mirror of
https://github.com/jdx/mise-action.git
synced 2026-05-14 13:50:33 +00:00
633 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
jdx
|
ac8a6414ec
|
feat: add wings_enabled input (mise-wings cache integration) (#454)
## Summary
Adds two new inputs that gate the mise-wings asset cache for tool
installs. Existing workflows are unaffected: default `wings_enabled:
false` is a no-op.
| Input | Default | Description |
|---|---|---|
| `wings_enabled` | `false` | Route tool-install URLs through the wings
cache when `true` |
## How it works
When `wings_enabled: true`, the action exports `MISE_WINGS_ENABLED=1`.
Authentication is **fully automatic** — mise itself owns the GHA OIDC →
wings session exchange. No `mise wings login` step in workflow YAML, no
long-lived secrets to rotate.
When mise (built with wings support — see
[jdx/mise#9458](https://github.com/jdx/mise/pull/9458)) sees
`MISE_WINGS_ENABLED=1` and detects the GHA OIDC env vars
(`ACTIONS_ID_TOKEN_REQUEST_URL` + `ACTIONS_ID_TOKEN_REQUEST_TOKEN`), it:
1. Fetches the runner's OIDC token, scoped to the wings deployment
audience
2. POSTs it to `https://api.<host>/auth` to mint a wings CI session JWT
3. Caches the JWT in-process for the rest of the workflow run
4. Transparently rewrites `registry.npmjs.org` / `github.com` /
`api.github.com` URLs to the corresponding wings cache subdomains and
attaches the JWT as a Bearer header
## Why opt-in (not opt-out)
The default-off posture is deliberate. Many workflows already declare
`permissions: id-token: write` for unrelated reasons (SLSA provenance,
AWS OIDC, Sigstore, npm provenance, etc.). If `wings_enabled` defaulted
to `true`, those workflows would silently send the runner's OIDC
identity claims to a third-party cache without explicit consent. Cursor
Bugbot HIGH + Greptile P1+security correctly flagged the previous
"default true" iteration of this PR as a privacy regression.
Explicit opt-in keeps the gate visible in the workflow YAML.
## Workflow requirements
```yaml
permissions:
id-token: write # required for OIDC
jobs:
build:
steps:
- uses: jdx/mise-action@<sha>
with:
wings_enabled: true
```
The action emits a clear warning when `wings_enabled: true` but
`id-token: write` is missing — without that hint, the user would see
"wings configured but doing nothing" and have no clue why.
## Test plan
- [x] `npm run all` — format + lint + package, clean
- [x] `dist/index.js` rebuilt and contains the wings hook (greppable:
`MISE_WINGS_ENABLED`, `setupWings`)
- [ ] End-to-end: a workflow with `wings_enabled: true`, `permissions:
id-token: write`, an active wings subscription, and a recent enough
`mise` binary. The mise repo's own `docs.yml` will exercise this path
once [jdx/mise#9458](https://github.com/jdx/mise/pull/9458) is merged.
- [ ] Default-off path: a workflow without the `wings_enabled` input
behaves identically to today.
## Out of scope
- Older mise binaries will see `MISE_WINGS_ENABLED` and silently ignore
it (no wings client code) — that's intended; the action doesn't gate on
mise version.
- Self-hosted runners: `permissions: id-token: write` only does anything
on GitHub-hosted runners by default. Self-hosted runners need extra
config; the warning above is conservative enough for both cases.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Introduces an opt-in path that can cause OIDC-based authentication to
a third-party cache and alters tool download routing when enabled.
Default-off behavior limits impact, but misconfiguration could create
confusing cache bypass or unexpected network/token exchange behavior.
>
> **Overview**
> Adds a new **experimental** `wings_enabled` action input (default
`false`) to opt workflows into the mise-wings asset cache by exporting
`MISE_WINGS_ENABLED=1`.
>
> When enabled, the action now runs `setupWings()` early to set the env
var and warn if GitHub OIDC env vars are missing (i.e., `permissions:
id-token: write` not configured), while leaving existing/default
behavior unchanged.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
|
||
|
jdx
|
0a780158e1
|
chore: migrate package manager from npm/pnpm/bun to aube (#455)
## Summary
Switches the project's package-manager surface from a mix of `npm` /
`pnpm` / `bun` (different commands in different files) to a single tool:
[aube](https://aube.en.dev), en.dev's pnpm-compat package manager
(native Rust, fast, drops cleanly into pnpm/npm-compatible workflows).
| | Before | After |
|---|---|---|
| Workflows install step | `npm ci` | `aube ci` |
| Workflows run scripts | `npm run X` | `aubr X` (`aubr` is the `aube
run` shorthand) |
| `mise.toml` tasks | mixed `npm run` / `bun run` | `aubr X` |
| Lockfile | `package-lock.json` | `package-lock.json` (unchanged — aube
reads it directly) |
The `aubr` binary ships alongside `aube` in the same install — it's the
script-runner shorthand (`aubr <script>` ≡ `aube run <script>`). Saves a
word in every workflow / mise.toml line.
## What didn't change
- **`package-lock.json`** stays as the canonical lockfile. aube reads it
directly; no `aube-lock.yaml` is generated. Running `npm install` still
works for any dev who hasn't switched to aube yet.
- **`package.json` scripts** still use `npm run X` for nested
invocations (e.g. `"all": "npm run format:write && …"`). The literal
`npm` works for both callers — aube's shell exec finds `npm` in PATH,
the inner invocation re-runs the same package.json script. Keeping these
PM-agnostic avoids a forced cutover for downstream contributors.
- **`dist/`** is byte-identical after `aubr all` — parity with the
npm-built bundle verified locally.
## New project files
- **`.npmrc`** — single line: `node-linker=hoisted`. Forces a flat,
npm-style `node_modules` layout instead of aube's default
symlink/virtual-store. Required because `rollup --configPlugin
@rollup/plugin-typescript` resolves the plugin from cwd's node_modules,
and the isolated layout puts rollup under `node_modules/.aube/...` where
standard module resolution can't reach back to the project root for the
plugin. npm reads `.npmrc` but ignores `node-linker` (npm always
installs flat), so the file is safe for both PMs.
- **`pnpm-workspace.yaml`** — generated by aube 1.4 to record
build-script approvals (`unrs-resolver: false`). Project-level config;
commits like a `package.json` companion.
Pinned `aube = '1.4'` in `mise.toml`'s tools so `mise install`
provisions the right binary locally.
## Why aube
Single tool replacing three. Less context-switching for contributors,
fewer places to run `npm audit` / `bun upgrade` / `pnpm dedupe`. aube's
cold-cache install for this repo's deps is ~3s vs `npm ci` at ~10s.
## Test plan
- [x] `aube install` from clean — succeeds, all 441 packages link
cleanly
- [x] `aubr all` (format + lint + package) — succeeds, `dist/`
byte-identical to checked-in version
- [x] `aubr format:check` — clean
- [x] `aubr lint` — clean
- [x] `aubr package` — produces `dist/index.js`, `dist/index.js.map`,
`dist/licenses.txt` matching what's checked in
- [ ] Workflows: `Continuous Integration` / `autofix.ci` / `Check dist/`
/ `test` all pass on this PR
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Mostly CI/build-system plumbing; risk is workflow or packaging
breakage (dependency install layout, rollup config) that could prevent
`dist/` from rebuilding or CI from running, but it doesn’t change
runtime action logic.
>
> **Overview**
> Switches GitHub Actions workflows to install tooling via
`jdx/mise-action` and run installs/scripts with `aube`/`aubr` instead of
`actions/setup-node` + `npm ci`/`npm run`.
>
> Pins `aube` (`1.4`) in `mise.toml`, updates `mise` tasks and developer
docs (`CLAUDE.md`) to use `aube`/`aubr`, and adds `.npmrc`
(`node-linker=hoisted`) plus a `.gitignore` entry to avoid committing
`aube`’s generated `pnpm-workspace.yaml`.
>
> Adjusts the packaging script to use `rollup.config.mjs` (replacing the
previous TS config invocation).
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
|
||
|
renovate[bot]
|
3cd8ad48b8
|
chore(deps): lock file maintenance (#439)
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - "before 4am on monday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|
jdx
|
1c5f70fd40
|
chore(deps): bump communique to 1.1.2 (#453)
## Summary
- add a communique mise lock entry for v1.1.2
- include release asset URLs and checksums, including musl assets
## Validation
- monitored jdx/communique release workflow 24960017639 to success
- `mise install --locked communique`
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk: adds an auto-generated tool lockfile entry only, affecting
developer tool installation but not runtime application behavior.
>
> **Overview**
> Pins the `communique` developer tool to **v1.1.2** by adding a
generated `mise.lock` entry.
