## Summary
- Follow-up to [#471](https://github.com/jdx/mise-action/pull/471): the
release-plz checkout now uses `persist-credentials: false`, so the token
isn't written to `.git/config` and `git push origin release --force` in
[scripts/release-plz.sh](scripts/release-plz.sh) would 403.
- Mirror the workaround already applied to
[scripts/postversion.sh:9](scripts/postversion.sh:9) by calling `gh auth
setup-git` after the `git config user.{name,email}` block, before any
`git push`.
Flagged by Cursor Bugbot on
https://github.com/jdx/mise-action/pull/471#pullrequestreview-4275760577.
## Test plan
- [ ] Next scheduled release-plz run (or manual `workflow_dispatch`)
successfully pushes the `release` branch without a 403.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk CI-only change that affects the release automation path; main
impact is whether the workflow can successfully push the `release`
branch.
>
> **Overview**
> Fixes the `scripts/release-plz.sh` release automation to run `gh auth
setup-git` after setting the git author, ensuring `git push` works when
`actions/checkout` uses `persist-credentials: false`.
>
> This prevents 403 failures when pushing the forced `release` branch
during automated version bump PR creation.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
f69419101e. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds [zizmor](https://github.com/zizmorcore/zizmor) to audit GitHub
Actions workflows for security issues. Runs on push to main and on PRs
that change `.github/workflows/**`. Fails CI on any finding.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Mostly CI/workflow hardening, but it also changes release automation
(`postversion.sh`) and workflow permissions/credentials behavior, which
could break tagging/publishing if misconfigured.
>
> **Overview**
> Adds a new `zizmor` workflow that runs on PRs/pushes touching
`.github/workflows/**` to security-audit workflows.
>
> Hardens existing workflows by defaulting to least-privilege
`permissions`, setting `actions/checkout` to `persist-credentials:
false`, and adjusting related behavior (e.g., `scripts/postversion.sh`
now runs `gh auth setup-git` so `git push` still works; `ci.yml`
disables `mise-action` caching; `test.yml` avoids interpolating
`steps.bad.outcome` inside a shell string by passing it via env).
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
d878aee510. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Removes the autofix.ci workflow.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk: deletes a standalone CI workflow with no runtime code
changes, but it will stop automatic fix commits on PRs and could
increase manual formatting churn.
>
> **Overview**
> Removes the `.github/workflows/autofix.yml` GitHub Actions workflow
that previously ran on `pull_request`/`main` pushes to install deps,
build/package, and invoke `autofix-ci/action` to push automated fixes
back to branches.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
1c2c416618. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## Summary
- Deletes the only workflow in this repo triggered by
`pull_request_target`.
- `pull_request_target` runs in the context of the base repo (with
secrets / write tokens) on PRs from forks, which is risky. The workflow
only validated PR titles; not worth the trust footprint.
## Test plan
- [ ] None — workflow file removal only.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk: deletes a GitHub Actions workflow only; no application code
or runtime behavior changes, and it reduces exposure from
`pull_request_target` workflows.
>
> **Overview**
> Removes the `semantic-pr-lint` GitHub Actions workflow that ran on
`pull_request_target` to validate PR titles.
>
> This eliminates the repo’s only `pull_request_target` workflow,
reducing the trust/secrets footprint for PRs (especially from forks).
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
907019cdfa. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- "before 4am on monday"
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Update | Change | Pending |
|---|---|---|---|
| [aube](https://redirect.github.com/endevco/aube) | minor | `1.4` →
`v1.5.1` | `v1.9.1` (+6) |
---
### Release Notes
<details>
<summary>endevco/aube (aube)</summary>
###
[`v1.5.1`](https://redirect.github.com/endevco/aube/releases/tag/v1.5.1):
: POSIX colon tarball filenames
[Compare
Source](https://redirect.github.com/endevco/aube/compare/v1.5.0...v1.5.1)
A small patch release fixing tarball installs that contain `:` in entry
filenames on POSIX platforms (e.g. `redos-detector@6.1.4`'s
`dist/__mocks__/package-json:version.d.ts`).
#### Fixed
- **POSIX colon tarball filenames** — the store tarball validator and
the linker's `validate_index_key` previously rejected `:` on every
platform to defend against Windows drive-prefix and NTFS
alternate-data-stream ambiguity. That guard was too broad for POSIX,
where colon is a valid filename character, and caused installs of
packages like `redos-detector@6.1.4` to fail. Both guards are now
platform-gated: `:` is still rejected on Windows, but accepted on Linux
and macOS.
([#​386](https://redirect.github.com/endevco/aube/pull/386) by
[@​jdx](https://redirect.github.com/jdx))
**Full Changelog**:
<https://github.com/endevco/aube/compare/v1.5.0...v1.5.1>
#### 💚 Sponsor aube
aube is part of [**en.dev**](https://en.dev) — an independent
developer-tooling studio run by
[@​jdx](https://redirect.github.com/jdx), also behind
[mise](https://mise.jdx.dev/). Work on aube is funded entirely by
sponsors.
If aube is saving your team install time or CI minutes, please consider
[sponsoring at en.dev](https://en.dev). Individual and company
sponsorships are what keep the project fast, free, and independent.
###
[`v1.5.0`](https://redirect.github.com/endevco/aube/releases/tag/v1.5.0):
: Dependency graph queries and patch/lockfile fixes
[Compare
Source](https://redirect.github.com/endevco/aube/compare/v1.4.0...v1.5.0)
This release adds `aube query` for selector-based dependency graph
inspection, fixes patch application against CRLF tarball files, repairs
npm-aliased catalog dependencies in pnpm-generated lockfiles, and
unifies how aube decides where to write workspace settings.
#### Added
- **`aube query`** — a vlt-inspired dependency-graph query command.
Supply a selector expression (attribute predicates plus pseudo-selectors
like `:scripts`, `:bin`, `:peer`, `:type(...)`, `:license(...)`),
optionally scope with workspace `--filter`/`--prod`/`--dev` roots, and
emit human-readable, `--parseable`, or `--json` output. Reads only the
local lockfile.
([#​380](https://redirect.github.com/endevco/aube/pull/380) by
[@​jdx](https://redirect.github.com/jdx))
#### Fixed
- **Patches against CRLF text files** — tarballs published from Windows
editors (e.g. `gifuct-js@2.1.2/index.d.ts`) ship CRLF, but
git/pnpm-style patches always emit LF, and diffy refused to match LF
hunks against CRLF context. aube now normalizes the original to LF
before applying and restores CRLF on write — matching pnpm's approach —
with a `\r\r\n` collapse so a literal `\r` byte mid-line doesn't gain a
second carriage return.
([#​384](https://redirect.github.com/endevco/aube/pull/384) by
[@​jdx](https://redirect.github.com/jdx))
- **`aube patch-commit` destination** — previously wrote unconditionally
to `pnpm.patchedDependencies` in `package.json` even on projects already
using the pnpm v10+ workspace-yaml home. A single rule now applies to
every command that mutates a setting which can live in either the
workspace yaml or `package.json#{pnpm,aube}.<key>`:
1. If a workspace yaml exists on disk → write there.
2. Otherwise, if `package.json#pnpm` is already declared → write
`pnpm.<key>` (preserve the user's namespace).
3. Otherwise → write `aube.<key>`.
`aube patch-remove` now strips entries from every place they could live
and reports the files actually rewritten. The same rule covers `aube
approve-builds` and install-time auto-deny seeding.
([#​384](https://redirect.github.com/endevco/aube/pull/384) by
[@​jdx](https://redirect.github.com/jdx))
- **npm-aliased catalog deps from pnpm lockfiles** — `aube install
--frozen-lockfile` previously accepted a pnpm lockfile with `beamcoder:
npm:beamcoder-prebuild@…` declared via `pnpm-workspace.yaml#catalog` and
silently produced an empty `node_modules`, because the importer's
specifier was `'catalog:'` and alias detection only fired on
`specifier.starts_with("npm:")`. Aliases are now detected purely from
the canonical `<real>@​<resolved>` `version:` shape, with a
peer-suffix strip so `version: 18.2.0(react@18.2.0)` isn't
misclassified.
([#​384](https://redirect.github.com/endevco/aube/pull/384) by
[@​jdx](https://redirect.github.com/jdx))
- **Bounded resolver stream** — the resolved-package stream is now a
bounded Tokio channel sized from the same network concurrency used by
fetch workers, with awaited sends so resolver/fetch overlap applies
backpressure instead of accumulating an unbounded queue.
([#​377](https://redirect.github.com/endevco/aube/pull/377) by
[@​jdx](https://redirect.github.com/jdx))
#### Changed
- **`aube-workspace.yaml` is the default-write filename** — when neither
`aube-workspace.yaml` nor `pnpm-workspace.yaml` exists, `aube
approve-builds` (and the install-time auto-seed of unreviewed build
scripts) now creates `aube-workspace.yaml` so it pairs with
`aube-lock.yaml` instead of leaving mixed vendor namespaces side by
side. Existing `pnpm-workspace.yaml` files keep being mutated in place.
