fix: docker references and test (#59)

* fix: docker references and test

* test

* test

* test

* test

* fix: test

* fix: test

* fix: test

* fix: test

* fix: checksum calculation, docker image, test

* fix: path

* fix: install curl

* fix: dockerfile

* fix: test

* fix: path to app

* fix: dockerfile

* test

* test

* test

* test

* test

* test

* test

* test

* remove sleep

* fix: error output

* fix: all

* docs: update info on README

* docs: fix readme

Author: Justintime50

.github/workflows/build.yml

@@ -4,6 +4,7 @@ on:
   push:
     paths:
       - '.github/workflows/build.yml'
+      - 'Dockerfile'
       - '**/*.py'
     branches:
       - '**'
@@ -12,6 +13,7 @@ on:
   pull_request:
     paths:
       - '.github/workflows/build.yml'
+      - 'Dockerfile'
       - '**/*.py'
   workflow_dispatch: ~
 
@@ -49,11 +51,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.13'
-      - name: Build Docker image
-        run: docker build . -t justintime50/homebrew-releaser
+      - name: Build and run Docker image
+        run: |
+          docker build . -t justintime50/homebrew-releaser
+          docker run --workdir /github/workspace \
+            -e INPUT_SKIP_COMMIT=true \
+            -e INPUT_DEBUG=true \
+            -e GITHUB_REPOSITORY=justintime50/homebrew-releaser \
+            -e INPUT_HOMEBREW_OWNER=justintime50 \
+            -e INPUT_HOMEBREW_TAP=homebrew-formulas \
+            -e INPUT_GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
+            -e INPUT_INSTALL=virtualenv_install_with_resources \
+            -e INPUT_FORMULA_INCLUDES="include Language::Python::Virtualenv" \
+            -e INPUT_UPDATE_PYTHON_RESOURCES=true \
+            justintime50/homebrew-releaser
   coverage:
     if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest

CHANGELOG.md

@@ -1,11 +1,16 @@
 # CHANGELOG
 
-## v2.1.1 (2025-06-13)
+## v2.1.1 (2025-06-14)
 
-- Fixes Dockerfile references so Python/Git can access what it needs
+- Corrects Python references in Dockerfile
+- Uses `/tmp` as working directory due to permissioning issues
+- Drop `shasum` dependency and calculate checksums from inside Python
+- Bumps `TIMEOUT` from 60 to 300 seconds for larger projects (downloading Python packages can take some time)
 
 ## v2.1.0 (2025-06-10)
 
+> DO NOT use this image as it cannot build properly.
+
 - Changes Docker image from `python3.13` to `brew` allowing us to use all brew tools during builds
 - Adds `update_python_resources` so Python formula can update their required resources
 - Bumps `TIMEOUT` from 30 to 60 seconds for larger projects

Dockerfile

@@ -4,7 +4,7 @@ COPY --chown=linuxbrew:linuxbrew homebrew_releaser homebrew_releaser
 COPY --chown=linuxbrew:linuxbrew setup.py setup.py
 
 RUN brew install python@3.13 \
-    && python3 -m venv venv \
-    && venv/bin/pip install .
+    && python3 -m venv /home/linuxbrew/venv \
+    && /home/linuxbrew/venv/bin/pip install .
 
-ENTRYPOINT [ "venv/bin/python3", "homebrew_releaser/app.py" ]
+ENTRYPOINT [ "/home/linuxbrew/venv/bin/python3", "/home/linuxbrew/homebrew_releaser/app.py" ]

README.md

@@ -95,6 +95,7 @@ jobs:
 
           # Run 'brew update-python-resources' on the formula to add Python resources.
           # Docs: https://docs.brew.sh/Python-for-Formula-Authors#python-declarations-for-applications
+          # NOTE: This only works with public repositories currently and must be done manually if for a private repo.
           # Default is shown - boolean
           update_python_resources: false
 
@@ -143,13 +144,46 @@ jobs:
           debug: false
 ```
 
+#### Python
+
+To release a Python package using Homebrew Releaser, one may setup their workflow like so:
+
+```yml
+on:
+  push:
+
+jobs:
+  homebrew-releaser:
+    runs-on: ubuntu-latest
+    name: homebrew-releaser
+    steps:
+      - name: Release my project to my Homebrew tap
+        uses: Justintime50/homebrew-releaser@v2
+        with:
+          homebrew_owner: Justintime50
+          homebrew_tap: homebrew-formulas
+          github_token: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
+          commit_owner: homebrew-releaser
+          commit_email: homebrew-releaser@example.com
+
+          # Python specific variables
+          depends_on: 'python@3.y'
+          install: 'virtualenv_install_with_resources'
+          formula_includes: 'include Language::Python::Virtualenv'
+          update_python_resources: true
+```
+
 ## Development
 
 ```sh
 # Get a comprehensive list of development tools
 just --list
 ```
 
+### Docker & GitHub Actions Setup
+
+We have to play a balancing game of using Homebrew (cannot be root) and writing various files to use Homebrew Releaser (must be root or have write access), to get around this we setup and install everything using a `linuxbrew` user and directory but then everything afterwards (git clone, writing files, etc) occur inside of `/tmp`. This is an unfortunate but required path to take since using the official Python Docker image won't let us use Brew and have write access while using the Brew image gets us Homebrew but we cannot write in the normal directory. Thus we hack it a bit and just play inside of `/tmp`.
+
 ### Run Manually via Docker
 
 Homebrew Releaser does not clean up artifacts after completing since the temporary Docker image on GitHub Actions will be discarded anyway.

docker-compose.yml

@@ -2,6 +2,8 @@ services:
   homebrew-releaser:
     container_name: homebrew-releaser
     build: .
+    # Mimicks the GitHub Actions environment
+    working_dir: /github/workspace
     environment:
       # Env vars that should be `false` should be left empty
       - GITHUB_REPOSITORY=username/repo

homebrew_releaser/app.py

@@ -131,7 +131,7 @@ def run_github_action():
                     # For REST API requests, we should not stream archive file, but it is fine for browser URLs
                     stream = False if archive_url.find("api.github.com") != -1 else True
                     downloaded_filename = App.download_archive(download_url, stream)
-                    checksum = Checksum.get_checksum(downloaded_filename)
+                    checksum = Checksum.calculate_checksum(downloaded_filename)
                     archive_filename = Utils.get_filename_from_path(archive_url)
                     archive_checksum_entries += f'{checksum} {archive_filename}\n'
                     checksums.append(
@@ -165,7 +165,7 @@ def run_github_action():
         )
 
         formula_filename = f'{repository["name"]}.rb'
-        formula_dir = os.path.join(HOMEBREW_TAP, FORMULA_FOLDER)
+        formula_dir = Utils.get_working_dir(os.path.join(HOMEBREW_TAP, FORMULA_FOLDER))
         formula_filepath = os.path.join(formula_dir, formula_filename)
         Utils.write_file(formula_filepath, template, 'w')
 
@@ -185,7 +185,7 @@ def run_github_action():
         else:
             logger.debug('Skipping update to project README.')
 
-        # Although users can skip a commit, still commit (and don't push) to dry-run a commit
+        # Although users can skip a commit, still commit (but don't push) to dry-run the commit for debugging purposes
         Git.add(HOMEBREW_TAP)
         Git.commit(HOMEBREW_TAP, GITHUB_REPO, version)
 

homebrew_releaser/checksum.py

@@ -1,4 +1,4 @@
-import subprocess  # nosec
+import hashlib
 from typing import Any
 
 import requests
@@ -12,28 +12,20 @@
     LOGGER_NAME,
     TIMEOUT,
 )
+from homebrew_releaser.utils import Utils
 
 
 class Checksum:
     @staticmethod
-    def get_checksum(tar_filepath: str) -> str:
+    def calculate_checksum(tar_filepath: str) -> str:
         """Gets the checksum of a file."""
         logger = woodchips.get(LOGGER_NAME)
 
         try:
-            command = ['shasum', '-a', '256', tar_filepath]
-            output = subprocess.check_output(  # nosec
-                command,
-                stdin=None,
-                stderr=None,
-                timeout=TIMEOUT,
-            )
-            checksum = output.decode().split()[0]
-            checksum_filename = output.decode().split()[1]
-            logger.debug(f'Checksum for {checksum_filename} generated successfully: {checksum}')
-        except subprocess.TimeoutExpired as error:
-            raise SystemExit(error)
-        except subprocess.CalledProcessError as error:
+            with open(Utils.get_working_dir(tar_filepath), "rb") as content:
+                checksum = hashlib.sha256(content.read()).hexdigest()
+            logger.debug(f'Checksum for {tar_filepath} generated successfully: {checksum}')
+        except Exception as error:
             raise SystemExit(error)
 
         return checksum
@@ -45,7 +37,7 @@ def upload_checksum_file(latest_release: dict[str, Any]):
 
         latest_release_id = latest_release['id']
 
-        with open(CHECKSUM_FILE, 'rb') as filename:
+        with open(Utils.get_working_dir(CHECKSUM_FILE), 'rb') as filename:
             checksum_file_content = filename.read()
 
         upload_url = f'https://uploads.github.com/repos/{GITHUB_OWNER}/{GITHUB_REPO}/releases/{latest_release_id}/assets?name={CHECKSUM_FILE}'  # noqa

homebrew_releaser/constants.py

@@ -20,13 +20,14 @@
 
 # App Constants
 LOGGER_NAME = 'homebrew-releaser'
-TIMEOUT = 60
+TIMEOUT = 300
 GITHUB_HEADERS = {
     'Accept': 'application/vnd.github.v3+json',
     'Agent': 'Homebrew Releaser',
     'Authorization': f'Bearer {GITHUB_TOKEN}',
 }
 CHECKSUM_FILE = 'checksum.txt'
+WORKING_DIR = '/tmp/homebrew-releaser'  # nosec
 
 # Formula Constants
 ARTICLES = {

homebrew_releaser/formula.py

@@ -282,16 +282,17 @@ def update_python_resources(formula_dir: str, formula_filename: str) -> None:
             raise SystemExit("brew not found in PATH")
 
         try:
-            logger.info(f'Running brew update-python-resources for {formula_filename}...')
             subprocess.check_output(
                 f'cd {formula_dir} && {brew_path} update-python-resources {formula_filename}',
                 stderr=subprocess.STDOUT,
                 text=True,
                 timeout=TIMEOUT,
                 shell=True,  # nosec
             )
-            logger.info(f'Successfully updated Python resources for {formula_filename}')
-        except subprocess.TimeoutExpired as e:
-            raise SystemExit from e
+            logger.info('Updated Python resources successfully.')
+        except subprocess.TimeoutExpired:
+            raise SystemExit('Timed out updating Python resources')
         except subprocess.CalledProcessError as e:
-            raise SystemExit(f'An error occurred while updating Python resources: {e}') from e
+            error_output = e.output if hasattr(e, "output") else ""
+
+            raise SystemExit(f"An error occurred while updating Python resources: {error_output}")

homebrew_releaser/git.py

@@ -8,6 +8,7 @@
     LOGGER_NAME,
     TIMEOUT,
 )
+from homebrew_releaser.utils import Utils
 
 
 class Git:
@@ -28,9 +29,10 @@ def setup(commit_owner: str, commit_email: str, homebrew_owner: str, homebrew_ta
                 'clone',
                 '--depth=1',
                 f'https://x-access-token:{GITHUB_TOKEN}@github.com/{homebrew_owner}/{homebrew_tap}.git',
+                Utils.get_working_dir(homebrew_tap),
             ],
-            ['git', '-C', homebrew_tap, 'config', 'user.name', f'"{commit_owner}"'],
-            ['git', '-C', homebrew_tap, 'config', 'user.email', commit_email],
+            ['git', '-C', Utils.get_working_dir(homebrew_tap), 'config', 'user.name', f'"{commit_owner}"'],
+            ['git', '-C', Utils.get_working_dir(homebrew_tap), 'config', 'user.email', commit_email],
         ]
 
         for command in commands:
@@ -41,22 +43,22 @@ def setup(commit_owner: str, commit_email: str, homebrew_owner: str, homebrew_ta
     @staticmethod
     def add(homebrew_tap: str):
         """Adds assets to a git commit."""
-        command = ['git', '-C', homebrew_tap, 'add', '.']
+        command = ['git', '-C', Utils.get_working_dir(homebrew_tap), 'add', '.']
         Git._run_git_subprocess(command, 'Assets added to git commit successfully.')
 
     @staticmethod
     def commit(homebrew_tap: str, repo_name: str, version: str):
         """Commits assets to the Homebrew tap (repo)."""
         # fmt: off
-        command = ['git', '-C', homebrew_tap, 'commit', '-m', f'chore: brew formula update for {repo_name} {version}']  # noqa
+        command = ['git', '-C', Utils.get_working_dir(homebrew_tap), 'commit', '-m', f'chore: brew formula update for {repo_name} {version}']  # noqa
         # fmt: on
         Git._run_git_subprocess(command, 'Assets committed successfully.')
 
     @staticmethod
     def push(homebrew_tap: str, homebrew_owner: str):
         """Pushes assets to the remote Homebrew tap (repo)."""
         # fmt: off
-        command = ['git', '-C', homebrew_tap, 'push', f'https://x-access-token:{GITHUB_TOKEN}@github.com/{homebrew_owner}/{homebrew_tap}.git']  # noqa
+        command = ['git', '-C', Utils.get_working_dir(homebrew_tap), 'push', f'https://x-access-token:{GITHUB_TOKEN}@github.com/{homebrew_owner}/{homebrew_tap}.git']  # noqa
         # fmt: on
         Git._run_git_subprocess(command, f'Assets pushed successfully to {homebrew_tap}.')