---
name: Bump CLI Formula

on:
  push:
    tags:
      - cli-v**
  workflow_dispatch:

defaults:
  run:
    shell: bash

jobs:
  update-desktop-cask:
    name: Update Bitwarden CLI Formula
    runs-on: macos-11
    steps:
      - name: Login to Azure
        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
        with:
          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@34ecb67b2a357795dc893549df0795e7383ff50f
        with:
          keyvault: "bitwarden-ci"
          secrets: "brew-bump-workflow-pat"

      - name: Update Homebrew formula
        uses: dawidd6/action-homebrew-bump-formula@d3667e5ae14df19579e4414897498e3e88f2f458 # v3.10.0
        with:
          # Required, custom GitHub access token with the 'public_repo' and 'workflow' scopes
          token: ${{ steps.retrieve-secrets.outputs.brew-bump-workflow-pat }}
          org: bitwarden
          tap: Homebrew/homebrew-core
          cask: bitwarden-cli
          tag: ${{ github.ref }}
          revision: ${{ github.sha }}
          force: false
          dryrun: true