([#​382](https://redirect.github.com/endevco/aube/pull/382) by
[@​jdx](https://redirect.github.com/jdx))
- **Comment-preserving workspace-yaml writes** — yaml writes now skip
the rewrite when the closure produces no structural change, so user
comments survive every no-op update to `allowBuilds`,
`patchedDependencies`, and catalog cleanup.
([#​384](https://redirect.github.com/endevco/aube/pull/384) by
[@​jdx](https://redirect.github.com/jdx))
- **Install phase timing sink** — set `AUBE_BENCH_PHASES_FILE` to append
per-phase install timings (resolve/fetch/link/scripts/state/sweep) as
JSONL, optionally tagged with `AUBE_BENCH_SCENARIO`. The benchmark
harness samples aube install-shaped scenarios and
`benchmarks/generate-phase-results.mjs` turns the JSONL into a Markdown
table plus a structured JSON artifact.
([#​381](https://redirect.github.com/endevco/aube/pull/381) by
[@​jdx](https://redirect.github.com/jdx))
**Full Changelog**:
<https://github.com/endevco/aube/compare/v1.4.0...v1.5.0>
#### 💚 Sponsor aube
aube is part of [**en.dev**](https://en.dev) — an independent
developer-tooling studio run by
[@​jdx](https://redirect.github.com/jdx), also behind
[mise](https://mise.jdx.dev/). Work on aube is funded entirely by
sponsors.
If aube is saving your team install time or CI minutes, please consider
[sponsoring at en.dev](https://en.dev). Individual and company
sponsorships are what keep the project fast, free, and independent.
</details>
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](e46ed2cbd0..68bde559de))
| action | digest | `e46ed2c` → `68bde55` |
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Summary
- Combined with the workflow's `cancel-in-progress` group, `if:
always()` overrides cancellation and runs the `final` aggregator even on
superseded commits.
- `!cancelled()` still runs on upstream success or failure but skips
when the workflow is cancelled — saves a runner and avoids confusing
error annotations on already-superseded shas.
- Caught by Cursor Bugbot on a sibling repo (endevco/pitchfork#413).
Same `final`-aggregator pattern + `cancel-in-progress: true` here, so
the same fix applies.
## Test plan
- [ ] CI passes on this PR
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk CI-only change that just adjusts when the `final` job runs;
main risk is slightly different status reporting when runs are
cancelled.
>
> **Overview**
> Updates the GitHub Actions `final` aggregator job to use `if: ${{
!cancelled() }}` instead of `always()`, so it still runs for upstream
success/failure but **does not** run for cancelled workflows (e.g.,
superseded runs under `cancel-in-progress`).
>
> Adds clarifying comments to document why cancellation should skip the
aggregator to avoid wasting runners and producing noise on cancelled
commits.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
4c62d5f2f1. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](95e58e9a2c..e46ed2cbd0))
| action | digest | `95e58e9` → `e46ed2c` |
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Problem
The default cache key was `mise-v1-{os}-{arch}-{file_hash}` — no
runner-image discriminator. Any repo whose CI runs on multiple runner
providers with the same os/arch shares one cache slot:
- github-hosted `macos-latest`
- namespace.so `nscloud-macos-sequoia-arm64-*` /
`namespace-profile-*-macos-arm64`
- self-hosted M-series macs
- BuildJet, blacksmith, etc.
When a repo migrates from one provider to another, the new run restores
the previous provider's tool installs (~200 MB of
`~/.local/share/mise/installs/*`), and tools that loaded fine in the
original image break in the new one.
### Concrete failures observed
Discovered while migrating [jdx/hk](https://github.com/jdx/hk/pull/891)
from github-hosted to namespace.so. Same `mise-v1-macos-arm64-<hash>`
cache hit on namespace; tool resolution fails everywhere:
```
mise ERROR Tool 'ubi:koalaman/shellcheck' does not have an executable named 'shellcheck'
mise ERROR Tool 'gem:asciidoctor' does not have an executable named 'asciidoctor'
mise ERROR Tool 'aqua:betterleaks/betterleaks' does not have an executable named 'betterleaks'
mise ERROR Tool 'biome' does not have an executable named 'biome'
mise ERROR Tool 'buf' does not have an executable named 'buf'
mise ERROR Tool 'github:google/google-java-format' does not have an executable named 'google-java-format'
```
— installs are present (cache restored 185 MB) but the executable layout
from the github-hosted macOS-15 image doesn't match what mise expects on
namespace's macOS arm64 image.
On Linux, cached binaries built against the github-hosted ubuntu
glibc/CPU featureset SIGILL on namespace's image (e.g. `swiftlint` exit
code 132).
## Fix
Append the GitHub Actions hosted-runner `ImageOS` env var (e.g.
`macos15`, `ubuntu24`) to the platform segment of the default cache key.
Other runners pool under `self-hosted`.
```ts
const imageOS = process.env.ImageOS || 'self-hosted'
return `${base}-${imageOS}`
```
After this change:
- `mise-v1-macos-arm64-macos15-<hash>` (github-hosted)
- `mise-v1-macos-arm64-self-hosted-<hash>` (namespace, self-hosted,
etc.)
Users with multiple self-hosted profiles that need finer scoping can set
`cache_key_prefix` per workflow. The README's docs for `{{platform}}`
are updated to reflect the new format.
## Trade-offs
- One-time cache miss for everyone on the next run after upgrade. Cache
rebuilds and stays scoped per-image after that.
- Hosted-runner image rolls (e.g. `macos15` → `macos16`) will invalidate
cache, which is desirable — that's exactly when stale binaries cause
problems.
- Self-hosted users with mixed runner pools all share one `self-hosted`
slot. They'd need `cache_key_prefix` per pool, same as before. This PR
doesn't make that worse.
## Test plan
- [ ] Verify `dist/index.js` rebuilt cleanly (yes, `npm run package`
succeeded with the change visible at `getTarget()` callsite).
- [ ] Run on a github-hosted runner — confirm `ImageOS` is read from env
(e.g. `macos15`) and shows up in the `mise cache restored from key:` log
line.
- [ ] Run on a non-hosted runner — confirm fallback to `-self-hosted`.
- [ ] Verify a workflow that switched providers no longer pulls a
poisoned cache.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Changes cache-key generation and will cause a one-time cache miss plus
different cache partitioning, which can affect build times and cache
reuse across runners.
>
> **Overview**
> Updates the default cache-key `{{platform}}` value to append a runner
image discriminator (`process.env.ImageOS` on GitHub-hosted runners,
otherwise `self-hosted`), reducing cross-provider/image cache collisions
that can restore incompatible tool installs.
>
> Implements this via a new `getRunnerImageId()` helper used during
cache-key template processing, and documents the new `{{platform}}`
format in the README; `dist/index.js` is rebuilt accordingly.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
ef1bd0e351. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## Summary
Adds two new inputs that gate the mise-wings asset cache for tool
installs. Existing workflows are unaffected: default `wings_enabled:
false` is a no-op.
| Input | Default | Description |
|---|---|---|
| `wings_enabled` | `false` | Route tool-install URLs through the wings
cache when `true` |
## How it works
When `wings_enabled: true`, the action exports `MISE_WINGS_ENABLED=1`.
Authentication is **fully automatic** — mise itself owns the GHA OIDC →
wings session exchange. No `mise wings login` step in workflow YAML, no
long-lived secrets to rotate.
When mise (built with wings support — see
[jdx/mise#9458](https://github.com/jdx/mise/pull/9458)) sees
`MISE_WINGS_ENABLED=1` and detects the GHA OIDC env vars
(`ACTIONS_ID_TOKEN_REQUEST_URL` + `ACTIONS_ID_TOKEN_REQUEST_TOKEN`), it:
1. Fetches the runner's OIDC token, scoped to the wings deployment
audience
2. POSTs it to `https://api.<host>/auth` to mint a wings CI session JWT
3. Caches the JWT in-process for the rest of the workflow run
4. Transparently rewrites `registry.npmjs.org` / `github.com` /
`api.github.com` URLs to the corresponding wings cache subdomains and
attaches the JWT as a Bearer header
## Why opt-in (not opt-out)
The default-off posture is deliberate. Many workflows already declare
`permissions: id-token: write` for unrelated reasons (SLSA provenance,
AWS OIDC, Sigstore, npm provenance, etc.). If `wings_enabled` defaulted
to `true`, those workflows would silently send the runner's OIDC
identity claims to a third-party cache without explicit consent. Cursor
Bugbot HIGH + Greptile P1+security correctly flagged the previous
"default true" iteration of this PR as a privacy regression.
Explicit opt-in keeps the gate visible in the workflow YAML.
## Workflow requirements
```yaml
permissions:
id-token: write # required for OIDC
jobs:
build:
steps:
- uses: jdx/mise-action@<sha>
with:
wings_enabled: true
```
The action emits a clear warning when `wings_enabled: true` but
`id-token: write` is missing — without that hint, the user would see
"wings configured but doing nothing" and have no clue why.
## Test plan
- [x] `npm run all` — format + lint + package, clean
- [x] `dist/index.js` rebuilt and contains the wings hook (greppable:
`MISE_WINGS_ENABLED`, `setupWings`)
- [ ] End-to-end: a workflow with `wings_enabled: true`, `permissions:
id-token: write`, an active wings subscription, and a recent enough
`mise` binary. The mise repo's own `docs.yml` will exercise this path
once [jdx/mise#9458](https://github.com/jdx/mise/pull/9458) is merged.
- [ ] Default-off path: a workflow without the `wings_enabled` input
behaves identically to today.
## Out of scope
- Older mise binaries will see `MISE_WINGS_ENABLED` and silently ignore
it (no wings client code) — that's intended; the action doesn't gate on
mise version.
- Self-hosted runners: `permissions: id-token: write` only does anything
on GitHub-hosted runners by default. Self-hosted runners need extra
config; the warning above is conservative enough for both cases.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Introduces an opt-in path that can cause OIDC-based authentication to
a third-party cache and alters tool download routing when enabled.
Default-off behavior limits impact, but misconfiguration could create
confusing cache bypass or unexpected network/token exchange behavior.
>
> **Overview**
> Adds a new **experimental** `wings_enabled` action input (default
`false`) to opt workflows into the mise-wings asset cache by exporting
`MISE_WINGS_ENABLED=1`.
>
> When enabled, the action now runs `setupWings()` early to set the env
var and warn if GitHub OIDC env vars are missing (i.e., `permissions:
id-token: write` not configured), while leaving existing/default
behavior unchanged.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
969042fe52. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
## Summary
Switches the project's package-manager surface from a mix of `npm` /
`pnpm` / `bun` (different commands in different files) to a single tool:
[aube](https://aube.en.dev), en.dev's pnpm-compat package manager
(native Rust, fast, drops cleanly into pnpm/npm-compatible workflows).
| | Before | After |
|---|---|---|
| Workflows install step | `npm ci` | `aube ci` |
| Workflows run scripts | `npm run X` | `aubr X` (`aubr` is the `aube
run` shorthand) |
| `mise.toml` tasks | mixed `npm run` / `bun run` | `aubr X` |
| Lockfile | `package-lock.json` | `package-lock.json` (unchanged — aube
reads it directly) |
The `aubr` binary ships alongside `aube` in the same install — it's the
script-runner shorthand (`aubr <script>` ≡ `aube run <script>`). Saves a
word in every workflow / mise.toml line.
## What didn't change
- **`package-lock.json`** stays as the canonical lockfile. aube reads it
directly; no `aube-lock.yaml` is generated. Running `npm install` still
works for any dev who hasn't switched to aube yet.
- **`package.json` scripts** still use `npm run X` for nested
invocations (e.g. `"all": "npm run format:write && …"`). The literal
`npm` works for both callers — aube's shell exec finds `npm` in PATH,
the inner invocation re-runs the same package.json script. Keeping these
PM-agnostic avoids a forced cutover for downstream contributors.
- **`dist/`** is byte-identical after `aubr all` — parity with the
npm-built bundle verified locally.
## New project files
- **`.npmrc`** — single line: `node-linker=hoisted`. Forces a flat,
npm-style `node_modules` layout instead of aube's default
symlink/virtual-store. Required because `rollup --configPlugin
@rollup/plugin-typescript` resolves the plugin from cwd's node_modules,
and the isolated layout puts rollup under `node_modules/.aube/...` where
standard module resolution can't reach back to the project root for the
plugin. npm reads `.npmrc` but ignores `node-linker` (npm always
installs flat), so the file is safe for both PMs.
- **`pnpm-workspace.yaml`** — generated by aube 1.4 to record
build-script approvals (`unrs-resolver: false`). Project-level config;
commits like a `package.json` companion.
Pinned `aube = '1.4'` in `mise.toml`'s tools so `mise install`
provisions the right binary locally.
## Why aube
Single tool replacing three. Less context-switching for contributors,
fewer places to run `npm audit` / `bun upgrade` / `pnpm dedupe`. aube's
cold-cache install for this repo's deps is ~3s vs `npm ci` at ~10s.
## Test plan
- [x] `aube install` from clean — succeeds, all 441 packages link
cleanly
- [x] `aubr all` (format + lint + package) — succeeds, `dist/`
byte-identical to checked-in version
- [x] `aubr format:check` — clean
- [x] `aubr lint` — clean
- [x] `aubr package` — produces `dist/index.js`, `dist/index.js.map`,
`dist/licenses.txt` matching what's checked in
- [ ] Workflows: `Continuous Integration` / `autofix.ci` / `Check dist/`
/ `test` all pass on this PR
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Mostly CI/build-system plumbing; risk is workflow or packaging
breakage (dependency install layout, rollup config) that could prevent
`dist/` from rebuilding or CI from running, but it doesn’t change
runtime action logic.
>
> **Overview**
> Switches GitHub Actions workflows to install tooling via
`jdx/mise-action` and run installs/scripts with `aube`/`aubr` instead of
`actions/setup-node` + `npm ci`/`npm run`.
>
> Pins `aube` (`1.4`) in `mise.toml`, updates `mise` tasks and developer
docs (`CLAUDE.md`) to use `aube`/`aubr`, and adds `.npmrc`
(`node-linker=hoisted`) plus a `.gitignore` entry to avoid committing
`aube`’s generated `pnpm-workspace.yaml`.
>
> Adjusts the packaging script to use `rollup.config.mjs` (replacing the
previous TS config invocation).
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
fd6530d89f. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- "before 4am on monday"
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
- add a communique mise lock entry for v1.1.2
- include release asset URLs and checksums, including musl assets
## Validation
- monitored jdx/communique release workflow 24960017639 to success
- `mise install --locked communique`
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk: adds an auto-generated tool lockfile entry only, affecting
developer tool installation but not runtime application behavior.
>
> **Overview**
> Pins the `communique` developer tool to **v1.1.2** by adding a
generated `mise.lock` entry.
>
> The lock includes **per-platform download URLs, asset API links, and
SHA-256 checksums**, including *musl* variants for Linux.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
7bbd9716bd. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [autofix-ci/action](https://redirect.github.com/autofix-ci/action)
([changelog](7a166d7532..c5b2d67aa2))
| action | digest | `7a166d7` → `c5b2d67` |
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzkuNyIsInVwZGF0ZWRJblZlciI6IjQzLjEzOS43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node)
([changelog](53b83947a5..48b55a011b))
| action | digest | `53b8394` → `48b55a0` |
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzkuNyIsInVwZGF0ZWRJblZlciI6IjQzLjEzOS43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](c10b8064de..95e58e9a2c))
| action | digest | `c10b806` → `95e58e9` |
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Summary
- Add a `final` job to the build-test workflow that depends on all other
jobs
- Fails if any upstream job failed or was skipped
- Provides a single required status check for branch protection
## Test plan
- [ ] `final` job passes when all other jobs pass
- [ ] `final` job fails when any upstream job fails
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk: workflow-only change that adds a single aggregator job and
doesn’t affect production code paths. Main risk is misconfiguring branch
protection expectations if the `final` job logic/conditions are wrong.
>
> **Overview**
> Adds a `final` GitHub Actions job to the `build-test` workflow that
depends on all other jobs and runs with `if: always()`.
>
> The `final` job fails the workflow if any upstream job result is
`failure`, `cancelled`, or `skipped`, enabling a single required status
check for branch protection.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
45ecee53a1. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary
- Switch bundler from `@vercel/ncc` to `rollup` with
`@rollup/plugin-commonjs`, `@rollup/plugin-node-resolve`,
`@rollup/plugin-json`, and `@rollup/plugin-typescript`
- Add `"type": "module"` to `package.json` for ESM support
- Upgrade all `@actions/*` dependencies to their latest major versions
(`@actions/core` v3, `@actions/exec` v3, `@actions/cache` v6,
`@actions/glob` v0.6, `@actions/io` v3)
- Remove old ncc artifacts (`dist/licenses.txt`,
`dist/sourcemap-register.js`)
## Why
The `@actions/toolkit` packages v3+ are ESM-only and can't be bundled by
ncc (which uses webpack with CJS `require()`). This is what's blocking
#435 (renovate `@actions/exec` v3 upgrade). The official
`actions/typescript-action` template has already migrated to rollup.
