
+        with:
+          name: checksums
+          path: ~/checksums
+      - name: generate homebrew ytt datavalue file
+        run: |
+          VERSION=`echo ${{ github.ref }}  | grep -Eo '[0-9].*'`
+
+          # EXAMPLE checksum line:
+          # 0837efa4e30fc3f934479d1bd183cfd97ec96f7f3cfab0892be7f39308908993  ./imgpkg-linux-amd64
+          function map_checksums_to_assets() {
+            cat ${{steps.download-checksums.outputs.download-path}}/go-checksums | while read line; do
+              filename=$(echo $line | awk '{print $2}' | sed -e "s#^\.\/##")
+              os=$(echo $filename | awk -F\- '{print $2}')
+              arch=$(echo $filename | awk -F\- '{print $3}' |  sed -e "s/\..*$//")
+              sha256=$(echo $line | awk '{print $1}')
+
+              echo "
+            - os: ${os}
+              arch: ${arch}
+              shasum: ${sha256}
+              filename: ${filename}"
+            done
+          }
+
+          cat <<EOF >releases/imgpkg/$VERSION.yml
+          #@data/values
+          ---
+          version: v${VERSION}
+          assets:
+            $(map_checksums_to_assets)
+
+          github:
+            url: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY
+          EOF
+
+          cat releases/imgpkg/$VERSION.yml
+
+      - name: Commit & Push ytt datavalue to carvel-release-scripts
+        if: ${{ !env.ACT }}
+        env:
+          AUTHOR_NAME: "k8slt"
+          AUTHOR_EMAIL: "klt@groups.vmware.com"
+          REPOSITORY: "vmware-tanzu/carvel-release-scripts"
+          BRANCH: "imgpkg-homebrew"
+          FORCE: true
+          GITHUB_TOKEN: ${{ secrets.CARVEL_RELEASE_SCRIPTS_TOKEN }}
+          GITHUB_DEPLOY_PRIVATE_KEY: ${{ secrets.CARVEL_RELEASE_SCRIPTS_DEPLOY_PRIVATE_KEY }}
+        run: |
+          set -e
+
+          timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+          AUTHOR_EMAIL=${AUTHOR_EMAIL:-'github-actions[bot]@users.noreply.github.com'}
+          AUTHOR_NAME=${AUTHOR_NAME:-'github-actions[bot]'}
+          MESSAGE=${MESSAGE:-"chore: autopublish ${timestamp}"}
+          FORCE=${FORCE:-false}
+          REPOSITORY=${REPOSITORY:-$GITHUB_REPOSITORY}
+
+          echo "Push to branch $BRANCH";
+          [ -z "${BRANCH}" ] && {
+            echo 'Missing branch';
+            exit 1;
+          };
+
+          if [ -z "${GITHUB_TOKEN}" ] && [ -z "${GITHUB_DEPLOY_PRIVATE_KEY}" ]; then
+              echo 'Missing required input "github_token: ${{ secrets.GITHUB_TOKEN }} OR "github_deploy_private_key: ${{ secrets.GITHUB_DEPLOY_PRIVATE_KEY }}".';
+              exit 1;
+          fi
+
+          if ${FORCE}; then
+              _FORCE_OPTION='--force'
+          fi
+
+          remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${REPOSITORY}.git"
+
+          if [ -n "${GITHUB_DEPLOY_PRIVATE_KEY}" ]; then
+            remote_repo="git@github.com:${REPOSITORY}"
+
+            tempkey=`basename $0`
+            TMP_DEPLOY_PRIV_KEY=`mktemp /tmp/${tempkey}.XXXXXX` || exit 1
+            echo "${GITHUB_DEPLOY_PRIVATE_KEY}" > $TMP_DEPLOY_PRIV_KEY
+            eval $(ssh-agent -s)
+            ssh-add ${TMP_DEPLOY_PRIV_KEY}
+          fi
+
+          git config http.sslVerify true
+          git config --local user.email "${AUTHOR_EMAIL}"
+          git config --local user.name "${AUTHOR_NAME}"
+
+          git add -A
+
+          git commit -m "${MESSAGE}" $_EMPTY || exit 0
+
+          git push "${remote_repo}" HEAD:"${BRANCH}" --follow-tags $_FORCE_OPTION;

hack/test-gh-actions-local.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -xeu
+
+if ! type act; then
+  echo 'Install act via https://github.com/nektos/act#installation-through-package-managers'
+  exit 1
+fi
+
+# SECRETS:
+# CARVEL_RELEASE_SCRIPTS_PAT / Push access to vmware-tanzu/carvel-release-scripts
+
+# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads
+act push -e <(cat <<EOF
+{
+  "push": {
+      "ref": "refs/tags/v0.0.0"
+  }
+}
+EOF
+) --job goreleaser --job carvel-release-scripts --env SKIP_PUBLISH='--skip-publish' --dryrun