This breaks the possibility for some `:all` bottle creation if they
reference a non-`:all` bottle as a dependency.
Instead, omit this information in the bottle and generate it only at
install time.
- be a bit stricter with SBOM handling with the test default formula
flow in CI by making it raise errors if SBOM's aren't generated and
validated as expected
- fix handling of HEAD installations of formulae so SBOM generation is
both correct and doesn't raise errors
- make `Formula#bottle_hash` more accepting of edge cases e.g. HEAD-only
formulae without a stable spec
Fixes#17333
- Remove use of (unused) `Cachable` module.
- Pass whether we're bottling to determine whether to create
reproducible SBOM or not. A reproducible SBOM omits the time and
compiler.
- Remove bottle information when bottling: we cannot know what e.g.
the checksum (and, with GitHub Packages, therefore also the download
location) will be before we've created the tarball contents.
- Always write a bottle on installation (unless we're bottling) to
provide new bottle information or freshen the existing one with the
information we stripped out for reproducibility e.g. the time and
compiler.
- Don't need to handle a `nil` `@source_modified_time` as it's always
set.
Fixes#17281
- write a schema when installing formulae (if not already present)
- cache the schema on disk rather than downloading it every time
- make more methods/attributes `private`
- allow validation to be optional, only enable for Homebrew developers
at installation time
- use the tab for more, correct information
- ensure that dependencies/bottles are written correctly
- use new SBOM 3 schema URL
- improve test coverage
