Skip to content

refactor(release): simplify Homebrew tap update workflow#8

Merged
Pierozi merged 16 commits into
mainfrom
feature/release-workflow
Jan 28, 2026
Merged

refactor(release): simplify Homebrew tap update workflow#8
Pierozi merged 16 commits into
mainfrom
feature/release-workflow

Conversation

@Pierozi
Copy link
Copy Markdown
Contributor

@Pierozi Pierozi commented Jan 28, 2026
edited
Loading

Summary

  • Replace manual SHA256 calculation with mislav/bump-homebrew-formula-action@v3 for reliable automation
  • Eliminates race condition when waiting for GitHub release tarballs to become available
  • Remove fragile sed-based formula updates and custom git logic
  • Remove now-obsolete Homebrew tap specification documentation

Test plan

  • Verify release workflow passes all validation and security gates
  • Confirm formula updates work on next release with proper SHA256 and version
  • Test that Homebrew formula can be installed successfully

Pierozi added 16 commits January 28, 2026 13:19
@Pierozi
task(1): Create git-cliff changelog configuration
5dd2a15
@Pierozi
task(2): Create release workflow with version validation
e9b77c4
@Pierozi
task(3): Add security checks to release workflow
bfc5c46
@Pierozi
task(4): Add version bump and changelog generation steps
370b965
@Pierozi
task(5): Add release binary build steps for both architectures
8d59589
@Pierozi
task(6): Add GitHub release creation with artifact upload
b4e6ba7
@Pierozi
task(7): Add Homebrew tap update step with SHA256 calculation
2a8218a
@Pierozi
task(8): Validate workflow with actionlint
e0f8231
@Pierozi
review: final validation and fixes
c9b63d4
@Pierozi
fix: address code review findings
87edc37 
- Update actions/checkout from v4 to v6 for consistency with QA workflow
- Add fail-fast: false to matrix build strategy
- Add restore-keys for cache fallback on partial hits
- Fix documentation: .yml -> .yaml extension
@Pierozi
docs(trace): document system-wide violation display limitation
72ee3fb 
Add clarification that --trace shows violations from all sandboxed processes
on the system, not just the current session, due to macOS sandbox logging
limitations. Update both README and code documentation.
@Pierozi
refactor(release): simplify Homebrew tap update with mislav action
24ba2f2 
- Replace custom SHA256/sed logic with mislav/bump-homebrew-formula-action@v3
- Eliminates race condition and retry complexity
- Improve reliability with battle-tested automation
- Use GitHub App token for secure authentication
@Pierozi
docs: remove homebrew tap specification
e03daca 
This specification documented manual tap update procedures. The release
workflow now uses mislav/bump-homebrew-formula-action which automates all
formula updates, making this documentation redundant.
@Pierozi
test(release): temporarily push to feature branch for testing
e3f3107
@Pierozi
perf(workflows): cache cargo-audit and cargo-deny binaries
bba7b68 
- Add actions/cache@v4 for ~/.cargo/bin/cargo-audit (key: cargo-audit-0.21)
- Add actions/cache@v4 for ~/.cargo/bin/cargo-deny (key: cargo-deny-0.18)
- Skip installation steps on cache hit
- Reduces security-audit and dependency-check job times from 5 min to ~2 sec
- Revert temporary test branch push to main
@Pierozi
fix(workflows): use cargo subcommand syntax for audit and deny
a72ed63
@Pierozi Pierozi merged commit 4d9a296 into main Jan 28, 2026
5 of 6 checks passed
@Pierozi Pierozi deleted the feature/release-workflow branch January 28, 2026 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Pierozi