Repo Changes Breaking Runiac Build

[tiny-dancer]

If there was a change recently to require pull requests and approval for this repo it has broken runiac release automation:

⨯ release failed after 185.47s error=homebrew tap formula: failed to publish artifacts: PUT [api.github.com/repos/optum/homebrew-tap/contents/Formula/runiac.rb:](https://api.github.com/repos/optum/homebrew-tap/contents/Formula/runiac.rb:) 409 Could not update file: At least 1 approving review is required by reviewers with write access. []
Error: The process '/opt/hostedtoolcache/goreleaser-action/1.5.0/x64/goreleaser' failed with exit code 1

https://github.com/Optum/runiac/runs/5345432758?check_suite_focus=true

[amyschoen]

@tiny-dancer, I have not updated anything recently, but I can take a look.

[amyschoen]

It looks like @PseudoCoding added branch protection on this repo on Jan 24. What are you doing with regards to release automation where you're either not going through PRs or aren't having them approved?

[tiny-dancer]

The update to the homebrew file in this repo is entirely performed via goreleaser, a release automation library for golang.

[tiny-dancer]

https://goreleaser.com/customization/homebrew/

Ideally we wouldn’t add a human layer into an automated action.

[amyschoen]

Is it being run under an admin user? If that's the case, we can just uncheck the box to include admins in branch protection.

[tiny-dancer]

Good question, I think it was a token you provided? If you could provide a new token that matches admin can update accordingly

[amyschoen]

That's an admin token. Just unchecked Include admins in the branch protection. Let me know if your workflow is working again now.

[tiny-dancer]

@amyschoen FYI the build still failed

[mkrouse]

@amyschoen - I'm trying to get runiac development going again since MGs departure. I've got our release pipeline working now and I'm trying to troubleshoot the homebrew file automation that @tiny-dancer mentioned above. Can you verify if the token is still valid?

I'm not seeing any obvious errors in the goreleaser-cli job indicating that this is failing. Unfortunately, its been a while since that last successful release (0.0.11) and I cannot view the previous logs to see what it looked like before.

[amyschoen]

I'm guessing you're referring to this workflow @mkrouse:

https://github.com/Optum/runiac/blob/main/.github/workflows/release.yml

I see references to secrets.RUNIAC_PAT, secrets.GITHUB_TOKEN and secrets.GIT_TOKEN.

The second one doesn't exist. The first and third ones are local and might have stopped working as expected when folks left. I suggest using the secrets set up at the org level - secrets.GIT_COMMITTER_TOKEN in lieu of the second two. We have secret.DOCKER_HUB_USERNAME and secret.DOCKER_HUB_PASSWORD set up to publish to Docker Hub.

[aksmo]

@amyschoen I had this working on a previous release for runiac, the last release failed again, looks like branch permissions were added back, I did enable it via the PR route but looks to be a lot more steps which goes against the automation.