Carlos Alexandro Becker
be2e8a39ba
docs: document cosign verification in README ( #553 )
...
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:24:42 -03:00
Carlos Alexandro Becker
5e53f8eea2
ci: add release-major-tag workflow ( #552 )
...
* build: drop docker-bake in favor of plain npm
Every TypeScript action maintained by actions/* (checkout, setup-node,
setup-go, cache, upload-artifact) uses plain npm scripts. The bake
setup is a docker/* org convention and adds friction for TS work:
contributors need Docker, the dev loop is ~10x slower than npm, and
Alpine-vs-host byte drift in dist/index.js makes PRs bounce.
Replace with the standard pattern:
- .node-version pins Node 24 so contributors and CI agree
- npm scripts (build, lint, format, test, pre-checkin) replace bake
targets one-for-one
- validate.yml runs lint + a check-dist diff (mirrors actions/setup-node)
and a vendor check that npm install --package-lock-only is a no-op
- test.yml uses setup-node + sigstore/cosign-installer, drops bake-action
- dependabot-build.yml regenerates dist via npm instead of bake
CONTRIBUTING.md and README development section updated to match.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: align scripts and workflows with actions/* convention
Match the standard layout used by actions/checkout, actions/setup-node,
etc.:
- package.json scripts: split format/format-check (Prettier) from
lint/lint:fix (ESLint), and have pre-checkin run all four (format,
lint:fix, build, test) in that order.
- validate.yml lint job runs format-check + lint as separate steps.
- test.yml drops the redundant --coverage flag (now in the test script).
- Drop dependabot-build.yml: actions/* don't auto-rebuild dist on
dependabot PRs; the check-dist style validate / build job catches
drift and a maintainer rebuilds locally if needed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* ci: add release-major-tag workflow
Adopts the actions/checkout pattern (workflow_dispatch with target +
major_version inputs that force-pushes the major tag). Doubles as a
rollback tool. Documented in CONTRIBUTING under a 'Releasing' section.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* ci: drop irrelevant pin comment from release-major-tag
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:23:21 -03:00
Carlos Alexandro Becker
4068afa2f0
build: drop docker-bake in favor of plain npm ( #551 )
...
* build: drop docker-bake in favor of plain npm
Every TypeScript action maintained by actions/* (checkout, setup-node,
setup-go, cache, upload-artifact) uses plain npm scripts. The bake
setup is a docker/* org convention and adds friction for TS work:
contributors need Docker, the dev loop is ~10x slower than npm, and
Alpine-vs-host byte drift in dist/index.js makes PRs bounce.
Replace with the standard pattern:
- .node-version pins Node 24 so contributors and CI agree
- npm scripts (build, lint, format, test, pre-checkin) replace bake
targets one-for-one
- validate.yml runs lint + a check-dist diff (mirrors actions/setup-node)
and a vendor check that npm install --package-lock-only is a no-op
- test.yml uses setup-node + sigstore/cosign-installer, drops bake-action
- dependabot-build.yml regenerates dist via npm instead of bake
CONTRIBUTING.md and README development section updated to match.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: align scripts and workflows with actions/* convention
Match the standard layout used by actions/checkout, actions/setup-node,
etc.:
- package.json scripts: split format/format-check (Prettier) from
lint/lint:fix (ESLint), and have pre-checkin run all four (format,
lint:fix, build, test) in that order.
- validate.yml lint job runs format-check + lint as separate steps.
- test.yml drops the redundant --coverage flag (now in the test script).
- Drop dependabot-build.yml: actions/* don't auto-rebuild dist on
dependabot PRs; the check-dist style validate / build job catches
drift and a maintainer rebuilds locally if needed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:22:23 -03:00
Carlos Alexandro Becker
213ec80f56
docs: add CONTRIBUTING with pre-commit workflow
...
Document the docker buildx bake pre-checkin / test / validate sequence
contributors need before pushing, and call out the Alpine-built dist/
gotcha so PRs don't bounce on build-validate.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 14:36:59 -03:00
Carlos Alexandro Becker
4b462d3d1d
feat: verify release checksum and cosign signature ( #550 )
...
