`Cask::Audit#extract_artifacts` is used in the `#audit_signing` and
`#cask_plist_min_os` methods to create a directory in `/tmp` and
extract cask artifacts without duplicating the work if it's already
done. However, due to how this is set up, `tmpdir` isn't removed
afterward and the extracted artifacts will take up disk space until
the `tmp` directory is cleaned up. As a result, running
`brew audit --strict --online` locally can chew through disk space
and it may not be clear to the user where their free space has gone.
This adds a finalizer method to `Cask::Audit` to remove the created
`@tmpdir` (if any) once it's no longer needed. There may be a better
way of addressing the issue but this works for now without having to
restructure how these audits work.
We already do this for deprecations but these may make warnings
and errors from Homebrew easier to spot in GitHub Actions logs.
While we're here, cleanup other cases that should have used
`GitHub::Actions::Annotation` but didn't and provide some helpers and
tweaks there necessary for our use case here.
There are two big changes here. Both have to do with how we want
to load casks in different scenarios. One also is related to formulae.
1. Prevent loading casks & formulae outside of taps for specific commands.
There are certain commands like `bump`, `bump-*-pr`, `livecheck` and `audit`
where it really makes no sense to try and run things if the specified formulae
or cask is not in a tap. A new `#to_formulae_and_casks_with_taps` method was
added to the `CLI::NamedArgs` class to allow us to easily grab and validate
formulae and casks from named arguments.
2. Always load the source file path when loading casks with the path loader.
There was an edge case where all JSON cask files were being loaded without
setting the source file path because most of the work was handed off to the
API loader where that normally would make more sense. Now we set that when
calling the API loader which solves the problem. This improves the user
experience of people using the `--cache` and `fetch` commands in certain
edge cases. Hopefully it makes the user experience a bit more consistent.
A regression test was added for this point.
We already had `HOMEBREW_FORBIDDEN_LICENSES` but this commit adds
`HOMEBREW_FORBIDDEN_CASKS`, `HOMEBREW_FORBIDDEN_FORMULAE` and
`HOMEBREW_FORBIDDEN_TAPS` for also forbidding those.
Relatedly, add `HOMEBREW_FORBIDDEN_OWNER` and
`HOMEBREW_FORBIDDEN_OWNER_CONTACT` to allow customising these
messages.
There were no existing tests for `HOMEBREW_FORBIDDEN_LICENSES` so have
added more tests for all of these checks.
Co-authored-by: Bo Anderson <mail@boanderson.me>
When fixing permissions fails, we should not print the error messages
from e.g. `chmod` unless we are in debug or verbose mode (because we
immediately retry taking ownership `sudo`).
This makes `--adopt` considerably faster and more useful for application
bundles by checking the bundle version before failing to adopt the
bundle.
This could be further extended by e.g. checking if auto-updates are
enabled.
While we're here, also allow `adopt` to act a bit more like `force` in
a few other places assuming this initial check passes.
This should make these messages, particular warnings, more obvious to
GitHub Actions users.
There's an argument perhaps we should do this more broadly for all
warning/error messages but: this feels like a good start.
