From 2bd74b42d07e371df810a9ee0e5f2cd0ce7ee94e Mon Sep 17 00:00:00 2001 From: Spencer Bryngelson Date: Thu, 2 Jul 2026 12:20:14 -0400 Subject: [PATCH 1/2] homebrew: fix new brew style offense, sync formula to v5.5.0, preserve tap bottles - Replace Formula["python@3.12"].opt_bin with formula_opt_bin("python@3.12"): Homebrew's new FormulaPathMethods cop (brew 2026-06-22) fails brew style on the old form, which broke Deploy Homebrew Tap and Homebrew Formula Test on the v5.5.0 release. - Bump the in-repo formula url/sha256 to v5.5.0 to match the tap, so the push-triggered tap deploy does not downgrade the tap back to v5.2.0. - Preserve the tap's existing bottle block in deploy-tap.yml when the release URL is unchanged, so formula-only pushes to master no longer delete bottles built for the current version. --- .github/workflows/deploy-tap.yml | 13 ++++++++++++- packaging/homebrew/mfc.rb | 6 +++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-tap.yml b/.github/workflows/deploy-tap.yml index 1779a1d42b..7a0660a2c6 100644 --- a/.github/workflows/deploy-tap.yml +++ b/.github/workflows/deploy-tap.yml @@ -112,8 +112,19 @@ jobs: - name: Copy formula and README into tap if: github.event_name != 'pull_request' run: | + set -euo pipefail mkdir -p tap-repo/Formula - cp packaging/homebrew/mfc.rb tap-repo/Formula/mfc.rb + # If the release URL is unchanged, keep the tap's existing bottle block so a + # formula-only push to master doesn't delete bottles already built for this version. + NEW_URL="$(grep -E '^ url ' packaging/homebrew/mfc.rb || true)" + OLD_URL="$(grep -E '^ url ' tap-repo/Formula/mfc.rb 2>/dev/null || true)" + if [[ -n "${NEW_URL}" && "${NEW_URL}" == "${OLD_URL}" ]] && grep -q '^ bottle do' tap-repo/Formula/mfc.rb; then + awk '/^ bottle do/,/^ end$/' tap-repo/Formula/mfc.rb > /tmp/bottle.block + awk '{ print } /^ head / { print ""; while ((getline line < "/tmp/bottle.block") > 0) print line }' \ + packaging/homebrew/mfc.rb > tap-repo/Formula/mfc.rb + else + cp packaging/homebrew/mfc.rb tap-repo/Formula/mfc.rb + fi cp packaging/homebrew/README.md tap-repo/README.md - name: Commit & push if changed diff --git a/packaging/homebrew/mfc.rb b/packaging/homebrew/mfc.rb index 4b0d714906..74465a805d 100644 --- a/packaging/homebrew/mfc.rb +++ b/packaging/homebrew/mfc.rb @@ -6,8 +6,8 @@ class Mfc < Formula desc "Exascale multiphase/multiphysics compressible flow solver" homepage "https://mflowcode.github.io/" - url "https://github.com/MFlowCode/MFC/archive/refs/tags/v5.2.0.tar.gz" - sha256 "aaee855302950cb6bd8497170a6737214ed9a47ad3d109258f5b27ee2b78fe3d" + url "https://github.com/MFlowCode/MFC/archive/refs/tags/v5.5.0.tar.gz" + sha256 "05499f28291654ee5cc7f4344c85b5b12707e43e8408e7a28b96e43020e42959" license "MIT" head "https://github.com/MFlowCode/MFC.git", branch: "master" @@ -28,7 +28,7 @@ class Mfc < Formula def install # Create Python virtual environment inside libexec (inside Cellar for proper bottling) venv = libexec/"venv" - system Formula["python@3.12"].opt_bin/"python3.12", "-m", "venv", venv + system formula_opt_bin("python@3.12")/"python3.12", "-m", "venv", venv system venv/"bin/pip", "install", "--upgrade", "pip", "setuptools", "wheel", "setuptools-scm", From 546ab12953591710de0bc3be87b2bf5b950c67f4 Mon Sep 17 00:00:00 2001 From: Spencer Bryngelson Date: Thu, 2 Jul 2026 12:32:51 -0400 Subject: [PATCH 2/2] deploy-tap: never downgrade the tap; drop redundant tag-event deploy - Push-to-master deploys previously copied the in-repo formula verbatim into the tap. Since homebrew-release.yml bumps the tap directly on releases, the repo copy lags behind and such a push would downgrade the tap and delete its bottles. The copy step now adopts the tap's url/sha256 whenever the tap pins a newer release, and the tap commit message uses the deployed version. - Remove the 'create' (tag) trigger: homebrew-release.yml already owns tag releases, so both workflows raced to push the tap on every tag, and this one put a strict brew audit on the release critical path (the v5.5.0 failure). Tag handling is kept for manual dispatch from a tag ref. --- .github/workflows/deploy-tap.yml | 55 ++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 21 deletions(-) diff --git a/.github/workflows/deploy-tap.yml b/.github/workflows/deploy-tap.yml index 7a0660a2c6..91a9e1223d 100644 --- a/.github/workflows/deploy-tap.yml +++ b/.github/workflows/deploy-tap.yml @@ -13,8 +13,7 @@ on: paths: - 'packaging/homebrew/mfc.rb' - 'packaging/homebrew/README.md' - # Deploy to tap when a tag is created (no paths filter on tag creation) - create: + # Note: tag releases are deployed to the tap by homebrew-release.yml, not here. workflow_dispatch: permissions: @@ -24,7 +23,6 @@ jobs: deploy-tap: name: Audit and deploy formula runs-on: macos-14 - if: github.event_name != 'create' || github.event.ref_type == 'tag' permissions: contents: write pull-requests: write @@ -44,12 +42,8 @@ jobs: EVENT_NAME="${{ github.event_name }}" REF_NAME="${{ github.ref_name }}" - if [[ "${EVENT_NAME}" == "create" ]]; then - # Tag creation event - VERSION="${REF_NAME#v}" - URL="https://github.com/${{ github.repository }}/archive/refs/tags/v${VERSION}.tar.gz" - elif [[ "${GITHUB_REF_TYPE:-}" == "tag" ]]; then - # Tag push event + if [[ "${GITHUB_REF_TYPE:-}" == "tag" ]]; then + # Manual dispatch from a tag ref VERSION="${REF_NAME#v}" URL="https://github.com/${{ github.repository }}/archive/refs/tags/v${VERSION}.tar.gz" else @@ -71,7 +65,7 @@ jobs: fi - name: Update formula (for tag events) - if: github.event_name == 'create' || github.ref_type == 'tag' + if: github.ref_type == 'tag' run: | /usr/bin/sed -i '' "s@^ url \".*\"@ url \"${{ steps.meta.outputs.url }}\"@" packaging/homebrew/mfc.rb /usr/bin/sed -i '' "s@^ sha256 \".*\"@ sha256 \"${{ steps.meta.outputs.sha256 }}\"@" packaging/homebrew/mfc.rb @@ -110,22 +104,41 @@ jobs: fi - name: Copy formula and README into tap + id: merge if: github.event_name != 'pull_request' run: | set -euo pipefail mkdir -p tap-repo/Formula - # If the release URL is unchanged, keep the tap's existing bottle block so a - # formula-only push to master doesn't delete bottles already built for this version. - NEW_URL="$(grep -E '^ url ' packaging/homebrew/mfc.rb || true)" - OLD_URL="$(grep -E '^ url ' tap-repo/Formula/mfc.rb 2>/dev/null || true)" - if [[ -n "${NEW_URL}" && "${NEW_URL}" == "${OLD_URL}" ]] && grep -q '^ bottle do' tap-repo/Formula/mfc.rb; then - awk '/^ bottle do/,/^ end$/' tap-repo/Formula/mfc.rb > /tmp/bottle.block - awk '{ print } /^ head / { print ""; while ((getline line < "/tmp/bottle.block") > 0) print line }' \ - packaging/homebrew/mfc.rb > tap-repo/Formula/mfc.rb - else - cp packaging/homebrew/mfc.rb tap-repo/Formula/mfc.rb + SRC=packaging/homebrew/mfc.rb + TAP=tap-repo/Formula/mfc.rb + get_ver() { grep -Eo '/archive/refs/tags/v[0-9]+\.[0-9]+\.[0-9]+\.tar\.gz' "$1" | head -n 1 | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+'; } + MERGED="$(mktemp)" + cp "${SRC}" "${MERGED}" + if [[ -f "${TAP}" ]]; then + SRC_VER="$(get_ver "${SRC}" || true)" + TAP_VER="$(get_ver "${TAP}" || true)" + # homebrew-release.yml bumps the tap directly on releases, so the in-repo + # formula can lag behind. Never downgrade: if the tap pins a newer release, + # keep the tap's url/sha256 while still syncing the rest of the formula. + if [[ -n "${SRC_VER}" && -n "${TAP_VER}" && "${SRC_VER}" != "${TAP_VER}" ]] \ + && [[ "$(printf '%s\n%s\n' "${SRC_VER}" "${TAP_VER}" | sort -V | tail -n 1)" == "${TAP_VER}" ]]; then + TAP_URL_LINE="$(grep -E '^ url ' "${TAP}")" + TAP_SHA_LINE="$(grep -E '^ sha256 "' "${TAP}" | head -n 1)" + awk -v url="${TAP_URL_LINE}" -v sha="${TAP_SHA_LINE}" \ + '/^ url / { print url; next } /^ sha256 "/ { print sha; next } { print }' \ + "${SRC}" > "${MERGED}" + fi + # If the pinned release is unchanged, keep the tap's existing bottle block so a + # formula-only push to master doesn't delete bottles already built for this version. + if [[ "$(grep -E '^ url ' "${MERGED}")" == "$(grep -E '^ url ' "${TAP}")" ]] && grep -q '^ bottle do' "${TAP}"; then + awk '/^ bottle do/,/^ end$/' "${TAP}" > /tmp/bottle.block + awk '{ print } /^ head / { print ""; while ((getline line < "/tmp/bottle.block") > 0) print line }' \ + "${MERGED}" > "${MERGED}.tmp" && mv "${MERGED}.tmp" "${MERGED}" + fi fi + mv "${MERGED}" "${TAP}" cp packaging/homebrew/README.md tap-repo/README.md + echo "version=$(get_ver "${TAP}" || true)" >> "$GITHUB_OUTPUT" - name: Commit & push if changed if: github.event_name != 'pull_request' @@ -139,6 +152,6 @@ jobs: exit 0 fi git -c user.name="github-actions[bot]" -c user.email="github-actions[bot]@users.noreply.github.com" \ - commit -m "mfc: v${{ steps.meta.outputs.version }}" + commit -m "mfc: v${{ steps.merge.outputs.version || steps.meta.outputs.version }}" git push origin HEAD:main