update-cask.yml aktualisieren

•	permissions: contents: write → ohne das scheitert Push/Commit häufig. 	•	macos-latest → Homebrew ist dort erwartbar verfügbar. 	•	Robuste Release-Ermittlung via gh release view (Tag, Assets). 	•	SHA256 wird wirklich aus dem Release-Asset berechnet (keine Fantasie-Hashes). 	•	Nur committen, wenn es Änderungen gibt (kein Commit-Spam).

homebrew-tap/.github/workflows/update-cask.yml

@@ -1,72 +1,106 @@
-name: Update cask from releases
+name: Update Cask
 
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 * * * *"
+  release:
+    types: [published]
+
+permissions:
+  contents: write
 
 jobs:
   update-cask:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
+    runs-on: macos-latest
+
+    env:
+      # Repo, aus dem die Releases kommen (Owner/Repo)
+      APP_REPO: h3pdesign/Neon-Vision-Editor
+
+      # Pfad zur Cask-Datei in diesem Tap
+      CASK_FILE: Casks/neon-vision-editor.rb
+
     steps:
       - name: Checkout tap
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
-      - name: Install jq
-        run: sudo apt-get update && sudo apt-get install -y jq
-
-      - name: Update cask
-        env:
-          APP_REPO: h3pdesign/Neon-Vision-Editor
-          ASSET_NAME: Neon.Vision.Editor.app.zip
-          CASK_PATH: Casks/neon-vision-editor.rb
-        run: |
-          set -euo pipefail
-          release_json="$(curl -fsSL -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" "https://api.github.com/repos/${APP_REPO}/releases/latest")"
-          tag="$(echo "$release_json" | jq -r '.tag_name')"
-          version="${tag#v}"
-          asset_url="$(echo "$release_json" | jq -r --arg name "$ASSET_NAME" '.assets[] | select(.name==$name) | .browser_download_url')"
-          if [ -z "$asset_url" ] || [ "$asset_url" = "null" ]; then
-            echo "Asset $ASSET_NAME not found on latest release."
-            exit 1
-          fi
-          curl -fsSL "$asset_url" -o "$ASSET_NAME"
-          sha256="$(shasum -a 256 "$ASSET_NAME" | awk '{print $1}')"
-
-          VERSION="$version" SHA256="$sha256" URL="$asset_url" ruby -e '
-            path = ENV.fetch("CASK_PATH")
-            version = ENV.fetch("VERSION")
-            sha256 = ENV.fetch("SHA256")
-            url = ENV.fetch("URL")
-            abort("empty version") if version.empty?
-            abort("empty sha256") if sha256.empty?
-            abort("empty url") if url.empty?
-
-            data = File.read(path)
-            abort("version pattern not found") unless data.sub!(/version "[^"]*"/, "version \"#{version}\"")
-            abort("sha256 pattern not found") unless data.sub!(/sha256 "[^"]*"/, "sha256 \"#{sha256}\"")
-            abort("url pattern not found") unless data.sub!(/url "[^"]*"/, "url \"#{url}\"")
-            File.write(path, data)
-          '
-
-          rm -f "$ASSET_NAME"
-          echo "$version" > .cask-version
-
-      - name: Commit and push
+      - name: Configure git identity
         run: |
           git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git add Casks/neon-vision-editor.rb
-          if git diff --cached --quiet; then
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Install Homebrew (if needed) and tools
+        run: |
+          brew --version
+          brew update
+          brew tap homebrew/cask
+
+      - name: Get latest release metadata
+        id: rel
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+
+          # Latest release tag, z.B. v0.4.5-beta
+          TAG="$(gh release view -R "$APP_REPO" --json tagName -q .tagName)"
+          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
+
+          # Version ohne führendes v (Homebrew will meist "0.4.5-beta")
+          VER="${TAG#v}"
+          echo "version=$VER" >> "$GITHUB_OUTPUT"
+
+          # Asset-URL: passe den Filter an deine Release-Assets an
+          # Beispiel: eine .zip oder .dmg
+          URL="$(gh release view -R "$APP_REPO" "$TAG" --json assets -q '.assets[] | select(.name | test("\\.(zip|dmg)$")) | .url' | head -n 1)"
+
+          if [ -z "${URL:-}" ]; then
+            echo "No matching asset (.zip/.dmg) found in release $TAG" >&2
+            exit 1
+          fi
+
+          echo "asset_url=$URL" >> "$GITHUB_OUTPUT"
+
+      - name: Download asset and compute sha256
+        id: sha
+        run: |
+          set -euo pipefail
+          URL="${{ steps.rel.outputs.asset_url }}"
+          curl -L --fail -o /tmp/release_asset "$URL"
+          SHA="$(shasum -a 256 /tmp/release_asset | awk '{print $1}')"
+          echo "sha256=$SHA" >> "$GITHUB_OUTPUT"
+
+      - name: Update cask file (version + url + sha256)
+        run: |
+          set -euo pipefail
+
+          FILE="${CASK_FILE}"
+          VER="${{ steps.rel.outputs.version }}"
+          URL="${{ steps.rel.outputs.asset_url }}"
+          SHA="${{ steps.sha.outputs.sha256 }}"
+
+          test -f "$FILE"
+
+          # version "..."
+          perl -pi -e 's/^(\s*version\s+).*$/${1}"'"$VER"'"/' "$FILE"
+
+          # url "..."
+          perl -pi -e 's/^(\s*url\s+).*$/${1}"'"$URL"'"/' "$FILE"
+
+          # sha256 "..."
+          perl -pi -e 's/^(\s*sha256\s+).*$/${1}"'"$SHA"'"/' "$FILE"
+
+          echo "Updated $FILE:"
+          sed -n '1,120p' "$FILE"
+
+      - name: Commit and push if changed
+        run: |
+          set -euo pipefail
+          if git diff --quiet; then
             echo "No changes to commit."
             exit 0
           fi
-          version="$(cat .cask-version 2>/dev/null || true)"
-          if [ -z "$version" ]; then
-            git commit -m "Update neon-vision-editor cask"
-          else
-            git commit -m "Update neon-vision-editor cask to v${version}"
-          fi
-          git push
+          git add "${CASK_FILE}"
+          git commit -m "chore(cask): bump to ${{ steps.rel.outputs.tag }}"
+          git push