brew/.github/workflows/vendor-gems.yml

name: Vendor Gems

on:
  pull_request:
    paths:
      - Library/Homebrew/dev-cmd/vendor-gems.rb
      - Library/Homebrew/Gemfile*
  push:
    paths:
      - .github/workflows/vendor-gems.yml
    branches-ignore:
      - main
      - master
  workflow_dispatch:
    inputs:
      pull_request:
        description: Pull request number
        required: true

permissions:
  contents: write
  pull-requests: read

defaults:
  run:
    shell: bash -xeuo pipefail {0}

jobs:
  vendor-gems:
    if: github.repository_owner == 'Homebrew'
    runs-on: macos-15
    steps:
      - name: Set up Homebrew
        id: set-up-homebrew
        uses: Homebrew/actions/setup-homebrew@main
        with:
          core: false
          cask: false
          test-bot: false

      - name: Configure Git user
        if: github.event_name == 'workflow_dispatch'
        uses: Homebrew/actions/git-user-config@main
        with:
          username: BrewTestBot

      - name: Set up commit signing
        if: github.event_name == 'workflow_dispatch'
        uses: Homebrew/actions/setup-commit-signing@main
        with:
          signing_key: ${{ secrets.BREWTESTBOT_SSH_SIGNING_KEY }}

      - name: Check out pull request
        id: checkout
        if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot')
        run: |
          gh pr checkout "${PR}"

          branch="$(git branch --show-current)"
          echo "branch=${branch}" >> "$GITHUB_OUTPUT"

          gem_name="$(echo "${branch}" | sed -E 's|.*/||;s|(.*)-.*$|\1|')"
          echo "gem_name=${gem_name}" >> "$GITHUB_OUTPUT"
        env:
          PR: ${{ github.event.pull_request.number || github.event.inputs.pull_request }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        working-directory: ${{ steps.set-up-homebrew.outputs.repository-path }}

      - name: Vendor Gems
        run: |
          if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" || ("${GITHUB_EVENT_NAME}" == "pull_request" && "${GITHUB_ACTOR}" == "dependabot") ]]
          then
            brew vendor-gems --non-bundler-gems
          else
            brew vendor-gems --non-bundler-gems --no-commit
          fi

      - name: Update RBI files
        run: brew typecheck --update

      - name: Commit RBI changes
        if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot')
        env:
          GEM_NAME: ${{ steps.checkout.outputs.gem_name }}
        working-directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
        run: |
          if ! git diff --stat --exit-code "Library/Homebrew/sorbet"
          then
            git add "Library/Homebrew/sorbet"
            git commit -m "Update RBI files for ${GEM_NAME}." \
                       -m "Autogenerated by the [vendor-gems](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/vendor-gems.yml) workflow."
          fi

      - name: Generate push token
        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
        id: app-token
        if: github.event_name == 'workflow_dispatch'
        with:
          app-id: ${{ vars.BREW_COMMIT_APP_ID }}
          private-key: ${{ secrets.BREW_COMMIT_APP_KEY }}

      - name: Push to pull request
        if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot')
        uses: Homebrew/actions/git-try-push@main
        with:
          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
          directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
          branch: ${{ steps.checkout.outputs.branch }}
          force: true