>
> The lock includes **per-platform download URLs, asset API links, and
SHA-256 checksums**, including *musl* variants for Linux.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
|
||
|
renovate[bot]
|
5ad13376e3
|
chore(deps): update autofix-ci/action digest to c5b2d67 (#452)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [autofix-ci/action](https://redirect.github.com/autofix-ci/action)
([changelog](
|
||
|
renovate[bot]
|
6fa7302151
|
chore(deps): update actions/setup-node digest to 48b55a0 (#451)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node)
([changelog](
|
||
|
renovate[bot]
|
db69447ab3
|
chore(deps): update dependency eslint to v10.2.1 (#445)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [eslint](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint)) | [`10.2.0` → `10.2.1`](https://renovatebot.com/diffs/npm/eslint/10.2.0/10.2.1) |  |  | --- ### Release Notes <details> <summary>eslint/eslint (eslint)</summary> ### [`v10.2.1`](https://redirect.github.com/eslint/eslint/compare/v10.2.0...4d1d8f9737236603f64bbe83d5bb8001627b5611) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v10.2.0...v10.2.1) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
89d8187abc
|
chore(deps): update dependency typescript to v6.0.3 (#442)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [typescript](https://www.typescriptlang.org/) ([source](https://redirect.github.com/microsoft/TypeScript)) | [`6.0.2` → `6.0.3`](https://renovatebot.com/diffs/npm/typescript/6.0.2/6.0.3) |  |  | --- ### Release Notes <details> <summary>microsoft/TypeScript (typescript)</summary> ### [`v6.0.3`](https://redirect.github.com/microsoft/TypeScript/compare/v6.0.2...050880ce59e30b356b686bd3144efe24f875ebc8) [Compare Source](https://redirect.github.com/microsoft/TypeScript/compare/v6.0.2...v6.0.3) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
4513fc1bd4
|
chore(deps): update dependency typescript-eslint to v8.58.2 (#443)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)) | [`8.58.1` → `8.58.2`](https://renovatebot.com/diffs/npm/typescript-eslint/8.58.1/8.58.2) |  |  | --- ### Release Notes <details> <summary>typescript-eslint/typescript-eslint (typescript-eslint)</summary> ### [`v8.58.2`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8582-2026-04-13) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.58.1...v8.58.2) ##### 🩹 Fixes - remove tsbuildinfo cache file from published packages ([#​12187](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12187)) ##### ❤️ Thank You - Abhijeet Singh [@​cseas](https://redirect.github.com/cseas) See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.2) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
2f9976bb5b
|
chore(deps): update dependency prettier to v3.8.3 (#441)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [prettier](https://prettier.io) ([source](https://redirect.github.com/prettier/prettier)) | [`3.8.2` → `3.8.3`](https://renovatebot.com/diffs/npm/prettier/3.8.2/3.8.3) |  |  | --- ### Release Notes <details> <summary>prettier/prettier (prettier)</summary> ### [`v3.8.3`](https://redirect.github.com/prettier/prettier/compare/3.8.2...3.8.3) [Compare Source](https://redirect.github.com/prettier/prettier/compare/3.8.2...3.8.3) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
4d6abcf45f
|
chore(deps): update dependency globals to v17.5.0 (#444)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [globals](https://redirect.github.com/sindresorhus/globals) | [`17.4.0` → `17.5.0`](https://renovatebot.com/diffs/npm/globals/17.4.0/17.5.0) |  |  | --- ### Release Notes <details> <summary>sindresorhus/globals (globals)</summary> ### [`v17.5.0`]() [Compare Source](https://redirect.github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
f1b645161c
|
chore(deps): update github/codeql-action digest to 95e58e9 (#440)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](
|
||
|
renovate[bot]
|
d6e9fb75ae
|
chore(deps): update dependency typescript-eslint to v8.58.1 (#422)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint) ([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)) | [`8.58.0` → `8.58.1`](https://renovatebot.com/diffs/npm/typescript-eslint/8.58.0/8.58.1) |  |  | --- ### Release Notes <details> <summary>typescript-eslint/typescript-eslint (typescript-eslint)</summary> ### [`v8.58.1`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8581-2026-04-08) [Compare Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.58.0...v8.58.1) This was a version bump only for typescript-eslint to align it with other projects, there were no code changes. See [GitHub Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.1) for more information. You can read about our [versioning strategy](https://typescript-eslint.io/users/versioning) and [releases](https://typescript-eslint.io/users/releases) on our website. </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
jdx
|
a407fefef5
|
ci: add final job to aggregate build-test results (#438)
## Summary
- Add a `final` job to the build-test workflow that depends on all other
jobs
- Fails if any upstream job failed or was skipped
- Provides a single required status check for branch protection
## Test plan
- [ ] `final` job passes when all other jobs pass
- [ ] `final` job fails when any upstream job fails
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk: workflow-only change that adds a single aggregator job and
doesn’t affect production code paths. Main risk is misconfiguring branch
protection expectations if the `final` job logic/conditions are wrong.
