mirror of
https://github.com/jdx/mise-action.git
synced 2026-06-09 17:04:49 +00:00
No description
69c24ed920
Some checks failed
Check dist/ / Check dist/ (push) Has been cancelled
Continuous Integration / TypeScript Tests (push) Has been cancelled
CodeQL / Analyze (push) Has been cancelled
release-plz / release-plz (push) Has been cancelled
Test Redacted Environment Variables / test-redacted-env (push) Has been cancelled
build-test / build (push) Has been cancelled
build-test / alpine (push) Has been cancelled
build-test / macos (push) Has been cancelled
build-test / ubuntu (push) Has been cancelled
build-test / windows (push) Has been cancelled
build-test / specific_version (push) Has been cancelled
build-test / checksum_failure (push) Has been cancelled
build-test / custom_cache_key (push) Has been cancelled
build-test / fetch_from_github (push) Has been cancelled
build-test / final (push) Has been cancelled
This PR contains the following updates: | Package | Update | Change | Pending | |---|---|---|---| | [aube](https://redirect.github.com/endevco/aube) | minor | `v1.14.1` → `v1.15.0` | `v1.16.0` | --- ### Release Notes <details> <summary>endevco/aube (aube)</summary> ### [`v1.15.0`](https://redirect.github.com/endevco/aube/releases/tag/v1.15.0): : Yarn Berry portal/exec/patch + deny-build [Compare Source](https://redirect.github.com/endevco/aube/compare/v1.14.1...v1.15.0) This release closes three Yarn Berry compatibility gaps (`portal:`, `exec:`, and `patch:` protocols), adds an `aube add --deny-build` flag for `strictDepBuilds=true` workflows, and fixes two install-correctness bugs around workspace updates and Bun patched dependencies. #### Added - *(yarn)* **Berry `portal:` and `exec:` protocols** ([#​729](https://redirect.github.com/endevco/aube/pull/729) by [@​jdx](https://redirect.github.com/jdx)) — Yarn Berry lockfile entries using `portal:` and `exec:` are now parsed instead of skipped, and round-trip cleanly when aube writes the lockfile back (`portal:` as `linkType: soft`, `exec:` as a generated hard-link package). `portal:` targets materialize as local packages whose dependencies are followed (matching Yarn's documented difference from `link:`); `exec:` generator scripts run into a temp build directory and the generated package is imported, with versions and dependencies locked at resolve time. `exec:` generators require Node.js on `PATH`, are blocked under `--ignore-scripts`, and are rejected if the generator path resolves outside the project root. - *(yarn)* **Berry `patch:` protocol** ([#​728](https://redirect.github.com/endevco/aube/pull/728) by [@​jdx](https://redirect.github.com/jdx)) — Berry `patch:` resolutions are now parsed into aube's patched-dependency map (builtin patches are skipped), preserved on lockfile write, and threaded through install/link so the referenced Yarn patch files are actually applied during materialization. Previously these entries were silently dropped, so Berry projects relying on `patch:` could install with unpatched package contents. - *(add)* **`aube add --deny-build=<pkg>`** ([#​730](https://redirect.github.com/endevco/aube/pull/730), closes [#​726](https://redirect.github.com/endevco/aube/discussions/726), by [@​jdx](https://redirect.github.com/jdx)) — Repeatable flag that records a dependency's lifecycle scripts as reviewed-and-denied by writing `allowBuilds.<pkg>=false` before install. This lets `strictDepBuilds=true` workflows explicitly skip selected package builds without failing the install, and is forwarded through global installs (`aube add -g --deny-build=<pkg>`). Specifying the same package in both `--allow-build` and `--deny-build` is rejected with the new `ERR_AUBE_CONFLICTING_BUILD_FLAGS`. ```sh # Mark esbuild's postinstall as reviewed-and-denied, then install aube add --deny-build=esbuild esbuild ``` #### Fixed - *(update)* **Workspace-member `aube update` writes to the root lockfile** ([#​732](https://redirect.github.com/endevco/aube/pull/732) by [@​jdx](https://redirect.github.com/jdx)) — `aube update` run inside a workspace member previously started from the nearest project root and produced `sub/aube-lock.yaml`, disagreeing with `aube install` (which already targets the workspace root). Plain member updates now merge into the shared workspace-root `aube-lock.yaml` via the same helper used by filtered/recursive updates, carrying per-importer `workspace_extra_fields` alongside dependency and skipped-optional metadata. - *(bun)* **Bun top-level `patchedDependencies` are applied at install** ([#​724](https://redirect.github.com/endevco/aube/pull/724) by [@​jdx](https://redirect.github.com/jdx)) — aube preserved Bun's `package.json#patchedDependencies` in `bun.lock`, but install-time patch loading only read `pnpm.patchedDependencies`, `aube.patchedDependencies`, and workspace YAML entries — so Bun-only projects could install successfully while materializing unpatched package contents. Bun's top-level field is now merged into the patch sources used by install (including for BOM-prefixed `package.json`), and is correctly removed when the map becomes empty. **Full Changelog**: <https://github.com/endevco/aube/compare/v1.14.1...v1.15.0> #### 💚 Sponsor aube aube is part of [**en.dev**](https://en.dev) — an independent developer-tooling studio run by [@​jdx](https://redirect.github.com/jdx), also behind [mise](https://mise.jdx.dev/). Work on aube is funded entirely by sponsors. If aube is saving your team install time or CI minutes, please consider [sponsoring at en.dev](https://en.dev). Individual and company sponsorships are what keep the project fast, free, and independent. </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - Only on Friday (`* * * * 5`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jdx/mise-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTguMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5OC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|---|---|---|
| .github | ||
| .husky | ||
| dist | ||
| scripts | ||
| src | ||
| .eslintrc.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .npmrc | ||
| .prettierignore | ||
| .prettierrc.json | ||
| action.yml | ||
| CHANGELOG.md | ||
| CLAUDE.md | ||
| cliff.toml | ||
| CODEOWNERS | ||
| eslint.config.mjs | ||
| LICENSE | ||
| mise.lock | ||
| mise.toml | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| rollup.config.mjs | ||
| tsconfig.json | ||
Example Workflow
name: test
on:
pull_request:
branches:
- main
push:
branches:
- main
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: jdx/mise-action@v4
with:
version: 2026.3.10 # [default: latest] mise version to install
install: true # [default: true] run `mise install`
install_args: "bun" # [default: ""] additional arguments to `mise install`
cache: true # [default: true] cache mise using GitHub's cache
experimental: true # [default: false] enable experimental features
log_level: debug # [default: info] log level
# automatically write this .tool-versions file
tool_versions: |
shellcheck 0.11.0
# or, if you prefer .mise.toml format:
mise_toml: |
[tools]
shellcheck = "0.11.0"
working_directory: app # [default: .] directory to run mise in
reshim: false # [default: false] run `mise reshim -f`
github_token: ${{ secrets.GITHUB_TOKEN }} # [default: ${{ github.token }}] GitHub token for API authentication
- run: shellcheck scripts/*.sh
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: jdx/mise-action@v4
# .tool-versions will be read from repo root
- run: node ./my_app.js
Cache Configuration
You can customize the cache key used by the action:
- uses: jdx/mise-action@v4
with:
cache_key: "my-custom-cache-key" # Override the entire cache key
cache_key_prefix: "mise-v1" # Or just change the prefix (default: "mise-v0")
Template Variables in Cache Keys
When using cache_key, you can use template variables to reference internal values:
- uses: jdx/mise-action@v4
with:
cache_key: "mise-{{platform}}-{{version}}-{{file_hash}}"
version: "2026.3.10"
install_args: "node python"
Available template variables:
{{version}}- The mise version (from theversioninput){{cache_key_prefix}}- The cache key prefix (fromcache_key_prefixinput or default){{platform}}- The target platform, including the runner image (e.g., "linux-x64-ubuntu24", "macos-arm64-macos15", "linux-x64-self-hosted"). The trailing segment isprocess.env.ImageOSon github-hosted runners and falls back to"self-hosted"elsewhere — preventing cache collisions when the same repo runs on different runner providers (github-hosted, namespace.so, self-hosted).{{file_hash}}- Hash of all mise configuration files{{mise_env}}- The MISE_ENV environment variable value{{install_args_hash}}- SHA256 hash of the sorted tools from install args{{default}}- The processed default cache key (useful for extending)
Conditional logic is also supported using Handlebars syntax like {{#if version}}...{{/if}}.
Example using multiple variables:
- uses: jdx/mise-action@v4
with:
cache_key: "mise-v1-{{platform}}-{{install_args_hash}}-{{file_hash}}"
install_args: "node@24 python@3.14"
You can also extend the default cache key:
- uses: jdx/mise-action@v4
with:
cache_key: "{{default}}-custom-suffix"
install_args: "node@24 python@3.14"
This gives you full control over cache invalidation based on the specific aspects that matter to your workflow.
GitHub API Rate Limits
When installing tools hosted on GitHub (like gh, node, bun, etc.), mise needs to make API calls to GitHub's releases API. Without authentication, these calls are subject to GitHub's rate limit of 60 requests per hour, which can cause installation failures.
- uses: jdx/mise-action@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
# your other configuration
Note: The action automatically uses ${{ github.token }} as the default, so in most cases you don't need to explicitly provide it. However, if you encounter rate limit errors, make sure the token is being passed correctly.
Lock Files
If a repo mise lock file such as mise.lock is present in the working
directory or one of its parents, this action automatically runs
mise install --locked. You can still pass install_args; --locked
will be added automatically unless you already included it yourself.
This auto-detection is intended for repo-managed config files. If you provide
mise_toml or tool_versions inputs, the action does not automatically force
locked mode.
Alternative Installation
Alternatively, mise is easy to use in GitHub Actions even without this:
jobs:
build:
steps:
- run: |
curl https://mise.run | sh
echo "$HOME/.local/share/mise/bin" >> $GITHUB_PATH
echo "$HOME/.local/share/mise/shims" >> $GITHUB_PATH