fix(release): add homebrew cask audit validation #22
Conversation
Summary of ChangesHello @jonshaffer, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a critical Homebrew CI failure by correcting the Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request resolves a Homebrew release issue by removing a redundant verified field from the GoReleaser configuration. It also enhances the development workflow by adding GoReleaser to the Nix environment and introducing a lefthook pre-commit hook to validate the GoReleaser configuration. My review found a small but critical issue with the installation path for GoReleaser in the Nix shell hook, which would cause the setup to fail. A suggestion to correct this path is provided.
|
|
||
| if ! command -v goreleaser &> /dev/null; then | ||
| echo "📦 Installing goreleaser..." | ||
| go install github.com/goreleaser/goreleaser/v2@latest |
There was a problem hiding this comment.
The go install path for GoReleaser is incorrect. The GoReleaser module path does not include /v2, so the current command will fail. To fix this, you should use the correct module path github.com/goreleaser/goreleaser@latest.
go install github.com/goreleaser/goreleaser@latest
There was a problem hiding this comment.
Pull request overview
This pull request fixes a Homebrew tap CI failure by removing the unnecessary verified field from the GoReleaser homebrew cask configuration and adds preventive measures to catch similar issues in the future.
Key Changes:
- Removed the redundant
verifiedfield from.goreleaser.ymlhomebrew cask config (the field is only needed when download URL domain differs from homepage domain) - Added a new CI job to audit generated Homebrew casks before they reach the tap repository
- Integrated goreleaser into the Nix development environment and added pre-commit validation via lefthook
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.goreleaser.yml |
Removed unnecessary url.verified field that was causing Homebrew audit failures |
.github/workflows/release-config-check.yml |
Added homebrew-cask-audit job to validate generated casks with brew audit --cask |
flake.nix |
Added goreleaser installation via go install in the Nix shell hook for development |
lefthook.yml |
Added pre-commit hook to run goreleaser check when .goreleaser.yml is modified |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| homepage: "https://github.com/systmms/dsops" | ||
| description: "Secret management for development and production environments" | ||
| skip_upload: auto # Skip for pre-releases |
There was a problem hiding this comment.
The corresponding spec file at specs/020-release-distribution/contracts/goreleaser.yaml still contains the verified field (lines 103-104) that was removed here. The spec documentation should be updated to match the actual implementation to maintain consistency.
…nfig The verified field is only needed when the download URL domain differs from the homepage domain. Since both use github.com/systmms/dsops, Homebrew audit flags this as redundant. Fixes homebrew-tap CI audit failure.
Install goreleaser via go install in shellHook to get the latest version. The nixpkgs version (2.11.2) predates dockers_v2 support (requires 2.12+).
Run brew audit --cask on generated cask during snapshot builds to catch issues like unnecessary verified fields before they reach homebrew-tap. Uses macOS runner where Homebrew runs natively.
Validates .goreleaser.yml syntax on commit when the file is modified. Install with: npx lefthook install
jonshaffer
force-pushed
the
fix/homebrew-cask-audit-validation
branch
from
7ee9c47 to
b6b7852
Compare
Remove verified field from spec contract to match the actual .goreleaser.yml configuration.
Homebrew doesn't allow `brew audit [path]` - must use tap name. Create a local tap and audit by name instead.
Summary
verifiedfield from homebrew cask config (fixes homebrew-tap CI failure)brew audit --caskvalidation to CI release config check workflowgo installProblem
The homebrew-tap CI was failing because the generated
dsops.rbcask had an unnecessaryverifiedparameter. Theverifiedfield is only needed when the download URL domain differs from the homepage domain - since both usegithub.com/systmms/dsops, Homebrew audit flagged it as redundant.Solution
verifiedfield from.goreleaser.ymlbrew audit --caskto CI to catch these issues before they reach homebrew-tapTest plan
homebrew-cask-auditjob passes