actions/mise-action
12
0
Fork 0
mirror of https://github.com/jdx/mise-action.git synced 2026-05-14 05:50:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
No description
566 commits 8 branches 67 tags 60 MiB
Find a file
renovate[bot] b5a5c92514
chore(deps): update dependency @types/handlebars to v4.1.0 (#349) 
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@types/handlebars](https://redirect.github.com/wycats/handlebars.js)
| [`4.0.40` →
`4.1.0`](https://renovatebot.com/diffs/npm/@types%2fhandlebars/4.0.40/4.1.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fhandlebars/4.1.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fhandlebars/4.0.40/4.1.0?slim=true)
|

---

### Release Notes

<details>
<summary>wycats/handlebars.js (@&#8203;types/handlebars)</summary>

###
[`v4.1.0`](https://redirect.github.com/wycats/handlebars.js/blob/HEAD/release-notes.md#v410---February-7th-2019)

New Features

- import TypeScript typings -
[`27ac1ee`](27ac1ee)

Security fixes:

- disallow access to the constructor in templates to prevent RCE -
[`42841c4`](42841c4),
[#&#8203;1495](https://redirect.github.com/wycats/handlebars.js/issues/1495)

Housekeeping

- chore: fix components/handlebars package.json and auto-update on
release -
[`bacd473`](bacd473)
- chore: Use node 10 to build handlebars -
[`78dd89c`](78dd89c)
- chore/doc: Add more release docs -
[`6b87c21`](6b87c21)

Compatibility notes:

Access to class constructors (i.e. `({}).constructor`) is now prohibited
to prevent
Remote Code Execution. This means that following construct will no work
anymore:

```
class SomeClass {
}

SomeClass.staticProperty = 'static'

var template = