From f74a2065a2a237ab765339cb050c5719a84e3f15 Mon Sep 17 00:00:00 2001
From: Kush <kshah@bandwidth.com>
Date: Mon, 4 May 2026 15:01:50 -0400
Subject: [PATCH] Switch Homebrew tap to a source-build formula

The current goreleaser brews block emits a formula that downloads
the pre-built binary tarball and bin.installs it. Three things wrong
with that long-term: brew audit --strict trips on the redundant
version field goreleaser hardcodes, brews itself is being phased out
in goreleaser v3, and the next obvious move (Cask) introduces
Gatekeeper concerns that need signing+notarization to fully solve.

Source-build matches what gh, glab, fly, and the rest of the Go CLI
ecosystem actually do. Validated locally: brew audit --strict passes
clean, install completes in ~22s on a stock machine (6s of which is
the actual go build), no quarantine xattr is set so Gatekeeper never
gets involved, and the version is still injected via the same -X
ldflag we use today.

Drop the brews block from goreleaser (still produces tarballs for
direct downloads). Replace it with a follow-up bump-formula job that
runs after release and uses mislav/bump-homebrew-formula-action to
open a PR on the tap updating url + sha256 to the new tag's GitHub-
generated source archive.

Tap-side companion change replaces Formula/band.rb with the source-
build formula and is on a separate branch in Bandwidth/homebrew-tap.
---
 .github/workflows/release.yml | 18 +++++++++++++++++-
 .goreleaser.yml               | 20 --------------------
 2 files changed, 17 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a1cd39d..f7cb3b1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -60,4 +60,20 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
+
+  bump-formula:
+    needs: [release]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Bump Homebrew formula
+        uses: mislav/bump-homebrew-formula-action@v3
+        with:
+          formula-name: band
+          formula-path: Formula/band.rb
+          homebrew-tap: Bandwidth/homebrew-tap
+          base-branch: main
+          download-url: https://github.com/Bandwidth/cli/archive/refs/tags/${{ github.ref_name }}.tar.gz
+          commit-message: |
+            {{formulaName}} {{version}}
+        env:
+          COMMITTER_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 006d5e6..ecb94f9 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -51,26 +51,6 @@ docker_manifests:
       - "ghcr.io/bandwidth/cli:{{ .Version }}-amd64"
       - "ghcr.io/bandwidth/cli:{{ .Version }}-arm64"
 
-brews:
-  - name: band
-    directory: Formula
-    repository:
-      owner: Bandwidth
-      name: homebrew-tap
-      branch: "band-{{.Version}}"
-      token: "{{ .Env.HOMEBREW_TAP_TOKEN }}"
-      pull_request:
-        enabled: true
-        base:
-          branch: main
-    homepage: "https://github.com/Bandwidth/cli"
-    description: "Bandwidth CLI — manage voice, messaging, numbers, and more from the command line"
-    license: "MIT"
-    install: |
-      bin.install "band"
-    test: |
-      system "#{bin}/band", "version"
-
 changelog:
   sort: asc
   filters: