From 9016762a692b95153a48bcf5d99c9868b7ef8b49 Mon Sep 17 00:00:00 2001
From: Florian Kinder <florian.kinder@enthus.de>
Date: Sat, 11 Apr 2026 23:12:07 +0200
Subject: [PATCH] ci(release): auto-bump Homebrew tap formula on release
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a post-release step to automatically bump the esq formula in
enthus-appdev/homebrew-tap whenever a new version tag triggers a
release. This removes the manual step of editing Formula/esq.rb each
time and ensures the tap never drifts behind the CLI.

Implementation uses dawidd6/action-homebrew-bump-formula which wraps
Homebrew's `brew bump-formula-pr --version=...`. That command natively
handles multi-URL formulas (darwin-arm64 / darwin-amd64 / linux-arm64 /
linux-amd64), rewriting all four URLs and SHA256 checksums in a single
pass — the mislav/bump-homebrew-formula-action alternative only handles
one URL per invocation.

Authentication uses the `enthus-appdev-tap-bumper` GitHub App via
actions/create-github-app-token. The App is installed only on the
homebrew-tap repo with minimal permissions (contents: read/write,
pull-requests: read/write), scoped via org-level selected-repository
secrets. The bot committer identity is derived dynamically from the
App's user ID so commits are properly linked to the bot profile.

The step is marked continue-on-error so a tap-bump failure doesn't fail
the release itself — the release is the primary artifact and can be
re-bumped later if needed.

The release body now also mentions the Homebrew install path first, so
users discover the easiest install method.
---
 .github/workflows/release.yml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b98f5fc..06264d0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -104,6 +104,11 @@ jobs:
 
             ## Installation
 
+            ### Homebrew (macOS and Linux)
+            ```bash
+            brew install enthus-appdev/tap/esq
+            ```
+
             ### macOS (Apple Silicon)
             ```bash
             curl -L https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/esq-darwin-arm64.tar.gz | tar xz
@@ -135,3 +140,32 @@ jobs:
             dist/*
           draft: false
           prerelease: ${{ contains(github.ref_name, '-') }}
+
+      - name: Generate GitHub App token for tap bump
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.HOMEBREW_TAP_APP_ID }}
+          private-key: ${{ secrets.HOMEBREW_TAP_APP_PRIVATE_KEY }}
+          owner: enthus-appdev
+          repositories: homebrew-tap
+
+      - name: Get GitHub App user ID
+        id: app-user
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+        run: |
+          USER_ID=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)
+          echo "user-id=$USER_ID" >> "$GITHUB_OUTPUT"
+
+      - name: Bump Homebrew tap formula
+        uses: dawidd6/action-homebrew-bump-formula@v7
+        continue-on-error: true
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          no_fork: true
+          tap: enthus-appdev/homebrew-tap
+          formula: esq
+          tag: ${{ github.ref_name }}
+          user_name: ${{ steps.app-token.outputs.app-slug }}[bot]
+          user_email: ${{ steps.app-user.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com