* feat: verify release checksum and cosign signature
Download checksums.txt for the release and verify the SHA-256 of the
downloaded archive against it. When cosign is available in PATH, also
download checksums.txt.sigstore.json and verify the signature against
the goreleaser/goreleaser-pro release workflow identity. Both steps
degrade gracefully (with a warning) when the corresponding artifacts
or tooling are missing.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* test: use install() for checksum e2e tests
Drop the http-client download helper from verifyChecksum integration
tests; call goreleaser.install() instead so the test exercises the
public API path and avoids duplicating download logic.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 14:34:46 -03:00
Timo
01cbe076be
docs: Upgrade import GPG action version ( #547 )
2026-04-05 12:19:35 +00:00
dependabot[bot]
2a473d70e3
ci(deps): bump the actions group with 5 updates ( #546 )
...
* ci(deps): bump the actions group with 5 updates
Bumps the actions group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go ) | `6.3.0` | `6.4.0` |
| [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) | `6.3.0` | `7.0.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.12.0` | `4.0.0` |
| [docker/bake-action](https://github.com/docker/bake-action ) | `6.10.0` | `7.0.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `5.5.2` | `6.0.0` |
Updates `actions/setup-go` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4b73464bb3...4a3601121dhttps://github.com/crazy-max/ghaction-import-gpg/releases )
- [Commits](e89d40939c...2dc316deeehttps://github.com/docker/setup-buildx-action/releases )
- [Commits](8d2750c68a...4d04d5d948https://github.com/docker/bake-action/releases )
- [Commits](5be5f02ff8...82490499d2https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](671740ac38...57e3a136b7
2026-04-03 10:21:16 -03:00
Carlos Alexandro Becker
fdcf0b9df9
clean: leftover files from node 22(?)
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-03-22 23:46:39 -03:00
Carlos Alexandro Becker
9881cc5376
fix: use new static URL
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-03-22 23:43:18 -03:00
Carlos Alexandro Becker
07f3f34e99
chore: update
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-03-22 23:20:07 -03:00
dependabot[bot]
47f0a77cfc
chore(deps): bump undici from 6.23.0 to 6.24.1 ( #545 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.1.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.1 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-22 22:55:17 -03:00
dependabot[bot]
4be059cded
ci(deps): bump the actions group with 2 updates ( #543 )
...
Bumps the actions group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/setup-go` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](7a3fe6cf4c...4b73464bb3https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaa
2026-03-01 13:54:09 -03:00
Carlos Alexandro Becker
6c92f1d350
fix: bake vendor
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-22 20:54:03 -03:00
Carlos Alexandro Becker
ff4cb9c029
docs: update
2026-02-22 00:08:30 -03:00
Carlos Alexandro Becker
ec59f474b9
fix: yargs usage
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-09 09:21:42 -03:00
Carlos Alexandro Becker
752dedee3d
fix: gitignore
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-09 09:06:51 -03:00
Carlos Alexandro Becker
1881ae035d
ci: update dependabot settings
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-09 09:06:19 -03:00
Carlos Alexandro Becker
fdc5e662bb
chore: gitignore provenance.json
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-09 09:01:59 -03:00
dependabot[bot]
51b5b35c3c
chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group ( #539 )
...
* chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group
Bumps the npm group with 1 update: [semver](https://github.com/npm/node-semver ).
Updates `semver` from 7.7.3 to 7.7.4
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.3...v7.7.4 )
---
updated-dependencies:
- dependency-name: semver
dependency-version: 7.7.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update dist and vendor
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-09 09:01:32 -03:00
dependabot[bot]
4247c53b30
ci(deps): bump docker/setup-buildx-action in the actions group ( #538 )
...
Bumps the actions group with 1 update: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ).
Updates `docker/setup-buildx-action` from 3.10.0 to 3.12.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](b5ca514318...8d2750c68a
2026-02-02 08:32:26 -03:00
dependabot[bot]
c169bfd5ae
chore(deps): bump @actions/http-client from 3.0.2 to 4.0.0 in the npm group ( #537 )
...
* chore(deps): bump @actions/http-client in the npm group
Bumps the npm group with 1 update: [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client ).
Updates `@actions/http-client` from 3.0.2 to 4.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client )
---
updated-dependencies:
- dependency-name: "@actions/http-client"
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update dist and vendor
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-02 08:32:10 -03:00
dependabot[bot]
902ab4a70d
chore(deps): bump the npm group across 1 directory with 4 updates ( #536 )
...
