fix(release): generate audit-clean Homebrew formula (#134)

The generated formula failed `brew audit --strict` with 5 problems: `version` declared after `license`, and `url`/`sha256` placed directly inside `on_macos`/`on_linux` (forbidden by FormulaAudit/ComponentsOrder). Order `version` before `license`, hoist `head`/`livecheck` above the platform blocks, and nest `url`/`sha256` in `on_arm`/`on_intel`. Add a `brew audit --strict --online` gate to the release workflow so a malformed formula can never be published again. Verified clean against v0.6.0. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 01:35:18 +02:00 · 2026-06-01 12:56:21 +01:00 · 2026-06-01 12:56:21 +01:00 · fab105bcce
commit fab105bcce
parent 353c0c876a
2 changed files with 27 additions and 13 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -121,6 +121,17 @@ jobs:
        run: |
          ./scripts/update-homebrew-formula.sh "${GITHUB_REF_NAME}" homebrew-tap/Formula/omnigraph.rb

+      - name: Audit generated formula
+        if: env.HOMEBREW_TAP_SKIP != '1'
+        run: |
+          # Audit the checked-out tap by name (brew audit rejects bare paths
+          # and needs tap context). Symlink the checkout into Homebrew's Taps
+          # tree so `modernrelay/tap/omnigraph` resolves to it.
+          tap_dir="$(brew --repository)/Library/Taps/modernrelay/homebrew-tap"
+          mkdir -p "$(dirname "$tap_dir")"
+          ln -sfn "$PWD/homebrew-tap" "$tap_dir"
+          brew audit --strict --online modernrelay/tap/omnigraph
+
      - name: Commit and push formula update
        if: env.HOMEBREW_TAP_SKIP != '1'
        working-directory: homebrew-tap