`Cask::Audit.audit_livecheck_version` can raise a `key not found:
:latest` error when a hash from livecheck's `latest_version` method
doesn't have a `:latest` value. This error means that livecheck was
unable to identify the latest upstream version but it can only be
understood if the reader knows how this audit is implemented (and it
may also depend on knowing the structure of livecheck's
`latest_version` hash). Without that knowledge, the error doesn't
make it clear which audit is failing and why.
This addresses the issue by using `nil` as the default value for this
`fetch` call and accounting for a `nil` `latest_version` value. This
allows the audit to surface the usual "Version '1.2.3' differs from
'' retrieved by livecheck" failure, which makes it more clear that
livecheck isn't returning a version.
This reduces the surface area of our `Kernel` monkeypatch and removes
the need to `include Kernel` in a bunch of modules.
While we're here, also move `Kernel#require?` to `Homebrew` and fully
scope the calls to it.
Follow up on `DownloadQueue` for download concurrency on `brew fetch`
and `brew install` to also add support for `brew reinstall` and
`brew upgrade`.
This required a fair bit of refactoring to make this work so I've also
made `install.rb`, `reinstall.rb` and `upgrade.rb` `typed: strict` to
add some extra guardrails from Sorbet here.
Co-authored-by: Carlo Cabrera <github@carlo.cab>
We recently added `POST` request support to livecheck but related cask
checks are failing the `livecheck_https_availability` audit because it
calls `validate_url_for_https_availability` which calls
`Utils::Curl.curl_check_http_content` and that checks the URL using a
`GET` request. Adding `POST` request support to all of those methods
will take some work, so this adds a guard to skip the audit if the
`livecheck` block uses `post_form` or `post_json`. This isn't ideal
but it will allow us to add these `livecheck` blocks in the interim
time.
Co-authored-by: Douglas Eichelberger <d@eic.email>
Formulae, casks, and resources have a `#livecheckable?` method that
indicates whether they contain a `livecheck` block. This is intended
to be read as "has a livecheckable?", not "is livecheckable?" (as
livecheck can find versions for some packages/resources without a
`livecheck` block). Unfortunately, correct understanding of this
method's behavior [outside of documentation] relies on historical
knowledge that few people possess, so this is often confusing to
anyone who hasn't been working on livecheck since 2020.
In the olden days, a "livecheckable" was a Ruby file containing a
`livecheck` block (originally a hash) with a filename that
corresponded to a related formula. The `livecheck` blocks in
livecheckable files were integrated into their respective formulae in
August 2020, so [first-party] livecheckables ceased to exist at that
time. From that point forward, we simply referred to these as
`livecheck` blocks.
With that in mind, this clarifies the situation by replacing
"livecheckable" language. This includes renaming `#livecheckable?` to
`#livecheck_defined?`, replacing usage of "livecheckable" as a noun
with "`livecheck` block", replacing "livecheckable" as a boolean with
"livecheck_defined", and replacing incorrect usage of "livecheckable"
as an adjective with "checkable".
The method only returned the executable name and not the full path,
leading to a swallowed error, because brew gracefully ignores a
failing lipo command.
Currently `brew audit` only audits the first binary in a cask.
For example the cask `wiso-steuer-2024` contains multiple binaries in
`Contents/MacOS`:
- `btssysteminfo`
- `whilfe`
- `wmain24`
The first binary (some telemetry tool) is not the main binary and not
a universal binary, but the other two are. Given that `wmain24` is
defined as the main binary in the `Contents/Info.plist`, brew probably
should audit that binary rather than just checking the first one.
- Previously I thought that comments were fine to discourage people from
wasting their time trying to bump things that used `undef` that Sorbet
didn't support. But RuboCop is better at this since it'll complain if
the comments are unnecessary.
- Suggested in https://github.com/Homebrew/brew/pull/18018#issuecomment-2283369501.
- I've gone for a mixture of `rubocop:disable` for the files that can't
be `typed: strict` (use of undef, required before everything else, etc)
and `rubocop:todo` for everything else that should be tried to make
strictly typed. There's no functional difference between the two as
`rubocop:todo` is `rubocop:disable` with a different name.
- And I entirely disabled the cop for the docs/ directory since
`typed: strict` isn't going to gain us anything for some Markdown
linting config files.
- This means that now it's easier to track what needs to be done rather
than relying on checklists of files in our big Sorbet issue:
```shell
$ git grep 'typed: true # rubocop:todo Sorbet/StrictSigil' | wc -l
268
```
- And this is confirmed working for new files:
```shell
$ git status
On branch use-rubocop-for-sorbet-strict-sigils
Untracked files:
(use "git add <file>..." to include in what will be committed)
Library/Homebrew/bad.rb
Library/Homebrew/good.rb
nothing added to commit but untracked files present (use "git add" to track)
$ brew style
Offenses:
bad.rb:1:1: C: Sorbet/StrictSigil: Sorbet sigil should be at least strict got true.
^^^^^^^^^^^^^
1340 files inspected, 1 offense detected
```