>
> **Overview**
> Adds a `final` GitHub Actions job to the `build-test` workflow that
depends on all other jobs and runs with `if: always()`.
>
> The `final` job fails the workflow if any upstream job result is
`failure`, `cancelled`, or `skipped`, enabling a single required status
check for branch protection.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
|
||
|
renovate[bot]
|
3b61f05fac
|
fix(deps): update dependency @actions/cache to v6 (#432)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@actions/cache](https://redirect.github.com/actions/toolkit/tree/main/packages/cache) ([source](https://redirect.github.com/actions/toolkit/tree/HEAD/packages/cache)) | [`^4.0.0` → `^6.0.0`](https://renovatebot.com/diffs/npm/@actions%2fcache/4.1.0/6.0.0) |  |  | --- ### Release Notes <details> <summary>actions/toolkit (@​actions/cache)</summary> ### [`v6.0.0`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/cache/RELEASES.md#600) - **Breaking change**: Package is now ESM-only - CommonJS consumers must use dynamic `import()` instead of `require()` ### [`v5.0.5`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/cache/RELEASES.md#505) - Bump `@actions/glob` to `0.5.1` ### [`v5.0.4`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/cache/RELEASES.md#504) - Bump `@actions/http-client` to `3.0.2` ### [`v5.0.3`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/cache/RELEASES.md#503) Prevent retries for rate limited cache operations [2243](https://redirect.github.com/actions/toolkit/pull/2243). ### [`v5.0.1`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/cache/RELEASES.md#501) - Fix Node.js 24 punycode deprecation warning by updating `@azure/storage-blob` from `^12.13.0` to `^12.29.1` [#​2213](https://redirect.github.com/actions/toolkit/pull/2213) - Newer storage-blob uses `@azure/core-rest-pipeline` instead of deprecated `@azure/core-http`, which eliminates the transitive dependency on `node-fetch@2` → `whatwg-url@5` → `tr46@​0.0.3` that used the deprecated punycode module ### [`v5.0.0`](https://redirect.github.com/actions/toolkit/blob/HEAD/packages/cache/RELEASES.md#500) - Remove `@azure/ms-rest-js` dependency [#​2197](https://redirect.github.com/actions/toolkit/pull/2197) - The `TransferProgressEvent` type is now imported from `@azure/core-rest-pipeline` instead of `@azure/ms-rest-js` - Bump `@actions/core` from `^1.11.1` to `^2.0.0` [#​2198](https://redirect.github.com/actions/toolkit/pull/2198) - Bump `@actions/exec` from `^1.0.1` to `^2.0.0` [#​2198](https://redirect.github.com/actions/toolkit/pull/2198) - Bump `@actions/glob` from `^0.1.0` to `^0.5.0` [#​2198](https://redirect.github.com/actions/toolkit/pull/2198) - Bump `@actions/http-client` from `^2.1.1` to `^3.0.0` [#​2198](https://redirect.github.com/actions/toolkit/pull/2198) - Bump `@actions/io` from `^1.0.1` to `^2.0.0` [#​2198](https://redirect.github.com/actions/toolkit/pull/2198) - Add support for Node.js 24 [#​2110](https://redirect.github.com/actions/toolkit/pull/2110) - Add `node-fetch` override to resolve audit vulnerabilities [#​2110](https://redirect.github.com/actions/toolkit/pull/2110) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
6ffba57a54
|
chore(deps): update dependency typescript to v6 (#428)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [typescript](https://www.typescriptlang.org/) ([source](https://redirect.github.com/microsoft/TypeScript)) | [`^5.7.2` → `^6.0.0`](https://renovatebot.com/diffs/npm/typescript/5.9.3/6.0.2) |  |  | --- ### Release Notes <details> <summary>microsoft/TypeScript (typescript)</summary> ### [`v6.0.2`](https://redirect.github.com/microsoft/TypeScript/compare/v5.9.3...607a22a90d1a5a1b507ce01bb8cd7ec020f954e7) [Compare Source](https://redirect.github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
jdx
|
2a3eb97a03
|
chore: migrate from ncc (CJS) to rollup (ESM) (#436)
## Summary
- Switch bundler from `@vercel/ncc` to `rollup` with
`@rollup/plugin-commonjs`, `@rollup/plugin-node-resolve`,
`@rollup/plugin-json`, and `@rollup/plugin-typescript`
- Add `"type": "module"` to `package.json` for ESM support
- Upgrade all `@actions/*` dependencies to their latest major versions
(`@actions/core` v3, `@actions/exec` v3, `@actions/cache` v6,
`@actions/glob` v0.6, `@actions/io` v3)
- Remove old ncc artifacts (`dist/licenses.txt`,
`dist/sourcemap-register.js`)
## Why
The `@actions/toolkit` packages v3+ are ESM-only and can't be bundled by
ncc (which uses webpack with CJS `require()`). This is what's blocking
#435 (renovate `@actions/exec` v3 upgrade). The official
`actions/typescript-action` template has already migrated to rollup.
