brew/Library/Homebrew/tap_auditor.rb

# typed: true # rubocop:todo Sorbet/StrictSigil
# frozen_string_literal: true

module Homebrew
  # Auditor for checking common violations in {Tap}s.
  class TapAuditor
    attr_reader :name, :path, :formula_names, :formula_aliases, :formula_renames, :cask_tokens,
                :tap_audit_exceptions, :tap_style_exceptions, :tap_pypi_formula_mappings, :problems

    sig { params(tap: Tap, strict: T.nilable(T::Boolean)).void }
    def initialize(tap, strict:)
      Homebrew.with_no_api_env do
        tap.clear_cache if Homebrew::EnvConfig.automatically_set_no_install_from_api?
        @name                      = tap.name
        @path                      = tap.path
        @tap_audit_exceptions      = tap.audit_exceptions
        @tap_style_exceptions      = tap.style_exceptions
        @tap_pypi_formula_mappings = tap.pypi_formula_mappings
        @tap_autobump              = tap.autobump
        @tap_official              = tap.official?
        @problems                  = []

        @cask_tokens = tap.cask_tokens.map do |cask_token|
          cask_token.split("/").last
        end
        @formula_aliases = tap.aliases.map do |formula_alias|
          formula_alias.split("/").last
        end
        @formula_renames = tap.formula_renames
        @formula_names = tap.formula_names.map do |formula_name|
          formula_name.split("/").last
        end
      end
    end

    sig { void }
    def audit
      audit_json_files
      audit_tap_formula_lists
      audit_aliases_renames_duplicates
    end

    sig { void }
    def audit_json_files
      json_patterns = Tap::HOMEBREW_TAP_JSON_FILES.map { |pattern| @path/pattern }
      Pathname.glob(json_patterns).each do |file|
        JSON.parse file.read
      rescue JSON::ParserError
        problem "#{file.to_s.delete_prefix("#{@path}/")} contains invalid JSON"
      end
    end

    sig { void }
    def audit_tap_formula_lists
      check_formula_list_directory "audit_exceptions", @tap_audit_exceptions
      check_formula_list_directory "style_exceptions", @tap_style_exceptions
      check_formula_list "pypi_formula_mappings", @tap_pypi_formula_mappings
      check_formula_list "formula_renames", @formula_renames.values
      check_formula_list ".github/autobump.txt", @tap_autobump unless @tap_official
    end

    sig { void }
    def audit_aliases_renames_duplicates
      duplicates = formula_aliases & formula_renames.keys
      return if duplicates.none?

      problem "The following should either be an alias or a rename, not both: #{duplicates.to_sentence}"
    end

    sig { params(message: String).void }
    def problem(message)
      @problems << ({ message:, location: nil, corrected: false })
    end

    private

    sig { params(list_file: String, list: T.untyped).void }
    def check_formula_list(list_file, list)
      list_file += ".json" if File.extname(list_file).empty?
      unless [Hash, Array].include? list.class
        problem <<~EOS
          #{list_file} should contain a JSON array
          of formula names or a JSON object mapping formula names to values
        EOS
        return
      end

      list = list.keys if list.is_a? Hash
      invalid_formulae_casks = list.select do |formula_or_cask_name|
        formula_names.exclude?(formula_or_cask_name) &&
          formula_aliases.exclude?(formula_or_cask_name) &&
          cask_tokens.exclude?(formula_or_cask_name)
      end

      return if invalid_formulae_casks.empty?

      problem <<~EOS
        #{list_file} references
        formulae or casks that are not found in the #{@name} tap.
        Invalid formulae or casks: #{invalid_formulae_casks.join(", ")}
      EOS
    end

