diff --git a/.github/scripts/update_formula b/.github/scripts/update_formula new file mode 100755 index 0000000..7bf0295 --- /dev/null +++ b/.github/scripts/update_formula @@ -0,0 +1,50 @@ +#!/usr/bin/env ruby + +require 'octokit' +require 'open-uri' +require 'digest' + +GITHUB_REF = ENV.fetch('GITHUB_REF') +TARGET = ENV.fetch('TARGET') +LOCAL = ENV.fetch('LOCAL', false) + +tag = GITHUB_REF.sub('refs/tags/v', '') +formula_path = "HomebrewFormula/#{TARGET}.rb" +repo = "Finatext/#{TARGET}" + +content = File.read(formula_path) + +updated_content = content.gsub(/version "[^"]*"/, 'version "' + tag + '"') + +updated_content.gsub!(/url "https:\/\/github.com\/[^"]+\/releases\/download\/[^\/]+\/([^"]+)"/) do |url| + file_name = $1 + new_url = "https://github.com/Finatext/gls/releases/download/v#{tag}/#{file_name}" + puts "Updating #{url} to #{new_url}" + %!url "#{new_url}"! +end + +urls = updated_content.scan(/url "([^"]+)"/).flatten +urls.each do |url| + puts "Updating sha256 for #{url}" + file = URI.open(url) + sha256 = Digest::SHA256.hexdigest(file.read) + updated_content.gsub!(/(url "#{Regexp.escape(url)}"\n\s*sha256 ")[^"]+"/) do |match| + "#{$1}#{sha256}\"" + end +end + +if LOCAL + File.write(formula_path, updated_content) +else + client = Octokit::Client.new(access_token: ENV.fetch('GITHUB_TOKEN')) + formula_file = client.contents(repo, path: formula_path, ref: tag) + + client.update_contents(repo, + formula_path, + "Update Homebrew formula for #{tag}", + formula_file.sha, + updated_content, + branch: 'main', + file: formula_path + ) +end diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 0c097c6..981bd91 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -121,3 +121,20 @@ jobs: files: | ${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz ${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz.sha256 + + update-homebrew: + needs: + - build-release + runs-on: ubuntu-latest + steps: + - name: Install Dependencies + run: gem install octokit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Update Homebrew Formula + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_REF: ${{ github.ref }} + TARGET: gls + shell: bash + run: | + .github/scripts/update_formula diff --git a/HomebrewFormula/gls.rb b/HomebrewFormula/gls.rb new file mode 100644 index 0000000..3849b03 --- /dev/null +++ b/HomebrewFormula/gls.rb @@ -0,0 +1,53 @@ +# typed: false +# frozen_string_literal: true + +class Gls < Formula + desc "Support gitleaks config development and extend some gitleaks features" + homepage "https://github.com/Finatext/gls" + version "0.1.10" + license "MIT" + + on_macos do + on_arm do + url "https://github.com/Finatext/gls/releases/download/v0.1.10/gls-aarch64-apple-darwin.tar.gz" + sha256 "f85e8c5c096937ea851c6f0a88fb1cf981d85d32baf6c4cbcaf29d623040e1a8" + + def install + bin.install "gls" + end + end + + on_intel do + url "https://github.com/Finatext/gls/releases/download/v0.1.10/gls-x86_64-apple-darwin.tar.gz" + sha256 "959e84dabc2dd839cd69660b7185b2e870844f5719cb5bcafc2631b1d93a0319" + + def install + bin.install "gls" + end + end + end + + on_linux do + on_intel do + url "https://github.com/Finatext/gls/releases/download/v0.1.10/gls-x86_64-unknown-linux-gnu.tar.gz" + sha256 "ac149a85f759c56ad7574c6112d219ad39d8c39a8253f3b09b4728308b4ae074" + + def install + bin.install "gls" + end + end + + on_arm do + url "https://github.com/Finatext/gls/releases/download/v0.1.10/gls-aarch64-unknown-linux-gnu.tar.gz" + sha256 "d2c0fc6aefb252c9f56bbcab2e729dcb0b83a1523eae79e7e0e5f781e22a8247" + + def install + bin.install "gls" + end + end + end + + test do + system "#{bin}/gls --version" + end +end diff --git a/README.md b/README.md index 0d50390..4d7ba2b 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,20 @@ gls (gitleaks-support) enhances the development of gitleaks rules and allowlists - Support for multiple global and rule-specific allowlists. - Ability to handle multiple configuration files. +## Install +### Homebrew +``` +brew tap Finatext/gls https://github.com/Finatext/gls.git +brew install gls +``` + +Note: conflicts with `coreutils` package. Unlink `coreutils` and use the "gnubin" of `coreutils`. + +### Cargo +``` +cargo install --git https://github.com/Finatext/gls.git +``` + ## Design Instead of using the original gitleaks allowlist feature, gls requires all allowlists to be defined in its own configuration files.