* chore(deps): bump the npm group across 1 directory with 4 updates
Bumps the npm group with 3 updates in the / directory: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ), [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec ) and [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache ).
Updates `@actions/core` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@actions/exec` from 2.0.0 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/exec )
Updates `@actions/http-client` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client )
Updates `@actions/tool-cache` from 3.0.0 to 4.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/tool-cache )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/exec"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/http-client"
dependency-version: 3.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: "@actions/tool-cache"
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update dist and vendor
* chore: rm provenance
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
* test: use esm in jest
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
* ci: fix npm run test
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-01-29 21:59:39 -03:00
Carlos Alexandro Becker
c59a691319
chore: gitignore
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-01-29 21:48:08 -03:00
Carlos Alexandro Becker
56cc8b2737
ci: add job to automate dependabot pre-checkin/vendor
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-01-29 21:31:47 -03:00
Carlos Alexandro Becker
78265e466a
feat!: node 24, update deps, rm yarn, ESM ( #533 )
...
* chore(deps): bump the npm group across 1 directory with 7 updates
Bumps the npm group with 7 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) | `1.11.1` | `2.0.2` |
| [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec ) | `1.1.1` | `2.0.0` |
| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client ) | `2.2.3` | `3.0.1` |
| [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache ) | `2.0.2` | `3.0.0` |
| [js-yaml](https://github.com/nodeca/js-yaml ) | `4.1.0` | `4.1.1` |
| [semver](https://github.com/npm/node-semver ) | `7.7.2` | `7.7.3` |
| [yargs](https://github.com/yargs/yargs ) | `17.7.2` | `18.0.0` |
Updates `@actions/core` from 1.11.1 to 2.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@actions/exec` from 1.1.1 to 2.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/exec )
Updates `@actions/http-client` from 2.2.3 to 3.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client )
Updates `@actions/tool-cache` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache )
Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1 )
Updates `semver` from 7.7.2 to 7.7.3
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3 )
Updates `yargs` from 17.7.2 to 18.0.0
- [Release notes](https://github.com/yargs/yargs/releases )
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/yargs/yargs/compare/v17.7.2...v18.0.0 )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 2.0.2
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/exec"
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/http-client"
dependency-version: 3.0.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/tool-cache"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: js-yaml
dependency-version: 4.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: semver
dependency-version: 7.7.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: yargs
dependency-version: 18.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com>
* refactor: remove yarn, update to node 24
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
* chore: review
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
* fix: stable
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-29 21:22:39 -03:00
dependabot[bot]
4c34bd9582
ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group ( #534 )
...
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45
2026-01-26 08:38:43 -03:00
dependabot[bot]
aacbb7ffbc
ci(deps): bump the actions group across 1 directory with 4 updates ( #532 )
...
Bumps the actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout ), [actions/setup-go](https://github.com/actions/setup-go ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [codecov/codecov-action](https://github.com/codecov/codecov-action ).
Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8https://github.com/actions/setup-go/releases )
- [Commits](4dc6199c7b...7a3fe6cf4chttps://github.com/actions/upload-artifact/releases )
- [Commits](330a01c490...b7c566a772https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](5a1091511a...671740ac38
2026-01-19 14:51:40 -03:00
dependabot[bot]
d31d51ab55
ci(deps): bump docker/bake-action in the actions group ( #526 )
...
Bumps the actions group with 1 update: [docker/bake-action](https://github.com/docker/bake-action ).
Updates `docker/bake-action` from 6.9.0 to 6.10.0
- [Release notes](https://github.com/docker/bake-action/releases )
- [Commits](3acf805d94...5be5f02ff8
2025-12-01 14:36:18 -03:00
dependabot[bot]
f3511a2bf5
ci(deps): bump the actions group with 2 updates ( #523 )
...
Bumps the actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-go](https://github.com/actions/setup-go ).
Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68https://github.com/actions/setup-go/releases )
- [Commits](4469467582...4dc6199c7b
2025-11-27 08:47:44 -03:00
dependabot[bot]
9cf36111e7
ci(deps): bump the actions group with 2 updates ( #517 )
...
