Refactor: Store SHA256 checksums in BuildArchPath

Instead of parsing the checksums file in the publish command,
store SHA256 values directly in BuildArchPath during the release
step. This makes the checksum data available programmatically
and avoids fragile file parsing.

- Add SHA256 field to BuildArchPath struct
- Update CreateChecksumLines to return ChecksumResult with map
- Update release command to populate SHA256 in ArchsCompiled
- Simplify publish command to use archPath.SHA256 directly

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: bep

cmd/publishcmd/publish.go

@@ -164,38 +164,32 @@ func (p *Publisher) updateHomebrewCask(
 	version := strings.TrimPrefix(p.core.Tag, "v")
 
 	// Find the first .pkg archive matching the path pattern.
-	pkgFilename, err := p.findPkgArchive(release, caskSettings)
+	pkgInfo, err := p.findPkgArchive(release, caskSettings)
 	if err != nil {
 		return err
 	}
 
-	logCtx.WithField("pkg", pkgFilename).Log(logg.String("Found pkg archive"))
-
-	// Get SHA256 from checksums file.
-	sha256, err := p.getSHA256ForFile(pkgFilename)
-	if err != nil {
-		return fmt.Errorf("failed to get SHA256 for %s: %v", pkgFilename, err)
-	}
+	logCtx.WithField("pkg", pkgInfo.Name).Log(logg.String("Found pkg archive"))
 
 	// Build download URL.
 	downloadURL := fmt.Sprintf(
 		"https://github.com/%s/%s/releases/download/%s/%s",
 		releaseSettings.RepositoryOwner,
 		releaseSettings.Repository,
 		p.core.Tag,
-		pkgFilename,
+		pkgInfo.Name,
 	)
 
 	// Build cask context.
 	caskCtx := HomebrewCaskContext{
 		Name:             caskSettings.Name,
 		DisplayName:      p.core.Config.Project,
 		Version:          version,
-		SHA256:           sha256,
+		SHA256:           pkgInfo.SHA256,
 		URL:              downloadURL,
 		Description:      caskSettings.Description,
 		Homepage:         caskSettings.Homepage,
-		PkgFilename:      pkgFilename,
+		PkgFilename:      pkgInfo.Name,
 		BundleIdentifier: caskSettings.BundleIdentifier,
 	}
 
@@ -253,8 +247,14 @@ func (p *Publisher) updateHomebrewCask(
 	return nil
 }
 
+// pkgArchiveInfo contains information about a .pkg archive.
+type pkgArchiveInfo struct {
+	Name   string
+	SHA256 string
+}
+
 // findPkgArchive finds the first .pkg archive for darwin matching the path pattern.
-func (p *Publisher) findPkgArchive(release config.Release, caskSettings config.HomebrewCaskSettings) (string, error) {
+func (p *Publisher) findPkgArchive(release config.Release, caskSettings config.HomebrewCaskSettings) (pkgArchiveInfo, error) {
 	pathMatcher := caskSettings.PathCompiled
 
 	for _, archPath := range release.ArchsCompiled {
@@ -270,51 +270,12 @@ func (p *Publisher) findPkgArchive(release config.Release, caskSettings config.H
 
 		// Check if it's a .pkg file.
 		if strings.HasSuffix(archPath.Name, ".pkg") {
-			return archPath.Name, nil
-		}
-	}
-
-	return "", fmt.Errorf("no .pkg archive found for darwin matching path pattern %q", caskSettings.Path)
-}
-
-// getSHA256ForFile extracts the SHA256 checksum for a specific file from the checksums file.
-func (p *Publisher) getSHA256ForFile(filename string) (string, error) {
-	// Find the release directory.
-	release := p.core.Config.Releases[0]
-	releaseDir := filepath.Join(
-		p.core.DistDir,
-		p.core.Config.Project,
-		p.core.Tag,
-		p.core.DistRootReleases,
-		filepath.FromSlash(release.Path),
-	)
-
-	// Checksums filename follows the pattern from releasecmd.
-	checksumFilename := fmt.Sprintf("%s_%s_checksums.txt",
-		p.core.Config.Project,
-		strings.TrimPrefix(p.core.Tag, "v"),
-	)
-	checksumPath := filepath.Join(releaseDir, checksumFilename)
-
-	content, err := os.ReadFile(checksumPath)
-	if err != nil {
-		return "", fmt.Errorf("failed to read checksums file %s: %v", checksumPath, err)
-	}
-
-	// Parse checksums file (format: "sha256  filename").
-	for _, line := range strings.Split(string(content), "\n") {
-		line = strings.TrimSpace(line)
-		if line == "" {
-			continue
-		}
-		parts := strings.SplitN(line, "  ", 2)
-		if len(parts) != 2 {
-			continue
-		}
-		if parts[1] == filename {
-			return parts[0], nil
+			return pkgArchiveInfo{
+				Name:   archPath.Name,
+				SHA256: archPath.SHA256,
+			}, nil
 		}
 	}
 
