- move some things out of `extend` that don't really fit there e.g.
`Module`s that are included but not doing any
overriding/monkeypatching
- move some code into `extend/os` to fix all remaining
`rubocop:todo Homebrew/MoveToExtendOS`s
- remove some unneeded `bundle` skipper code that doesn't really make
sense given our current bottling strategy
- extract some `Pathname` extensions to `extend/pathname` for separate
files
- move a `ENV` `Kernel` extension into `kernel.rb`
- `odeprecate` a seemingly unused backwards compatibility method
- move `readline_nonblock` from a monkeypatch to a
`ReadlineNonblock.read` method as its only used in one place
- fix up a link in documentation
- Previously I thought that comments were fine to discourage people from
wasting their time trying to bump things that used `undef` that Sorbet
didn't support. But RuboCop is better at this since it'll complain if
the comments are unnecessary.
- Suggested in https://github.com/Homebrew/brew/pull/18018#issuecomment-2283369501.
- I've gone for a mixture of `rubocop:disable` for the files that can't
be `typed: strict` (use of undef, required before everything else, etc)
and `rubocop:todo` for everything else that should be tried to make
strictly typed. There's no functional difference between the two as
`rubocop:todo` is `rubocop:disable` with a different name.
- And I entirely disabled the cop for the docs/ directory since
`typed: strict` isn't going to gain us anything for some Markdown
linting config files.
- This means that now it's easier to track what needs to be done rather
than relying on checklists of files in our big Sorbet issue:
```shell
$ git grep 'typed: true # rubocop:todo Sorbet/StrictSigil' | wc -l
268
```
- And this is confirmed working for new files:
```shell
$ git status
On branch use-rubocop-for-sorbet-strict-sigils
Untracked files:
(use "git add <file>..." to include in what will be committed)
Library/Homebrew/bad.rb
Library/Homebrew/good.rb
nothing added to commit but untracked files present (use "git add" to track)
$ brew style
Offenses:
bad.rb:1:1: C: Sorbet/StrictSigil: Sorbet sigil should be at least strict got true.
^^^^^^^^^^^^^
1340 files inspected, 1 offense detected
```
- Remove/change data from bottle SBOM to avoid harming reproduciblity
- Add `schema_validation_errors` method to provide nicer test failures
- Add tests more tests for SBOM when bottling
- Cleanup SBOM tests to use more typical RSpec form and be DRYer
Avoid making bottles non-reproducible by ensuring that the Homebrew
version doesn't include the full commit hash but just a `-dev` suffix.
This is similar to the approach we use for analytics.
This breaks the possibility for some `:all` bottle creation if they
reference a non-`:all` bottle as a dependency.
Instead, omit this information in the bottle and generate it only at
install time.
- be a bit stricter with SBOM handling with the test default formula
flow in CI by making it raise errors if SBOM's aren't generated and
validated as expected
- fix handling of HEAD installations of formulae so SBOM generation is
both correct and doesn't raise errors
- make `Formula#bottle_hash` more accepting of edge cases e.g. HEAD-only
formulae without a stable spec
Fixes#17333
- Remove use of (unused) `Cachable` module.
- Pass whether we're bottling to determine whether to create
reproducible SBOM or not. A reproducible SBOM omits the time and
compiler.
- Remove bottle information when bottling: we cannot know what e.g.
the checksum (and, with GitHub Packages, therefore also the download
location) will be before we've created the tarball contents.
- Always write a bottle on installation (unless we're bottling) to
provide new bottle information or freshen the existing one with the
information we stripped out for reproducibility e.g. the time and
compiler.
- Don't need to handle a `nil` `@source_modified_time` as it's always
set.
Fixes#17281
- write a schema when installing formulae (if not already present)
- cache the schema on disk rather than downloading it every time
- make more methods/attributes `private`
- allow validation to be optional, only enable for Homebrew developers
at installation time
- use the tab for more, correct information
- ensure that dependencies/bottles are written correctly
- use new SBOM 3 schema URL
- improve test coverage
