Skip to content

Prepare for opt-in HOMEBREW_SBOM#22083

Open
MikeMcQuaid wants to merge 1 commit intomainfrom
homebrew-sbom-installation-requirement-planning
Open

Prepare for opt-in HOMEBREW_SBOM#22083
MikeMcQuaid wants to merge 1 commit intomainfrom
homebrew-sbom-installation-requirement-planning

Conversation

@MikeMcQuaid
Copy link
Copy Markdown
Member

@MikeMcQuaid MikeMcQuaid commented Apr 25, 2026

This functionality is not widely used and it's relatively slow. Let's make it an opt-in for those who need it in 5.2.0.

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you added an explanation of what your changes do and why you'd like us to include them? Performance claims (e.g. "this is faster") must include Hyperfine benchmarks.
  • Have you written new tests (excluding integration tests) for your changes? Here's an example.
  • Have you successfully run brew lgtm (style, typechecking and tests) with your changes locally?
  • AI was used to generate or assist with generating this PR. Please specify below how you used AI to help you, and what steps you have taken to manually verify the changes. Non-maintainers may only have one AI-assisted/generated PR open at a time.

OpenAI Codex with several rounds of local tweaking and review.

@MikeMcQuaid
env: stage SBOM install requirement
5070f44 
- document `HOMEBREW_SBOM` ahead of the 5.2.0 default change
- keep 5.1.x behaviour unchanged while `test-bot` exercises it
- leave release reminders where install-time SBOM work will tighten
Copilot AI review requested due to automatic review settings April 25, 2026 12:13
Copilot AI reviewed Apr 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Prepares Homebrew for making SBOM generation opt-in via a new HOMEBREW_SBOM environment variable, with early wiring for CI/test-bot and TODO markers for the upcoming behavior change in 5.2.0.

Changes:

  • Set HOMEBREW_SBOM=1 in brew test-bot’s environment.
  • Add HOMEBREW_SBOM to Homebrew::EnvConfig::ENVS (documented as a no-op until 5.2.0).
  • Add 5.2.0 TODO/odeprecated notes around SBOM requiring/lazy-loading in FormulaInstaller.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
Library/Homebrew/test_bot.rb Forces HOMEBREW_SBOM in the test-bot environment.
Library/Homebrew/formula_installer.rb Adds TODO notes indicating future gating/lazy-loading for SBOM.
Library/Homebrew/env_config.rb Documents a new HOMEBREW_SBOM boolean env var in EnvConfig.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Library/Homebrew/env_config.rb
Comment thread Library/Homebrew/formula_installer.rb
Comment thread Library/Homebrew/test_bot.rb
@MikeMcQuaid MikeMcQuaid enabled auto-merge April 25, 2026 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MikeMcQuaid