d2d17a6c5d
ci: auto-rebuild dist on dependabot PRs ( #568 )
...
Adds a workflow that, on Dependabot PRs, rebuilds the ncc-bundled dist/
and pushes it back onto the PR branch, so a dependency bump and its
matching dist/ land in a single PR and the validate workflow stays green.
Pushing the dist commit uses GH_PAT (the default GITHUB_TOKEN is read-only
on Dependabot runs and its pushes do not re-trigger checks). The job is a
no-op until GH_PAT is available as a Dependabot secret.
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-06-24 11:40:21 -03:00
d13def3a6e
build: regenerate dist after undici 6.27.0 bump ( #567 )
...
The undici 6.24.1 -> 6.27.0 bump (#565 ) updated package-lock.json but
did not regenerate the bundled dist/index.js. The validate workflow's
build job rebuilds dist/ and fails on any uncommitted changes, which
broke CI on master.
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-06-24 10:43:30 -03:00
21549b6bea
chore(deps): bump undici from 6.24.1 to 6.27.0 ( #565 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.24.1 to 6.27.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.24.1...v6.27.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.27.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-24 08:53:51 -03:00
47c416d5e8
ci(deps): bump the actions group with 3 updates ( #563 )
...
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) and [codecov/codecov-action](https://github.com/codecov/codecov-action ).
Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10 )
Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6 )
Updates `codecov/codecov-action` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: sigstore/cosign-installer
dependency-version: 4.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: codecov/codecov-action
dependency-version: 6.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-04 23:10:52 -03:00
5daf1e915a
fix: nightly resolution to select newest published release ( #562 )
...
* fix(nightly): pick latest nightly by published_at
GitHub's /releases endpoint is not reliably ordered by published_at,
so resolveNightly could pick an older nightly than the most recent
one. Filter, sort by published_at desc, and take the first.
* test(nightly): add regression coverage for release ordering
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
2026-05-18 21:38:28 -03:00
5cc7ebb73d
ci: update actions
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-05-02 13:23:47 -03:00
702f5f91c9
ci(deps): bump the actions group with 3 updates ( #560 )
...
Bumps the actions group with 3 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/setup-node](https://github.com/actions/setup-node ).
Updates `sigstore/cosign-installer` from 3.9.2 to 4.1.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/d58896d6a1865668819e1d91763c7751a165e159...cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 )
Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a )
Updates `actions/setup-node` from 5.0.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](https://github.com/actions/setup-node/compare/a0853c24544627f65ddf259abe73b1d18a591444...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-version: 4.1.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: actions/upload-artifact
dependency-version: 7.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: actions/setup-node
dependency-version: 6.4.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-02 12:25:51 -03:00
1a80836c5c
ci(nightly): pass GITHUB_TOKEN to nightly integration job
...
Releases API is rate-limited for unauthenticated requests.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-26 18:04:06 -03:00
a71152e827
refactor: drop legacy 'nightly' tag fallback
...
Both goreleaser and goreleaser-pro now publish nightly releases as
vX.Y.Z-<sha>-nightly, so the action no longer needs to special-case
or fall back to the moving 'nightly' tag.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-26 18:02:55 -03:00
4c6ab561ad
feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release ( #558 )
...
* feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release
Query GitHub releases API to resolve the 'nightly' version input to the
latest immutable nightly tag, replacing the moving 'nightly' tag that is
being removed for supply-chain hardening.
Refs goreleaser/goreleaser#6550
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* feat: keep legacy 'nightly' tag working during transition
Fall back to the moving 'nightly' tag when no immutable
vX.Y.Z-<sha>-nightly release is found, so the action keeps working
between this release and the goreleaser nightly switchover.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* test: assert isNightlyTag accepts legacy fallback
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* fix: accept nightly tags without 'v' prefix
goreleaser-pro publishes nightly releases as e.g. 2.16.0-eaeb08c50-nightly
(no 'v' prefix). Make the nightly tag regex tolerate either form, and
split the integration tests so OSS asserts the legacy fallback while
Pro asserts the new <version>-<sha>-nightly format.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* Revert "fix: accept nightly tags without 'v' prefix"
The missing 'v' prefix on the goreleaser-pro nightly was a release
mistake; new nightlies will keep the 'v' prefix.
This reverts commit 7673f7f223556219+Copilot@users.noreply.github.com >
* ci: pass GITHUB_TOKEN to tests
The new nightly resolution hits api.github.com/repos/.../releases,
which is rate-limited for unauthenticated requests.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* docs: note GITHUB_TOKEN need for nightly resolution
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-26 16:39:25 -03:00
4f96abf297
feat: add version-file input ( #556 )
...
Resolves the GoReleaser version from a file. Currently supports the
asdf/mise `.tool-versions` format; resolved value takes precedence
over the `version` input.
# .tool-versions
goreleaser 2.13.0
- uses: goreleaser/goreleaser-action@v7
with:
version-file: .tool-versions
args: release --clean
Path is resolved relative to `workdir` unless absolute. Bare semvers
are auto-prefixed with `v`; constraint expressions and `latest` are
returned as-is. Multiple fallback versions per asdf convention are
accepted but only the first is used.
Refs #541
Closes #542
Co-authored-by: Anthony Couvreur <22034450+acouvreur@users.noreply.github.com >
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-23 23:05:24 -03:00
15fa2a96d4
test: cover install across release eras ( #555 )
...
Add install tests pinned to versions that exercise every release era so
we don't regress the graceful-skip path for releases that pre-date the
cosign v3 sigstore bundle:
- v0.182.0 pre-checksums-signing
- v1.26.2 cosign v2 detached .sig only
- v2.12.4 last release before sigstore bundles
- v2.13.0 first release with sigstore bundle (minimum verifiable)
- v2.15.3 recent release with sigstore bundle
Plus an explicit verifyChecksum integration test that installs v2.12.4
with cosign in PATH to confirm the cosign step is skipped (not failed)
when the sigstore bundle is absent.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-18 15:55:31 -03:00
e24998b8b6
ci: drop pre-cosign-v3 goreleaser versions from tests ( #554 )
...
GoReleaser v2.13.0 was the first release to ship the cosign v3
sigstore-bundle 'checksums.txt.sigstore.json' alongside the archive.
Earlier releases only publish a cosign v2 detached '.sig', which the
action's verifier does not understand and silently skips.
Drop '~> 1.26' / '~> 2.6' / 'v0.182.0' / '~> v1' from the matrix and
the install tests; pin '~> 2.13' as the minimum-supported version we
actively exercise in CI. Document v2.13.0 as the minimum cosign-
verifiable version in the README.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-18 15:39:15 -03:00
be2e8a39ba
docs: document cosign verification in README ( #553 )
...
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-18 15:24:42 -03:00
5e53f8eea2
ci: add release-major-tag workflow ( #552 )
...
* build: drop docker-bake in favor of plain npm
Every TypeScript action maintained by actions/* (checkout, setup-node,
setup-go, cache, upload-artifact) uses plain npm scripts. The bake
setup is a docker/* org convention and adds friction for TS work:
contributors need Docker, the dev loop is ~10x slower than npm, and
Alpine-vs-host byte drift in dist/index.js makes PRs bounce.
Replace with the standard pattern:
- .node-version pins Node 24 so contributors and CI agree
- npm scripts (build, lint, format, test, pre-checkin) replace bake
targets one-for-one
- validate.yml runs lint + a check-dist diff (mirrors actions/setup-node)
and a vendor check that npm install --package-lock-only is a no-op
- test.yml uses setup-node + sigstore/cosign-installer, drops bake-action
- dependabot-build.yml regenerates dist via npm instead of bake
CONTRIBUTING.md and README development section updated to match.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* build: align scripts and workflows with actions/* convention
Match the standard layout used by actions/checkout, actions/setup-node,
etc.:
- package.json scripts: split format/format-check (Prettier) from
lint/lint:fix (ESLint), and have pre-checkin run all four (format,
lint:fix, build, test) in that order.
- validate.yml lint job runs format-check + lint as separate steps.
- test.yml drops the redundant --coverage flag (now in the test script).
- Drop dependabot-build.yml: actions/* don't auto-rebuild dist on
dependabot PRs; the check-dist style validate / build job catches
drift and a maintainer rebuilds locally if needed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* ci: add release-major-tag workflow
Adopts the actions/checkout pattern (workflow_dispatch with target +
major_version inputs that force-pushes the major tag). Doubles as a
rollback tool. Documented in CONTRIBUTING under a 'Releasing' section.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* ci: drop irrelevant pin comment from release-major-tag
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-18 15:23:21 -03:00
4068afa2f0
build: drop docker-bake in favor of plain npm ( #551 )
...
* build: drop docker-bake in favor of plain npm
Every TypeScript action maintained by actions/* (checkout, setup-node,
setup-go, cache, upload-artifact) uses plain npm scripts. The bake
setup is a docker/* org convention and adds friction for TS work:
contributors need Docker, the dev loop is ~10x slower than npm, and
Alpine-vs-host byte drift in dist/index.js makes PRs bounce.
Replace with the standard pattern:
- .node-version pins Node 24 so contributors and CI agree
- npm scripts (build, lint, format, test, pre-checkin) replace bake
targets one-for-one
- validate.yml runs lint + a check-dist diff (mirrors actions/setup-node)
and a vendor check that npm install --package-lock-only is a no-op
- test.yml uses setup-node + sigstore/cosign-installer, drops bake-action
- dependabot-build.yml regenerates dist via npm instead of bake
CONTRIBUTING.md and README development section updated to match.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* build: align scripts and workflows with actions/* convention
Match the standard layout used by actions/checkout, actions/setup-node,
etc.:
- package.json scripts: split format/format-check (Prettier) from
lint/lint:fix (ESLint), and have pre-checkin run all four (format,
lint:fix, build, test) in that order.
- validate.yml lint job runs format-check + lint as separate steps.
- test.yml drops the redundant --coverage flag (now in the test script).
- Drop dependabot-build.yml: actions/* don't auto-rebuild dist on
dependabot PRs; the check-dist style validate / build job catches
drift and a maintainer rebuilds locally if needed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-18 15:22:23 -03:00
213ec80f56
docs: add CONTRIBUTING with pre-commit workflow
...
Document the docker buildx bake pre-checkin / test / validate sequence
contributors need before pushing, and call out the Alpine-built dist/
gotcha so PRs don't bounce on build-validate.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-18 14:36:59 -03:00
4b462d3d1d
feat: verify release checksum and cosign signature ( #550 )
...
* feat: verify release checksum and cosign signature
Download checksums.txt for the release and verify the SHA-256 of the
downloaded archive against it. When cosign is available in PATH, also
download checksums.txt.sigstore.json and verify the signature against
the goreleaser/goreleaser-pro release workflow identity. Both steps
degrade gracefully (with a warning) when the corresponding artifacts
or tooling are missing.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
* test: use install() for checksum e2e tests
Drop the http-client download helper from verifyChecksum integration
tests; call goreleaser.install() instead so the test exercises the
public API path and avoids duplicating download logic.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-04-18 14:34:46 -03:00
01cbe076be
docs: Upgrade import GPG action version ( #547 )
2026-04-05 12:19:35 +00:00
2a473d70e3
ci(deps): bump the actions group with 5 updates ( #546 )
...
* ci(deps): bump the actions group with 5 updates
Bumps the actions group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go ) | `6.3.0` | `6.4.0` |
| [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) | `6.3.0` | `7.0.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.12.0` | `4.0.0` |
| [docker/bake-action](https://github.com/docker/bake-action ) | `6.10.0` | `7.0.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `5.5.2` | `6.0.0` |
Updates `actions/setup-go` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c )
Updates `crazy-max/ghaction-import-gpg` from 6.3.0 to 7.0.0
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/e89d40939c28e39f97cf32126055eeae86ba74ec...2dc316deee8e90f13e1a351ab510b4d5bc0c82cd )
Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd )
Updates `docker/bake-action` from 6.10.0 to 7.0.0
- [Release notes](https://github.com/docker/bake-action/releases )
- [Commits](https://github.com/docker/bake-action/compare/5be5f02ff8819ecd3092ea6b2e6261c31774f2b4...82490499d2e5613fcead7e128237ef0b0ea210f7 )
Updates `codecov/codecov-action` from 5.5.2 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-version: 6.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: crazy-max/ghaction-import-gpg
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: docker/setup-buildx-action
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: docker/bake-action
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: codecov/codecov-action
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
* ci: switch to matrix subaction for bake
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com >
2026-04-03 10:21:16 -03:00
fdcf0b9df9
clean: leftover files from node 22(?)
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-03-22 23:46:39 -03:00
9881cc5376
fix: use new static URL
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-03-22 23:43:18 -03:00
07f3f34e99
chore: update
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-03-22 23:20:07 -03:00
47f0a77cfc
chore(deps): bump undici from 6.23.0 to 6.24.1 ( #545 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.1.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.1 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-22 22:55:17 -03:00
4be059cded
ci(deps): bump the actions group with 2 updates ( #543 )
...
Bumps the actions group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/setup-go` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5...4b73464bb391d4059bd26b0524d20df3927bd417 )
Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-version: 6.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: actions/upload-artifact
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-01 13:54:09 -03:00
6c92f1d350
fix: bake vendor
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-02-22 20:54:03 -03:00
ff4cb9c029
docs: update
2026-02-22 00:08:30 -03:00
ec59f474b9
fix: yargs usage
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-02-09 09:21:42 -03:00
752dedee3d
fix: gitignore
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-02-09 09:06:51 -03:00
1881ae035d
ci: update dependabot settings
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-02-09 09:06:19 -03:00
fdc5e662bb
chore: gitignore provenance.json
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-02-09 09:01:59 -03:00
51b5b35c3c
chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group ( #539 )
...
* chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group
Bumps the npm group with 1 update: [semver](https://github.com/npm/node-semver ).
Updates `semver` from 7.7.3 to 7.7.4
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.3...v7.7.4 )
---
updated-dependencies:
- dependency-name: semver
dependency-version: 7.7.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: update dist and vendor
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-09 09:01:32 -03:00
4247c53b30
ci(deps): bump docker/setup-buildx-action in the actions group ( #538 )
...
Bumps the actions group with 1 update: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ).
Updates `docker/setup-buildx-action` from 3.10.0 to 3.12.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: 3.12.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 08:32:26 -03:00
c169bfd5ae
chore(deps): bump @actions/http-client from 3.0.2 to 4.0.0 in the npm group ( #537 )
...
* chore(deps): bump @actions/http-client in the npm group
Bumps the npm group with 1 update: [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client ).
Updates `@actions/http-client` from 3.0.2 to 4.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client )
---
updated-dependencies:
- dependency-name: "@actions/http-client"
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: update dist and vendor
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-02 08:32:10 -03:00
902ab4a70d
chore(deps): bump the npm group across 1 directory with 4 updates ( #536 )
...
* chore(deps): bump the npm group across 1 directory with 4 updates
Bumps the npm group with 3 updates in the / directory: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ), [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec ) and [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache ).
Updates `@actions/core` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@actions/exec` from 2.0.0 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/exec )
Updates `@actions/http-client` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client )
Updates `@actions/tool-cache` from 3.0.0 to 4.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/tool-cache )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/exec"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/http-client"
dependency-version: 3.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: "@actions/tool-cache"
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: update dist and vendor
* chore: rm provenance
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
* test: use esm in jest
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
* ci: fix npm run test
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-01-29 21:59:39 -03:00
c59a691319
chore: gitignore
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-01-29 21:48:08 -03:00
56cc8b2737
ci: add job to automate dependabot pre-checkin/vendor
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2026-01-29 21:31:47 -03:00
78265e466a
feat!: node 24, update deps, rm yarn, ESM ( #533 )
...