## Test plan
- [ ] CI passes (`npm run all` — format, lint, package)
- [ ] `check-dist` workflow passes (dist/index.js matches build output)
- [ ] Integration tests pass on all platforms (ubuntu, macos, windows,
alpine)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Moderate risk because it changes the action’s build/bundling pipeline
and module format (CJS→ESM), which can break runtime execution or
dependency resolution if the generated `dist/` output differs across
environments.
>
> **Overview**
> Migrates the GitHub Action build from `@vercel/ncc` (CommonJS) to a
Rollup-based ESM bundle, adding `rollup.config.ts` and updating
TypeScript settings to `NodeNext` to support ESM output.
>
> Updates `package.json` to `"type": "module"`, switches the packaging
script to Rollup, and upgrades `@actions/*` dependencies to their latest
major (ESM-only) versions. The checked-in `dist/` artifacts are
regenerated accordingly (including license output) and legacy
ncc-specific artifacts are removed.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
|
||
|
renovate[bot]
|
a25e4af358
|
chore(deps): update amannn/action-semantic-pull-request action to v6 (#426)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [amannn/action-semantic-pull-request](https://redirect.github.com/amannn/action-semantic-pull-request) | action | major | `v5` → `v6` | --- ### Release Notes <details> <summary>amannn/action-semantic-pull-request (amannn/action-semantic-pull-request)</summary> ### [`v6`](https://redirect.github.com/amannn/action-semantic-pull-request/compare/v5...v6) [Compare Source](https://redirect.github.com/amannn/action-semantic-pull-request/compare/v5...v6) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
8b65f8f4d4
|
chore(deps): update github/codeql-action action to v4 (#430)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | major | `v3` → `v4` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v4`](https://redirect.github.com/github/codeql-action/compare/v3...v4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3...v4) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
0b79532206
|
chore(deps): update eslint monorepo to v10 (major) (#429)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@eslint/js](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint/tree/HEAD/packages/js)) | [`^9.15.0` → `^10.0.0`](https://renovatebot.com/diffs/npm/@eslint%2fjs/9.39.4/10.0.1) |  |  | | [eslint](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint)) | [`^9.15.0` → `^10.0.0`](https://renovatebot.com/diffs/npm/eslint/9.39.4/10.2.0) |  |  | --- ### Release Notes <details> <summary>eslint/eslint (@​eslint/js)</summary> ### [`v10.0.1`](https://redirect.github.com/eslint/eslint/compare/v10.0.0...84fb885d49ac810e79a9491276b4828b53d913e5) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v10.0.0...v10.0.1) ### [`v10.0.0`](https://redirect.github.com/eslint/eslint/releases/tag/v10.0.0) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.39.4...v10.0.0) #### Breaking Changes - [`f9e54f4`]( |
||
|
renovate[bot]
|
5dd08e1290
|
chore(deps): update dependency globals to v17 (#427)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [globals](https://redirect.github.com/sindresorhus/globals) | [`^16.0.0` → `^17.0.0`](https://renovatebot.com/diffs/npm/globals/16.5.0/17.4.0) |  |  | --- ### Release Notes <details> <summary>sindresorhus/globals (globals)</summary> ### [`v17.4.0`](https://redirect.github.com/sindresorhus/globals/compare/v17.3.0...a9cfd7493fb701474d4dc946283c7b9d63d64134) [Compare Source](https://redirect.github.com/sindresorhus/globals/compare/v17.3.0...v17.4.0) ### [`v17.3.0`](https://redirect.github.com/sindresorhus/globals/releases/tag/v17.3.0) [Compare Source](https://redirect.github.com/sindresorhus/globals/compare/v17.2.0...v17.3.0) - Update globals (2026-02-01) ([#​336](https://redirect.github.com/sindresorhus/globals/issues/336)) [`295fba9`]( |
||
|
renovate[bot]
|
ac93c8a0e0
|
chore(deps): update actions/upload-artifact digest to 043fb46 (#434)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
([changelog](
|
||
|
renovate[bot]
|
970e54e062
|
