Merge pull request #20267 from botantony/audit_no_autobump

Audit `no_autobump!` reason for new packages
2025-07-17 15:30:31 +00:00 · 2025-07-17 15:30:31 +00:00 · cf8d654708
commit cf8d654708
parent 0dbefc9272 5450e730ed
5 changed files with 103 additions and 0 deletions
--- a/Library/Homebrew/cask/audit.rb
+++ b/Library/Homebrew/cask/audit.rb
@ -1022,6 +1022,15 @@ module Cask
      add_error error if error
    end

+    sig { void }
+    def audit_no_autobump
+      return if cask.autobump?
+      return unless new_cask?
+
+      error = SharedAudits.no_autobump_new_package_message(cask.no_autobump_message)
+      add_error error if error
+    end
+
    sig {
      params(
        url_to_check: T.any(String, URL),
--- a/Library/Homebrew/formula_auditor.rb
+++ b/Library/Homebrew/formula_auditor.rb
@ -981,6 +981,15 @@ module Homebrew
      problem error if error
    end

+    def audit_no_autobump
+      return if formula.autobump?
+
+      return unless @new_formula_inclusive
+
+      error = SharedAudits.no_autobump_new_package_message(formula.no_autobump_message)
+      new_formula_problem error if error
+    end
+
    def quote_dep(dep)
      dep.is_a?(Symbol) ? dep.inspect : "'#{dep}'"
    end
--- a/Library/Homebrew/test/cask/audit_spec.rb
+++ b/Library/Homebrew/test/cask/audit_spec.rb
@ -1164,5 +1164,53 @@ RSpec.describe Cask::Audit, :cask do
        end
      end
    end
+
+    describe "checking `no_autobump!` message" do
+      let(:new_cask) { true }
+      let(:only) { ["no_autobump"] }
+      let(:cask_token) { "test-cask" }
+
+      context "when `no_autobump!` reason is not suitable for new cask" do
+        let(:cask) do
+          tmp_cask cask_token.to_s, <<~RUBY
+            cask '#{cask_token}' do
+              version "1.0"
+              sha256 "8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a"
+              url "https://brew.sh/foo.zip"
+              name "Audit"
+              desc "Cask Auditor"
+              homepage "https://brew.sh/"
+              app "Audit.app"
+              no_autobump! because: :requires_manual_review
+            end
+          RUBY
+        end
+
+        it "fails" do
+          expect(run).to error_with(/use a different reason instead/)
+        end
+      end
+
+      context "when `no_autobump!` reason is allowed" do
+        let(:cask) do
+          tmp_cask cask_token.to_s, <<~RUBY
+            cask '#{cask_token}' do
+              version "1.0"
+              sha256 "8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a"
+              url "https://brew.sh/foo.zip"
+              name "Audit"
+              desc "Cask Auditor"
+              homepage "https://brew.sh/"
+              app "Audit.app"
+              no_autobump! because: "foo bar"
+            end
+          RUBY
+        end
+
+        it "passes" do
+          expect(run).to pass
+        end
+      end
+    end
  end
 end
--- a/Library/Homebrew/test/formula_auditor_spec.rb
+++ b/Library/Homebrew/test/formula_auditor_spec.rb
@ -1343,4 +1343,34 @@ RSpec.describe Homebrew::FormulaAuditor do
      expect(fa.problems).to be_empty
    end
  end
+
+  describe "#audit_no_autobump" do
+    it "warns when autobump exclusion reason is not suitable for new formula" do
+      fa = formula_auditor "foo", <<~RUBY, new_formula: true
+        class Foo < Formula
+          url "https://brew.sh/foo-1.0.tgz"
+
+          no_autobump! because: :requires_manual_review
+        end
+      RUBY
+
+      fa.audit_no_autobump
+      expect(fa.new_formula_problems.first[:message])
+        .to match("`:requires_manual_review` is a temporary reason intended for existing packages, " \
+                  "use a different reason instead.")
+    end
+
+    it "does not warn when autobump exclusion reason is allowed" do
+      fa = formula_auditor "foo", <<~RUBY, new_formula: true
+        class Foo < Formula
+          url "https://brew.sh/foo-1.0.tgz"
+
+          no_autobump! because: "foo bar"
+        end
+      RUBY
+
+      fa.audit_no_autobump
+      expect(fa.new_formula_problems).to be_empty
+    end
+  end
 end
--- a/Library/Homebrew/utils/shared_audits.rb
+++ b/Library/Homebrew/utils/shared_audits.rb
@ -217,4 +217,11 @@ module SharedAudits

    "#{reason} is not a valid deprecate! or disable! reason" unless reasons.include?(reason)
  end
+
+  sig { params(message: T.any(String, Symbol)).returns(T.nilable(String)) }
+  def self.no_autobump_new_package_message(message)
+    return if message.is_a?(String) || message != :requires_manual_review
+
+    "`:requires_manual_review` is a temporary reason intended for existing packages, use a different reason instead."
+  end
 end