-	return "", fmt.Errorf("checksum not found for file %s in %s", filename, checksumPath)
+	return pkgArchiveInfo{}, fmt.Errorf("no .pkg archive found for darwin matching path pattern %q", caskSettings.Path)
 }

cmd/releasecmd/release.go

@@ -118,13 +118,16 @@ func (b *Releaser) Exec(ctx context.Context, args []string) error {
 	logCtx := b.infoLog.WithFields(logFields)
 
 	logCtx.Log(logg.String("Finding releases"))
-	releaseMatches := b.core.Config.FindReleases(b.core.PathsReleasesCompiled)
 
-	for _, release := range releaseMatches {
+	// Iterate over the original releases slice so we can update SHA256 checksums.
+	for i := range b.core.Config.Releases {
+		release := &b.core.Config.Releases[i]
+		if b.core.PathsReleasesCompiled != nil && !b.core.PathsReleasesCompiled.Match(release.Path) {
+			continue
+		}
 		if err := b.handleRelease(ctx, logCtx, release); err != nil {
 			return err
 		}
-
 	}
 
 	return nil
@@ -138,7 +141,7 @@ type releaseContext struct {
 	Info       releases.ReleaseInfo
 }
 
-func (b *Releaser) handleRelease(ctx context.Context, logCtx logg.LevelLogger, release config.Release) error {
+func (b *Releaser) handleRelease(ctx context.Context, logCtx logg.LevelLogger, release *config.Release) error {
 	releaseDir := filepath.Join(
 		b.core.DistDir,
 		b.core.Config.Project,
@@ -209,11 +212,18 @@ func (b *Releaser) handleRelease(ctx context.Context, logCtx logg.LevelLogger, r
 
 	if len(archiveFilenames) > 0 {
 
-		checksumFilename, err := b.generateChecksumTxt(rctx, archiveFilenames...)
+		checksumFilename, checksums, err := b.generateChecksumTxt(rctx, archiveFilenames...)
 		if err != nil {
 			return err
 		}
 
+		// Store SHA256 checksums in the ArchsCompiled for use by the publish command.
+		for i := range release.ArchsCompiled {
+			if sha, ok := checksums[release.ArchsCompiled[i].Name]; ok {
+				release.ArchsCompiled[i].SHA256 = sha
+			}
+		}
+
 		archiveFilenames = append(archiveFilenames, checksumFilename)
 
 		logCtx.Logf("Prepared %d files to archive: %v", len(archiveFilenames), archiveFilenames)
@@ -318,7 +328,6 @@ func (b *Releaser) generateReleaseNotes(rctx releaseContext) (string, error) {
 		}
 		return "", 0, false
 	})
-
 	if err != nil {
 		return "", err
 	}
@@ -356,7 +365,6 @@ func (b *Releaser) generateReleaseNotes(rctx releaseContext) (string, error) {
 			}
 		} else {
 			t = staticfiles.ReleaseNotesTemplate
-
 		}
 
 		if err := t.Execute(f, rnc); err != nil {
@@ -365,7 +373,6 @@ func (b *Releaser) generateReleaseNotes(rctx releaseContext) (string, error) {
 
 		return nil
 	}()
-
 	if err != nil {
 		return "", fmt.Errorf("%s: failed to create release notes file %q: %s", commandName, releaseNotesFilename, err)
 	}
@@ -375,11 +382,11 @@ func (b *Releaser) generateReleaseNotes(rctx releaseContext) (string, error) {
 	return releaseNotesFilename, nil
 }
 
-func (b *Releaser) generateChecksumTxt(rctx releaseContext, archiveFilenames ...string) (string, error) {
+func (b *Releaser) generateChecksumTxt(rctx releaseContext, archiveFilenames ...string) (string, map[string]string, error) {
 	// Create a checksums.txt file.
-	checksumLines, err := releases.CreateChecksumLines(b.core.Workforce, archiveFilenames...)
+	checksumResult, err := releases.CreateChecksumLines(b.core.Workforce, archiveFilenames...)
 	if err != nil {
-		return "", err
+		return "", nil, err
 	}
 	// This is what Hugo got out of the box from Goreleaser. No settings for now.
 	name := fmt.Sprintf("%s_%s_checksums.txt", rctx.Info.Project, strings.TrimPrefix(rctx.Info.Tag, "v"))
@@ -392,7 +399,7 @@ func (b *Releaser) generateChecksumTxt(rctx releaseContext, archiveFilenames ...
 		}
 		defer f.Close()
 
-		for _, line := range checksumLines {
+		for _, line := range checksumResult.Lines {
 			_, err := f.WriteString(line + "\n")
 			if err != nil {
 				return err
@@ -401,12 +408,11 @@ func (b *Releaser) generateChecksumTxt(rctx releaseContext, archiveFilenames ...
 
 		return nil
 	}()
-
 	if err != nil {
-		return "", fmt.Errorf("%s: failed to create checksum file %q: %s", commandName, checksumFilename, err)
+		return "", nil, fmt.Errorf("%s: failed to create checksum file %q: %s", commandName, checksumFilename, err)
 	}
 
 	rctx.Log.WithField("filename", checksumFilename).Log(logg.String("Created checksum file"))
 
-	return checksumFilename, nil
+	return checksumFilename, checksumResult.Checksums, nil
 }

internal/config/archive_config.go

@@ -71,6 +71,10 @@ type BuildArchPath struct {
 
 	// Any archive aliase names, with the extension.
 	Aliases []string `json:"aliases"`
+
+	// SHA256 is the SHA256 checksum of the archive file.
+	// This is populated by the release command after computing checksums.
+	SHA256 string `json:"-"`
 }
 
 type ArchiveSettings struct {

internal/releases/checksums.go

@@ -27,11 +27,21 @@ import (
 	"github.com/bep/workers"
 )
 
+// ChecksumResult contains the checksum lines and a map of filename to checksum.
+type ChecksumResult struct {
+	// Lines contains the checksum lines in "sha256  filename" format.
+	Lines []string
+	// Checksums maps base filename to its SHA256 checksum.
+	Checksums map[string]string
+}
+
 // CreateChecksumLines writes the SHA256 checksums as lowercase hex digits followed by
 // two spaces and then the base of filename and returns a sorted slice.
-func CreateChecksumLines(w *workers.Workforce, filenames ...string) ([]string, error) {
+// It also returns a map of base filename -> checksum for programmatic access.
+func CreateChecksumLines(w *workers.Workforce, filenames ...string) (ChecksumResult, error) {
 	var mu sync.Mutex
-	var result []string
+	var result ChecksumResult
+	result.Checksums = make(map[string]string)
 
 	r, _ := w.Start(context.Background())
 
@@ -55,19 +65,21 @@ func CreateChecksumLines(w *workers.Workforce, filenames ...string) ([]string, e
 			if err != nil {
 				return err
 			}
+			baseName := filepath.Base(filename)
 			mu.Lock()
-			result = append(result, checksum+"  "+filepath.Base(filename))
+			result.Lines = append(result.Lines, checksum+"  "+baseName)
+			result.Checksums[baseName] = checksum
 			mu.Unlock()
 
 			return nil
 		})
 	}
 
 	if err := r.Wait(); err != nil {
-		return nil, err
+		return ChecksumResult{}, err
 	}
 
-	sort.Strings(result)
+	sort.Strings(result.Lines)
 
 	return result, nil
 }

internal/releases/checksums_test.go

@@ -45,9 +45,9 @@ func TestCreateChecksumLines(t *testing.T) {
 		filenames = append(filenames, filename)
 	}
 
-	checksums, err := CreateChecksumLines(w, filenames...)
+	result, err := CreateChecksumLines(w, filenames...)
 	c.Assert(err, qt.IsNil)
-	c.Assert(checksums, qt.DeepEquals, []string{
+	c.Assert(result.Lines, qt.DeepEquals, []string{
 		"196373310827669cb58f4c688eb27aabc40e600dc98615bd329f410ab7430cff  file6.txt",
 		"47ea70cf08872bdb4afad3432b01d963ac7d165f6b575cd72ef47498f4459a90  file3.txt",
 		"4e74512f1d8e5016f7a9d9eaebbeedb1549fed5b63428b736eecfea98292d75f  file9.txt",
@@ -59,4 +59,9 @@ func TestCreateChecksumLines(t *testing.T) {
 		"bd4c6c665a1b8b4745bcfd3d744ea37488237108681a8ba4486a76126327d3f2  file8.txt",
 		"e361a57a7406adee653f1dcff660d84f0ca302907747af2a387f67821acfce33  file4.txt",
 	})
+
+	// Verify the checksums map for programmatic access.
+	c.Assert(result.Checksums["file0.txt"], qt.Equals, "5a936ee19a0cf3c70d8cb0006111b7a52f45ec01703e0af8cdc8c6d81ac5850c")
+	c.Assert(result.Checksums["file9.txt"], qt.Equals, "4e74512f1d8e5016f7a9d9eaebbeedb1549fed5b63428b736eecfea98292d75f")
+	c.Assert(len(result.Checksums), qt.Equals, 10)
 }