chore(deps): update jdx/mise-action action to v4 (#431)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [jdx/mise-action](https://redirect.github.com/jdx/mise-action) | action | major | `v2` → `v4` | --- ### Release Notes <details> <summary>jdx/mise-action (jdx/mise-action)</summary> ### [`v4`](https://redirect.github.com/jdx/mise-action/compare/v3...v4) [Compare Source](https://redirect.github.com/jdx/mise-action/compare/v3...v4) ### [`v3`](https://redirect.github.com/jdx/mise-action/blob/HEAD/CHANGELOG.md#340---2025-10-31) [Compare Source](https://redirect.github.com/jdx/mise-action/compare/v2...v3) ##### 🚀 Features - use autofix.ci to auto-update dist/ on all PRs by [@​jdx](https://redirect.github.com/jdx) in [ |
||
|
renovate[bot]
|
41a529d4f6
|
chore(deps): update actions/upload-artifact action to v7 (#425)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | major | `v6` → `v7` | --- ### Release Notes <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v7`](https://redirect.github.com/actions/upload-artifact/compare/v6...v7) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v6...v7) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
f2530f6d59
|
chore(deps): update dependency @types/handlebars to v4.1.0 (#423)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@types/handlebars](https://redirect.github.com/wycats/handlebars.js) | [`4.0.40` → `4.1.0`](https://renovatebot.com/diffs/npm/@types%2fhandlebars/4.0.40/4.1.0) |  |  | --- ### Release Notes <details> <summary>wycats/handlebars.js (@​types/handlebars)</summary> ### [`v4.1.0`](https://redirect.github.com/wycats/handlebars.js/blob/HEAD/release-notes.md#v410---February-7th-2019) New Features - import TypeScript typings - [`27ac1ee`]( |
||
|
renovate[bot]
|
05f8e725d3
|
chore(deps): update dependency prettier to v3.8.2 (#421)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [prettier](https://prettier.io) ([source](https://redirect.github.com/prettier/prettier)) | [`3.8.1` → `3.8.2`](https://renovatebot.com/diffs/npm/prettier/3.8.1/3.8.2) |  |  | --- ### Release Notes <details> <summary>prettier/prettier (prettier)</summary> ### [`v3.8.2`](https://redirect.github.com/prettier/prettier/compare/3.8.1...fbf300f9d89820364ddc9b2efa05b92b8c01b692) [Compare Source](https://redirect.github.com/prettier/prettier/compare/3.8.1...3.8.2) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
1c992c2b17
|
chore(deps): lock file maintenance (#420)
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ1cGRhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
d93325ba61
|
chore(deps): update dependency @types/handlebars to v4.1.0 (#417)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@types/handlebars](https://redirect.github.com/wycats/handlebars.js) | [`4.0.40` → `4.1.0`](https://renovatebot.com/diffs/npm/@types%2fhandlebars/4.0.40/4.1.0) |  |  | --- ### Release Notes <details> <summary>wycats/handlebars.js (@​types/handlebars)</summary> ### [`v4.1.0`](https://redirect.github.com/wycats/handlebars.js/blob/HEAD/release-notes.md#v410---February-7th-2019) New Features - import TypeScript typings - [`27ac1ee`]( |
||
|
renovate[bot]
|
641a2bcbed
|
chore(deps): update github/codeql-action digest to 5c8a8a6 (#416)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](
|
||
|
renovate[bot]
|
ae16675061
|
chore(deps): lock file maintenance (#415)
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45NC4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
b106a2f3b6
|
chore(deps): lock file maintenance (#413)
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|
jdx
|
0b4dcb0c10
|
ci: add communique to enhance release notes (#411)
## Summary
- Add communique tool to mise.toml
- Add `enhance-release` job to release workflow that runs after release
creation to generate AI-enhanced release notes
## Test plan
- [ ] Verify next release triggers the enhance-release job
- [ ] Confirm ANTHROPIC_API_KEY secret is configured in repo settings
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Adds a new post-release GitHub Actions job that uses an external AI
API and an elevated token to modify GitHub release notes; failures or
misconfigured secrets can break the release workflow and token scope
matters.
>
> **Overview**
> After the `release` job completes, the workflow now runs a new
`enhance-release` job that computes the tag from `package.json` and
calls `communique generate ... --github-release` to update the GitHub
release notes.
>
> The PR also adds `communique` to `mise.toml` so the tool is available
in CI, and wires in `ANTHROPIC_API_KEY` plus a dedicated
`RELEASE_PLZ_GITHUB_TOKEN` for the release-note update step.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
mise-en-dev
|
1648a7812b
|
chore: release v4.0.1 (#406)
--- ## [4.0.1](https://github.com/jdx/mise-action/compare/v4.0.0..v4.0.1) - 2026-03-22 ### 🐛 Bug Fixes - run npm install in pre-commit hook before build (#410) by [@jdx](https://github.com/jdx) in [#410](https://github.com/jdx/mise-action/pull/410) ### 🚜 Refactor - extract getCwd() helper to deduplicate working directory resolution (#403) by [@altendky](https://github.com/altendky) in [#403](https://github.com/jdx/mise-action/pull/403) ### 📚 Documentation - bump versions listed im README.md (#407) by [@deining](https://github.com/deining) in [#407](https://github.com/jdx/mise-action/pull/407) - bump more versions listed in README.md (#408) by [@deining](https://github.com/deining) in [#408](https://github.com/jdx/mise-action/pull/408) ### ⚙️ Miscellaneous Tasks - add workflow to auto-close stale PRs (#409) by [@jdx](https://github.com/jdx) in [#409](https://github.com/jdx/mise-action/pull/409) ### New Contributors * @deining made their first contribution in [#408](https://github.com/jdx/mise-action/pull/408) <!-- generated by git-cliff --> |
||
|
jdx
|
e2d499cca6
|
ci: add workflow to auto-close stale PRs (#409)
## Summary
- Adds a daily workflow that auto-closes PRs inactive for 30+ days
- Skips PRs authored by jdx or labeled `keep-open`
- Includes different close messages depending on CI status (failing vs
passing)
Ported from jdx/mise.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk: adds a standalone GitHub Actions workflow that only closes
eligible open PRs and does not affect application/runtime code.
>
> **Overview**
> Adds a new GitHub Actions workflow (`.github/workflows/pr-closer.yml`)
that runs daily (and manually) to close PRs with no activity for 30+
days.
>
> The job filters out PRs authored by `jdx` or labeled `keep-open`, and
posts a different close comment when CI checks are failing vs passing.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
jdx
|
0cc0f19036
|
fix: run npm install in pre-commit hook before build (#410)
## Summary
- Adds `npm install` before `npm run all` in the husky pre-commit hook
- Prevents stale `node_modules` from producing unintended `dist/`
changes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk change confined to developer tooling; it only affects local
pre-commit behavior and should not impact runtime code.
>
> **Overview**
> Ensures the pre-commit hook runs `npm ci` before `npm run all`, so
builds use a fresh/consistent `node_modules` prior to staging `dist`
changes.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
Andreas Deininger
|
89c67a39ab
|
docs: bump more versions listed in README.md (#408)
This is a continuation of #407: it bumps two more version I overlooked. |
||
|
Andreas Deininger
|
0409dde834
|
docs: bump versions listed im README.md (#407)
This PR bumps the versions mentioned in `README.md` to their latest versions. |
||
|
Kyle Altendorf
|
abadabdb1f
|
refactor: extract getCwd() helper to deduplicate working directory resolution (#403)
## Summary
- Extracts the duplicated working-directory resolution expression
(`core.getInput('working_directory') || core.getInput('install_dir') ||
process.cwd()`) into a `getCwd()` helper function.
- Replaces the 2 identical inline expressions in `exportMiseEnv()` and
`mise()` with calls to `getCwd()`.
## Motivation
Separated from #402 to allow independent review. This is a pure refactor
with no behavioral change, intended to simplify the diff in #402 by
providing a smaller, self-contained improvement.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
|
||
|
renovate[bot]
|
c5b2043e51
|
chore(deps): update github/codeql-action digest to 603b797 (#404)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](
|
||
|
renovate[bot]
|
71c0f0ac17
|
chore(deps): lock file maintenance (#400)
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|
mise-en-dev
|
c1ecc8f748
|
chore: release v4.0.0 (#398)
--- ## [4.0.0](https://github.com/jdx/mise-action/compare/v3.6.3..v4.0.0) - 2026-03-13 ### 🚀 Features - **breaking** Update Node.js version from 20 to 24 (#395) by [@tumerorkun](https://github.com/tumerorkun) in [#395](https://github.com/jdx/mise-action/pull/395) ### New Contributors * @tumerorkun made their first contribution in [#395](https://github.com/jdx/mise-action/pull/395) <!-- generated by git-cliff --> |
||
|
renovate[bot]
|
1cbe8c560f
|
chore(deps): update github/codeql-action digest to 820e316 (#397)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](
|
||
|
Orkun Tümer
|
35ed1d362d
|
feat!: Update Node.js version from 20 to 24 (#395)
Fixes https://github.com/jdx/mise-action/issues/394 This PR updates the GitHub Actions runner environment to use Node.js 24, following the deprecation notice for Node.js 20. GitHub has announced that starting June 2, 2026, Node.js 24 will become the default, and earlier versions will be restricted to ensure security and performance standards. The jdx/mise-action@v3 currently triggers a deprecation warning because it defaults to the Node.js 20 runtime. To proactively address this and avoid potential workflow failures during the transition period, we are opting into the newer runtime version now. Co-authored-by: jdx <216188+jdx@users.noreply.github.com> |
||
|
renovate[bot]
|
02bfe7363e
|
chore(deps): update actions/setup-node digest to 53b8394 (#396)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node)
([changelog](
|
||
|
renovate[bot]
|
9a9bfbd065
|
chore(deps): lock file maintenance (#392)
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|
mise-en-dev
|
5228313ee0
|
chore: release v3.6.3 (#391)
--- ## [3.6.3](https://github.com/jdx/mise-action/compare/v3.6.2..v3.6.3) - 2026-03-06 ### 🐛 Bug Fixes - pass cwd to all exec calls in exportMiseEnv() (#390) by [@andrewthauer](https://github.com/andrewthauer) in [#390](https://github.com/jdx/mise-action/pull/390) ### New Contributors * @andrewthauer made their first contribution in [#390](https://github.com/jdx/mise-action/pull/390) <!-- generated by git-cliff --> |
||
|
Andrew Thauer
|
cea720d8cd
|
fix: pass cwd to all exec calls in exportMiseEnv() (#390)
## Problem
The `exportMiseEnv()` function ignores the `working_directory` (and
`install_dir`) input when running `mise env --json`. It always executes
in the process default CWD — the GitHub Actions workspace root —
regardless of what directory was used for `mise install`.
This means if a caller sets `working_directory: path/to/subdir`, mise
resolves environment variables against the workspace root's `mise.toml`,
not the intended subdirectory's config.
### Impact
Since mise 2026.2.0, lockfiles are enabled by default. When `mise env
--json` runs without a `mise.lock` present (e.g. because the correct
`working_directory` was not used), mise attempts to resolve loose tool
versions (like `"latest"`) from the network. In environments with
private npm registries, this causes `npm view` calls that fail with 403
errors. Mise retries indefinitely, spawning 20+ orphaned npm processes
and eventually hitting `EAGAIN` (OS error 11), hanging CI permanently.
The other mise commands (`miseInstall`, `miseReshim`, etc.) already pass
`cwd` correctly via the shared `mise()` helper. Only `exportMiseEnv()`
was missing this.
## Fix
Resolve `working_directory` (falling back to `install_dir`, then
`process.cwd()`) at the top of `exportMiseEnv()` and pass `{ cwd }` to
all four `exec.getExecOutput` calls within the function:
- `mise env --redacted --json`
- `mise env --json`
- `mise env --dotenv` (redacted fallback)
- `mise env --dotenv` (legacy fallback)
## Related
- Issue #267: `working_directory` not respected for env export
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
|
||
|
mise-en-dev
|
e79ddf65a1
|
chore: release v3.6.2 (#385)
--- ## [3.6.2](https://github.com/jdx/mise-action/compare/v3.6.1..v3.6.2) - 2026-03-02 ### 🐛 Bug Fixes - move file_hash to end of cache key template to prevent prefix matching (#384) by [@altendky](https://github.com/altendky) in [#384](https://github.com/jdx/mise-action/pull/384) ### New Contributors * @altendky made their first contribution in [#384](https://github.com/jdx/mise-action/pull/384) <!-- generated by git-cliff --> |
||
|
renovate[bot]
|
74b74371ea
|
chore(deps): lock file maintenance (#389)
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
9b0f77b0f2
|
chore(deps): update github/codeql-action digest to 4558047 (#387)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](
|