actions/mise-action
12
0
Fork 0
mirror of https://github.com/jdx/mise-action.git synced 2026-05-15 06:10:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Compare commits

base: actions:main
Branches Tags
actions:main
actions:release
actions:renovate/handlebars-4.x-lockfile
actions:esm-migration
actions:fix/windows-cache-save
actions:fix-mise-dir-input
actions:copilot/sub-pr-340
actions:chore/upgrade-node-24
actions:fix/renovate-dist-auto-update
actions:v4
actions:v4.0.1
actions:v4.0.0
actions:v3.6.3
actions:v3
actions:v3.6.2
actions:v3.6.1
actions:v3.6.0
actions:v3.5.1
actions:v3.5.0
actions:v3.4.1
actions:v3.4.0
actions:v3.3.1
actions:v3.3.0
actions:v3.2.0
actions:v3.1.0
actions:v3.0.2
actions:v3.0.1
actions:v3.0.0
actions:v2
actions:v2.4.4
actions:v2.4.3
actions:v2.4.2
actions:v2.4.0
actions:v2.3.1
actions:v2.3.0
actions:v2.2.3
actions:v2.2.2
actions:v2.2.1
actions:v2.2.0
actions:v2.1.11
actions:v2.1.10
actions:v2.1.9
actions:v2.1.8
actions:v2.1.7
actions:v2.1.6
actions:v2.1.5
actions:v2.1.4
actions:v2.1.3
actions:v2.1.2
actions:v2.1.1
actions:v2.1.0
actions:v2.0.6
actions:v2.0.5
actions:v2.0.4
actions:v2.0.3
actions:v2.0.2
actions:v2.0.1
actions:v2.0.0
actions:v1.3.2
actions:v1
actions:v1.3.1
actions:v1.3.0
actions:v1.2.7
actions:v1.2.6
actions:v1.2.5
actions:v1.2.4
actions:v1.2.3
actions:v1.2.2
actions:v1.2.1
actions:v1.2.0
actions:v1.1.3
actions:v1.1.2
actions:v1.1.1
actions:v1.1.0
actions:v1.0.0
actions:v1.0.1
..
compare: actions:v2.4.0
Branches Tags
actions:release
actions:main
actions:renovate/handlebars-4.x-lockfile
actions:esm-migration
actions:fix/windows-cache-save
actions:fix-mise-dir-input
actions:copilot/sub-pr-340
actions:chore/upgrade-node-24
actions:fix/renovate-dist-auto-update
actions:v4
actions:v4.0.1
actions:v4.0.0
actions:v3.6.3
actions:v3
actions:v3.6.2
actions:v3.6.1
actions:v3.6.0
actions:v3.5.1
actions:v3.5.0
actions:v3.4.1
actions:v3.4.0
actions:v3.3.1
actions:v3.3.0
actions:v3.2.0
actions:v3.1.0
actions:v3.0.2
actions:v3.0.1
actions:v3.0.0
actions:v2
actions:v2.4.4
actions:v2.4.3
actions:v2.4.2
actions:v2.4.0
actions:v2.3.1
actions:v2.3.0
actions:v2.2.3
actions:v2.2.2
actions:v2.2.1
actions:v2.2.0
actions:v2.1.11
actions:v2.1.10
actions:v2.1.9
actions:v2.1.8
actions:v2.1.7
actions:v2.1.6
actions:v2.1.5
actions:v2.1.4
actions:v2.1.3
actions:v2.1.2
actions:v2.1.1
actions:v2.1.0
actions:v2.0.6
actions:v2.0.5
actions:v2.0.4
actions:v2.0.3
actions:v2.0.2
actions:v2.0.1
actions:v2.0.0
actions:v1.3.2
actions:v1
actions:v1.3.1
actions:v1.3.0
actions:v1.2.7
actions:v1.2.6
actions:v1.2.5
actions:v1.2.4
actions:v1.2.3
actions:v1.2.2
actions:v1.2.1
actions:v1.2.0
actions:v1.1.3
actions:v1.1.2
actions:v1.1.1
actions:v1.1.0
actions:v1.0.0
actions:v1.0.1

No commits in common. "main" and "v2.4.0" have entirely different histories.
main ... v2.4.0

32 changed files with 64830 additions and 76700 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.github/renovate.json vendored
View file

@ -1,6 +1,14 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["github>jdx/renovate-config"],
"gitIgnoredAuthors": ["autofix.ci[bot] <autofix.ci[bot]@users.noreply.github.com>"],
"rebaseWhen": "conflicted"
"extends": [
"github>jdx/renovate-config"
],
"postUpgradeTasks": {
"commands": ["npm run all"],
"fileFilters": ["dist/**/*"],
"executionMode": "branch"
},
"allowedCommands": [
".*"
]
}

20
.github/workflows/check-dist.yml vendored
View file

@ -12,7 +12,11 @@ on:
push:
branches:
- main
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
workflow_dispatch:
concurrency:
@ -31,19 +35,21 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
uses: actions/checkout@v4
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 18
cache: npm
- name: Install Dependencies
id: install
run: aube ci
run: npm ci
- name: Build dist/ Directory
id: build
run: aubr bundle
run: npm run bundle
- name: Compare Expected and Actual Directories
id: diff
@ -56,7 +62,7 @@ jobs:
# If index.js was different than expected, upload the expected version as
# a workflow artifact.
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
- uses: actions/upload-artifact@v4
if: ${{ failure() && steps.diff.conclusion == 'failure' }}
with:
name: dist

32
.github/workflows/ci.yml vendored
View file

@ -7,9 +7,6 @@ on:
- main
- 'releases/*'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
@ -22,31 +19,26 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
uses: actions/checkout@v4
# `mise.toml` pins both Node and aube; mise-action installs
# whatever's listed there. Reads `package-lock.json`
# directly — no separate `aube-lock.yaml` to maintain.
# `.npmrc` pins `node-linker=hoisted` so the layout is
# npm-flat (rollup's `--configPlugin` resolution
# requires this).
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4
- name: Setup Node.js
id: setup-node
uses: actions/setup-node@v4
with:
cache: false
node-version: 18
cache: npm
- name: Install Dependencies
id: aube-ci
run: aube ci
id: npm-ci
run: npm ci
- name: Check Format
id: aube-format-check
run: aubr format:check
id: npm-format-check
run: npm run format:check
- name: Lint
id: aube-lint
run: aubr lint
id: npm-lint
run: npm run lint
# - name: Test
# id: npm-ci-test

10
.github/workflows/codeql-analysis.yml vendored
View file

@ -34,21 +34,19 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
uses: actions/checkout@v4
- name: Initialize CodeQL
id: initialize
uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
source-root: src
- name: Autobuild
id: autobuild
uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
id: analyze
uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
uses: github/codeql-action/analyze@v3

31
.github/workflows/pr-closer.yml vendored
View file

@ -1,31 +0,0 @@
name: pr-closer
on:
schedule:
- cron: "0 0 * * *" # daily at midnight
workflow_dispatch:
jobs:
close-stale-prs:
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Close stale PRs
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh pr list -R "${{ github.repository }}" --state open --json number,author,labels,updatedAt,statusCheckRollup --limit 100 | \
jq -r '.[] | select(
(.updatedAt | fromdateiso8601) < (now - 30*24*60*60) and
.author.login != "jdx" and
([.labels[].name] | index("keep-open") | not)
) | [.number, (if (.statusCheckRollup | length > 0) and (.statusCheckRollup | any(.conclusion == "FAILURE" or .conclusion == "failure")) then "failing" else "passing" end)] | @tsv' | \
while read -r pr status; do
echo "Closing PR #$pr (checks: $status)"
if [ "$status" = "failing" ]; then
gh pr close "$pr" -R "${{ github.repository }}" -c "This PR has been open for more than 30 days without activity. Note: CI checks were failing, which may be why it wasn't reviewed. Feel free to reopen or create a new PR if you'd like to continue working on this."
else
gh pr close "$pr" -R "${{ github.repository }}" -c "This PR has been open for more than 30 days without activity. Feel free to reopen or create a new PR if you'd like to continue working on this."
fi
done

34
.github/workflows/release-plz.yml vendored
View file

@ -1,34 +0,0 @@
name: release-plz
permissions:
pull-requests: write
contents: write
on:
workflow_dispatch:
push:
branches:
- main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_CONFIG_FUND: false
concurrency:
group: release-plz
jobs:
release-plz:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
submodules: recursive
token: ${{ secrets.RELEASE_PLZ_GITHUB_TOKEN }}
persist-credentials: false
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4
- run: mise run release-plz
env:
DRY_RUN: 0
GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_GITHUB_TOKEN }}

49
.github/workflows/release.yml vendored
View file

@ -1,49 +0,0 @@
name: Release
on:
pull_request:
types: [closed]
branches: [main]
permissions: {}
jobs:
release:
if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'release')
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
persist-credentials: false
- name: Setup mise
uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4
- name: Release
run: ./scripts/postversion.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
enhance-release:
needs: [release]
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4
- name: Enhance release notes with communique
run: |
TAG_NAME="v$(jq -r .version package.json)"
communique generate "$TAG_NAME" --github-release
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_GITHUB_TOKEN }}

77
.github/workflows/test-redacted-env.yml vendored
View file

@ -1,77 +0,0 @@
name: Test Redacted Environment Variables
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
permissions:
contents: read
jobs:
test-redacted-env:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Create test mise config with sensitive values
run: |
cat > .mise.toml << 'EOF'
[env]
PUBLIC_VAR = "this-is-public"
API_KEY = {value = "secret-api-key-12345", redact = true}
SECRET_TOKEN = {value = "supersecret-token-xyz", redact = true}
DATABASE_PASSWORD = {value = "db-pass-789", redact = true}
EOF
- name: Setup mise
uses: ./
- name: Verify environment variables are exported
run: |
echo "Checking if environment variables are set..."
# Check that public var is set
if [ "$PUBLIC_VAR" != "this-is-public" ]; then
echo "ERROR: PUBLIC_VAR not set correctly"
exit 1
fi
echo "✓ PUBLIC_VAR is set correctly"
# Check that sensitive vars are set (but their values should be masked in logs)
if [ -z "$API_KEY" ]; then
echo "ERROR: API_KEY not set"
exit 1
fi
echo "✓ API_KEY is set"
if [ -z "$SECRET_TOKEN" ]; then
echo "ERROR: SECRET_TOKEN not set"
exit 1
fi
echo "✓ SECRET_TOKEN is set"
if [ -z "$DATABASE_PASSWORD" ]; then
echo "ERROR: DATABASE_PASSWORD not set"
exit 1
fi
echo "✓ DATABASE_PASSWORD is set"
- name: Test that sensitive values are masked (will show *** if properly masked)
run: |
echo "Testing value masking..."
echo "API_KEY value: $API_KEY"
echo "SECRET_TOKEN value: $SECRET_TOKEN"
echo "DATABASE_PASSWORD value: $DATABASE_PASSWORD"
echo "PUBLIC_VAR value: $PUBLIC_VAR"
# This should show the actual values in the step output,
# but GitHub Actions should mask them if core.setSecret was called
- name: Verify mise version
run: mise --version

111
.github/workflows/test.yml vendored
View file

@ -1,16 +1,12 @@
name: "build-test"
name: 'build-test'
on: # rebuild any PRs and main branch changes
pull_request:
branches:
- main
push:
branches:
- main
- 'releases/*'
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
@ -19,12 +15,11 @@ jobs:
build: # make sure build/ci work properly
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4
- run: aube install
- run: aubr all
- uses: actions/checkout@v4
- run: |
npm install
- run: |
npm run all
test: # make sure the action works on a clean machine without building
strategy:
fail-fast: false
@ -47,42 +42,26 @@ jobs:
- name: Install requirements
if: ${{ matrix.requirements }}
run: ${{ matrix.requirements }}
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/checkout@v4
- name: Setup mise
uses: ./
with:
mise_toml: |
[tools]
jq = "1.7.1"
[env]
MY_ENV_VAR = "abc"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: mise --version
- run: mise x jq -- jq --version
- run: which jq
- run: jq --version
- name: Check Windows shim binary
if: runner.os == 'Windows'
shell: pwsh
run: |
$miseBinDir = Split-Path -Parent (Get-Command mise).Source
$miseShim = Join-Path $miseBinDir "mise-shim.exe"
if (!(Test-Path -LiteralPath $miseShim)) {
throw "mise-shim.exe was not installed next to mise.exe"
}
- run: . scripts/test.sh
shell: bash
specific_version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/checkout@v4
- name: Setup mise
uses: ./
with:
@ -96,20 +75,11 @@ jobs:
bun = "1"
- run: which bun
- run: bun -v
- name: Update mise
uses: ./
with:
cache_save: ${{ github.ref_name == 'main' }}
cache_key_prefix: mise-v1
version: v2025.7.3 # should trim the `v`
sha256: d38d4993c5379a680b50661f86287731dc1d1264777880a79b786403af337948
checksum_failure:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/checkout@v4
- name: Setup mise
id: bad
uses: ./
@ -127,65 +97,6 @@ jobs:
if: ${{ steps.bad.outcome == 'failure' }}
- name: not failed as expected
run: |
echo "Expected failure but the job was ${STEPS_BAD_OUTCOME}"
echo "Expected failure but the job was ${{ steps.bad.outcome }}"
exit 1
if: ${{ steps.bad.outcome != 'failure' }}
env:
STEPS_BAD_OUTCOME: ${{ steps.bad.outcome }}
custom_cache_key:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Setup mise with custom cache key
uses: ./
with:
cache_key: "custom-{{platform}}-{{install_args_hash}}-${{ github.run_id }}"
install_args: "jq@1.7.1"
mise_toml: |
[tools]
jq = "1.7.1"
- run: mise --version
- run: mise x jq -- jq --version
- run: which jq
- run: jq --version
fetch_from_github:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Setup mise from mise.jdx.dev
uses: ./
with:
fetch_from_github: true
cache: false
cache_save: false
mise_toml: |
[tools]
jq = "1.7.1"
- run: mise --version
- run: mise x jq -- jq --version
- run: which jq
- run: jq --version
final:
needs:
- build
- test
- specific_version
- checksum_failure
- custom_cache_key
- fetch_from_github
runs-on: ubuntu-latest
timeout-minutes: 1
# Run on success or upstream failure but skip when the workflow is cancelled
# — `always()` would override `cancel-in-progress` and waste a runner.
if: ${{ !cancelled() }}
steps:
- name: Check CI job results
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped')
run: exit 1

22
.github/workflows/zizmor.yml vendored
View file

@ -1,22 +0,0 @@
name: zizmor
on:
push:
branches: [main]
paths: ['.github/workflows/**']
pull_request:
paths: ['.github/workflows/**']
permissions: {}
jobs:
zizmor:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
with:
advanced-security: false

7
.gitignore vendored
View file

@ -101,10 +101,3 @@ __tests__/runner/*
.idea
.vscode
*.code-workspace
# Generated by `aube install` to record build-script approvals.
# We've chosen not to commit our approval state — the build doesn't
# need any package's install scripts to run, and the file gets
# regenerated each install anyway. The harmless "ignored build
# scripts" warning in `aube install` output is the cost.
pnpm-workspace.yaml

1
.husky/pre-commit
View file

@ -1,5 +1,4 @@
# shellcheck disable=SC1091
npm ci
npm run all
git add dist

11
.npmrc
View file

@ -1,11 +0,0 @@
# Forces a flat npm-style `node_modules/` layout instead of
# aube's default symlink/virtual-store. Required for
# deterministic `dist/index.js.map` source-map paths in CI:
# without flat layout, rollup embeds absolute paths into
# aube's per-user cache dir (`/home/runner/.cache/aube/...`),
# which differ across machines and break the `check-dist`
# workflow's byte-equality check.
#
# npm reads `.npmrc` too but ignores `node-linker` (npm
# always installs flat), so the file is safe for both PMs.
node-linker=hoisted

276
CHANGELOG.md
View file

@ -1,281 +1,5 @@
# Changelog
---
## [4.0.1](https://github.com/jdx/mise-action/compare/v4.0.0..v4.0.1) - 2026-03-22
### 🐛 Bug Fixes
- run npm install in pre-commit hook before build (#410) by [@jdx](https://github.com/jdx) in [#410](https://github.com/jdx/mise-action/pull/410)
### 🚜 Refactor
- extract getCwd() helper to deduplicate working directory resolution (#403) by [@altendky](https://github.com/altendky) in [#403](https://github.com/jdx/mise-action/pull/403)
### 📚 Documentation
- bump versions listed im README.md (#407) by [@deining](https://github.com/deining) in [#407](https://github.com/jdx/mise-action/pull/407)
- bump more versions listed in README.md (#408) by [@deining](https://github.com/deining) in [#408](https://github.com/jdx/mise-action/pull/408)
### ⚙️ Miscellaneous Tasks
- add workflow to auto-close stale PRs (#409) by [@jdx](https://github.com/jdx) in [#409](https://github.com/jdx/mise-action/pull/409)
### New Contributors
* @deining made their first contribution in [#408](https://github.com/jdx/mise-action/pull/408)
---
## [4.0.0](https://github.com/jdx/mise-action/compare/v3.6.3..v4.0.0) - 2026-03-13
### 🚀 Features
- **breaking** Update Node.js version from 20 to 24 (#395) by [@tumerorkun](https://github.com/tumerorkun) in [#395](https://github.com/jdx/mise-action/pull/395)
### New Contributors
* @tumerorkun made their first contribution in [#395](https://github.com/jdx/mise-action/pull/395)
---
## [3.6.3](https://github.com/jdx/mise-action/compare/v3.6.2..v3.6.3) - 2026-03-06
### 🐛 Bug Fixes
- pass cwd to all exec calls in exportMiseEnv() (#390) by [@andrewthauer](https://github.com/andrewthauer) in [#390](https://github.com/jdx/mise-action/pull/390)
### New Contributors
* @andrewthauer made their first contribution in [#390](https://github.com/jdx/mise-action/pull/390)
---
## [3.6.2](https://github.com/jdx/mise-action/compare/v3.6.1..v3.6.2) - 2026-03-02
### 🐛 Bug Fixes
- move file_hash to end of cache key template to prevent prefix matching (#384) by [@altendky](https://github.com/altendky) in [#384](https://github.com/jdx/mise-action/pull/384)
### New Contributors
* @altendky made their first contribution in [#384](https://github.com/jdx/mise-action/pull/384)
---
## [3.6.1](https://github.com/jdx/mise-action/compare/v3.6.0..v3.6.1) - 2026-01-20
### 🔍 Other Changes
- Revert "fix(cache): isolate cache keys per working_directory in monorepos" (#364) by [@jdx](https://github.com/jdx) in [#364](https://github.com/jdx/mise-action/pull/364)
---
## [3.6.0](https://github.com/jdx/mise-action/compare/v3.5.1..v3.6.0) - 2026-01-18
### 🚀 Features
- add option to disable shims in PATH (#340) by [@jdx](https://github.com/jdx) in [#340](https://github.com/jdx/mise-action/pull/340)
### 🐛 Bug Fixes
- **(cache)** isolate cache keys per working_directory in monorepos (#360) by [@chadxz](https://github.com/chadxz) in [#360](https://github.com/jdx/mise-action/pull/360)
- use mise_dir input when specified (#339) by [@jdx](https://github.com/jdx) in [#339](https://github.com/jdx/mise-action/pull/339)
- pass environment variables to mise commands (#341) by [@jdx](https://github.com/jdx) in [#341](https://github.com/jdx/mise-action/pull/341)
- make mise self-update output visible in logs (#355) by [@nikobockerman](https://github.com/nikobockerman) in [#355](https://github.com/jdx/mise-action/pull/355)
### 📚 Documentation
- fix description for `mise_toml` input (#351) by [@quad](https://github.com/quad) in [#351](https://github.com/jdx/mise-action/pull/351)
### New Contributors
* @chadxz made their first contribution in [#360](https://github.com/jdx/mise-action/pull/360)
* @nikobockerman made their first contribution in [#355](https://github.com/jdx/mise-action/pull/355)
* @quad made their first contribution in [#351](https://github.com/jdx/mise-action/pull/351)
---
## [3.5.1](https://github.com/jdx/mise-action/compare/v3.5.0..v3.5.1) - 2025-11-24
### 🔍 Other Changes
- Revert "feat(action): moved save cache to post step" (#329) by [@jdx](https://github.com/jdx) in [#329](https://github.com/jdx/mise-action/pull/329)
---
## [3.5.0](https://github.com/jdx/mise-action/compare/v3.4.1..v3.5.0) - 2025-11-21
### 🚀 Features
- **(action)** moved save cache to post step (#321) by [@aamkye](https://github.com/aamkye) in [#321](https://github.com/jdx/mise-action/pull/321)
### New Contributors
* @aamkye made their first contribution in [#321](https://github.com/jdx/mise-action/pull/321)
---
## [3.4.1](https://github.com/jdx/mise-action/compare/v3.4.0..v3.4.1) - 2025-11-13
### 🐛 Bug Fixes
- avoid github token downstream issue (#317) by [@acesyde](https://github.com/acesyde) in [#317](https://github.com/jdx/mise-action/pull/317)
### New Contributors
* @acesyde made their first contribution in [#317](https://github.com/jdx/mise-action/pull/317)
---
## [3.4.0](https://github.com/jdx/mise-action/compare/v3.3.1..v3.4.0) - 2025-10-31
### 🚀 Features
- use autofix.ci to auto-update dist/ on all PRs by [@jdx](https://github.com/jdx) in [16e9fd5](https://github.com/jdx/mise-action/commit/16e9fd5251189c3d389adb836f243575c134d680)
- use autofix.ci to auto-update dist/ on all PRs (#308) by [@jdx](https://github.com/jdx) in [#308](https://github.com/jdx/mise-action/pull/308)
### 🐛 Bug Fixes
- add missing `await` to `core.group` calls (#305) by [@smorimoto](https://github.com/smorimoto) in [#305](https://github.com/jdx/mise-action/pull/305)
- auto-update dist folder in Renovate PRs via GitHub Actions (#306) by [@jdx](https://github.com/jdx) in [#306](https://github.com/jdx/mise-action/pull/306)
- configure Renovate to ignore github-actions[bot] commits by [@jdx](https://github.com/jdx) in [993e7d0](https://github.com/jdx/mise-action/commit/993e7d0bb6f3422ef833a702b90e2a44909ec651)
- run auto-update-dist workflow on all PRs by [@jdx](https://github.com/jdx) in [6d0fd75](https://github.com/jdx/mise-action/commit/6d0fd75ed51124702e37bfcf6e977da73f64b4e1)
### 📚 Documentation
- update to v3 in README (#290) by [@pdecat](https://github.com/pdecat) in [#290](https://github.com/jdx/mise-action/pull/290)
### ⚙️ Miscellaneous Tasks
- upgrade all workflows to Node 24 by [@jdx](https://github.com/jdx) in [c7b5f37](https://github.com/jdx/mise-action/commit/c7b5f37cadd1a385188a023510a966efa5eed247)
- remove unused workflow by [@jdx](https://github.com/jdx) in [aecb23d](https://github.com/jdx/mise-action/commit/aecb23d92f0e50768578578f309255414a23561d)
### New Contributors
* @smorimoto made their first contribution in [#305](https://github.com/jdx/mise-action/pull/305)
* @pdecat made their first contribution in [#290](https://github.com/jdx/mise-action/pull/290)
---
## [3.3.1](https://github.com/jdx/mise-action/compare/v3.3.0..v3.3.1) - 2025-10-06
### 🐛 Bug Fixes
- trim "v" prefix on update (#287) by [@zeitlinger](https://github.com/zeitlinger) in [#287](https://github.com/jdx/mise-action/pull/287)
---
## [3.3.0](https://github.com/jdx/mise-action/compare/v3.2.0..v3.3.0) - 2025-10-03
### 🚀 Features
- use self-update to modify version if mise is already installed (#277) by [@ImpSy](https://github.com/ImpSy) in [#277](https://github.com/jdx/mise-action/pull/277)
### 🐛 Bug Fixes
- **(cache)** replace `,` in `MISE_ENV` with `-` (#278) by [@risu729](https://github.com/risu729) in [#278](https://github.com/jdx/mise-action/pull/278)
- correct Renovate allowedPostUpgradeCommands configuration by [@jdx](https://github.com/jdx) in [4313941](https://github.com/jdx/mise-action/commit/43139419dcaeb99e24c487d646766d014d0957a2)
### ⚙️ Miscellaneous Tasks
- **(config)** migrate renovate config (#263) by [@renovate[bot]](https://github.com/renovate[bot]) in [#263](https://github.com/jdx/mise-action/pull/263)
- updated deps by [@jdx](https://github.com/jdx) in [5795893](https://github.com/jdx/mise-action/commit/5795893acedc0f2044498a21005c38f12dd5d8d3)
### New Contributors
* @mise-en-dev made their first contribution in [#284](https://github.com/jdx/mise-action/pull/284)
* @ImpSy made their first contribution in [#277](https://github.com/jdx/mise-action/pull/277)
---
## [3.2.0](https://github.com/jdx/mise-action/compare/v3.1.0..v3.2.0) - 2025-08-22
### 🚀 Features
- add environment variable support to cache key templates (#250) by [@pepicrft](https://github.com/pepicrft) in [#250](https://github.com/jdx/mise-action/pull/250)
### 🐛 Bug Fixes
- redact secret values from env (#252) by [@jdx](https://github.com/jdx) in [#252](https://github.com/jdx/mise-action/pull/252)
---
## [3.1.0](https://github.com/jdx/mise-action/compare/v3.0.2..v3.1.0) - 2025-08-19
### 🚀 Features
- add configurable cache key with template variable support (#246) by [@pepicrft](https://github.com/pepicrft) in [#246](https://github.com/jdx/mise-action/pull/246)
---
## [3.0.2](https://github.com/jdx/mise-action/compare/v3.0.1..v3.0.2) - 2025-08-18
### ⚙️ Miscellaneous Tasks
- remove duplicate release-plz logic by [@jdx](https://github.com/jdx) in [7081572](https://github.com/jdx/mise-action/commit/70815728fdd7d32bad0deb6b33576cf791f1dafa)
---
## [3.0.1](https://github.com/jdx/mise-action/compare/v3.0.0..v3.0.1) - 2025-08-18
### 📚 Documentation
- add CLAUDE.md by [@jdx](https://github.com/jdx) in [729161f](https://github.com/jdx/mise-action/commit/729161fe32f196174ff956fbe3ce8743567cb9e1)
- hide release entries in CHANGELOG by [@jdx](https://github.com/jdx) in [96680f6](https://github.com/jdx/mise-action/commit/96680f666f91bbcb5b4d76ff2ac0f465bb941dd0)
### ⚙️ Miscellaneous Tasks
- fix release-plz by [@jdx](https://github.com/jdx) in [3600b64](https://github.com/jdx/mise-action/commit/3600b6410713f6187847c1eb2bde38315e844484)
- updated deps (#244) by [@jdx](https://github.com/jdx) in [#244](https://github.com/jdx/mise-action/pull/244)
---
## [3.0.0](https://github.com/jdx/mise-action/compare/v2.4.4..v3.0.0) - 2025-08-18
### 🚀 Features
- **breaking** export env vars from mise.toml (#241) by [@maelp](https://github.com/maelp) in [#241](https://github.com/jdx/mise-action/pull/241)
### New Contributors
* @maelp made their first contribution in [#241](https://github.com/jdx/mise-action/pull/241)
---
## [2.4.4](https://github.com/jdx/mise-action/compare/v2.4.3..v2.4.4) - 2025-07-27
### 🐛 Bug Fixes
- v2 release tag automation by [@jdx](https://github.com/jdx) in [07fb524](https://github.com/jdx/mise-action/commit/07fb524adc338a756d6ff7fa7a33f0e27bdc4d2d)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [0de6d11](https://github.com/jdx/mise-action/commit/0de6d11b95678b220019adc7929e4d9752b59355)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [75121b9](https://github.com/jdx/mise-action/commit/75121b9a3f21cd3b497f047d71a77d59099ff6b3)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [583fe7b](https://github.com/jdx/mise-action/commit/583fe7be9d688739c95cc32249344e9796f4eebe)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [7fa2a26](https://github.com/jdx/mise-action/commit/7fa2a26c1e3cf1b20bbf42f2d293912e90e71177)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [cf44a56](https://github.com/jdx/mise-action/commit/cf44a563b9a45de221b77d23cbc5621dc7e6b377)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [a35d5fc](https://github.com/jdx/mise-action/commit/a35d5fc6817dcb018e9e7a6613664fde7f5d4aaf)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [c37c932](https://github.com/jdx/mise-action/commit/c37c93293d6b742fc901e1406b8f764f6fb19dac)
### ⚙️ Miscellaneous Tasks
- add release workflow by [@jdx](https://github.com/jdx) in [eccbf00](https://github.com/jdx/mise-action/commit/eccbf00da17ac7d1d18017ead61bc54a442f3a38)
- skip release script if no changes by [@jdx](https://github.com/jdx) in [eba59a9](https://github.com/jdx/mise-action/commit/eba59a9eefc99963516a3ff8be4c372c656f0215)
---
## [2.4.3](https://github.com/jdx/mise-action/compare/v2.4.2..v2.4.3) - 2025-07-27
### 🐛 Bug Fixes
- v2 release tag automation by [@jdx](https://github.com/jdx) in [5c24f96](https://github.com/jdx/mise-action/commit/5c24f96c0ff8577151a76e76344591427bcf28c5)
---
## [2.4.2](https://github.com/jdx/mise-action/compare/v2.4.0..v2.4.2) - 2025-07-24
### 🚀 Features
- allow fetching binary from mise.jdx.dev (#227) by [@jdx](https://github.com/jdx) in [#227](https://github.com/jdx/mise-action/pull/227)
### 🔍 Other Changes
- Fix flag passed to `mise reshim` (#208) by [@andrewdriggs](https://github.com/andrewdriggs) in [#208](https://github.com/jdx/mise-action/pull/208)
### ⚙️ Miscellaneous Tasks
- add semantic-pr-lint (#220) by [@jdx](https://github.com/jdx) in [#220](https://github.com/jdx/mise-action/pull/220)
- added release-plz by [@jdx](https://github.com/jdx) in [bd8ba20](https://github.com/jdx/mise-action/commit/bd8ba20c5611a6ebc508d3c263444c97c5483bd1)
- get postversion to work by [@jdx](https://github.com/jdx) in [954e13d](https://github.com/jdx/mise-action/commit/954e13db3e9329a8373a5d6cfa3718f7bc607149)
- set release token by [@jdx](https://github.com/jdx) in [6d3ca74](https://github.com/jdx/mise-action/commit/6d3ca74ece306fcd7f501bd95086deaf8d0c3552)
- use new release-plz token by [@jdx](https://github.com/jdx) in [1c87378](https://github.com/jdx/mise-action/commit/1c87378f400e5957e22607e2c938eac904a3e233)
- fix check-dist by [@jdx](https://github.com/jdx) in [4dfd63f](https://github.com/jdx/mise-action/commit/4dfd63f0279a3418b93cbbfc4bc132ace1da2481)
- add git add and git status commands to release script by [@jdx](https://github.com/jdx) in [0c56699](https://github.com/jdx/mise-action/commit/0c56699aa697e50cf8d17b7c07976b7c1e550c23)
- update changelog extraction in release script to skip the section break line by [@jdx](https://github.com/jdx) in [714aa25](https://github.com/jdx/mise-action/commit/714aa2569b8097f175d58290710a86eefe2098d0)
### New Contributors
* @github-actions[bot] made their first contribution in [#221](https://github.com/jdx/mise-action/pull/221)
---
## [2.4.0](https://github.com/jdx/mise-action/compare/v2.3.1..v2.4.0) - 2025-07-12

63
CLAUDE.md
View file

@ -1,63 +0,0 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
This is a GitHub Action that installs and configures mise, a polyglot runtime manager. The action is written in TypeScript and published to the GitHub Actions marketplace.
## Development Commands
This project uses [aube](https://aube.en.dev) as its package
manager (en.dev's pnpm-compat PM, native Rust). It reads
`package-lock.json` directly — no separate `aube-lock.yaml`.
`mise install` will install the pinned aube version
automatically; you can also use `npm` if you prefer (the
`.npmrc`'s `node-linker=hoisted` pin is aube-specific and
ignored by npm).
```bash
# Install dependencies
aube install
# Build, format, lint, and package
aubr all
# Individual commands
aubr format:write # Format code with Prettier
aubr lint # Run ESLint and format check
aubr package # Bundle with rollup for distribution
# Testing
aubr all # Run full build pipeline
./scripts/test.sh # Integration test script
```
## Architecture
The action follows GitHub's standard TypeScript action structure:
1. **Entry Point**: `src/index.ts` - Main action logic that:
- Downloads and installs mise binary
- Manages caching through GitHub Actions cache
- Configures environment variables (MISE_*, GITHUB_TOKEN)
- Runs mise commands (install, reshim, etc.)
- Exports mise environment variables to GITHUB_ENV
2. **Distribution**: `dist/index.js` - Compiled and bundled output (must be committed)
3. **Action Definition**: `action.yml` - Defines inputs, outputs, and metadata
## Key Implementation Details
- **Cache Management**: Uses content-addressable caching based on mise config files (.mise.toml, .tool-versions, etc.)
- **Binary Download**: Supports downloading from GitHub releases or mise.jdx.dev
- **Platform Support**: Handles Linux (glibc/musl), macOS, and Windows
- **Environment Setup**: Automatically adds mise bin and shims directories to PATH
- **GitHub API**: Uses GITHUB_TOKEN to avoid rate limits when installing GitHub-hosted tools
## Important Notes
- Always run `aubr all` before committing to ensure dist/ is updated
- The dist/ folder must be committed as GitHub Actions runs the compiled code
- Test changes using the action itself (uses: ./) in test workflows

70
README.md
View file

@ -13,10 +13,10 @@ jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: jdx/mise-action@v4
- uses: actions/checkout@v4
- uses: jdx/mise-action@v2
with:
version: 2026.3.10 # [default: latest] mise version to install
version: 2024.10.0 # [default: latest] mise version to install
install: true # [default: true] run `mise install`
install_args: "bun" # [default: ""] additional arguments to `mise install`
cache: true # [default: true] cache mise using GitHub's cache
@ -24,82 +24,30 @@ jobs:
log_level: debug # [default: info] log level
# automatically write this .tool-versions file
tool_versions: |
shellcheck 0.11.0
shellcheck 0.9.0
# or, if you prefer .mise.toml format:
mise_toml: |
[tools]
shellcheck = "0.11.0"
shellcheck = "0.9.0"
working_directory: app # [default: .] directory to run mise in
reshim: false # [default: false] run `mise reshim -f`
reshim: false # [default: false] run `mise reshim --all`
github_token: ${{ secrets.GITHUB_TOKEN }} # [default: ${{ github.token }}] GitHub token for API authentication
- run: shellcheck scripts/*.sh
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: jdx/mise-action@v4
- uses: actions/checkout@v4
- uses: jdx/mise-action@v2
# .tool-versions will be read from repo root
- run: node ./my_app.js
```
## Cache Configuration
You can customize the cache key used by the action:
```yaml
- uses: jdx/mise-action@v4
with:
cache_key: "my-custom-cache-key" # Override the entire cache key
cache_key_prefix: "mise-v1" # Or just change the prefix (default: "mise-v0")
```
### Template Variables in Cache Keys
When using `cache_key`, you can use template variables to reference internal values:
```yaml
- uses: jdx/mise-action@v4
with:
cache_key: "mise-{{platform}}-{{version}}-{{file_hash}}"
version: "2026.3.10"
install_args: "node python"
```
Available template variables:
- `{{version}}` - The mise version (from the `version` input)
- `{{cache_key_prefix}}` - The cache key prefix (from `cache_key_prefix` input or default)
- `{{platform}}` - The target platform, including the runner image (e.g., "linux-x64-ubuntu24", "macos-arm64-macos15", "linux-x64-self-hosted"). The trailing segment is `process.env.ImageOS` on github-hosted runners and falls back to `"self-hosted"` elsewhere — preventing cache collisions when the same repo runs on different runner providers (github-hosted, namespace.so, self-hosted).
- `{{file_hash}}` - Hash of all mise configuration files
- `{{mise_env}}` - The MISE_ENV environment variable value
- `{{install_args_hash}}` - SHA256 hash of the sorted tools from install args
- `{{default}}` - The processed default cache key (useful for extending)
Conditional logic is also supported using Handlebars syntax like `{{#if version}}...{{/if}}`.
Example using multiple variables:
```yaml
- uses: jdx/mise-action@v4
with:
cache_key: "mise-v1-{{platform}}-{{install_args_hash}}-{{file_hash}}"
install_args: "node@24 python@3.14"
```
You can also extend the default cache key:
```yaml
- uses: jdx/mise-action@v4
with:
cache_key: "{{default}}-custom-suffix"
install_args: "node@24 python@3.14"
```
This gives you full control over cache invalidation based on the specific aspects that matter to your workflow.
## GitHub API Rate Limits
When installing tools hosted on GitHub (like `gh`, `node`, `bun`, etc.), mise needs to make API calls to GitHub's releases API. Without authentication, these calls are subject to GitHub's rate limit of 60 requests per hour, which can cause installation failures.
```yaml
- uses: jdx/mise-action@v4
- uses: jdx/mise-action@v2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
# your other configuration

55
action.yml
View file

@ -22,7 +22,7 @@ inputs:
description: If present, this value will be written to the .tool-versions file
mise_toml:
required: false
description: If present, this value will be written to the mise.toml file
description: If present, this value will be written to the .mise.toml file
install:
required: false
default: "true"
@ -43,15 +43,8 @@ inputs:
description: if false, action will not write to cache
cache_key_prefix:
required: false
default: "mise-v1"
default: "mise-v0"
description: The prefix key to use for the cache, change this to invalidate the cache
cache_key:
required: false
description: |
Override the complete cache key (ignores all other cache key options).
Supports template variables: {{version}}, {{cache_key_prefix}}, {{platform}}, {{file_hash}},
{{mise_env}}, {{install_args_hash}}, {{default}}, {{env.VAR_NAME}} for environment variables,
and conditional logic like {{#if version}}...{{/if}}
experimental:
required: false
default: "false"
@ -67,57 +60,15 @@ inputs:
required: false
default: "false"
description: if true, will run `mise reshim --all` after setting up mise
add_shims_to_path:
required: false
default: "true"
description: if false, will not add mise shims directory to PATH
github_token:
required: false
description: |
GitHub token for API authentication to avoid rate limits when installing GitHub-hosted tools.
Defaults to the automatic GitHub token.
default: ${{ github.token }}
fetch_from_github:
required: false
default: "true"
description: If true (default), fetch the mise binary from GitHub. If false and using the latest version, fetch from mise.jdx.dev instead.
env:
description: "Automatically load mise env vars into GITHUB_ENV. Note that PATH modifications are not part of this."
required: false
default: "true"
wings_enabled:
description: |
[experimental] Opt in to the mise-wings asset cache
(https://mise-wings.en.dev) for this action invocation.
When `true`, the action exports `MISE_WINGS_ENABLED=1` so
the installed mise binary routes tool-install URLs (npm
tarballs, GitHub release artifacts) through the per-org
wings cache subdomains.
Authentication is automatic via the runner's GitHub OIDC
identity — no `mise wings login` step, no long-lived
secret to rotate. The workflow must declare
`permissions: id-token: write` so the OIDC token-issuer
env vars are populated; without that, mise falls through
to direct-origin fetches transparently.
Default `false` is the conservative posture: a workflow
with `id-token: write` (used for SLSA / AWS-OIDC /
Sigstore / etc.) should not have its OIDC token sent to
a third-party cache without explicit opt-in. Older mise
binaries that don't speak wings ignore the env var
entirely, so this is forward-compatible.
Requires an active mise-wings subscription on the Clerk
org linked to the GitHub org running the workflow;
without one, the proxy 402s and mise leaves the cache
off without affecting the workflow's success.
required: false
default: "false"
outputs:
cache-hit:
description: A boolean value to indicate if a cache was hit.
runs:
using: node24
using: node20
main: dist/index.js

1
cliff.toml
View file

@ -100,7 +100,6 @@ commit_parsers = [
{ message = '^chore\(release\): prepare for', skip = true },
{ message = '^chore\(pr\)', skip = true },
{ message = '^chore\(pull\)', skip = true },
{ message = '^chore: release v\d+\.\d+\.\d+', skip = true },
{ message = '^chore: Release mise-action', skip = true },
{ message = '^chore|^ci', group = "<!-- 7 -->⚙️ Miscellaneous Tasks" },
{ body = '.*security', group = "<!-- 8 -->🛡️ Security" },

133525
dist/index.js generated vendored
View file

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View file

File diff suppressed because one or more lines are too long

2317
dist/licenses.txt generated vendored
View file

File diff suppressed because it is too large Load diff

1
dist/sourcemap-register.js generated vendored Normal file
View file

File diff suppressed because one or more lines are too long

166
mise.lock
View file

@ -1,166 +0,0 @@
# @generated - this file is auto-generated by `mise lock` https://mise.en.dev/dev-tools/mise-lock.html
[[tools.aube]]
version = "1.6.2"
backend = "github:endevco/aube"
[tools.aube."platforms.linux-arm64"]
checksum = "sha256:1c47d2c0a50cf80f49aedcc2f58ce8abcbdf763092e772c8961c6e5b18916e8b"
url = "https://github.com/endevco/aube/releases/download/v1.6.2/aube-v1.6.2-aarch64-unknown-linux-gnu.tar.gz"
url_api = "https://api.github.com/repos/endevco/aube/releases/assets/410164231"
provenance = "github-attestations"
[tools.aube."platforms.linux-arm64-musl"]
checksum = "sha256:9780776921db3a54fc3237f50b9686489d93115e26584c7a85d54ce96a8e9b39"
url = "https://github.com/endevco/aube/releases/download/v1.6.2/aube-v1.6.2-aarch64-unknown-linux-musl.tar.gz"
url_api = "https://api.github.com/repos/endevco/aube/releases/assets/410164229"
provenance = "github-attestations"
[tools.aube."platforms.linux-x64"]
checksum = "sha256:16fcc40dfbaac110ce8f4e88728a440f2366094a45fd6c189bcbcc2b3ea31f06"
url = "https://github.com/endevco/aube/releases/download/v1.6.2/aube-v1.6.2-x86_64-unknown-linux-gnu.tar.gz"
url_api = "https://api.github.com/repos/endevco/aube/releases/assets/410164107"
provenance = "github-attestations"
[tools.aube."platforms.linux-x64-musl"]
checksum = "sha256:2ee3821fd62b56bb39cb2ceffe6ad38975e35f82311ca7f9ec6ee28bc6d284b8"
url = "https://github.com/endevco/aube/releases/download/v1.6.2/aube-v1.6.2-x86_64-unknown-linux-musl.tar.gz"
url_api = "https://api.github.com/repos/endevco/aube/releases/assets/410164199"
provenance = "github-attestations"
[tools.aube."platforms.macos-arm64"]
checksum = "sha256:4ce92482500f77f0779f288328cb7411f7ae2441b8618eae36a2ab5ea7591a32"
url = "https://github.com/endevco/aube/releases/download/v1.6.2/aube-v1.6.2-aarch64-apple-darwin.tar.gz"
url_api = "https://api.github.com/repos/endevco/aube/releases/assets/410166750"
provenance = "github-attestations"
[tools.aube."platforms.windows-x64"]
checksum = "sha256:916594efae8f8b59fc898913f96d199a21d212c7037043853ee04df7264611d0"
url = "https://github.com/endevco/aube/releases/download/v1.6.2/aube-v1.6.2-x86_64-pc-windows-msvc.zip"
url_api = "https://api.github.com/repos/endevco/aube/releases/assets/410174742"
provenance = "github-attestations"
[[tools.communique]]
version = "1.1.2"
backend = "github:jdx/communique"
[tools.communique."platforms.linux-arm64"]
checksum = "sha256:7bb0843207fc3d7b5df2a5c0198bb10539cf13a6b247b4adfbf6b302a68f03de"
url = "https://github.com/jdx/communique/releases/download/v1.1.2/communique-aarch64-unknown-linux-gnu.tar.gz"
url_api = "https://api.github.com/repos/jdx/communique/releases/assets/405964161"
[tools.communique."platforms.linux-arm64-musl"]
checksum = "sha256:b663407be77a370c209df40307b82e436f56a6bc23d4e423510d62ac6e1fedf4"
url = "https://github.com/jdx/communique/releases/download/v1.1.2/communique-aarch64-unknown-linux-musl.tar.gz"
url_api = "https://api.github.com/repos/jdx/communique/releases/assets/405964743"
[tools.communique."platforms.linux-x64"]
checksum = "sha256:5e74ead7037f42940c7dba4f6aa4ed968920cbb55a047aa0d291b0c675c65676"
url = "https://github.com/jdx/communique/releases/download/v1.1.2/communique-x86_64-unknown-linux-gnu.tar.gz"
url_api = "https://api.github.com/repos/jdx/communique/releases/assets/405963914"
provenance = "github-attestations"
[tools.communique."platforms.linux-x64-musl"]
checksum = "sha256:01a6a8b49e635a5a209fdaf6c7b2e976374debc2db1c846c033f567fdba0d86c"
url = "https://github.com/jdx/communique/releases/download/v1.1.2/communique-x86_64-unknown-linux-musl.tar.gz"
url_api = "https://api.github.com/repos/jdx/communique/releases/assets/405964691"
[tools.communique."platforms.macos-arm64"]
checksum = "sha256:459993e31a6c4ccbd09882f5679a2bc1ea5d9068701ecefc411a00fb69ce82e6"
url = "https://github.com/jdx/communique/releases/download/v1.1.2/communique-aarch64-apple-darwin.tar.gz"
url_api = "https://api.github.com/repos/jdx/communique/releases/assets/405964098"
[tools.communique."platforms.windows-x64"]
checksum = "sha256:3cc0e880ac2168aed3163223627bbd1eee62e07a9901cb85cb507c6c8927bc93"
url = "https://github.com/jdx/communique/releases/download/v1.1.2/communique-x86_64-pc-windows-msvc.zip"
url_api = "https://api.github.com/repos/jdx/communique/releases/assets/405964430"
[[tools.gh]]
version = "2.92.0"
backend = "aqua:cli/cli"
[tools.gh."platforms.linux-arm64"]
checksum = "sha256:c2248526dd0160c08d3fccca2332c3c1a07c15a78b23978e77735f1b5a18cfee"
url = "https://github.com/cli/cli/releases/download/v2.92.0/gh_2.92.0_linux_arm64.tar.gz"
provenance = "github-attestations"
[tools.gh."platforms.linux-arm64-musl"]
checksum = "sha256:c2248526dd0160c08d3fccca2332c3c1a07c15a78b23978e77735f1b5a18cfee"
url = "https://github.com/cli/cli/releases/download/v2.92.0/gh_2.92.0_linux_arm64.tar.gz"
provenance = "github-attestations"
[tools.gh."platforms.linux-x64"]
checksum = "sha256:b57848131bdf0c229cd35e1f2a51aa718199858b2e728410b37e89a428943ec4"
url = "https://github.com/cli/cli/releases/download/v2.92.0/gh_2.92.0_linux_amd64.tar.gz"
provenance = "github-attestations"
[tools.gh."platforms.linux-x64-musl"]
checksum = "sha256:b57848131bdf0c229cd35e1f2a51aa718199858b2e728410b37e89a428943ec4"
url = "https://github.com/cli/cli/releases/download/v2.92.0/gh_2.92.0_linux_amd64.tar.gz"
provenance = "github-attestations"
[tools.gh."platforms.macos-arm64"]
checksum = "sha256:b11c54f6bd7d15ed6590475079e5b2fcf36f45d3991a80041b29c9d0cc1f1d07"
url = "https://github.com/cli/cli/releases/download/v2.92.0/gh_2.92.0_macOS_arm64.zip"
provenance = "github-attestations"
[tools.gh."platforms.windows-x64"]
checksum = "sha256:b6a8df3c8c6b9c80f290906387673bc4d272840f3789c5650e0e4e6e75522785"
url = "https://github.com/cli/cli/releases/download/v2.92.0/gh_2.92.0_windows_amd64.zip"
provenance = "github-attestations"
[[tools.git-cliff]]
version = "2.13.1"
backend = "aqua:orhun/git-cliff"
[tools.git-cliff."platforms.linux-arm64"]
checksum = "sha256:4054c124b926c117f3fa048939bc8be0a954f29f3b6f367627e8cb22c1971882"
url = "https://github.com/orhun/git-cliff/releases/download/v2.13.1/git-cliff-2.13.1-aarch64-unknown-linux-musl.tar.gz"
[tools.git-cliff."platforms.linux-arm64-musl"]
checksum = "sha256:4054c124b926c117f3fa048939bc8be0a954f29f3b6f367627e8cb22c1971882"
url = "https://github.com/orhun/git-cliff/releases/download/v2.13.1/git-cliff-2.13.1-aarch64-unknown-linux-musl.tar.gz"
[tools.git-cliff."platforms.linux-x64"]
checksum = "sha256:200d2535da6d9703f3bcc8a4d159c3b55eacdb01cf2148c55b3eee9dd04d5249"
url = "https://github.com/orhun/git-cliff/releases/download/v2.13.1/git-cliff-2.13.1-x86_64-unknown-linux-musl.tar.gz"
[tools.git-cliff."platforms.linux-x64-musl"]
checksum = "sha256:200d2535da6d9703f3bcc8a4d159c3b55eacdb01cf2148c55b3eee9dd04d5249"
url = "https://github.com/orhun/git-cliff/releases/download/v2.13.1/git-cliff-2.13.1-x86_64-unknown-linux-musl.tar.gz"
[tools.git-cliff."platforms.macos-arm64"]
checksum = "sha256:21547ae4a0421164070ab75c2522864ea5565858a011fabc5f583061b20f1226"
url = "https://github.com/orhun/git-cliff/releases/download/v2.13.1/git-cliff-2.13.1-aarch64-apple-darwin.tar.gz"
[tools.git-cliff."platforms.windows-x64"]
checksum = "sha256:3ae3a5549e85c7ad5b20192ebcfee4371269deca51255f6f2f2e051c6541f5ca"
url = "https://github.com/orhun/git-cliff/releases/download/v2.13.1/git-cliff-2.13.1-x86_64-pc-windows-msvc.zip"
[[tools.node]]
version = "24.15.0"
backend = "core:node"
[tools.node."platforms.linux-arm64"]
checksum = "sha256:73afc234d558c24919875f51c2d1ea002a2ada4ea6f83601a383869fefa64eed"
url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-arm64.tar.gz"
[tools.node."platforms.linux-arm64-musl"]
checksum = "sha256:31e98aa960a067da91edffd5d93bc46657b5d2a8029612c359f5f2ac0060152a"
url = "https://unofficial-builds.nodejs.org/download/release/v24.15.0/node-v24.15.0-linux-arm64-musl.tar.gz"
[tools.node."platforms.linux-x64"]
checksum = "sha256:44836872d9aec49f1e6b52a9a922872db9a2b02d235a616a5681b6a85fec8d89"
url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-linux-x64.tar.gz"
[tools.node."platforms.linux-x64-musl"]
checksum = "sha256:f55af5bd489c5347b113ca6594cae00a54b30ba57ac5875324311bfc6f4762e3"
url = "https://unofficial-builds.nodejs.org/download/release/v24.15.0/node-v24.15.0-linux-x64-musl.tar.gz"
[tools.node."platforms.macos-arm64"]
checksum = "sha256:372331b969779ab5d15b949884fc6eaf88d5afe87bde8ba881d6400b9100ffc4"
url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-darwin-arm64.tar.gz"
[tools.node."platforms.windows-x64"]
checksum = "sha256:cc5149eabd53779ce1e7bdc5401643622d0c7e6800ade18928a767e940bb0e62"
url = "https://nodejs.org/dist/v24.15.0/node-v24.15.0-win-x64.zip"

15
mise.toml
View file

@ -1,14 +1,9 @@
tasks.pre-commit = ["aubr all", "git add dist"]
tasks.pre-commit = ["npm run all", "git add dist"]
tasks.test.alias = ["t"]
tasks.test.run = ["aubr all"]
tasks.lint = "aubr lint"
tasks."lint:fix" = "aubr format:write"
tasks.version = "aube version"
tasks.release-plz = "./scripts/release-plz.sh"
tasks.test.run = ["npm run all"]
tasks.lint = "bun run lint"
tasks."lint:fix" = "bun run format:write"
tasks.version = "npm version"
[tools]
node = '24'
aube = 'v1.9.1'
git-cliff = 'latest'
gh = 'latest'
communique = 'latest'

3925
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

40
package.json
View file

@ -1,9 +1,8 @@
{
"name": "mise-action",
"description": "mise tool setup action",
"version": "4.0.1",
"version": "2.4.0",
"author": "jdx",
"type": "module",
"private": true,
"repository": {
"type": "git",
@ -22,46 +21,33 @@
"bundle": "npm run format:write && npm run package",
"format:check": "prettier --check **/*.ts",
"format:write": "prettier --write **/*.ts",
"lint": "eslint . && npm run format:check",
"package": "rimraf ./dist && rollup --config rollup.config.mjs",
"lint": "npx eslint . && npm run format:check",
"package": "ncc build -s src/index.ts --license licenses.txt",
"package:watch": "npm run package -- --watch",
"version": "./scripts/version.sh",
"postversion": "./scripts/postversion.sh",
"prepare": "husky"
},
"license": "MIT",
"dependencies": {
"@actions/cache": "^6.0.0",
"@actions/core": "^3.0.0",
"@actions/exec": "^3.0.0",
"@actions/glob": "^0.7.0",
"@actions/io": "^3.0.0",
"@types/handlebars": "^4.0.40",
"handlebars": "^4.7.8"
"@actions/cache": "^4.0.0",
"@actions/core": "^1.11.1",
"@actions/exec": "^1.1.1",
"@actions/glob": "^0.5.0"
},
"devDependencies": {
"@eslint/eslintrc": "^3.2.0",
"@eslint/js": "^10.0.0",
"@rollup/plugin-commonjs": "^29.0.0",
"@rollup/plugin-json": "^6.1.0",
"@rollup/plugin-node-resolve": "^16.0.0",
"@rollup/plugin-typescript": "^12.0.0",
"@eslint/js": "^9.15.0",
"@types/eslint__js": "^8.42.3",
"@types/node": "^24",
"eslint": "^10.0.0",
"globals": "^17.0.0",
"@vercel/ncc": "^0.38.3",
"eslint": "^9.15.0",
"globals": "^16.0.0",
"husky": "^9.1.7",
"jest": "^30",
"js-yaml": "^4.1.0",
"prettier": "^3.4.1",
"rimraf": "^6.0.0",
"rollup": "^4.0.0",
"rollup-plugin-license": "^3.7.1",
"typescript": "^6.0.0",
"typescript": "^5.7.2",
"typescript-eslint": "^8.16.0"
},
"aube": {
"allowBuilds": {
"unrs-resolver": false
}
}
}

29
rollup.config.mjs
View file

@ -1,29 +0,0 @@
import commonjs from '@rollup/plugin-commonjs'
import json from '@rollup/plugin-json'
import nodeResolve from '@rollup/plugin-node-resolve'
import typescript from '@rollup/plugin-typescript'
import license from 'rollup-plugin-license'
import path from 'path'
const config = {
input: 'src/index.ts',
output: {
esModule: true,
file: 'dist/index.js',
format: 'es',
sourcemap: true
},
plugins: [
typescript(),
nodeResolve({ preferBuiltins: true }),
commonjs({ ignoreTryCatch: false }),
json(),
license({
thirdParty: {
output: path.resolve('dist', 'licenses.txt')
}
})
]
}
export default config

35
scripts/postversion.sh
View file

@ -2,35 +2,14 @@
set -euxo pipefail
VERSION=$(jq -r .version package.json)
MAJOR_VERSION=$(echo "$VERSION" | cut -d. -f1)
# Configure git to use gh's credential helper. The checkout step uses
# persist-credentials: false (per zizmor's artipacked audit), so the
# token isn't written to .git/config and raw `git push` would 403.
gh auth setup-git
# create the version tag (allow it to fail if it already exists)
git tag "v$VERSION" || echo "Tag v$VERSION already exists locally"
# push changes to github
git push
# push the current tag to github
git push origin "v$VERSION" || echo "Tag v$VERSION already exists on remote"
# set the major version tag to this release
git tag "v$MAJOR_VERSION" -f
# push the major version tag to github (retry with pull if it fails)
if ! git push origin "v$MAJOR_VERSION" -f; then
echo "Failed to push v$MAJOR_VERSION tag, pulling and retrying..."
git fetch origin "refs/tags/v$MAJOR_VERSION:refs/tags/v$MAJOR_VERSION" -f
git tag "v$MAJOR_VERSION" -f
git push origin "v$MAJOR_VERSION" -f
fi
# check if release already exists before creating
if gh release view "v$VERSION" >/dev/null 2>&1; then
echo "Release v$VERSION already exists, skipping creation"
else
# create a release on github
gh release create "v$VERSION" --generate-notes --verify-tag
fi
git push origin "v$VERSION"
# set the v1 tag to this release
git tag v2 -f
# push the v1 tag to github
git push origin v2 -f
# create a release on github
gh release create "v$VERSION" --generate-notes --verify-tag

84
scripts/release-plz.sh
View file

@ -1,84 +0,0 @@
#!/usr/bin/env bash
# shellcheck shell=bash
set -euxo pipefail
# Get the current package.json version before any modifications
cur_pkg_version="$(jq -r .version package.json)"
# Get the latest GitHub release version
latest_release="$(gh release view --json tagName --jq .tagName 2>/dev/null || echo "")"
latest_release_version="${latest_release#v}"
# Check if package.json version is newer than the latest release
if [ -n "$latest_release_version" ] && [ "$cur_pkg_version" = "$latest_release_version" ]; then
echo "Package version $cur_pkg_version matches latest release $latest_release. Nothing to release."
# Still check if we need to create a new PR for unreleased changes
# Get the latest released version tag
latest_tag="$(git tag --list | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+(-rc\.[0-9]+)?$' | sort -V | tail -1)"
# Check if there are commits since the last release
if [ -n "$latest_tag" ]; then
commits_since_release="$(git rev-list "$latest_tag"..HEAD --count)"
if [ "$commits_since_release" -eq 0 ]; then
echo "No commits since last release $latest_tag"
exit 0
fi
echo "Found $commits_since_release commits since $latest_tag"
fi
# Get the next version and changelog from git-cliff
version="$(git cliff --bumped-version)"
changelog="$(git cliff --bump --unreleased | tail -n +2)"
if [ "${DRY_RUN:-1}" == 1 ]; then
echo "version: $version"
echo "changelog: $changelog"
exit 0
fi
# Check if there are any unreleased changes
if [ -z "$changelog" ] || [ "$changelog" = "<!-- generated by git-cliff -->" ]; then
echo "No unreleased changes found"
exit 0
fi
# Configure git for automated commits
git config user.name mise-en-dev
git config user.email 123107610+mise-en-dev@users.noreply.github.com
# Configure git to use gh's credential helper. The checkout step uses
# persist-credentials: false (per zizmor's artipacked audit), so the
# token isn't written to .git/config and raw `git push` would 403.
gh auth setup-git
# Create a PR with the version bump
npm version "${version#v}" --no-git-tag-version
git add package.json package-lock.json
git status
# Create release branch and commit
git checkout -B release
git commit -m "chore: release $version"
# Push to release branch
git push origin release --force
# Create or update PR
if gh pr create --title "chore: release $version" --body "$changelog" --label "release"; then
echo "Created new release PR"
else
gh pr edit --title "chore: release $version" --body "$changelog"
echo "Updated existing release PR"
fi
elif [ -n "$cur_pkg_version" ] && [ "$cur_pkg_version" != "$latest_release_version" ]; then
# Package version is different from latest release
echo "Package version v$cur_pkg_version is newer than latest release $latest_release."
echo "Release will be created by the release.yml workflow when the PR is merged."
# Exit successfully - the release.yml workflow handles actual release creation
exit 0
else
echo "No action needed"
exit 0
fi

13
scripts/test.sh
View file

@ -2,10 +2,10 @@
set -euxo pipefail
function assert_equal() {
if [ "$1" != "$2" ]; then
echo "Assertion failed: Expected '$1', got '$2'" >&2
return 1
fi
if [ "$1" != "$2" ]; then
echo "Assertion failed: Expected '$1', got '$2'" >&2
return 1
fi
}
EXPECTED_OUTPUT="jq-1.7.1"
@ -14,8 +14,5 @@ which jq
# windows bash does not seem to work with shims
if [[ "$(uname)" != "MINGW"* ]]; then
assert_equal "$EXPECTED_OUTPUT" "$(jq --version)"
assert_equal "$EXPECTED_OUTPUT" "$(jq --version)"
fi
# checking that environment variables set in mise.toml are properly set
assert_equal "${MY_ENV_VAR}" "abc"

490
src/index.ts
View file

@ -7,40 +7,6 @@ import * as crypto from 'crypto'
import * as fs from 'fs'
import * as os from 'os'
import * as path from 'path'
import * as Handlebars from 'handlebars'
// Configuration file patterns for cache key generation
const MISE_CONFIG_FILE_PATTERNS = [
`**/.config/mise/config.toml`,
`**/.config/mise/config.lock`,
`**/.config/mise/config.*.toml`,
`**/.config/mise/config.*.lock`,
`**/.config/mise.toml`,
`**/.config/mise.lock`,
`**/.config/mise.*.toml`,
`**/.config/mise.*.lock`,
`**/.mise/config.toml`,
`**/.mise/config.lock`,
`**/.mise/config.*.toml`,
`**/.mise/config.*.lock`,
`**/mise/config.toml`,
`**/mise/config.lock`,
`**/mise/config.*.toml`,
`**/mise/config.*.lock`,
`**/.mise.toml`,
`**/.mise.lock`,
`**/.mise.*.toml`,
`**/.mise.*.lock`,
`**/mise.toml`,
`**/mise.lock`,
`**/mise.*.toml`,
`**/mise.*.lock`,
`**/.tool-versions`
]
// Default cache key template
const DEFAULT_CACHE_KEY_TEMPLATE =
'{{cache_key_prefix}}-{{platform}}{{#if version}}-{{version}}{{/if}}{{#if mise_env}}-{{mise_env}}{{/if}}{{#if install_args_hash}}-{{install_args_hash}}{{/if}}-{{#if file_hash}}{{file_hash}}{{else}}no-config{{/if}}'
async function run(): Promise<void> {
try {
@ -54,28 +20,8 @@ async function run(): Promise<void> {
core.setOutput('cache-hit', false)
}
// Wings opt-in hook (experimental). When
// `wings_enabled: true` is set, this exports
// `MISE_WINGS_ENABLED=1` so subsequent `mise install`
// commands in this workflow route through the wings
// cache. Default `false` so workflows with
// `id-token: write` (used for SLSA / AWS-OIDC / Sigstore /
// etc.) don't silently send the runner's OIDC token to
// a third-party cache without explicit consent.
//
// Note: `setupMise` fetches the mise binary itself with
// `curl`, which doesn't go through mise's HTTP layer —
// the wings rewriter only kicks in once the resulting
// mise binary runs `mise install` and friends. Ordering
// here is irrelevant for binary acceleration; we just
// want the env var set before any `mise` subcommand
// runs. Greptile + Gemini both flagged the previous
// comment as overstating what the early call accelerates.
setupWings()
const version = core.getInput('version')
const fetchFromGitHub = core.getBooleanInput('fetch_from_github')
await setupMise(version, fetchFromGitHub)
await setupMise(version)
await setEnvVars()
if (core.getBooleanInput('reshim')) {
await miseReshim()
@ -88,149 +34,12 @@ async function run(): Promise<void> {
}
}
await miseLs()
const loadEnv = core.getBooleanInput('env')
if (loadEnv) {
await exportMiseEnv()
}
} catch (err) {
if (err instanceof Error) core.setFailed(err.message)
else throw err
}
}
/**
* Opt in to mise-wings caching for this workflow run. When
* `wings_enabled: true`, exports `MISE_WINGS_ENABLED=1` so
* subsequent `mise install` commands route through the
* cache.
*
* Mise itself owns the OIDC wings session exchange when
* it sees `MISE_WINGS_ENABLED=1` and the GHA OIDC env vars
* (`ACTIONS_ID_TOKEN_REQUEST_URL` +
* `ACTIONS_ID_TOKEN_REQUEST_TOKEN`), it fetches the runner's
* OIDC token, exchanges it at the proxy's `POST /auth`
* route, and caches the resulting session JWT for the rest
* of the process.
*
* Pre-flight check: `id-token: write` permission must be
* declared at the workflow or job level for the OIDC env
* vars to be present. We log a warning when wings is
* enabled but the env vars are absent without this hint,
* the user sees a transparent "wings configured but doing
* nothing" which is hard to debug.
*/
function setupWings(): void {
if (!core.getBooleanInput('wings_enabled')) {
return
}
core.exportVariable('MISE_WINGS_ENABLED', '1')
core.info(
"mise-wings: enabled. mise will exchange the runner's OIDC token for a wings session on first use."
)
const oidcUrl = process.env.ACTIONS_ID_TOKEN_REQUEST_URL
const oidcToken = process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN
if (!oidcUrl || !oidcToken) {
core.warning(
'mise-wings: GHA OIDC env vars are missing. Add ' +
'`permissions: id-token: write` at the workflow or job ' +
'level so the runner can mint OIDC tokens. Without this, ' +
'mise falls through to direct-origin fetches and the cache ' +
'is bypassed.'
)
}
}
async function exportMiseEnv(): Promise<void> {
core.startGroup('Exporting mise environment variables')
const cwd = getCwd()
// Check if mise supports --redacted flags based on version input
const supportsRedacted = checkMiseSupportsRedacted()
if (supportsRedacted) {
try {
// First, get the redacted values to identify what needs masking
const redactedOutput = await exec.getExecOutput(
'mise',
['env', '--redacted', '--json'],
{ silent: true, cwd }
)
const redactedVars = JSON.parse(redactedOutput.stdout)
// Mask sensitive values in GitHub Actions
for (const [key, actualValue] of Object.entries(redactedVars)) {
core.setSecret(actualValue as string)
core.info(`Masked sensitive value for: ${key}`)
}
// Then get the actual values
const actualOutput = await exec.getExecOutput('mise', ['env', '--json'], {
cwd
})
const actualVars = JSON.parse(actualOutput.stdout)
// Export all environment variables
for (const [key, value] of Object.entries(actualVars)) {
if (typeof value === 'string') {
core.exportVariable(key, value)
}
}
} catch {
// Fall back to dotenv format if the redacted command fails
core.info('Falling back to dotenv format')
const output = await exec.getExecOutput('mise', ['env', '--dotenv'], {
cwd
})
fs.appendFileSync(process.env.GITHUB_ENV!, output.stdout)
}
} else {
// Fall back to the old --dotenv format for older versions
const output = await exec.getExecOutput('mise', ['env', '--dotenv'], {
cwd
})
fs.appendFileSync(process.env.GITHUB_ENV!, output.stdout)
}
core.endGroup()
}
function cleanVersion(version: string) {
// remove 'v' prefix if present
return version.replace(/^v/, '')
}
function checkMiseSupportsRedacted(): boolean {
const version = core.getInput('version')
// If no version is specified, assume latest which supports redacted
if (!version) {
return true
}
const versionMatch = cleanVersion(version).match(/^(\d+)\.(\d+)\.(\d+)/)
if (!versionMatch) {
// If we can't parse the version, assume it supports redacted
return true
}
const [, year, month, patch] = versionMatch
const yearNum = parseInt(year, 10)
const monthNum = parseInt(month, 10)
const patchNum = parseInt(patch, 10)
// Check if version is >= 2025.8.17
if (yearNum > 2025) return true
if (yearNum === 2025) {
if (monthNum > 8) return true
if (monthNum === 8 && patchNum >= 17) return true
}
return false
}
async function setEnvVars(): Promise<void> {
core.startGroup('Setting env vars')
const set = (k: string, v: string): void => {
@ -246,32 +55,75 @@ async function setEnvVars(): Promise<void> {
const githubToken = core.getInput('github_token')
if (githubToken) {
// Don't use GITHUB_TOKEN, use MISE_GITHUB_TOKEN instead to avoid downstream issues.
set('MISE_GITHUB_TOKEN', githubToken)
set('GITHUB_TOKEN', githubToken)
} else {
core.warning(
'No MISE_GITHUB_TOKEN provided. You may hit GitHub API rate limits when installing tools from GitHub.'
'No GITHUB_TOKEN provided. You may hit GitHub API rate limits when installing tools from GitHub.'
)
}
set('MISE_TRUSTED_CONFIG_PATHS', process.cwd())
set('MISE_YES', '1')
if (core.getBooleanInput('add_shims_to_path')) {
const shimsDir = path.join(miseDir(), 'shims')
core.info(`Adding ${shimsDir} to PATH`)
core.addPath(shimsDir)
}
const shimsDir = path.join(miseDir(), 'shims')
core.info(`Adding ${shimsDir} to PATH`)
core.addPath(shimsDir)
}
async function restoreMiseCache(): Promise<string | undefined> {
core.startGroup('Restoring mise cache')
const version = core.getInput('version')
const installArgs = core.getInput('install_args')
const { MISE_ENV } = process.env
const cachePath = miseDir()
// Use custom cache key if provided, otherwise use default template
const cacheKeyTemplate =
core.getInput('cache_key') || DEFAULT_CACHE_KEY_TEMPLATE
const primaryKey = await processCacheKeyTemplate(cacheKeyTemplate)
const fileHash = await glob.hashFiles(
[
`**/.config/mise/config.toml`,
`**/.config/mise/config.lock`,
`**/.config/mise/config.*.toml`,
`**/.config/mise/config.*.lock`,
`**/.config/mise.toml`,
`**/.config/mise.lock`,
`**/.config/mise.*.toml`,
`**/.config/mise.*.lock`,
`**/.mise/config.toml`,
`**/.mise/config.lock`,
`**/.mise/config.*.toml`,
`**/.mise/config.*.lock`,
`**/mise/config.toml`,
`**/mise/config.lock`,
`**/mise/config.*.toml`,
`**/mise/config.*.lock`,
`**/.mise.toml`,
`**/.mise.lock`,
`**/.mise.*.toml`,
`**/.mise.*.lock`,
`**/mise.toml`,
`**/mise.lock`,
`**/mise.*.toml`,
`**/mise.*.lock`,
`**/.tool-versions`
].join('\n')
)
const prefix = core.getInput('cache_key_prefix') || 'mise-v0'
let primaryKey = `${prefix}-${await getTarget()}-${fileHash}`
if (version) {
primaryKey = `${primaryKey}-${version}`
}
if (MISE_ENV) {
primaryKey = `${primaryKey}-${MISE_ENV}`
}
if (installArgs) {
const tools = installArgs
.split(' ')
.filter(arg => !arg.startsWith('-'))
.sort()
.join(' ')
if (tools) {
const toolsHash = crypto.createHash('sha256').update(tools).digest('hex')
primaryKey = `${primaryKey}-${toolsHash}`
}
}
core.saveState('PRIMARY_KEY', primaryKey)
core.saveState('MISE_DIR', cachePath)
@ -287,17 +139,12 @@ async function restoreMiseCache(): Promise<string | undefined> {
core.info(`mise cache restored from key: ${cacheKey}`)
}
async function setupMise(
version: string,
fetchFromGitHub = false
): Promise<void> {
async function setupMise(version: string): Promise<void> {
const miseBinDir = path.join(miseDir(), 'bin')
const miseBinPath = path.join(
miseBinDir,
process.platform === 'win32' ? 'mise.exe' : 'mise'
)
const miseShimPath = path.join(miseBinDir, 'mise-shim.exe')
let installedVersion: string | undefined
if (!fs.existsSync(path.join(miseBinPath))) {
core.startGroup(version ? `Download mise@${version}` : 'Setup mise')
await fs.promises.mkdir(miseBinDir, { recursive: true })
@ -309,25 +156,15 @@ async function setupMise(
: (await zstdInstalled())
? '.tar.zst'
: '.tar.gz'
let resolvedVersion = version || (await latestMiseVersion())
resolvedVersion = resolvedVersion.replace(/^v/, '')
let url: string
if (!fetchFromGitHub && !version) {
// Only for latest version
url = `https://mise.jdx.dev/mise-latest-${await getTarget()}${ext}`
} else {
url = `https://github.com/jdx/mise/releases/download/v${resolvedVersion}/mise-v${resolvedVersion}-${await getTarget()}${ext}`
}
installedVersion = resolvedVersion
version = (version || (await latestMiseVersion())).replace(/^v/, '')
const url = `https://github.com/jdx/mise/releases/download/v${version}/mise-v${version}-${await getTarget()}${ext}`
const archivePath = path.join(os.tmpdir(), `mise${ext}`)
switch (ext) {
case '.zip': {
await withExtractedZip(url, 'mise.zip', async extractDir => {
const extractedMiseBinDir = path.join(extractDir, 'mise', 'bin')
await io.mv(path.join(extractedMiseBinDir, 'mise.exe'), miseBinPath)
await installWindowsMiseShim(extractedMiseBinDir, miseShimPath)
})
case '.zip':
await exec.exec('curl', ['-fsSL', url, '--output', archivePath])
await exec.exec('unzip', [archivePath, '-d', os.tmpdir()])
await io.mv(path.join(os.tmpdir(), 'mise/bin/mise.exe'), miseBinPath)
break
}
case '.tar.zst':
await exec.exec('sh', [
'-c',
@ -345,23 +182,7 @@ async function setupMise(
await exec.exec('chmod', ['+x', miseBinPath])
break
}
} else {
const requestedVersion = cleanVersion(core.getInput('version'))
if (requestedVersion !== '') {
installedVersion = await getInstalledMiseVersion(miseBinPath)
if (requestedVersion === installedVersion) {
core.info(`mise already installed`)
} else {
core.info(
`mise already installed (${installedVersion}), but different version requested (${requestedVersion})`
)
await exec.exec(miseBinPath, ['self-update', requestedVersion, '-y'])
core.info(`mise updated to version ${requestedVersion}`)
installedVersion = requestedVersion
}
}
}
await ensureWindowsMiseShim(miseBinPath, miseShimPath, installedVersion)
// compare with provided hash
const want = core.getInput('sha256')
if (want) {
@ -378,86 +199,6 @@ async function setupMise(
core.addPath(miseBinDir)
}
async function withExtractedZip(
url: string,
archiveName: string,
fn: (extractDir: string) => Promise<void>
): Promise<void> {
const tempDir = await fs.promises.mkdtemp(
path.join(os.tmpdir(), 'mise-action-')
)
try {
const archivePath = path.join(tempDir, archiveName)
const extractDir = path.join(tempDir, 'extract')
await exec.exec('curl', ['-fsSL', url, '--output', archivePath])
await exec.exec('unzip', [archivePath, '-d', extractDir])
await fn(extractDir)
} finally {
await io.rmRF(tempDir)
}
}
async function installWindowsMiseShim(
extractedMiseBinDir: string,
miseShimPath: string
): Promise<void> {
if (process.platform !== 'win32') return
const extractedMiseShimPath = path.join(extractedMiseBinDir, 'mise-shim.exe')
if (!fs.existsSync(extractedMiseShimPath)) {
core.info('mise-shim.exe not found in the mise archive; skipping')
return
}
await io.mv(extractedMiseShimPath, miseShimPath)
}
async function ensureWindowsMiseShim(
miseBinPath: string,
miseShimPath: string,
version?: string
): Promise<void> {
if (process.platform !== 'win32') return
if (fs.existsSync(miseShimPath)) return
core.info(
'mise-shim.exe not found next to mise.exe; installing it from the matching release archive'
)
try {
const installedVersion =
version || (await getInstalledMiseVersion(miseBinPath))
const archiveName = `mise-v${installedVersion}-${await getTarget()}.zip`
const url = `https://github.com/jdx/mise/releases/download/v${installedVersion}/${archiveName}`
await withExtractedZip(url, archiveName, async extractDir => {
await installWindowsMiseShim(
path.join(extractDir, 'mise', 'bin'),
miseShimPath
)
})
} catch (err) {
core.warning(
`Failed to install mise-shim.exe: ${errorMessage(err)}. Continuing because mise can fall back to file shim mode on Windows.`
)
}
}
async function getInstalledMiseVersion(miseBinPath: string): Promise<string> {
const versionOutput = await exec.getExecOutput(
miseBinPath,
['version', '--json'],
{ silent: true }
)
const versionJson = JSON.parse(versionOutput.stdout) as { version: string }
return cleanVersion(versionJson.version.split(' ')[0])
}
function errorMessage(err: unknown): string {
return err instanceof Error ? err.message : String(err)
}
async function zstdInstalled(): Promise<boolean> {
try {
await exec.exec('zstd', ['--version'])
@ -493,18 +234,16 @@ const testMise = async (): Promise<number> => mise(['--version'])
const miseInstall = async (): Promise<number> =>
mise([`install ${core.getInput('install_args')}`])
const miseLs = async (): Promise<number> => mise([`ls`])
const miseReshim = async (): Promise<number> => mise([`reshim`, `-f`])
const miseReshim = async (): Promise<number> => mise([`reshim`, `--all`])
const mise = async (args: string[]): Promise<number> =>
await core.group(`Running mise ${args.join(' ')}`, async () => {
const cwd = getCwd()
const baseEnv = Object.fromEntries(
Object.entries(process.env).filter(
(entry): entry is [string, string] => entry[1] !== undefined
)
)
core.group(`Running mise ${args.join(' ')}`, async () => {
const cwd =
core.getInput('working_directory') ||
core.getInput('install_dir') ||
process.cwd()
const env = core.isDebug()
? { ...baseEnv, MISE_LOG_LEVEL: 'debug' }
: baseEnv
? { ...process.env, MISE_LOG_LEVEL: 'debug' }
: undefined
if (args.length === 1) {
return exec.exec(`mise ${args}`, [], {
@ -517,28 +256,17 @@ const mise = async (args: string[]): Promise<number> =>
})
const writeFile = async (p: fs.PathLike, body: string): Promise<void> =>
await core.group(`Writing ${p}`, async () => {
core.group(`Writing ${p}`, async () => {
core.info(`Body:\n${body}`)
await fs.promises.writeFile(p, body, { encoding: 'utf8' })
})
run()
function getCwd(): string {
return (
core.getInput('working_directory') ||
core.getInput('install_dir') ||
process.cwd()
)
}
function miseDir(): string {
const dir = core.getState('MISE_DIR')
if (dir) return dir
const miseDir = core.getInput('mise_dir')
if (miseDir) return miseDir
const { MISE_DATA_DIR, XDG_DATA_HOME, LOCALAPPDATA } = process.env
if (MISE_DATA_DIR) return MISE_DATA_DIR
if (XDG_DATA_HOME) return path.join(XDG_DATA_HOME, 'mise')
@ -549,7 +277,7 @@ function miseDir(): string {
}
async function saveCache(cacheKey: string): Promise<void> {
await core.group(`Saving mise cache`, async () => {
core.group(`Saving mise cache`, async () => {
const cachePath = miseDir()
if (!fs.existsSync(cachePath)) {
@ -564,7 +292,11 @@ async function saveCache(cacheKey: string): Promise<void> {
}
async function getTarget(): Promise<string> {
const arch = process.arch === 'arm' ? 'armv7' : process.arch
let { arch } = process
// quick overwrite to abide by release format
if (arch === 'arm') arch = 'armv7' as NodeJS.Architecture
switch (process.platform) {
case 'darwin':
return `macos-${arch}`
@ -577,68 +309,6 @@ async function getTarget(): Promise<string> {
}
}
/**
* Identifies the runner image so cached binaries from one provider
* (github-hosted, namespace.so, BuildJet, self-hosted) aren't restored
* onto another provider's image where their compiled-in paths and libc
* versions don't match. GitHub-hosted images export `ImageOS`
* (e.g. "macos15", "ubuntu24"); other runners leave it unset and pool
* under "self-hosted".
*/
function getRunnerImageId(): string {
return process.env.ImageOS || 'self-hosted'
}
async function processCacheKeyTemplate(template: string): Promise<string> {
// Get all available variables
const version = core.getInput('version')
const installArgs = core.getInput('install_args')
const cacheKeyPrefix = core.getInput('cache_key_prefix') || 'mise-v1'
const miseEnv = process.env.MISE_ENV?.replace(/,/g, '-')
const platform = `${await getTarget()}-${getRunnerImageId()}`
// Calculate file hash
const fileHash = await glob.hashFiles(MISE_CONFIG_FILE_PATTERNS.join('\n'))
// Calculate install args hash
let installArgsHash = ''
if (installArgs) {
const tools = installArgs
.split(' ')
.filter(arg => !arg.startsWith('-'))
.sort()
.join(' ')
if (tools) {
installArgsHash = crypto.createHash('sha256').update(tools).digest('hex')
}
}
// Prepare base template data
const baseTemplateData = {
version,
cache_key_prefix: cacheKeyPrefix,
platform,
file_hash: fileHash,
mise_env: miseEnv,
install_args_hash: installArgsHash
}
// Calculate the default cache key by processing the default template
const defaultTemplate = Handlebars.compile(DEFAULT_CACHE_KEY_TEMPLATE)
const defaultCacheKey = defaultTemplate(baseTemplateData)
// Prepare final template data including the default cache key and env variables
const templateData = {
...baseTemplateData,
default: defaultCacheKey,
env: process.env
}
// Compile and execute the user's template
const compiledTemplate = Handlebars.compile(template)
return compiledTemplate(templateData)
}
async function isMusl() {
// `ldd --version` always returns 1 and print to stderr
const { stderr } = await exec.getExecOutput('ldd', ['--version'], {

4
tsconfig.json
View file

@ -13,9 +13,7 @@
"forceConsistentCasingInFileNames": true,
"strict": true,
"skipLibCheck": true,
"newLine": "lf",
"isolatedModules": true,
"allowSyntheticDefaultImports": true
"newLine": "lf"
},
"exclude": ["./dist", "./node_modules", "./__tests__", "./coverage"]
}