From 8b4354e98dc12653382516d6b3bac5471a18849a Mon Sep 17 00:00:00 2001
From: BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>
Date: Sat, 14 Dec 2024 01:30:51 +0000
Subject: [PATCH 1/5] actionlint.yml: update to match main configuration

---
 .github/workflows/actionlint.yml | 85 ++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)
 create mode 100644 .github/workflows/actionlint.yml

diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
new file mode 100644
index 000000000..e92351272
--- /dev/null
+++ b/.github/workflows/actionlint.yml
@@ -0,0 +1,85 @@
+# This file is synced from the `.github` repository, do not modify it directly.
+name: Actionlint
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+  merge_group:
+
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
+concurrency:
+  group: "actionlint-${{ github.ref }}"
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+env:
+  HOMEBREW_DEVELOPER: 1
+  HOMEBREW_NO_AUTO_UPDATE: 1
+  HOMEBREW_NO_ENV_HINTS: 1
+
+permissions: {}
+
+jobs:
+  workflow_syntax:
+    if: github.repository_owner == 'Homebrew'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Set up Homebrew
+        id: setup-homebrew
+        uses: Homebrew/actions/setup-homebrew@master
+        with:
+          core: false
+          cask: false
+          test-bot: false
+
+      - name: Install tools
+        run: brew install actionlint shellcheck zizmor
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - run: zizmor --format sarif . > results.sarif
+
+      - name: Upload SARIF file
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: results.sarif
+          path: results.sarif
+
+      - name: Set up actionlint
+        run: echo "::add-matcher::$(brew --repository)/.github/actionlint-matcher.json"
+
+      - run: actionlint
+
+  upload_sarif:
+    needs: workflow_syntax
+    # We want to always upload this even if `actionlint` failed.
+    # This is only available on public repositories.
+    if: >
+      always() &&
+      !contains(fromJSON('["cancelled", "skipped"]'), needs.workflow_syntax.result) &&
+      !github.event.repository.private
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - name: Download SARIF file
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: results.sarif
+          path: results.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        with:
+          sarif_file: results.sarif
+          category: zizmor

From 6fa1c749d4f033711bd2ae12747f417648ca13e1 Mon Sep 17 00:00:00 2001
From: BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>
Date: Sat, 14 Dec 2024 01:30:52 +0000
Subject: [PATCH 2/5] stale-issues.yml: update to match main configuration

---
 .github/workflows/stale-issues.yml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml
index 260ce7ac4..608d2e65e 100644
--- a/.github/workflows/stale-issues.yml
+++ b/.github/workflows/stale-issues.yml
@@ -12,10 +12,11 @@ on:
     - cron: "0 0 * * *"
   issue_comment:
 
-permissions:
-  contents: write
-  issues: write
-  pull-requests: write
+permissions: {}
+
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
 
 concurrency:
   group: stale-issues
@@ -31,6 +32,10 @@ jobs:
         )
       )
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests
         uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
@@ -57,6 +62,10 @@ jobs:
         )
       )
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
     steps:
       - name: Mark/Close Stale `bump-formula-pr` and `bump-cask-pr` Pull Requests
         uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0

From f796d7343ac481be3c39feb48b11085cb2894115 Mon Sep 17 00:00:00 2001
From: BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>
Date: Sat, 14 Dec 2024 01:30:52 +0000
Subject: [PATCH 3/5] .rubocop.yml: update to match main configuration

---
 .rubocop.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.rubocop.yml b/.rubocop.yml
index 41d750484..625f3b05c 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -7,10 +7,10 @@ AllCops:
   - "**/*.rbi"
   Exclude:
   - Homebrew/sorbet/rbi/{dsl,gems}/**/*.rbi
-  - Homebrew/sorbet/rbi/parlour.rbi
   - Homebrew/bin/*
   - Homebrew/vendor/**/*
   - Taps/*/*/vendor/**/*
+  - "**/vendor/**/*"
   SuggestExtensions:
     rubocop-minitest: false
 Layout/ArgumentAlignment:
@@ -169,7 +169,7 @@ Style/InvertibleUnlessCondition:
   Enabled: true
   InverseMethods:
     :==: :!=
-    :zero?: 
+    :zero?:
     :blank?: :present?
 Style/MutableConstant:
   EnforcedStyle: strict
@@ -183,12 +183,12 @@ Style/NumericLiterals:
 Style/OpenStructUse:
   Exclude:
   - Taps/**/*
-  - Homebrew/cli/args.rb
-  - Homebrew/cli/args.rbi
 Style/OptionalBooleanParameter:
   AllowedMethods:
   - respond_to?
   - respond_to_missing?
+Style/RedundantLineContinuation:
+  Enabled: false
 Style/RescueStandardError:
   EnforcedStyle: implicit
 Style/ReturnNil:

From 2da89ebfab0ed882fa3ea3ef6c6897cca3f9158a Mon Sep 17 00:00:00 2001
From: BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>
Date: Sat, 14 Dec 2024 01:30:52 +0000
Subject: [PATCH 4/5] .ruby-version: update to match main configuration

---
 .ruby-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.ruby-version b/.ruby-version
index a0891f563..9c25013db 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-3.3.4
+3.3.6

From 8e0b72b57feefcbe00af38033cd01647ac141357 Mon Sep 17 00:00:00 2001
From: Colin Dean <colindean@users.noreply.github.com>
Date: Sat, 14 Dec 2024 14:14:53 -0500
Subject: [PATCH 5/5] Adds missing cache step id
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I speculated that this ID would be set automatically… nope.
---
 .github/workflows/ruby.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml
index 7436d28b1..36e7e29a0 100644
--- a/.github/workflows/ruby.yml
+++ b/.github/workflows/ruby.yml
@@ -24,6 +24,7 @@ jobs:
         persist-credentials: false
 
     - name: Cache Bundler RubyGems
+      id: cache
       uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       with:
         path: ${{ steps.set-up-homebrew.outputs.gems-path }}