From 096cc701397f02767aa42747a290ee5d6ffe09cf Mon Sep 17 00:00:00 2001 From: ulmentflam Date: Wed, 27 May 2026 19:48:02 -0400 Subject: [PATCH] packaging: fix Homebrew formula audit (dep order + resource name) The brew-bump release job copies packaging/distribution/autosentry.rb to the tap and rewrites url/sha256, so any FormulaAudit issue in this template re-breaks the tap's `brew test-bot --only-tap-syntax` on every release. The v0.7.4 bump did exactly that, reverting the tap's hand-fixes. Fix at the source: - autosentry.rb: order `rust` (build) before `python@3.13` (normal) per FormulaAudit/DependencyOrder; rename `resource "ruamel.yaml"` -> `"ruamel-yaml"` to match the normalized PyPI name. - gen_resources.py: emit PEP 503-normalized resource names (lowercase, [-_.]+ -> "-") so regeneration can't reintroduce names like "ruamel.yaml". Co-Authored-By: Claude Opus 4.7 (1M context) --- packaging/distribution/autosentry.rb | 5 +++-- packaging/distribution/gen_resources.py | 10 ++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/packaging/distribution/autosentry.rb b/packaging/distribution/autosentry.rb index 19573d4..fed4110 100644 --- a/packaging/distribution/autosentry.rb +++ b/packaging/distribution/autosentry.rb @@ -23,8 +23,9 @@ class Autosentry < Formula license "Apache-2.0" head "https://github.com/ulmentflam/autosentry.git", branch: "main" - depends_on "python@3.13" + # Ordered build > normal to satisfy FormulaAudit/DependencyOrder. depends_on "rust" => :build # pydantic-core compiles from sdist via maturin/cargo + depends_on "python@3.13" resource "annotated-doc" do url "https://files.pythonhosted.org/packages/57/ba/046ceea27344560984e26a590f90bc7f4a75b06701f653222458922b558c/annotated_doc-0.0.4.tar.gz" @@ -66,7 +67,7 @@ class Autosentry < Formula sha256 "edd07a4824c6b40189fb7ac9bc4c52536e9780fbbfbddf6f1e2502c31b068c36" end - resource "ruamel.yaml" do + resource "ruamel-yaml" do url "https://files.pythonhosted.org/packages/c7/3b/ebda527b56beb90cb7652cb1c7e4f91f48649fbcd8d2eb2fb6e77cd3329b/ruamel_yaml-0.19.1.tar.gz" sha256 "53eb66cd27849eff968ebf8f0bf61f46cdac2da1d1f3576dd4ccee9b25c31993" end diff --git a/packaging/distribution/gen_resources.py b/packaging/distribution/gen_resources.py index ef5445a..e265a25 100644 --- a/packaging/distribution/gen_resources.py +++ b/packaging/distribution/gen_resources.py @@ -16,6 +16,7 @@ from __future__ import annotations import json +import re import subprocess import sys import urllib.request @@ -86,8 +87,13 @@ def main() -> None: blocks: list[tuple[str, str]] = [] for name, version in resolved: canonical, url, sha = sdist(name, version) - block = f' resource "{canonical}" do\n url "{url}"\n sha256 "{sha}"\n end' - blocks.append((canonical.lower(), block)) + # Normalize the resource name to its PEP 503 form (lowercase, runs of + # [-_.] collapsed to a single "-"). brew audit requires the `resource` + # name to match the normalized PyPI name, e.g. "ruamel.yaml" -> + # "ruamel-yaml", "Pygments" -> "pygments". URL/sha256 are unaffected. + res_name = re.sub(r"[-_.]+", "-", canonical).lower() + block = f' resource "{res_name}" do\n url "{url}"\n sha256 "{sha}"\n end' + blocks.append((res_name, block)) for _, block in sorted(blocks): print(block)