{
  "context": "Tests whether the agent correctly sets up a Go CLI release pipeline using semantic-release (tag-only) combined with GoReleaser for binary distribution and Homebrew tap automation, including proper token scoping, plugin selection, GoReleaser flags, attestation permissions, and Homebrew tap naming conventions.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Tag-only SR plugins",
      "description": "The semantic-release plugins list includes commit-analyzer, release-notes-generator, and github — but does NOT include @semantic-release/git or @semantic-release/npm",
      "max_score": 10
    },
    {
      "name": "GoReleaser conditional",
      "description": "The GoReleaser step is conditional on `steps.release.outputs.new_release_published == 'true'` (or equivalent output check)",
      "max_score": 10
    },
    {
      "name": "GoReleaser --clean flag",
      "description": "The goreleaser-action invocation passes `args: release --clean` (the --clean flag is present)",
      "max_score": 10
    },
    {
      "name": "Tap repo naming",
      "description": "The Homebrew tap repo is referenced with the `homebrew-` prefix in its name (e.g., `homebrew-tap`, `homebrew-<name>`)",
      "max_score": 8
    },
    {
      "name": "TAP_GITHUB_TOKEN scope",
      "description": "The workflow or documentation specifies that TAP_GITHUB_TOKEN is a fine-grained PAT (or equivalent) scoped only to the tap repo, NOT a broad classic PAT",
      "max_score": 8
    },
    {
      "name": "Attestation permissions",
      "description": "The release job's permissions include `id-token: write` and `attestations: write` (required for the attest-build-provenance step)",
      "max_score": 8
    },
    {
      "name": "Attest step conditional",
      "description": "The actions/attest-build-provenance step is also conditional on `new_release_published == 'true'`",
      "max_score": 8
    },
    {
      "name": "GoReleaser brews block",
      "description": "A `.goreleaser.yaml` (or equivalent) file is produced containing a `brews:` block that references the Homebrew tap repo",
      "max_score": 8
    },
    {
      "name": "No non-Go Homebrew action for Go",
      "description": "The solution does not add `Justintime50/homebrew-releaser`, `dawidd6/action-homebrew-bump-formula`, or an inline tap-update script for the Go CLI; GoReleaser owns the tap update",
      "max_score": 6
    },
    {
      "name": "fetch-depth: 0",
      "description": "Both verify and release job checkout steps use `fetch-depth: 0`",
      "max_score": 6
    },
    {
      "name": "skip ci guards",
      "description": "Both verify and release jobs have `if:` guards checking for `[skip ci]` in the commit message",
      "max_score": 6
    },
    {
      "name": "Release concurrency",
      "description": "The release job has a job-level concurrency group with `cancel-in-progress: false`",
      "max_score": 6
    },
    {
      "name": "Secrets on step",
      "description": "GITHUB_TOKEN and TAP_GITHUB_TOKEN are declared in the GoReleaser step's `env:`, not at the job level",
      "max_score": 6
    },
    {
      "name": "SR action version",
      "description": "Uses `cycjimmy/semantic-release-action` pinned to a full commit SHA with the current v6.0.0 version comment, unless preserving a documented repo-local precedent",
      "max_score": 6
    }
  ]
}