## Test plan
- [ ] CI passes (`npm run all` — format, lint, package)
- [ ] `check-dist` workflow passes (dist/index.js matches build output)
- [ ] Integration tests pass on all platforms (ubuntu, macos, windows,
alpine)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Moderate risk because it changes the action’s build/bundling pipeline
and module format (CJS→ESM), which can break runtime execution or
dependency resolution if the generated `dist/` output differs across
environments.
>
> **Overview**
> Migrates the GitHub Action build from `@vercel/ncc` (CommonJS) to a
Rollup-based ESM bundle, adding `rollup.config.ts` and updating
TypeScript settings to `NodeNext` to support ESM output.
>
> Updates `package.json` to `"type": "module"`, switches the packaging
script to Rollup, and upgrades `@actions/*` dependencies to their latest
major (ESM-only) versions. The checked-in `dist/` artifacts are
regenerated accordingly (including license output) and legacy
ncc-specific artifacts are removed.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
59e728e570. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[amannn/action-semantic-pull-request](https://redirect.github.com/amannn/action-semantic-pull-request)
| action | major | `v5` → `v6` |
---
### Release Notes
<details>
<summary>amannn/action-semantic-pull-request
(amannn/action-semantic-pull-request)</summary>
###
[`v6`](https://redirect.github.com/amannn/action-semantic-pull-request/compare/v5...v6)
[Compare
Source](https://redirect.github.com/amannn/action-semantic-pull-request/compare/v5...v6)
</details>
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | major | `v3` → `v4` |
---
### Release Notes
<details>
<summary>github/codeql-action (github/codeql-action)</summary>
###
[`v4`](https://redirect.github.com/github/codeql-action/compare/v3...v4)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3...v4)
</details>
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
([changelog](bbbca2ddaa..043fb46d1a))
| action | digest | `bbbca2d` → `043fb46` |
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | major | `v6` → `v7` |
---
### Release Notes
<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>
###
[`v7`](https://redirect.github.com/actions/upload-artifact/compare/v6...v7)
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v6...v7)
</details>
---
### Configuration
📅 **Schedule**: (in timezone America/Chicago)
- Branch creation
- Only on Friday (`* * * * 5`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ1cGRhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](603b797f8b..5c8a8a642e))
| action | digest | `603b797` → `5c8a8a6` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ1cGRhdGVkSW5WZXIiOiI0My4xMDIuMTEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45NC4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
- Add communique tool to mise.toml
- Add `enhance-release` job to release workflow that runs after release
creation to generate AI-enhanced release notes
## Test plan
- [ ] Verify next release triggers the enhance-release job
- [ ] Confirm ANTHROPIC_API_KEY secret is configured in repo settings
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Adds a new post-release GitHub Actions job that uses an external AI
API and an elevated token to modify GitHub release notes; failures or
misconfigured secrets can break the release workflow and token scope
matters.
>
> **Overview**
> After the `release` job completes, the workflow now runs a new
`enhance-release` job that computes the tag from `package.json` and
calls `communique generate ... --github-release` to update the GitHub
release notes.
>
> The PR also adds `communique` to `mise.toml` so the tool is available
in CI, and wires in `ANTHROPIC_API_KEY` plus a dedicated
`RELEASE_PLZ_GITHUB_TOKEN` for the release-note update step.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
d2335f661c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary
- Adds a daily workflow that auto-closes PRs inactive for 30+ days
- Skips PRs authored by jdx or labeled `keep-open`
- Includes different close messages depending on CI status (failing vs
passing)
Ported from jdx/mise.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk: adds a standalone GitHub Actions workflow that only closes
eligible open PRs and does not affect application/runtime code.
>
> **Overview**
> Adds a new GitHub Actions workflow (`.github/workflows/pr-closer.yml`)
that runs daily (and manually) to close PRs with no activity for 30+
days.
>
> The job filters out PRs authored by `jdx` or labeled `keep-open`, and
posts a different close comment when CI checks are failing vs passing.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
959b5b27b2. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
- Adds `npm install` before `npm run all` in the husky pre-commit hook
- Prevents stale `node_modules` from producing unintended `dist/`
changes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk change confined to developer tooling; it only affects local
pre-commit behavior and should not impact runtime code.
>
> **Overview**
> Ensures the pre-commit hook runs `npm ci` before `npm run all`, so
builds use a fresh/consistent `node_modules` prior to staging `dist`
changes.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9b08810a42. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary
- Extracts the duplicated working-directory resolution expression
(`core.getInput('working_directory') || core.getInput('install_dir') ||
process.cwd()`) into a `getCwd()` helper function.
- Replaces the 2 identical inline expressions in `exportMiseEnv()` and
`mise()` with calls to `getCwd()`.
## Motivation
Separated from #402 to allow independent review. This is a pure refactor
with no behavioral change, intended to simplify the diff in #402 by
providing a smaller, self-contained improvement.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](820e3160e2..603b797f8b))
| action | digest | `820e316` → `603b797` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](45580472a5..820e3160e2))
| action | digest | `4558047` → `820e316` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jdx <216188+jdx@users.noreply.github.com>
Fixes https://github.com/jdx/mise-action/issues/394
This PR updates the GitHub Actions runner environment to use Node.js 24,
following the deprecation notice for Node.js 20. GitHub has announced
that starting June 2, 2026, Node.js 24 will become the default, and
earlier versions will be restricted to ensure security and performance
standards.
The jdx/mise-action@v3 currently triggers a deprecation warning because
it defaults to the Node.js 20 runtime. To proactively address this and
avoid potential workflow failures during the transition period, we are
opting into the newer runtime version now.
Co-authored-by: jdx <216188+jdx@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node)
([changelog](6044e13b5d..53b83947a5))
| action | digest | `6044e13` → `53b8394` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Problem
The `exportMiseEnv()` function ignores the `working_directory` (and
`install_dir`) input when running `mise env --json`. It always executes
in the process default CWD — the GitHub Actions workspace root —
regardless of what directory was used for `mise install`.
This means if a caller sets `working_directory: path/to/subdir`, mise
resolves environment variables against the workspace root's `mise.toml`,
not the intended subdirectory's config.
### Impact
Since mise 2026.2.0, lockfiles are enabled by default. When `mise env
--json` runs without a `mise.lock` present (e.g. because the correct
`working_directory` was not used), mise attempts to resolve loose tool
versions (like `"latest"`) from the network. In environments with
private npm registries, this causes `npm view` calls that fail with 403
errors. Mise retries indefinitely, spawning 20+ orphaned npm processes
and eventually hitting `EAGAIN` (OS error 11), hanging CI permanently.
The other mise commands (`miseInstall`, `miseReshim`, etc.) already pass
`cwd` correctly via the shared `mise()` helper. Only `exportMiseEnv()`
was missing this.
## Fix
Resolve `working_directory` (falling back to `install_dir`, then
`process.cwd()`) at the top of `exportMiseEnv()` and pass `{ cwd }` to
all four `exec.getExecOutput` calls within the function:
- `mise env --redacted --json`
- `mise env --json`
- `mise env --dotenv` (redacted fallback)
- `mise env --dotenv` (legacy fallback)
## Related
- Issue #267: `working_directory` not respected for env export
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](f5c2471be7..45580472a5))
| action | digest | `f5c2471` → `4558047` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4zNi4yIiwidXBkYXRlZEluVmVyIjoiNDMuMzYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNi41IiwidXBkYXRlZEluVmVyIjoiNDMuMjYuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
Refs #382 (Problem 1).
The default cache key template placed `file_hash` before conditional
segments (`version`, `mise_env`, `install_args_hash`). Because
`@actions/cache` `restoreCache` performs prefix matching on the primary
key, a key without optional trailing segments was always a prefix of a
key with them, causing different workflow configurations to restore each
other's caches unintentionally.
## The bug
Old template:
```
{{cache_key_prefix}}-{{platform}}-{{file_hash}}{{#if version}}-{{version}}{{/if}}{{#if mise_env}}-{{mise_env}}{{/if}}{{#if install_args_hash}}-{{install_args_hash}}{{/if}}
```
Example: Workflow A (no `install_args`) produces key
`mise-v0-linux-x64-<hash>`, which is a prefix of Workflow B's key
`mise-v0-linux-x64-<hash>-<args_hash>`. If only B's cache exists, A
restores it via prefix match.
## The fix
Move `file_hash` to the end of the template so it acts as a terminator:
```
{{cache_key_prefix}}-{{platform}}{{#if version}}-{{version}}{{/if}}{{#if mise_env}}-{{mise_env}}{{/if}}{{#if install_args_hash}}-{{install_args_hash}}{{/if}}-{{file_hash}}
```
Since `file_hash` is always present, no valid cache key can be a prefix
of another.
Also bumps `cache_key_prefix` default from `mise-v0` to `mise-v1` (in
both `src/index.ts` and `action.yml`) to intentionally invalidate
existing caches that may have been saved under incorrect prefix-matched
keys.
## Changes
- `src/index.ts` L43: Reorder `DEFAULT_CACHE_KEY_TEMPLATE` — move
`file_hash` to end
- `src/index.ts` L432: Bump fallback `cache_key_prefix` from `mise-v0`
to `mise-v1`
- `action.yml` L46: Bump default `cache_key_prefix` from `mise-v0` to
`mise-v1`
- Rebuilt `dist/`
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](b5ebac6f4c..f5c2471be7))
| action | digest | `b5ebac6` → `f5c2471` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS4xMSIsInVwZGF0ZWRJblZlciI6IjQzLjI1LjExIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](439137e1b5..b5ebac6f4c))
| action | digest | `439137e` → `b5ebac6` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44LjUiLCJ1cGRhdGVkSW5WZXIiOiI0My44LjUiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout)
([changelog](8e8c483db8..de0fac2e45))
| action | digest | `8e8c483` → `de0fac2` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [autofix-ci/action](https://redirect.github.com/autofix-ci/action)
([changelog](635ffb0c97..7a166d7532))
| action | digest | `635ffb0` → `7a166d7` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](4bdb89f480..439137e1b5))
| action | digest | `4bdb89f` → `439137e` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Reverts jdx/mise-action#360https://github.com/jdx/mise-action/issues/363
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Reverts the monorepo cache isolation change and simplifies caching to
a single cache for the entire `mise` directory.
>
> - Replace binary/tools caches with a single cache via
`restoreMiseCache`/`saveCache`; set `cache-hit` from one restore
> - Default key template drops `dir_hash`; `file_hash` computed from
repo-wide glob patterns (no `working_directory`-specific config walk)
> - Persist `PRIMARY_KEY` and `MISE_DIR` in action state; `miseDir()`
reads from state
> - Remove monorepo cache isolation workflow `test-monorepo-cache.yml`;
minor cleanup in `AGENTS.md`
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a157c4e176. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](45c373516f..4bdb89f480))
| action | digest | `45c3735` → `4bdb89f` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Problem
-------
mise-action hashes ALL mise config files in the repo to compute a single
default cache key. In a monorepo with multiple projects (e.g.,
apps/frontend, apps/backend), this causes cache pollution:
1. Job A runs for apps/frontend, installs only frontend tools
2. Cache is saved with a key based on ALL configs
3. Job B runs for apps/backend, gets cache HIT (same key)
4. Job B finds frontend tools but not backend tools
5. Job B has to install all tools because they are missing from cache
Additionally, any change to an unrelated project config would bust the
cache for all projects.
Solution
--------
When working_directory is set, compute the default cache key using only
the config files that affect that directory (detected via `mise config
ls --json`) instead of globbing all configs in the repo.
This required separating binary and tools caching:
- Binary cache: restored first so mise is available for `mise config ls`
- Tools cache: default key computed after mise is installed
Key Implementation Details
--------------------------
1. Cache separation:
- restoreMiseBinaryCache/saveMiseBinaryCache for the mise binary
- restoreToolsCache/saveToolsCache for the full mise directory
- Binary cache key: `{prefix}-binary-{platform}-{version}-{dirHash}`
- Tools default cache key: based on config file contents for
working_directory
2. Binary backup during tools cache restore: The tools cache includes
bin/, which could overwrite the binary that setupMise() just installed.
We use withBinaryBackup() to backup the binary before restoring the
tools cache and restore it afterward.
An alternative approach would be to only cache installs/ and shims/
instead of the full miseDir(), but that would change the caching
behavior for existing users. Using withBinaryBackup() retains the
original caching behavior while preventing the binary from being
overwritten.
3. Binary cache key includes mise_dir hash: Prevents cache collision
when users change mise_dir between runs. Without this, a cache hit could
restore the binary to the wrong location.
4. Explicit mise binary path: Uses full path to mise binary instead of
relying on PATH lookup, avoiding potential race conditions with
core.addPath().
5. Lock file handling:
- .toml files: look for corresponding .lock file
- .tool-versions: look for mise.lock in the same directory
6. Graceful degradation: If `mise config ls` fails when
working_directory is set, caching is disabled with a warning rather
than:
- Failing the action entirely, or
- Falling back to glob patterns (which would reintroduce the bug)
Backward Compatibility
----------------------
- working_directory not set: No change, uses existing glob of all
configs
- working_directory set: Default cache key based on `mise config ls`
output
Note on cache_key input: The `cache_key` input now only controls the
tools cache key. The binary cache key is always computed automatically
based on platform, version, and mise_dir. This is generally better since
the binary cache is version-stable and does not need custom key logic.
Test Coverage
-------------
Added test-monorepo-cache.yml with 8 test scenarios:
- install-backend/restore-frontend: Verify cache isolation
- install-frontend/unrelated-change-no-bust: Verify unrelated changes do
not bust cache
- parent-config-change: Verify parent config changes bust child cache
- lock-file-change: Verify lock file changes bust cache
- install-default-mise-dir/restore-custom-mise-dir: Verify mise_dir in
cache key
Final Note
----------
Currently, the default tool cache key includes the mise version. This
was in place prior, so it was left intact. With this change and the
splitting of the mise version cache from the tool cache, we could safely
remove the mise version from the tool cache key. Left this for a
subsequent change if desired.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Fixes cache key pollution in monorepos by scoping tool cache keys to
the `working_directory`'s config hierarchy and separating binary vs.
tools caching.
>
> - New cache flow: `restoreMiseBinaryCache/saveMiseBinaryCache` (key:
`{prefix}-binary-{platform}-{version}-{dirHash}`) runs before
installation; `restoreToolsCache/saveToolsCache` uses a default key
derived from `mise config ls --json` for the specified
`working_directory`
> - Uses explicit `mise` binary path and preserves it during tools cache
restore via `withBinaryBackup` to avoid overwrites
> - Default tools key still supports template inputs; includes lockfile
handling and guards to disable caching on failures
> - `mise_dir` hash included in binary cache key to prevent cross-dir
collisions
> - Adds `.github/workflows/test-monorepo-cache.yml` with scenarios
verifying monorepo cache isolation, unrelated-config no-bust,
parent-config change bust, lockfile change bust, identical-content
different-path isolation, and `mise_dir`-key differentiation
> - Updates compiled `dist/` artifacts; minor docs entry `AGENTS.md`
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
434d5feca5. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node)
([changelog](395ad32622..6044e13b5d))
| action | digest | `395ad32` → `6044e13` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42OS4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
([changelog](497990dfed..45c373516f))
| action | digest | `497990d` -> `45c3735` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Summary
- Environment variables are now always passed to mise commands
- Previously, env vars were only passed when in debug mode, meaning
`MISE_ENV` and other `MISE_*` variables set in the workflow were not
passed through during `mise install`
Fixes#289
## Usage
```yaml
env:
MISE_ENV: production
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: jdx/mise-action@v2
# MISE_ENV=production is now passed to mise install
```
## Test plan
- [ ] Verify setting `MISE_ENV` in workflow env is passed to `mise
install`
- [ ] Verify debug mode still works (adds `MISE_LOG_LEVEL: debug`)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Always pass sanitized workflow environment variables to all `mise`
invocations, adding `MISE_LOG_LEVEL=debug` only in debug mode.
>
> - **Action runtime**:
> - Always pass environment variables to `mise` commands via a sanitized
`baseEnv` (filters out `undefined`).
> - In debug mode, extends `baseEnv` with `MISE_LOG_LEVEL=debug`;
otherwise uses `baseEnv` unchanged.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fb448d9e635736cb69b6190690272e10a34bc890. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
## Summary
- Add `add_shims_to_path` input (default: `true`) to control whether the
mise shims directory is added to PATH
- Setting this to `false` allows users who already have mise configured
to avoid conflicts with their existing setup
Fixes#337
## Usage
```yaml
- uses: jdx/mise-action@v2
with:
add_shims_to_path: false
```
## Test plan
- [ ] Verify shims are added to PATH by default (existing behavior)
- [ ] Verify shims are NOT added to PATH when `add_shims_to_path: false`
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Adds `add_shims_to_path` input (default true) to optionally skip
adding `mise/shims` to PATH.
>
> - **Action input/behavior**
> - Add `inputs.add_shims_to_path` (default: `true`).
> - Conditionally add `mise/shims` to `PATH` only when
`add_shims_to_path` is `true`.
> - **Build/dist updates (non-functional to action API)**
> - Minor runtime tweaks in bundled libs: safer `abortSignal`
reassignment, improved `File` stream creation, user-agent OS field
formatting, `randomUUID` fallback for Node, and updated internal SDK
version constants.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f90b26afa3. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi40Mi4yIiwidXBkYXRlZEluVmVyIjoiNDIuNDIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `f94c9be` -> `497990d` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xNi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xNi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMTYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | digest | `08eba0b` -> `34e1148` |
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | digest | `08c6903` -> `93cb6ef` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xNi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMTYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `5d5cd55` -> `f94c9be` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | pinDigest | -> `08c6903` |
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | pinDigest | -> `49933ea` |
| [autofix-ci/action](https://redirect.github.com/autofix-ci/action) |
action | pinDigest | -> `635ffb0` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTYuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
## Summary
Switches from our custom GitHub Actions workflow to
[autofix.ci](https://autofix.ci/) for automatically updating the `dist/`
folder. This solves the CI triggering issue and works on all PRs, not
just Renovate PRs.
## Problem Solved
The previous workflow had a critical issue: commits made with
`GITHUB_TOKEN` don't trigger other CI workflows (by design to prevent
infinite loops). This meant that after the dist/ folder was updated, CI
wouldn't run to verify the changes.
## Solution: autofix.ci
autofix.ci uses a GitHub App token to make commits, which **does**
trigger CI workflows. This ensures that:
- ✅ CI tests run after dist/ is updated
- ✅ Works on ALL PRs, not just Renovate
- ✅ Renovate still recognizes and can rebase PRs (via
`gitIgnoredAuthors`)
## Changes
- **Renamed workflow**: `renovate-dist-update.yml` → `autofix.yml`
- **Removed filters**: Now runs on all PRs (not just when specific files
change)
- **Removed Renovate check**: Works for all PR authors, not just
renovate[bot]
- **Switched to autofix.ci**: Replaced manual commit logic with
autofix.ci action
- **Updated permissions**: Changed from `write` to `read` (autofix.ci
handles commits)
- **Updated renovate.json**: Added `autofix.ci[bot]` to
`gitIgnoredAuthors`
## Setup Required
This PR requires installing the autofix.ci GitHub App:
👉https://github.com/apps/autofix-ci
## Testing
Once the app is installed, this workflow will automatically:
1. Run on every PR
2. Execute `npm run all` to rebuild dist/
3. Let autofix.ci commit any changes
4. Trigger CI workflows to verify the changes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Replaces the Renovate-only dist update workflow with an
autofix.ci-based workflow that runs on all PRs and main pushes, and
updates Renovate to ignore autofix.ci commits.
>
> - **CI**:
> - Add `/.github/workflows/autofix.yml` to build (`npm run all`) and
let `autofix.ci` commit fixes on PRs and `main` pushes.
> - Remove `/.github/workflows/renovate-dist-update.yml` and its manual
commit/push logic.
> - **Renovate**:
> - Update `/.github/renovate.json` to set `gitIgnoredAuthors` to
`autofix.ci[bot] <autofix.ci[bot]@users.noreply.github.com>`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
520b55f3f5045ef239900070ac87c66667338b09. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude <noreply@anthropic.com>
Removes path filters so the workflow runs on every PR, ensuring
dist/ is always up to date regardless of which files changed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Switches from manual commit workflow to autofix.ci for automatically
updating the dist/ folder when source files change. This has several
advantages:
1. Works on ALL PRs, not just Renovate PRs
2. Commits made by autofix.ci (GitHub App) trigger CI workflows, unlike
commits made with GITHUB_TOKEN which don't trigger workflows
3. Renovate recognizes autofix.ci commits via gitIgnoredAuthors and can
still auto-rebase PRs
Changes:
- Renamed workflow from renovate-dist-update to auto-update-dist
- Removed Renovate-only condition - now runs on all PRs
- Replaced manual git commit/push with autofix.ci action
- Updated renovate.json to ignore autofix.ci commits
- Changed permissions from write to read-only
Note: Requires installing the autofix.ci GitHub App:
https://github.com/apps/autofix-ci🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Adds gitIgnoredAuthors to allow Renovate to auto-rebase PRs even after
the renovate-dist-update workflow adds commits. Without this, Renovate
refuses to auto-rebase because it sees commits from an unrecognized author.
Also sets rebaseWhen to "conflicted" to prevent infinite rebase loops
that can occur when gitIgnoredAuthors is combined with auto-rebasing.
This fixes the warning on PRs like #301 where Renovate says it "does not
recognize the last commit author".
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updates all GitHub Actions workflows from Node 18/20 to Node 24,
matching the version specified in mise.toml and @types/node in package.json.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
## Summary
Fixes the artifact update problem in Renovate PRs (like #294) by
replacing non-functional `postUpgradeTasks` configuration with a GitHub
Actions workflow.
## Problem
The previous configuration used `postUpgradeTasks` and `allowedCommands`
in `.github/renovate.json`, which only work with self-hosted Renovate.
Since this repo uses GitHub's hosted Renovate app, those settings were
being ignored, causing the `dist/` folder to not be updated
automatically.
## Solution
Created a new GitHub Actions workflow
(`.github/workflows/renovate-dist-update.yml`) that:
- Automatically triggers when Renovate opens a PR that modifies
`package.json`, `package-lock.json`, or `src/`
- Only runs for Renovate bot PRs
- Runs `npm run all` to rebuild the distribution
- Commits and pushes the updated `dist/` folder back to the PR branch
Also cleaned up `.github/renovate.json` by removing the non-functional
configuration.
## Testing
The workflow will automatically run on the next Renovate PR update. You
can test it immediately by:
1. Closing and reopening PR #294, or
2. Waiting for the next Renovate update cycle
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Replace Renovate post-upgrade tasks with a GitHub Actions workflow
that rebuilds and commits `dist/` on Renovate PRs.
>
> - **CI / GitHub Actions**:
> - Add `/.github/workflows/renovate-dist-update.yml` to auto-rebuild
`dist/` on Renovate PRs.
> - Triggers on changes to `package.json`, `package-lock.json`,
`src/**`, `tsconfig.json`.
> - Runs only for `renovate[bot]`/`renovate-bot`; executes `npm ci` and
`npm run all`; commits updated `dist/` if changed.
> - **Renovate Config**:
> - Simplify `/.github/renovate.json` by removing `postUpgradeTasks` and
`allowedCommands`, keeping only `extends`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
631581469e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Claude <noreply@anthropic.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `4221315` -> `5d5cd55` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `755f449` -> `4221315` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTYuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE1Ni4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `a8d1ac4` -> `755f449` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `64d10c1` -> `a8d1ac4` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
> [!NOTE]
> Mend has cancelled [the proposed
renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842)
of the Renovate GitHub app being renamed to `mend[bot]`.
>
> This notice will be removed on 2025-10-07.
<hr>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzEuOSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
> [!NOTE]
> Mend has cancelled [the proposed
renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842)
of the Renovate GitHub app being renamed to `mend[bot]`.
>
> This notice will be removed on 2025-10-07.
<hr>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on monday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Hello 👋
1st of all thanks for your work on mise, it's really a game changer 😁
## Why
This PR tries to address the issue #165 (mise-action cannot upgrade
mise)
## What
I've decided to use `mise self-update` if mise is already installed to
switch to the desired version
Let me know if this is an OK fix for you
## Tests
To test this feature, I've run the action on my repo and screenshot the
newly created output
<img width="591" height="538" alt="Screenshot 2025-10-01 at 22 14 46"
src="https://github.com/user-attachments/assets/9a10a33a-d86f-410b-8bdc-71b07b3036f6"
/>
The sha of the commit was suposed to match the sha of the screenshot,
but I've fixup and rebase the PR
Happy to do a new one if you want live proof
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> When mise is already installed, compare the requested `version` input
to the installed version and run `self-update` to align if they differ.
>
> - **Action Logic (`src/index.ts`)**:
> - **Existing Installation Handling**:
> - Read `version` input; fetch installed version via `mise version
--json`.
> - If versions differ, execute `mise self-update <version> -y`;
otherwise log that mise is already installed.
> - Download path and SHA256 verification remain unchanged.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
941208cb9b7a6e796cdc7e96a8dcf6560d4d207c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
> [!NOTE]
> Mend has cancelled [the proposed
renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842)
of the Renovate GitHub app being renamed to `mend[bot]`.
>
> This notice will be removed on 2025-10-07.
<hr>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `303c0ae` -> `64d10c1` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzEuOSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Fixes https://github.com/jdx/mise-action/issues/276
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Replaces commas in MISE_ENV with hyphens when constructing the cache
key to ensure stable/valid keys.
>
> - **Cache Key Generation**:
> - In `src/index.ts`, normalizes `MISE_ENV` via `replace(/,/g, '-')`
and uses it as `mise_env` when building the cache key template.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
899df938a6. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `192325c` -> `303c0ae` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `d3678e2` -> `192325c` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
The Renovate config in this repository needs migrating. Typically this
is because one or more configuration options you are using have been
renamed.
You don't need to merge this PR right away, because Renovate will
continue to migrate these fields internally each time it runs. But later
some of these fields may be fully deprecated and the migrations removed.
So it's a good idea to merge this migration PR soon.
🔕 **Ignore**: Close this PR and you won't be reminded about config
migration again, but one day your current config may no longer be valid.
❓ Got questions? Does something look wrong to you? Please don't hesitate
to [request help
here](https://redirect.github.com/renovatebot/renovate/discussions).
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | pinDigest | -> `08eba0b` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [x] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTEuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jdx <216188+jdx@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `51f7732` -> `d3678e2` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jdx <216188+jdx@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | digest | `11bd719` -> `08eba0b` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuODEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[amannn/action-semantic-pull-request](https://redirect.github.com/amannn/action-semantic-pull-request)
| action | digest | `0723387` -> `e32d7e6` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuODEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
I added support for customizing the key, but forgot the most important
piece that we need, being able to reference an environment variable
value. Our CI runner provider is now exposing an environment variable
that indicates if the OS configuration changes, and we plan to use that
one to invalidate the cache, otherwise we get errors because the cached
dependencies are linking against an invalid / non-existent `glibc`
version.
> [!IMPORTANT]
> I wrote the code with `claude code` and reviewed it afterwards
## Summary (Claude-generated)
- Add support for `{{env.VAR_NAME}}` syntax in cache key templates to
allow reading environment variable values
- Enables more flexible cache key customization based on CI/CD
environment variables like branch names, deployment environments, or
custom build identifiers
- Maintains backward compatibility with existing cache key templates
## Examples
```yaml
# Include branch name from environment
cache_key: 'mise-{{env.GITHUB_REF_NAME}}-{{platform}}-{{file_hash}}'
# Use custom deployment environment
cache_key: 'mise-{{env.DEPLOY_ENV}}-{{platform}}-{{file_hash}}'
# Conditional logic with environment variables
cache_key: '{{default}}{{#if env.CUSTOM_SUFFIX}}-{{env.CUSTOM_SUFFIX}}{{/if}}'
```
## Changes
- Modified `processCacheKeyTemplate()` in `src/index.ts` to include
`process.env` in template data
- Updated `action.yml` documentation to include the new
`{{env.VAR_NAME}}` syntax
- All existing functionality remains unchanged
## Test plan
- [x] Build and package successfully with `npm run all`
- [x] Linting and formatting pass
- [ ] Manual testing with environment variables in cache key templates
- [ ] Verify backward compatibility with existing cache key
configurations
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
* support checksum
2025-07-12 06:17:19 -05:00
32 changed files with 77001 additions and 65241 deletions
gh pr list -R "${{ github.repository }}" --state open --json number,author,labels,updatedAt,statusCheckRollup --limit 100 | \
jq -r '.[] | select(
(.updatedAt | fromdateiso8601) < (now - 30*24*60*60) and
.author.login != "jdx" and
([.labels[].name] | index("keep-open") | not)
) | [.number, (if (.statusCheckRollup | length > 0) and (.statusCheckRollup | any(.conclusion == "FAILURE" or .conclusion == "failure")) then "failing" else "passing" end)] | @tsv' | \
while read -r pr status; do
echo "Closing PR#$pr (checks: $status)"
if [ "$status" = "failing" ]; then
gh pr close "$pr" -R "${{ github.repository }}" -c "This PR has been open for more than 30 days without activity. Note: CI checks were failing, which may be why it wasn't reviewed. Feel free to reopen or create a new PR if you'd like to continue working on this."
else
gh pr close "$pr" -R "${{ github.repository }}" -c "This PR has been open for more than 30 days without activity. Feel free to reopen or create a new PR if you'd like to continue working on this."
- run npm install in pre-commit hook before build (#410) by [@jdx](https://github.com/jdx) in [#410](https://github.com/jdx/mise-action/pull/410)
### 🚜 Refactor
- extract getCwd() helper to deduplicate working directory resolution (#403) by [@altendky](https://github.com/altendky) in [#403](https://github.com/jdx/mise-action/pull/403)
### 📚 Documentation
- bump versions listed im README.md (#407) by [@deining](https://github.com/deining) in [#407](https://github.com/jdx/mise-action/pull/407)
- bump more versions listed in README.md (#408) by [@deining](https://github.com/deining) in [#408](https://github.com/jdx/mise-action/pull/408)
### ⚙️ Miscellaneous Tasks
- add workflow to auto-close stale PRs (#409) by [@jdx](https://github.com/jdx) in [#409](https://github.com/jdx/mise-action/pull/409)
### New Contributors
* @deining made their first contribution in [#408](https://github.com/jdx/mise-action/pull/408)
- **breaking** Update Node.js version from 20 to 24 (#395) by [@tumerorkun](https://github.com/tumerorkun) in [#395](https://github.com/jdx/mise-action/pull/395)
### New Contributors
* @tumerorkun made their first contribution in [#395](https://github.com/jdx/mise-action/pull/395)
- pass cwd to all exec calls in exportMiseEnv() (#390) by [@andrewthauer](https://github.com/andrewthauer) in [#390](https://github.com/jdx/mise-action/pull/390)
### New Contributors
* @andrewthauer made their first contribution in [#390](https://github.com/jdx/mise-action/pull/390)
- move file_hash to end of cache key template to prevent prefix matching (#384) by [@altendky](https://github.com/altendky) in [#384](https://github.com/jdx/mise-action/pull/384)
### New Contributors
* @altendky made their first contribution in [#384](https://github.com/jdx/mise-action/pull/384)
- Revert "fix(cache): isolate cache keys per working_directory in monorepos" (#364) by [@jdx](https://github.com/jdx) in [#364](https://github.com/jdx/mise-action/pull/364)
- add option to disable shims in PATH (#340) by [@jdx](https://github.com/jdx) in [#340](https://github.com/jdx/mise-action/pull/340)
### 🐛 Bug Fixes
- **(cache)** isolate cache keys per working_directory in monorepos (#360) by [@chadxz](https://github.com/chadxz) in [#360](https://github.com/jdx/mise-action/pull/360)
- use mise_dir input when specified (#339) by [@jdx](https://github.com/jdx) in [#339](https://github.com/jdx/mise-action/pull/339)
- pass environment variables to mise commands (#341) by [@jdx](https://github.com/jdx) in [#341](https://github.com/jdx/mise-action/pull/341)
- make mise self-update output visible in logs (#355) by [@nikobockerman](https://github.com/nikobockerman) in [#355](https://github.com/jdx/mise-action/pull/355)
### 📚 Documentation
- fix description for `mise_toml` input (#351) by [@quad](https://github.com/quad) in [#351](https://github.com/jdx/mise-action/pull/351)
### New Contributors
* @chadxz made their first contribution in [#360](https://github.com/jdx/mise-action/pull/360)
* @nikobockerman made their first contribution in [#355](https://github.com/jdx/mise-action/pull/355)
* @quad made their first contribution in [#351](https://github.com/jdx/mise-action/pull/351)
- use autofix.ci to auto-update dist/ on all PRs by [@jdx](https://github.com/jdx) in [16e9fd5](https://github.com/jdx/mise-action/commit/16e9fd5251189c3d389adb836f243575c134d680)
- use autofix.ci to auto-update dist/ on all PRs (#308) by [@jdx](https://github.com/jdx) in [#308](https://github.com/jdx/mise-action/pull/308)
### 🐛 Bug Fixes
- add missing `await` to `core.group` calls (#305) by [@smorimoto](https://github.com/smorimoto) in [#305](https://github.com/jdx/mise-action/pull/305)
- auto-update dist folder in Renovate PRs via GitHub Actions (#306) by [@jdx](https://github.com/jdx) in [#306](https://github.com/jdx/mise-action/pull/306)
- configure Renovate to ignore github-actions[bot] commits by [@jdx](https://github.com/jdx) in [993e7d0](https://github.com/jdx/mise-action/commit/993e7d0bb6f3422ef833a702b90e2a44909ec651)
- run auto-update-dist workflow on all PRs by [@jdx](https://github.com/jdx) in [6d0fd75](https://github.com/jdx/mise-action/commit/6d0fd75ed51124702e37bfcf6e977da73f64b4e1)
### 📚 Documentation
- update to v3 in README (#290) by [@pdecat](https://github.com/pdecat) in [#290](https://github.com/jdx/mise-action/pull/290)
### ⚙️ Miscellaneous Tasks
- upgrade all workflows to Node 24 by [@jdx](https://github.com/jdx) in [c7b5f37](https://github.com/jdx/mise-action/commit/c7b5f37cadd1a385188a023510a966efa5eed247)
- remove unused workflow by [@jdx](https://github.com/jdx) in [aecb23d](https://github.com/jdx/mise-action/commit/aecb23d92f0e50768578578f309255414a23561d)
### New Contributors
* @smorimoto made their first contribution in [#305](https://github.com/jdx/mise-action/pull/305)
* @pdecat made their first contribution in [#290](https://github.com/jdx/mise-action/pull/290)
- use self-update to modify version if mise is already installed (#277) by [@ImpSy](https://github.com/ImpSy) in [#277](https://github.com/jdx/mise-action/pull/277)
### 🐛 Bug Fixes
- **(cache)** replace `,` in `MISE_ENV` with `-` (#278) by [@risu729](https://github.com/risu729) in [#278](https://github.com/jdx/mise-action/pull/278)
- correct Renovate allowedPostUpgradeCommands configuration by [@jdx](https://github.com/jdx) in [4313941](https://github.com/jdx/mise-action/commit/43139419dcaeb99e24c487d646766d014d0957a2)
### ⚙️ Miscellaneous Tasks
- **(config)** migrate renovate config (#263) by [@renovate[bot]](https://github.com/renovate[bot]) in [#263](https://github.com/jdx/mise-action/pull/263)
- updated deps by [@jdx](https://github.com/jdx) in [5795893](https://github.com/jdx/mise-action/commit/5795893acedc0f2044498a21005c38f12dd5d8d3)
### New Contributors
* @mise-en-dev made their first contribution in [#284](https://github.com/jdx/mise-action/pull/284)
* @ImpSy made their first contribution in [#277](https://github.com/jdx/mise-action/pull/277)
- add environment variable support to cache key templates (#250) by [@pepicrft](https://github.com/pepicrft) in [#250](https://github.com/jdx/mise-action/pull/250)
### 🐛 Bug Fixes
- redact secret values from env (#252) by [@jdx](https://github.com/jdx) in [#252](https://github.com/jdx/mise-action/pull/252)
- add configurable cache key with template variable support (#246) by [@pepicrft](https://github.com/pepicrft) in [#246](https://github.com/jdx/mise-action/pull/246)
- remove duplicate release-plz logic by [@jdx](https://github.com/jdx) in [7081572](https://github.com/jdx/mise-action/commit/70815728fdd7d32bad0deb6b33576cf791f1dafa)
- add CLAUDE.md by [@jdx](https://github.com/jdx) in [729161f](https://github.com/jdx/mise-action/commit/729161fe32f196174ff956fbe3ce8743567cb9e1)
- hide release entries in CHANGELOG by [@jdx](https://github.com/jdx) in [96680f6](https://github.com/jdx/mise-action/commit/96680f666f91bbcb5b4d76ff2ac0f465bb941dd0)
### ⚙️ Miscellaneous Tasks
- fix release-plz by [@jdx](https://github.com/jdx) in [3600b64](https://github.com/jdx/mise-action/commit/3600b6410713f6187847c1eb2bde38315e844484)
- updated deps (#244) by [@jdx](https://github.com/jdx) in [#244](https://github.com/jdx/mise-action/pull/244)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [07fb524](https://github.com/jdx/mise-action/commit/07fb524adc338a756d6ff7fa7a33f0e27bdc4d2d)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [0de6d11](https://github.com/jdx/mise-action/commit/0de6d11b95678b220019adc7929e4d9752b59355)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [75121b9](https://github.com/jdx/mise-action/commit/75121b9a3f21cd3b497f047d71a77d59099ff6b3)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [583fe7b](https://github.com/jdx/mise-action/commit/583fe7be9d688739c95cc32249344e9796f4eebe)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [7fa2a26](https://github.com/jdx/mise-action/commit/7fa2a26c1e3cf1b20bbf42f2d293912e90e71177)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [cf44a56](https://github.com/jdx/mise-action/commit/cf44a563b9a45de221b77d23cbc5621dc7e6b377)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [a35d5fc](https://github.com/jdx/mise-action/commit/a35d5fc6817dcb018e9e7a6613664fde7f5d4aaf)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [c37c932](https://github.com/jdx/mise-action/commit/c37c93293d6b742fc901e1406b8f764f6fb19dac)
### ⚙️ Miscellaneous Tasks
- add release workflow by [@jdx](https://github.com/jdx) in [eccbf00](https://github.com/jdx/mise-action/commit/eccbf00da17ac7d1d18017ead61bc54a442f3a38)
- skip release script if no changes by [@jdx](https://github.com/jdx) in [eba59a9](https://github.com/jdx/mise-action/commit/eba59a9eefc99963516a3ff8be4c372c656f0215)
- v2 release tag automation by [@jdx](https://github.com/jdx) in [5c24f96](https://github.com/jdx/mise-action/commit/5c24f96c0ff8577151a76e76344591427bcf28c5)
- allow fetching binary from mise.jdx.dev (#227) by [@jdx](https://github.com/jdx) in [#227](https://github.com/jdx/mise-action/pull/227)
### 🔍 Other Changes
- Fix flag passed to `mise reshim` (#208) by [@andrewdriggs](https://github.com/andrewdriggs) in [#208](https://github.com/jdx/mise-action/pull/208)
### ⚙️ Miscellaneous Tasks
- add semantic-pr-lint (#220) by [@jdx](https://github.com/jdx) in [#220](https://github.com/jdx/mise-action/pull/220)
- added release-plz by [@jdx](https://github.com/jdx) in [bd8ba20](https://github.com/jdx/mise-action/commit/bd8ba20c5611a6ebc508d3c263444c97c5483bd1)
- get postversion to work by [@jdx](https://github.com/jdx) in [954e13d](https://github.com/jdx/mise-action/commit/954e13db3e9329a8373a5d6cfa3718f7bc607149)
- set release token by [@jdx](https://github.com/jdx) in [6d3ca74](https://github.com/jdx/mise-action/commit/6d3ca74ece306fcd7f501bd95086deaf8d0c3552)
- use new release-plz token by [@jdx](https://github.com/jdx) in [1c87378](https://github.com/jdx/mise-action/commit/1c87378f400e5957e22607e2c938eac904a3e233)
- fix check-dist by [@jdx](https://github.com/jdx) in [4dfd63f](https://github.com/jdx/mise-action/commit/4dfd63f0279a3418b93cbbfc4bc132ace1da2481)
- add git add and git status commands to release script by [@jdx](https://github.com/jdx) in [0c56699](https://github.com/jdx/mise-action/commit/0c56699aa697e50cf8d17b7c07976b7c1e550c23)
- update changelog extraction in release script to skip the section break line by [@jdx](https://github.com/jdx) in [714aa25](https://github.com/jdx/mise-action/commit/714aa2569b8097f175d58290710a86eefe2098d0)
### New Contributors
* @github-actions[bot] made their first contribution in [#221](https://github.com/jdx/mise-action/pull/221)
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
This is a GitHub Action that installs and configures mise, a polyglot runtime manager. The action is written in TypeScript and published to the GitHub Actions marketplace.
## Development Commands
This project uses [aube](https://aube.en.dev) as its package
manager (en.dev's pnpm-compat PM, native Rust). It reads
`package-lock.json` directly — no separate `aube-lock.yaml`.
`mise install` will install the pinned aube version
automatically; you can also use `npm` if you prefer (the
`.npmrc`'s `node-linker=hoisted` pin is aube-specific and
ignored by npm).
```bash
# Install dependencies
aube install
# Build, format, lint, and package
aubr all
# Individual commands
aubr format:write # Format code with Prettier
aubr lint # Run ESLint and format check
aubr package # Bundle with rollup for distribution
# Testing
aubr all # Run full build pipeline
./scripts/test.sh # Integration test script
```
## Architecture
The action follows GitHub's standard TypeScript action structure:
1. **Entry Point**: `src/index.ts` - Main action logic that:
- `{{version}}` - The mise version (from the `version` input)
- `{{cache_key_prefix}}` - The cache key prefix (from `cache_key_prefix` input or default)
- `{{platform}}` - The target platform, including the runner image (e.g., "linux-x64-ubuntu24", "macos-arm64-macos15", "linux-x64-self-hosted"). The trailing segment is `process.env.ImageOS` on github-hosted runners and falls back to `"self-hosted"` elsewhere — preventing cache collisions when the same repo runs on different runner providers (github-hosted, namespace.so, self-hosted).
- `{{file_hash}}` - Hash of all mise configuration files
- `{{mise_env}}` - The MISE_ENV environment variable value
- `{{install_args_hash}}` - SHA256 hash of the sorted tools from install args
- `{{default}}` - The processed default cache key (useful for extending)
Conditional logic is also supported using Handlebars syntax like `{{#if version}}...{{/if}}`.
This gives you full control over cache invalidation based on the specific aspects that matter to your workflow.
## GitHub API Rate Limits
When installing tools hosted on GitHub (like `gh`, `node`, `bun`, etc.), mise needs to make API calls to GitHub's releases API. Without authentication, these calls are subject to GitHub's rate limit of 60 requests per hour, which can cause installation failures.
