- Remove use of (unused) `Cachable` module.
- Pass whether we're bottling to determine whether to create
reproducible SBOM or not. A reproducible SBOM omits the time and
compiler.
- Remove bottle information when bottling: we cannot know what e.g.
the checksum (and, with GitHub Packages, therefore also the download
location) will be before we've created the tarball contents.
- Always write a bottle on installation (unless we're bottling) to
provide new bottle information or freshen the existing one with the
information we stripped out for reproducibility e.g. the time and
compiler.
- Don't need to handle a `nil` `@source_modified_time` as it's always
set.
Fixes#17281
We already do this for deprecations but these may make warnings
and errors from Homebrew easier to spot in GitHub Actions logs.
While we're here, cleanup other cases that should have used
`GitHub::Actions::Annotation` but didn't and provide some helpers and
tweaks there necessary for our use case here.
- write a schema when installing formulae (if not already present)
- cache the schema on disk rather than downloading it every time
- make more methods/attributes `private`
- allow validation to be optional, only enable for Homebrew developers
at installation time
- use the tab for more, correct information
- ensure that dependencies/bottles are written correctly
- use new SBOM 3 schema URL
- improve test coverage
Adds the basic attestation verification APIs, as well
as a pre-pour check against `HOMEBREW_VERIFY_ATTESTATIONS`
that verifies the attestation (or backfill as necessary)
for bottles from homebrew-core.
Signed-off-by: William Woodruff <william@yossarian.net>
We already had `HOMEBREW_FORBIDDEN_LICENSES` but this commit adds
`HOMEBREW_FORBIDDEN_CASKS`, `HOMEBREW_FORBIDDEN_FORMULAE` and
`HOMEBREW_FORBIDDEN_TAPS` for also forbidding those.
Relatedly, add `HOMEBREW_FORBIDDEN_OWNER` and
`HOMEBREW_FORBIDDEN_OWNER_CONTACT` to allow customising these
messages.
There were no existing tests for `HOMEBREW_FORBIDDEN_LICENSES` so have
added more tests for all of these checks.
Co-authored-by: Bo Anderson <mail@boanderson.me>
This should make these messages, particular warnings, more obvious to
GitHub Actions users.
There's an argument perhaps we should do this more broadly for all
warning/error messages but: this feels like a good start.
We have plans to add analytics for commands and `brew test-bot`
This requires a certain amount of refactoring which I've done here.
There was also a bunch of legacy `*_influx_?` usage from when we used
both InfluxDB and Google Analytics that made sense to clean up and
excessive indirection.
Let's start storing `revision` and `pkg_version` for tab runtime
dependencies and use them when available.
When the `revision` is not available, use a conservative approach to
deciding whether dependencies need to be upgrade.
Co-authored-by: Mike McQuaid <mike@mikemcquaid.com>
Ever since we started using this at runtime it's been polluting
the backtrace output. This makes it harder to debug errors and
increases the amount of info users have to paste into the box
when filing an issue.
This is a very direct approach. Essentially, we strip out
everything related to the `sorbet-runtime` gem whenever the top
line in the backtrace is unrelated to sorbet-runtime.
The hope is that this will allow errors related to sorbet to
be diagnosed easily while also reducing the backtrace size
for all other types of errors.
Sometimes it is useful to see the full backtrace though.
For those cases, we include the full backtrace when
`--verbose` is passed in and print a warning that the
Sorbet lines have been removed from the backtrace the
first time they are removed.
Note: This requires gems to be set up so that the call to
`Gem.paths.home` works correctly. For that reason, it must
be included after `utils/gems` which is included in
`standalone/load_path` already.
Download the bottle manifests for the potential formulae we are going to
upgrade and, if they are have all their `runtime_dependencies` versions
currently met, don't try to download the bottle or upgrade the formula.
When we're installing a formula from a bottle, we currently always
upgrade all dependencies in the dependency tree to be safe.
However, if we're installing a bottle and the `runtime_dependencies`
within that bottle's tab all have older or equal versions to those
already installed: we do not need to upgrade these dependencies.
This should help a lot of upgrading a lot of the time, at least for
users using bottles (which is the huge majority).
The only downside or other noticeable change is that this requires us
to download or attempt to download the bottle tab before we compute
the dependencies at installation time.
Co-authored-by: Kevin <apainintheneck@gmail.com>
- warn if running `brew postinstall` explicitly and there's no
`post_install` defined in the formula
- add a `post_install` alias for `brew postinstall` to make life
easier for those jumping between `postinstall` and `post_install` in
e.g. Homebrew development
- refactor `post_install` formula path logic into a new method for
improved readability
- handle the JSON API `post_install` formula path case
The main thing is that this DSL allows us to provide an
interface that can be serialized to the JSON API.
Changes:
- Homebrew::Service
- Adds `#service_name` and `#plist_name` methods
- Each is now included in the `#serialize` method as well
- Eval block on instantiation
- Before we lazy evaluated this but the cost is not significant
and it complicated the code a bunch. This only gets called
during install, when evaluating caveats and in the `brew service`
command. It skips this evaluation if the service block isn't there.
- Add `#command?` helper to avoid `#command.blank?` and `#command.present?`
- Formula
- `#service` now returns a service whenever it's called. This call is
hidden behind a call to `#service?` most of the time anyway so this
should be fine.
- `#plist_name` and `#service_name` now call the methods of the same name
on the service class. This should have already been in the service object
to begin with and keeping these methods here helps preserve backwards
compatibility with people who were overwriting these methods before.
- Caveats
- Prefer `service#command?`
- Add helpers for checking on service commands
- This duplicates some of the work in `brew services`. Maybe we should
merge that repo in at some point.
- Check for installed service at `#plist_name` or `#service_name`. I think
this should be used instead of `Keg#plist_installed?` which checked for any plist file.
We should think about deprecating `#plist_installed?` in the future.
- Stop using `ps aux | grep #{formula.plist_name}` to check for service files
because it was inaccurate (it always returns true on my machine) because the grep
process is started before the ps process.
- Note: The behavior is the same as it was before. This means that caveats
only show up for custom service files on install or if they're already installed.
Otherwise it won't show up in `brew info`. This is because it has to check
first if the service file has been installed.
- Utils::Service
- Add utils for evaluating if a service is installed and running. This duplicates
some of the work already found in `brew services`. We should seriously consider
merging `brew services` with the main brew repo in the future since it's already
tightly coupled to the code in the main repo.
- Formulary.load_formula_from_api
- Be more explicit about which types can be deserialized into run params since
it is now possible for run params to be nil.
- Update and add tests