* chore(deps): bump the npm group across 1 directory with 7 updates
Bumps the npm group with 7 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) | `1.11.1` | `2.0.2` |
| [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec ) | `1.1.1` | `2.0.0` |
| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client ) | `2.2.3` | `3.0.1` |
| [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache ) | `2.0.2` | `3.0.0` |
| [js-yaml](https://github.com/nodeca/js-yaml ) | `4.1.0` | `4.1.1` |
| [semver](https://github.com/npm/node-semver ) | `7.7.2` | `7.7.3` |
| [yargs](https://github.com/yargs/yargs ) | `17.7.2` | `18.0.0` |
Updates `@actions/core` from 1.11.1 to 2.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@actions/exec` from 1.1.1 to 2.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/exec )
Updates `@actions/http-client` from 2.2.3 to 3.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client )
Updates `@actions/tool-cache` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache )
Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1 )
Updates `semver` from 7.7.2 to 7.7.3
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3 )
Updates `yargs` from 17.7.2 to 18.0.0
- [Release notes](https://github.com/yargs/yargs/releases )
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/yargs/yargs/compare/v17.7.2...v18.0.0 )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 2.0.2
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/exec"
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/http-client"
dependency-version: 3.0.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/tool-cache"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: js-yaml
dependency-version: 4.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: semver
dependency-version: 7.7.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: yargs
dependency-version: 18.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com >
* refactor: remove yarn, update to node 24
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
* chore: review
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
* fix: stable
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-29 21:22:39 -03:00
4c34bd9582
ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group ( #534 )
...
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-26 08:38:43 -03:00
aacbb7ffbc
ci(deps): bump the actions group across 1 directory with 4 updates ( #532 )
...
Bumps the actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout ), [actions/setup-go](https://github.com/actions/setup-go ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [codecov/codecov-action](https://github.com/codecov/codecov-action ).
Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8 )
Updates `actions/setup-go` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/4dc6199c7b1a012772edbd06daecab0f50c9053c...7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 )
Updates `actions/upload-artifact` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f )
Updates `codecov/codecov-action` from 5.5.1 to 5.5.2
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/5a1091511ad55cbe89839c7260b706298ca349f7...671740ac38dd9b0130fbe1cec585b89eea48d3de )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
- dependency-name: actions/setup-go
dependency-version: 6.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
- dependency-name: actions/upload-artifact
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: codecov/codecov-action
dependency-version: 5.5.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-19 14:51:40 -03:00
d31d51ab55
ci(deps): bump docker/bake-action in the actions group ( #526 )
...
Bumps the actions group with 1 update: [docker/bake-action](https://github.com/docker/bake-action ).
Updates `docker/bake-action` from 6.9.0 to 6.10.0
- [Release notes](https://github.com/docker/bake-action/releases )
- [Commits](https://github.com/docker/bake-action/compare/3acf805d94d93a86cce4ca44798a76464a75b88c...5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 )
---
updated-dependencies:
- dependency-name: docker/bake-action
dependency-version: 6.10.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 14:36:18 -03:00
f3511a2bf5
ci(deps): bump the actions group with 2 updates ( #523 )
...
Bumps the actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-go](https://github.com/actions/setup-go ).
Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 )
Updates `actions/setup-go` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/44694675825211faa026b3c33043df3e48a5fa00...4dc6199c7b1a012772edbd06daecab0f50c9053c )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: actions/setup-go
dependency-version: 6.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-27 08:47:44 -03:00
9cf36111e7
ci(deps): bump the actions group with 2 updates ( #517 )
...
Bumps the actions group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/setup-go` from 5.5.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/d35c59abb061a4a6fb18e82ac0862c26744d6ab5...44694675825211faa026b3c33043df3e48a5fa00 )
Updates `actions/upload-artifact` from 4.6.2 to 5.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
- dependency-name: actions/upload-artifact
dependency-version: 5.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: actions
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-06 18:18:08 -03:00
43039ef35c
fix: typo
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2025-11-06 18:17:45 -03:00
89b8235a3e
ci: update dependabot
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2025-11-06 17:39:25 -03:00
aab47043d0
sec: pin github action versions ( #514 )
...
using caarlos0/pinata
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com >
2025-11-05 14:27:48 +01:00
a08664b80c
docs: upgrade checkout GitHub Action in README.md ( #507 )
2025-08-25 15:09:53 -03:00
35b9a27f96
chore(deps): bump actions/checkout from 4 to 5 ( #504 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-14 10:17:53 -03:00
e435ccd777
feat: retry downloading releases json ( #503 )
...
refs https://github.com/orgs/goreleaser/discussions/5954
2025-08-06 22:28:41 -03:00
2ff5850a92
chore(deps): bump undici from 5.28.5 to 5.29.0 ( #496 )
...
* chore(deps): bump undici from 5.28.5 to 5.29.0
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 5.29.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: update generated content
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com >
2025-08-02 10:31:15 +02:00
Carlos Alexandro Becker