How to debug a problem with the home-brew release?

[diegobernardes]

I'm having the problem below:

⨯ release failed after 32.41s error=homebrew tap formula: failed to publish artifacts: PUT https://api.github.com/repos/company/homebrew-tap/contents/Formula/app.rb: 404 Not Found []

This is my config file:

project_name: app
before:
  hooks:
    - go mod download

builds:
  - main: ./main.go
    binary: app
    goos:
      - darwin
      - linux

    goarch:
      - amd64

    flags:
      - -trimpath

archives:
  - name_template: '{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}'
    wrap_in_directory: true
    format: tar.gz
    files:
      - readme.md

checksum:
  name_template: 'checksum'
  algorithm: sha256

release:
  prerelease: true
  name_template: '{{.Tag}}'
  github:
    owner: company
    name: app

brews:
  - name: app
    folder: Formula
    test: system "#{bin}/app -help"
    install: bin.install "app"

    tap:
      owner: company
      name: homebrew-tap

    commit_author:
      name: goreleaserbot
      email: goreleaser@carlosbecker.com

Everything is working fine, the app is being compiled, the release is generated at GitHub but it fails at the homebrew part. The repository exists and both repositories are private.

[radeksimko]

This looks like an authentication/authorization issue where the tap repository is private - hence the API returns 404?

Is it possible that the tap repo the formula gets published into requires permissions/scope which the GitHub token passed to GoReleaser doesn't have? GitHub Actions get a token generated automatically - but that token only has access to the repo where the Action runs.

Because explicit PATs are associated with users by their nature - it may be necessary to create a dedicated "bot" account, generate PAT for that account and give the account push access to the tap repo, because PATs by themselves don't have repo-based scopes sadly.

I kind of wish we could power Homebrew publishing with repo-level deploy keys, but that takes the API out of the equation and so that would require some significant refactoring + I'm not too excited about the idea of shelling out to git. I'm just secretly hoping that GitHub will eventually improve token handling for GitHub Actions so that one could just grant permissions between repos without having to maintain bot accounts.

FYI - you can also pass a separate token for Homebrew publishing via token:

    tap:
      owner: repo-owner
      name: homebrew-tap
      # Optionally a token can be provided, if it differs from the token provided to GoReleaser
      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"

[caarlos0]

Maybe also worth taking a look at our Actions docs page: https://goreleaser.com/ci/actions/