---
name: Bump CLI Formula

on:
  push:
    tags:
      - cli-v**
  workflow_dispatch:

defaults:
  run:
    shell: bash

jobs:
  update-desktop-cask:
    name: Update Bitwarden CLI Formula
    runs-on: macos-11
    steps:
      - name: Login to Azure
        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

      - name: Retrieve secrets
        id: retrieve-secrets
        env:
          KEYVAULT: bitwarden-prod-kv
          SECRETS: |
            brew-bump-workflow-pat
        run: |
          for i in ${SECRETS//,/ }
          do
            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
            echo "::add-mask::$VALUE"
            echo "::set-output name=$i::$VALUE"
          done

      - name: Update Homebrew formula
        uses: dawidd6/action-homebrew-bump-formula@dd221ff435f42fa8102b5871bb1929af9d76476c
        with:
          # Required, custom GitHub access token with the 'public_repo' and 'workflow' scopes
          token: ${{ steps.retrieve-secrets.outputs.brew-bump-workflow-pat }}
          org: bitwarden
          tap: Homebrew/homebrew-core
          cask: bitwarden-cli
          tag: ${{ github.ref }}
          revision: ${{ github.sha }}
          force: false
          dryrun: true