Skip to content

v0.2.5 — CLI --help, hardened self-updater, static-analysis floor

Choose a tag to compare

View all tags
@sharkyger sharkyger released this 10 Jun 22:10
· 7 commits to main since this release
v0.2.5
This tag was signed with the committer’s verified signature.
sharkyger Sharky
GPG key ID: 57D49112BE969A80
Verified
Learn about vigilant mode.
defb750
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

brew-safe-upgrade v0.2.5

User-facing CLI help, a hardened self-updater, and a static-analysis floor.

Added

  • --help / -h for all three commands (brew safe-upgrade, brew safe-install, brew safe-update) — a synopsis, flag listing, and examples, printed even on a partially-installed tree. Closes #66 (thanks @aleksandrs-ledovskis for the request).

Changed

  • The self-updater (brew-safe-update) now matches install.sh's supply-chain hardening: it updates to the latest published release tag (never a moving branch) and verifies every file against that release's SHA256SUMS manifest before an atomic, fail-closed swap — including the fresh updater it re-execs, verified before it takes over. Both curl-fetch routes now share one pin-and-verify path.
  • Quieter brew update step — Homebrew's own harmless description-cache backtrace is filtered out; real warnings/errors still show.

Tooling

  • Added mypy, shfmt, markdownlint, an assertive CodeRabbit profile, and a pre-commit config wrapping the lint floor — all enforced in CI.

Docs

  • The README install section now leads with the Homebrew tap one-liner (brew install sharkyger/tap/safe-upgrade); the script install route is the documented secondary path.

Install / upgrade

brew install sharkyger/tap/safe-upgrade      # new install
brew update && brew upgrade safe-upgrade     # tap upgrade

Contributors

aleksandrs-ledovskis
Assets 2
Loading