Bumps the actions group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/setup-go` from 5.5.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582https://github.com/actions/upload-artifact/releases )
- [Commits](ea165f8d65...330a01c490
2025-11-06 18:18:08 -03:00
Carlos Alexandro Becker
43039ef35c
fix: typo
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-11-06 18:17:45 -03:00
Carlos Alexandro Becker
89b8235a3e
ci: update dependabot
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-11-06 17:39:25 -03:00
Carlos Alexandro Becker
aab47043d0
sec: pin github action versions ( #514 )
...
using caarlos0/pinata
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-11-05 14:27:48 +01:00
KĂ©vin Dunglas
a08664b80c
docs: upgrade checkout GitHub Action in README.md ( #507 )
2025-08-25 15:09:53 -03:00
dependabot[bot]
35b9a27f96
chore(deps): bump actions/checkout from 4 to 5 ( #504 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-14 10:17:53 -03:00
Carlos Alexandro Becker
e435ccd777
feat: retry downloading releases json ( #503 )
...
refs https://github.com/orgs/goreleaser/discussions/5954
2025-08-06 22:28:41 -03:00
dependabot[bot]
2ff5850a92
chore(deps): bump undici from 5.28.5 to 5.29.0 ( #496 )
...
* chore(deps): bump undici from 5.28.5 to 5.29.0
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 5.29.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update generated content
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-08-02 10:31:15 +02:00
Carlos Alexandro Becker
9a6cd01b33
fix: do not get releases.json if version is specific ( #502 )
...
closes #489
2025-08-02 10:24:12 +02:00
dependabot[bot]
a386515f0c
chore(deps): bump brace-expansion from 1.1.11 to 1.1.12 ( #498 )
...
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion ) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases )
- [Commits](https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12 )
---
updated-dependencies:
- dependency-name: brace-expansion
dependency-version: 1.1.12
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-02 10:19:58 +02:00
dependabot[bot]
ca48102d58
chore(deps): bump semver from 7.7.1 to 7.7.2 ( #495 )
...
* chore(deps): bump semver from 7.7.1 to 7.7.2
Bumps [semver](https://github.com/npm/node-semver ) from 7.7.1 to 7.7.2.
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2 )
---
updated-dependencies:
- dependency-name: semver
dependency-version: 7.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update generated content
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-08-01 19:29:12 +02:00
haya14busa
0931acf1f7
fix: support .config directory for goreleaser config files ( #500 )
...
* fix: support .config directory for goreleaser config files
Add support for .config/goreleaser.yaml and .config/goreleaser.yml
configuration files to match GoReleaser's official search order.
* run $ docker buildx bake build
2025-07-04 18:16:46 +00:00
CrazyMax
90c43f2c19
ci: set contents read as default workflow permissions ( #494 )
2025-03-30 23:00:02 +02:00
CrazyMax
9c156ee8a1
ci: update bake-action to v6 ( #493 )
2025-03-30 13:08:41 +02:00
dependabot[bot]
73c477b761
chore(deps): bump undici from 5.28.3 to 5.28.5 ( #488 )
...
* chore(deps): bump undici from 5.28.3 to 5.28.5
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.3 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.3...v5.28.5 )
---
updated-dependencies:
- dependency-name: undici
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update generated content
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-03-30 13:02:03 +02:00
dependabot[bot]
19c00a97d6
chore(deps): bump codecov/codecov-action from 4 to 5 ( #481 )
...
* chore(deps): bump codecov/codecov-action from 4 to 5
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4 to 5.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci: fix deprecated codecov input
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-03-30 12:39:42 +02:00
Carlos Alexandro Becker
90a3faa9d0
chore(deps): bake vendor
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-02-10 23:51:46 -03:00
Carlos Alexandro Becker
0262998728
test: fixes
2025-02-10 23:45:14 -03:00
Carlos Alexandro Becker
450d3a4bd2
test: fix configs
2025-02-10 23:42:28 -03:00
Carlos Alexandro Becker
25b92abef8
chore(deps): update semver and tool-cache
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-02-10 23:40:43 -03:00
Carlos Alexandro Becker
bc0ac76346
chore(deps): update actions
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-02-10 23:40:32 -03:00
