Skip to content

Fix #938: Homebrew tap auto-bump on stable release#976

Merged
binaricat merged 1 commit into
mainfrom
ci/homebrew-tap-bump
May 13, 2026
Merged

Fix #938: Homebrew tap auto-bump on stable release#976
binaricat merged 1 commit into
mainfrom
ci/homebrew-tap-bump

Conversation

@binaricat
Copy link
Copy Markdown
Owner

@binaricat binaricat commented May 13, 2026

Summary

Closes #938.

Sets up a public Homebrew tap at binaricat/homebrew-netcatty and wires the release pipeline to push a fresh Cask on every stable release tag. After this lands, macOS users can install Netcatty with:

```bash
brew install binaricat/netcatty/netcatty
```

`brew upgrade` picks up new releases automatically — the Cask URL points at the same Developer ID signed + Apple notarized DMGs already published to this repo's GitHub Releases, so it's literally the same bits.

What's in this PR

  • `.github/scripts/bump-homebrew-cask.sh` — computes SHA-256 of the arm64 + x64 DMGs that the existing release job already downloaded, sed-patches the version + sha256 lines in the Cask, validates the result parses as Ruby, and pushes the bump. Idempotent on re-run when checksums already match.
  • `.github/workflows/build.yml` — new `homebrew-tap` job runs after the existing `release` job, on the same stable-tag gate that release uses. Prerelease tags (`v1.2.0-rc.1` etc.) are intentionally skipped so brew users stay on stable.

What's already done outside this PR

  • Tap repo binaricat/homebrew-netcatty is created and seeded with the v1.1.5 Cask (manual computation of checksums), so the tap works today.
  • `brew audit --new --cask` passes clean on the seeded Cask.
  • `brew install --cask --dry-run binaricat/netcatty/netcatty` resolves end-to-end.

What @binaricat needs to do before this is fully wired

Add a repo secret called `HOMEBREW_TAP_TOKEN` with a fine-grained PAT scoped to `contents:write` on `binaricat/homebrew-netcatty`. Until that secret exists the new job will fail fast at the env-var check with no side effects (no push attempted, no half-bumped Cask).

Test plan

  • `brew audit --new --cask binaricat/netcatty/netcatty` — clean
  • `brew tap binaricat/netcatty && brew install --cask --dry-run binaricat/netcatty/netcatty` — resolves
  • sed transforms verified in an Ubuntu 24.04 container (matches CI env) — patches version, arm sha256, intel sha256 without touching the unrelated `arch arm: ..., intel: ...` line
  • Real end-to-end: next stable tag push should auto-bump the tap. Will verify on the next release.

🤖 Generated with Claude Code

@binaricat @claude
ci: auto-bump Homebrew tap on stable release tags (#938)
0eb1011 
After the GitHub Release is published, push an updated Cask to
binaricat/homebrew-netcatty so `brew install binaricat/netcatty/netcatty`
stays current within minutes of the release. Stable tags only — prerelease
tags (v1.2.0-rc.1 etc.) are skipped to keep brew users on stable.

Implementation:
- New script .github/scripts/bump-homebrew-cask.sh computes SHA-256 of the
  arm64 + x64 DMGs already downloaded by the release job, sed-patches the
  Cask file in the tap repo, sanity-checks the result parses as Ruby, and
  pushes the bump. Idempotent on re-run when checksums match.
- New homebrew-tap job in build.yml runs after the release job on the same
  stable-tag gate, downloads the macOS artifact bundle, then runs the
  bump script with HOMEBREW_TAP_TOKEN.

Requires HOMEBREW_TAP_TOKEN secret with contents:write on
binaricat/homebrew-netcatty. With the secret missing the job will fail
fast at the env-var check with no side effects (no push attempted).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@binaricat binaricat merged commit 7da983a into main May 13, 2026
16 checks passed
@binaricat binaricat deleted the ci/homebrew-tap-bump branch May 13, 2026 07:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

support installation via homebrew

1 participant

@binaricat