From a496f6708e39819c2e1bcb356867f8600cc31f96 Mon Sep 17 00:00:00 2001
From: Rui Chen <rui@chenrui.dev>
Date: Fri, 20 Oct 2023 19:10:14 -0400
Subject: [PATCH] audit(github): prefer `/archive/refs/tags` urls over
 `/archive`

Signed-off-by: Rui Chen <rui@chenrui.dev>
---
 Library/Homebrew/rubocops/urls.rb       | 7 +++++++
 Library/Homebrew/utils/shared_audits.rb | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Library/Homebrew/rubocops/urls.rb b/Library/Homebrew/rubocops/urls.rb
index d60c1fac3f..abd4fda102 100644
--- a/Library/Homebrew/rubocops/urls.rb
+++ b/Library/Homebrew/rubocops/urls.rb
@@ -217,6 +217,13 @@ module RuboCop
             problem "Use /archive/ URLs for GitHub tarballs (url is #{url})."
           end
 
+          archive_ref_tags_gh_pattern = %r{https://.*github.*/archive(?!/refs/tags)/.*\.tar\.gz$}
+          audit_urls(urls, archive_ref_tags_gh_pattern) do |_, url|
+            next if url.end_with?(".git")
+
+            problem "Use /archive/refs/tags URLs for GitHub tarballs (url is #{url})."
+          end
+
           # Don't use GitHub .zip files
           zip_gh_pattern = %r{https://.*github.*/(archive|releases)/.*\.zip$}
           audit_urls(urls, zip_gh_pattern) do |_, url|
diff --git a/Library/Homebrew/utils/shared_audits.rb b/Library/Homebrew/utils/shared_audits.rb
index 923245645a..960d1173a8 100644
--- a/Library/Homebrew/utils/shared_audits.rb
+++ b/Library/Homebrew/utils/shared_audits.rb
@@ -157,7 +157,7 @@ module SharedAudits
 
   def github_tag_from_url(url)
     url = url.to_s
-    tag = url.match(%r{^https://github\.com/[\w-]+/[\w-]+/archive/([^/]+)\.(tar\.gz|zip)$})
+    tag = url.match(%r{^https://github\.com/[\w-]+/[\w-]+/archive/refs/tags/([^/]+)\.(tar\.gz|zip)$})
              .to_a
              .second
     tag ||= url.match(%r{^https://github\.com/[\w-]+/[\w-]+/releases/download/([^/]+)/})