diff --git a/Casks/bearbrowser.rb b/Casks/bearbrowser.rb index 8b3eb40..ae5b200 100644 --- a/Casks/bearbrowser.rb +++ b/Casks/bearbrowser.rb @@ -1,6 +1,7 @@ cask "bearbrowser" do version "0.1.0-overlay" sha256 :no_check + RELEASE_EVIDENCE_RECORD = "https://github.com/SourceOS-Linux/homebrew-tap/blob/main/release-evidence/workspace-operations.json" # Scaffold only. Replace with the signed/notarized macOS app release asset once BearBrowser.app exists. url "https://github.com/SourceOS-Linux/BearBrowser/releases/download/v#{version}/BearBrowser-#{version}-macos-universal.dmg" @@ -12,5 +13,8 @@ caveats <<~EOS This cask is a release scaffold. Publish a signed and notarized BearBrowser.app DMG before promoting it into SourceOS-Linux/homebrew-tap. + Release package evidence: #{RELEASE_EVIDENCE_RECORD} + Checksum record: #{RELEASE_EVIDENCE_RECORD} + Rollback note: #{RELEASE_EVIDENCE_RECORD} EOS end diff --git a/Formula/agent-machine.rb b/Formula/agent-machine.rb index 40ef30a..79c176f 100644 --- a/Formula/agent-machine.rb +++ b/Formula/agent-machine.rb @@ -6,6 +6,8 @@ class AgentMachine < Formula license "MIT" head "https://github.com/SourceOS-Linux/agent-machine.git", branch: "main" + RELEASE_EVIDENCE_RECORD = "https://github.com/SourceOS-Linux/homebrew-tap/blob/main/release-evidence/workspace-operations.json" + def install bin.install "bin/agent-machine" chmod 0755, bin/"agent-machine" @@ -40,6 +42,13 @@ def caveats Runtime directories are not created automatically yet. Future setup commands will manage /etc/agent-machine, /var/lib/agent-machine, and /run/agent-machine through SourceOS policy-aware activation flows. + + Release package evidence: + #{RELEASE_EVIDENCE_RECORD} + Checksum record: + #{RELEASE_EVIDENCE_RECORD} + Rollback note: + #{RELEASE_EVIDENCE_RECORD} EOS end diff --git a/Formula/bearbrowser.rb b/Formula/bearbrowser.rb index 0205048..a1a983e 100644 --- a/Formula/bearbrowser.rb +++ b/Formula/bearbrowser.rb @@ -6,6 +6,8 @@ class Bearbrowser < Formula license "MPL-2.0" head "https://github.com/SourceOS-Linux/BearBrowser.git", branch: "main" + RELEASE_EVIDENCE_RECORD = "https://github.com/SourceOS-Linux/homebrew-tap/blob/main/release-evidence/workspace-operations.json" + depends_on "git" depends_on "python@3.12" @@ -71,6 +73,13 @@ def caveats Run bearbrowser-emit-event, bearbrowser-propose-action, bearbrowser-resolve-action, bearbrowser-memory-candidate, bearbrowser-page-summary, bearbrowser-governance-queue, bearbrowser-sidecar-open, and bearbrowser-verify-agent-sidecar for the local provenance/policy/memory/summary/agent sidecar plane. Run bearbrowser-verify-interactive-sidecar and bearbrowser-verify-native-shell for product-surface checks. Run bearbrowser-doctor for system status and bearbrowser-verify-build-lane for build-lane readiness. + + Release package evidence: + #{RELEASE_EVIDENCE_RECORD} + Checksum record: + #{RELEASE_EVIDENCE_RECORD} + Rollback note: + #{RELEASE_EVIDENCE_RECORD} EOS end diff --git a/Formula/sourceos-devtools.rb b/Formula/sourceos-devtools.rb new file mode 100644 index 0000000..b0c0566 --- /dev/null +++ b/Formula/sourceos-devtools.rb @@ -0,0 +1,36 @@ +class SourceosDevtools < Formula + desc "SourceOS devtools packaging scaffold" + homepage "https://github.com/SourceOS-Linux/sourceos-devtools" + url "https://github.com/SourceOS-Linux/sourceos-devtools.git", branch: "main" + version "0.1.0-dev" + license "MIT" + head "https://github.com/SourceOS-Linux/sourceos-devtools.git", branch: "main" + + RELEASE_EVIDENCE_RECORD = "https://github.com/SourceOS-Linux/homebrew-tap/blob/main/release-evidence/workspace-operations.json" + + def install + libexec.install Dir["*"] + (bin/"sourceos-devtools").write <<~EOS + #!/usr/bin/env bash + set -euo pipefail + echo "sourceos-devtools source staged at #{libexec}" + EOS + end + + def caveats + <<~EOS + sourceos-devtools release/package scaffold only. Runtime governance remains in the source repository contracts and CI gates. + + Release package evidence: + #{RELEASE_EVIDENCE_RECORD} + Checksum record: + #{RELEASE_EVIDENCE_RECORD} + Rollback note: + #{RELEASE_EVIDENCE_RECORD} + EOS + end + + test do + assert_match "sourceos-devtools source staged", shell_output("#{bin}/sourceos-devtools") + end +end diff --git a/Formula/sourceos-syncd.rb b/Formula/sourceos-syncd.rb new file mode 100644 index 0000000..36784f7 --- /dev/null +++ b/Formula/sourceos-syncd.rb @@ -0,0 +1,36 @@ +class SourceosSyncd < Formula + desc "SourceOS sync daemon packaging scaffold" + homepage "https://github.com/SourceOS-Linux/sourceos-syncd" + url "https://github.com/SourceOS-Linux/sourceos-syncd.git", branch: "main" + version "0.1.0-dev" + license "MIT" + head "https://github.com/SourceOS-Linux/sourceos-syncd.git", branch: "main" + + RELEASE_EVIDENCE_RECORD = "https://github.com/SourceOS-Linux/homebrew-tap/blob/main/release-evidence/workspace-operations.json" + + def install + libexec.install Dir["*"] + (bin/"sourceos-syncd").write <<~EOS + #!/usr/bin/env bash + set -euo pipefail + echo "sourceos-syncd source staged at #{libexec}" + EOS + end + + def caveats + <<~EOS + sourceos-syncd release/package scaffold only. Runtime governance remains in the source repository contracts and CI gates. + + Release package evidence: + #{RELEASE_EVIDENCE_RECORD} + Checksum record: + #{RELEASE_EVIDENCE_RECORD} + Rollback note: + #{RELEASE_EVIDENCE_RECORD} + EOS + end + + test do + assert_match "sourceos-syncd source staged", shell_output("#{bin}/sourceos-syncd") + end +end diff --git a/Formula/turtleterm.rb b/Formula/turtleterm.rb new file mode 100644 index 0000000..9876bef --- /dev/null +++ b/Formula/turtleterm.rb @@ -0,0 +1,36 @@ +class Turtleterm < Formula + desc "SourceOS TurtleTerm product-surface packaging scaffold" + homepage "https://github.com/SourceOS-Linux/TurtleTerm" + url "https://github.com/SourceOS-Linux/TurtleTerm.git", branch: "main" + version "0.1.0-dev" + license "MIT" + head "https://github.com/SourceOS-Linux/TurtleTerm.git", branch: "main" + + RELEASE_EVIDENCE_RECORD = "https://github.com/SourceOS-Linux/homebrew-tap/blob/main/release-evidence/workspace-operations.json" + + def install + libexec.install Dir["*"] + (bin/"turtleterm").write <<~EOS + #!/usr/bin/env bash + set -euo pipefail + echo "TurtleTerm source staged at #{libexec}" + EOS + end + + def caveats + <<~EOS + TurtleTerm release/package scaffold only. Runtime governance remains in the source repository contracts and CI gates. + + Release package evidence: + #{RELEASE_EVIDENCE_RECORD} + Checksum record: + #{RELEASE_EVIDENCE_RECORD} + Rollback note: + #{RELEASE_EVIDENCE_RECORD} + EOS + end + + test do + assert_match "TurtleTerm source staged", shell_output("#{bin}/turtleterm") + end +end diff --git a/README.md b/README.md new file mode 100644 index 0000000..28151f2 --- /dev/null +++ b/README.md @@ -0,0 +1,30 @@ +# SourceOS Homebrew Tap + +This repository is the SourceOS distribution surface for Homebrew formulas/casks. It is not a runtime governance authority. + +## Release evidence mapping + +Release/package operations and evidence for product surfaces are tracked in: + +- `release-evidence/workspace-operations.json` + +The evidence map includes: + +- operation types: + - `release.package.prepare` + - `release.formula.update` + - `release.checksum.verify` + - `release.evidence.attach` + - `release.rollback.record` +- required release artifacts/evidence: + - package formula + - checksum record + - release note + - rollback note + - build/test evidence link + - source commit reference + - artifact provenance record + +## Governance boundary + +Hard rule: packaging is distribution, not runtime governance. Releases carried by this tap must map back to source repositories where contracts, tests, and policy gates are enforced. diff --git a/release-evidence/workspace-operations.json b/release-evidence/workspace-operations.json new file mode 100644 index 0000000..2b549c4 --- /dev/null +++ b/release-evidence/workspace-operations.json @@ -0,0 +1,123 @@ +{ + "packagingAuthority": { + "repository": "SourceOS-Linux/homebrew-tap", + "role": "distribution", + "nonAuthorityNote": "Packaging is distribution, not runtime governance; source contracts, tests, and policy gates stay in each source repository." + }, + "requiredOperationTypes": [ + "release.package.prepare", + "release.formula.update", + "release.checksum.verify", + "release.evidence.attach", + "release.rollback.record" + ], + "integrationTargets": [ + "https://github.com/SocioProphet/delivery-excellence/issues/8", + "https://github.com/SourceOS-Linux/sourceos-devtools/issues/19", + "https://github.com/SocioProphet/workspace-inventory/issues/4", + "https://github.com/SourceOS-Linux/BearBrowser/issues/20", + "https://github.com/SourceOS-Linux/agent-machine/issues/18", + "https://github.com/SourceOS-Linux/sourceos-syncd/issues/3", + "https://github.com/SocioProphet/prophet-core-ledger/issues/1" + ], + "workspaceOperations": [ + { + "surface": "SourceOS-Linux/BearBrowser", + "operationTypes": [ + "release.package.prepare", + "release.formula.update", + "release.checksum.verify", + "release.evidence.attach", + "release.rollback.record" + ], + "artifacts": { + "packageFormula": [ + "Formula/bearbrowser.rb", + "Casks/bearbrowser.rb" + ], + "checksumRecord": "sha256:no_check (scaffold) with release checksum tracked in this record and source release assets", + "releaseNote": "https://github.com/SourceOS-Linux/BearBrowser/releases", + "rollbackNote": "If provenance/checksum/test evidence fails, keep existing formula version and revert cask/formula bump in homebrew-tap before republish.", + "buildTestEvidenceLink": "https://github.com/SourceOS-Linux/BearBrowser/actions", + "sourceCommitReference": "https://github.com/SourceOS-Linux/BearBrowser/commits/main", + "artifactProvenanceRecord": "https://github.com/SourceOS-Linux/BearBrowser" + } + }, + { + "surface": "SourceOS-Linux/agent-machine", + "operationTypes": [ + "release.package.prepare", + "release.formula.update", + "release.checksum.verify", + "release.evidence.attach", + "release.rollback.record" + ], + "artifacts": { + "packageFormula": "Formula/agent-machine.rb", + "checksumRecord": "git-source install at tagged commit; release checksum recorded alongside tagged source tarball in source repo release", + "releaseNote": "https://github.com/SourceOS-Linux/agent-machine/releases", + "rollbackNote": "Revert formula update to previous known-good commit and rerun source repo contract/test gates before publishing again.", + "buildTestEvidenceLink": "https://github.com/SourceOS-Linux/agent-machine/actions", + "sourceCommitReference": "https://github.com/SourceOS-Linux/agent-machine/commits/main", + "artifactProvenanceRecord": "https://github.com/SourceOS-Linux/agent-machine" + } + }, + { + "surface": "SourceOS-Linux/TurtleTerm", + "operationTypes": [ + "release.package.prepare", + "release.formula.update", + "release.checksum.verify", + "release.evidence.attach", + "release.rollback.record" + ], + "artifacts": { + "packageFormula": "Formula/turtleterm.rb", + "checksumRecord": "git-source install at tagged commit; release checksum tracked in source release artifacts", + "releaseNote": "https://github.com/SourceOS-Linux/TurtleTerm/releases", + "rollbackNote": "Revert formula update in homebrew-tap and restore prior package version until source contracts and tests pass.", + "buildTestEvidenceLink": "https://github.com/SourceOS-Linux/TurtleTerm/actions", + "sourceCommitReference": "https://github.com/SourceOS-Linux/TurtleTerm/commits/main", + "artifactProvenanceRecord": "https://github.com/SourceOS-Linux/TurtleTerm" + } + }, + { + "surface": "SourceOS-Linux/sourceos-devtools", + "operationTypes": [ + "release.package.prepare", + "release.formula.update", + "release.checksum.verify", + "release.evidence.attach", + "release.rollback.record" + ], + "artifacts": { + "packageFormula": "Formula/sourceos-devtools.rb", + "checksumRecord": "git-source install at tagged commit; release checksum tracked in source release artifacts", + "releaseNote": "https://github.com/SourceOS-Linux/sourceos-devtools/releases", + "rollbackNote": "Revert formula update and preserve last known-good package state until contracts/tests/policy gates succeed.", + "buildTestEvidenceLink": "https://github.com/SourceOS-Linux/sourceos-devtools/actions", + "sourceCommitReference": "https://github.com/SourceOS-Linux/sourceos-devtools/commits/main", + "artifactProvenanceRecord": "https://github.com/SourceOS-Linux/sourceos-devtools" + } + }, + { + "surface": "SourceOS-Linux/sourceos-syncd", + "operationTypes": [ + "release.package.prepare", + "release.formula.update", + "release.checksum.verify", + "release.evidence.attach", + "release.rollback.record" + ], + "artifacts": { + "packageFormula": "Formula/sourceos-syncd.rb", + "checksumRecord": "git-source install at tagged commit; release checksum tracked in source release artifacts", + "releaseNote": "https://github.com/SourceOS-Linux/sourceos-syncd/releases", + "rollbackNote": "Revert formula update and restore prior release until source repo gates and evidence pass.", + "buildTestEvidenceLink": "https://github.com/SourceOS-Linux/sourceos-syncd/actions", + "sourceCommitReference": "https://github.com/SourceOS-Linux/sourceos-syncd/commits/main", + "artifactProvenanceRecord": "https://github.com/SourceOS-Linux/sourceos-syncd" + } + } + ] +}