Commit dd1b29e
committed
fix(homebrew-build-bottles): override HOMEBREW_REQUIRE_TAP_TRUST at step env level
In-script `unset` (v1.8.57) didn't take effect: GitHub-hosted runners
seed HOMEBREW_REQUIRE_TAP_TRUST=1 in `/etc/environment`, which child
processes (brew → Ruby) re-inherit despite the bash unset in the parent
shell. The trust check inside `brew install --build-bottle` therefore
kept firing on alef v0.24.10 / kreuzcrawl rc.55 publish reruns.
Setting the variable to an empty string in the action.yml step `env:`
block hardens the override: GHA exports the empty value to the shell
and to every process it spawns, including brew's Ruby interpreter,
where `Homebrew::EnvConfig::EnvConfigBool#truthy?` treats "" as falsy
and the tap-trust check is skipped. Also lift HOMEBREW_NO_INSTALL_FROM_API
and HOMEBREW_NO_SANDBOX_LINUX to the step env: for symmetry — the
in-script exports remain as defense-in-depth.1 parent bce3d5d commit dd1b29e
1 file changed
Lines changed: 13 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
50 | 63 | | |
0 commit comments