    sig { params(directory_name: String, lists: Hash).void }
    def check_formula_list_directory(directory_name, lists)
      lists.each do |list_name, list|
        check_formula_list "#{directory_name}/#{list_name}", list
      end
    end
  end
end
rubocop: Use `Sorbet/StrictSigil` as it's better than comments - Previously I thought that comments were fine to discourage people from wasting their time trying to bump things that used `undef` that Sorbet didn't support. But RuboCop is better at this since it'll complain if the comments are unnecessary. - Suggested in https://github.com/Homebrew/brew/pull/18018#issuecomment-2283369501. - I've gone for a mixture of `rubocop:disable` for the files that can't be `typed: strict` (use of undef, required before everything else, etc) and `rubocop:todo` for everything else that should be tried to make strictly typed. There's no functional difference between the two as `rubocop:todo` is `rubocop:disable` with a different name. - And I entirely disabled the cop for the docs/ directory since `typed: strict` isn't going to gain us anything for some Markdown linting config files. - This means that now it's easier to track what needs to be done rather than relying on checklists of files in our big Sorbet issue: ```shell $ git grep 'typed: true # rubocop:todo Sorbet/StrictSigil' \| wc -l 268 ``` - And this is confirmed working for new files: ```shell $ git status On branch use-rubocop-for-sorbet-strict-sigils Untracked files: (use "git add <file>..." to include in what will be committed) Library/Homebrew/bad.rb Library/Homebrew/good.rb nothing added to commit but untracked files present (use "git add" to track) $ brew style Offenses: bad.rb:1:1: C: Sorbet/StrictSigil: Sorbet sigil should be at least strict got true. ^^^^^^^^^^^^^ 1340 files inspected, 1 offense detected ``` 2024-08-12 10:30:59 +01:00			`# typed: true # rubocop:todo Sorbet/StrictSigil`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00			`# frozen_string_literal: true`

			`module Homebrew`
Move auditor classes into separate files. 2020-11-18 10:25:12 +01:00			`# Auditor for checking common violations in {Tap}s.`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00			`class TapAuditor`
Audit taps for duplicates in aliases/renames. 2024-02-08 15:30:20 +01:00			`attr_reader :name, :path, :formula_names, :formula_aliases, :formula_renames, :cask_tokens,`
formula_auditor: create a versioned formula dependent conflict allowlist We have an audit that checks each formula's dependency tree for multiple versions of the same software. We have an allowlist that allows us to ignore this audit, but this allowlist requires each formula with a conflict in its dependency tree to be listed there. Here, I propose the reverse: if formula `foo` appears in the `versioned_formula_dependent_conflicts_allowlist`, then all its dependents will not fail the versioned dependencies conflict because of a conflict with formula `foo`. I'd like to do this in the case of `python`, where I think the versioned dependencies conflict check hurts us more than helps us. Versioned dependency conflicts are most problematic in the case of libraries with the same install name but incompatible ABIs. This is almost never a problem with Python: almost no formulae link with the Python framework on macOS (in part due to one of our audits that disallows Python framework linkage in Python modules). Moreover, the various Python frameworks that we ship have the version in the install name. The above _might_ be a problem on Linux, since we allow unrestricted linkage with `libpython`. However, we don't even check versioned conflicts on Linux, so we aren't as concerned about this in the first place. This is also a lot more convenient than adding the dependents of some Python formula one by one as they acquire conflicts due to changes in other formulae. I've also amended `tap_auditor` to allow the use of formula aliases in an allowlist, to allow us to add `python` to this allowlist instead of each individual versioned Python formula. See also discussion at Homebrew/homebrew-core#108307. 2022-08-18 15:27:23 +08:00			`:tap_audit_exceptions, :tap_style_exceptions, :tap_pypi_formula_mappings, :problems`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00
tap_auditor: widen type for constructor We don't always pass `--strict`. 2020-11-20 22:20:34 +11:00			`sig { params(tap: Tap, strict: T.nilable(T::Boolean)).void }`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00			`def initialize(tap, strict:)`
tap_auditor: fix API data getting mixed in 2023-07-04 16:08:47 +01:00			`Homebrew.with_no_api_env do`
tap_auditor: check renamed formula exists 2024-11-08 18:45:35 -05:00			`tap.clear_cache if Homebrew::EnvConfig.automatically_set_no_install_from_api?`
tap_auditor: fix API data getting mixed in 2023-07-04 16:08:47 +01:00			`@name = tap.name`
			`@path = tap.path`
			`@tap_audit_exceptions = tap.audit_exceptions`
			`@tap_style_exceptions = tap.style_exceptions`
			`@tap_pypi_formula_mappings = tap.pypi_formula_mappings`
tap_auditor: check formulae names in autobump.txt 2024-10-09 14:27:21 -04:00			`@tap_autobump = tap.autobump`
tap_auditor: do not audit `autobump.txt` in official taps Signed-off-by: botantony <antonsm21@gmail.com> 2025-04-29 22:38:14 +02:00			`@tap_official = tap.official?`
tap_auditor: fix API data getting mixed in 2023-07-04 16:08:47 +01:00			`@problems = []`
tap_auditor: use short names when checking exception lists 2021-08-20 02:35:17 -04:00
tap: CoreCaskTap#cask_tokens should always return short names This seems to be a bug with how we handle name shortening for the core cask tap. The core tap always returns short formula names and returning long names from the core cask tap when not using the API leads to unexpected behavior. Specifically this can trick the `brew untap` command into thinking that there aren't any installed casks in the core cask tap and that it can be removed even when that is not the case. One risk here is that the full names were used when caching descriptions so descriptions could be out of date for people in the short term though hopefully that's not the end of the world. 2024-03-09 17:02:34 -08:00			`@cask_tokens = tap.cask_tokens.map do \|cask_token\|`
			`cask_token.split("/").last`
			`end`
tap_auditor: fix API data getting mixed in 2023-07-04 16:08:47 +01:00			`@formula_aliases = tap.aliases.map do \|formula_alias\|`
			`formula_alias.split("/").last`
			`end`
Audit taps for duplicates in aliases/renames. 2024-02-08 15:30:20 +01:00			`@formula_renames = tap.formula_renames`
tap_auditor: fix API data getting mixed in 2023-07-04 16:08:47 +01:00			`@formula_names = tap.formula_names.map do \|formula_name\|`
			`formula_name.split("/").last`
			`end`
tap_auditor: use short names when checking exception lists 2021-08-20 02:35:17 -04:00			`end`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00			`end`

			`sig { void }`
			`def audit`
			`audit_json_files`
move pypi list to tap formula_lists directory 2020-11-20 00:55:21 -05:00			`audit_tap_formula_lists`
Audit taps for duplicates in aliases/renames. 2024-02-08 15:30:20 +01:00			`audit_aliases_renames_duplicates`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00			`end`

			`sig { void }`
			`def audit_json_files`
			`json_patterns = Tap::HOMEBREW_TAP_JSON_FILES.map { \|pattern\| @path/pattern }`
			`Pathname.glob(json_patterns).each do \|file\|`
			`JSON.parse file.read`
			`rescue JSON::ParserError`
			`problem "#{file.to_s.delete_prefix("#{@path}/")} contains invalid JSON"`
			`end`
			`end`

			`sig { void }`
move pypi list to tap formula_lists directory 2020-11-20 00:55:21 -05:00			`def audit_tap_formula_lists`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`check_formula_list_directory "audit_exceptions", @tap_audit_exceptions`
tap: add style_exceptions configuration 2020-11-27 01:23:07 -05:00			`check_formula_list_directory "style_exceptions", @tap_style_exceptions`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`check_formula_list "pypi_formula_mappings", @tap_pypi_formula_mappings`
tap_auditor: check renamed formula exists 2024-11-08 18:45:35 -05:00			`check_formula_list "formula_renames", @formula_renames.values`
tap_auditor: do not audit `autobump.txt` in official taps Signed-off-by: botantony <antonsm21@gmail.com> 2025-04-29 22:38:14 +02:00			`check_formula_list ".github/autobump.txt", @tap_autobump unless @tap_official`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`end`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00
Audit taps for duplicates in aliases/renames. 2024-02-08 15:30:20 +01:00			`sig { void }`
			`def audit_aliases_renames_duplicates`
			`duplicates = formula_aliases & formula_renames.keys`
			`return if duplicates.none?`

			`problem "The following should either be an alias or a rename, not both: #{duplicates.to_sentence}"`
			`end`

move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`sig { params(message: String).void }`
			`def problem(message)`
brew.rb: handle missing args. 2024-03-07 16:20:20 +00:00			`@problems << ({ message:, location: nil, corrected: false })`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`end`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`private`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`sig { params(list_file: String, list: T.untyped).void }`
			`def check_formula_list(list_file, list)`
tap_auditor: check formulae names in autobump.txt 2024-10-09 14:27:21 -04:00			`list_file += ".json" if File.extname(list_file).empty?`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`unless [Hash, Array].include? list.class`
			`problem <<~EOS`
tap_auditor: check formulae names in autobump.txt 2024-10-09 14:27:21 -04:00			`#{list_file} should contain a JSON array`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`of formula names or a JSON object mapping formula names to values`
			`EOS`
			`return`
			`end`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00
audit: migrate shared audits to taps 2020-12-21 12:53:12 -05:00			`list = list.keys if list.is_a? Hash`
audit: cleanup shared audit exception handling 2020-12-22 10:51:29 -05:00			`invalid_formulae_casks = list.select do \|formula_or_cask_name\|`
formula_auditor: create a versioned formula dependent conflict allowlist We have an audit that checks each formula's dependency tree for multiple versions of the same software. We have an allowlist that allows us to ignore this audit, but this allowlist requires each formula with a conflict in its dependency tree to be listed there. Here, I propose the reverse: if formula `foo` appears in the `versioned_formula_dependent_conflicts_allowlist`, then all its dependents will not fail the versioned dependencies conflict because of a conflict with formula `foo`. I'd like to do this in the case of `python`, where I think the versioned dependencies conflict check hurts us more than helps us. Versioned dependency conflicts are most problematic in the case of libraries with the same install name but incompatible ABIs. This is almost never a problem with Python: almost no formulae link with the Python framework on macOS (in part due to one of our audits that disallows Python framework linkage in Python modules). Moreover, the various Python frameworks that we ship have the version in the install name. The above _might_ be a problem on Linux, since we allow unrestricted linkage with `libpython`. However, we don't even check versioned conflicts on Linux, so we aren't as concerned about this in the first place. This is also a lot more convenient than adding the dependents of some Python formula one by one as they acquire conflicts due to changes in other formulae. I've also amended `tap_auditor` to allow the use of formula aliases in an allowlist, to allow us to add `python` to this allowlist instead of each individual versioned Python formula. See also discussion at Homebrew/homebrew-core#108307. 2022-08-18 15:27:23 +08:00			`formula_names.exclude?(formula_or_cask_name) &&`
			`formula_aliases.exclude?(formula_or_cask_name) &&`
tap: CoreCaskTap#cask_tokens should always return short names This seems to be a bug with how we handle name shortening for the core cask tap. The core tap always returns short formula names and returning long names from the core cask tap when not using the API leads to unexpected behavior. Specifically this can trick the `brew untap` command into thinking that there aren't any installed casks in the core cask tap and that it can be removed even when that is not the case. One risk here is that the full names were used when caching descriptions so descriptions could be out of date for people in the short term though hopefully that's not the end of the world. 2024-03-09 17:02:34 -08:00			`cask_tokens.exclude?(formula_or_cask_name)`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00			`end`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00
audit: cleanup shared audit exception handling 2020-12-22 10:51:29 -05:00			`return if invalid_formulae_casks.empty?`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00
			`problem <<~EOS`
tap_auditor: check formulae names in autobump.txt 2024-10-09 14:27:21 -04:00			`#{list_file} references`
audit: migrate shared audits to taps 2020-12-21 12:53:12 -05:00			`formulae or casks that are not found in the #{@name} tap.`
audit: cleanup shared audit exception handling 2020-12-22 10:51:29 -05:00			`Invalid formulae or casks: #{invalid_formulae_casks.join(", ")}`
move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`EOS`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00			`end`

move mapping from formula_lists to pypi_formula_mappings 2020-11-20 18:14:45 -05:00			`sig { params(directory_name: String, lists: Hash).void }`
			`def check_formula_list_directory(directory_name, lists)`
			`lists.each do \|list_name, list\|`
			`check_formula_list "#{directory_name}/#{list_name}", list`
			`end`
Move `TapAuditor` into separate file. 2020-11-18 10:05:23 +01:00			`end`
			`end`
			`end`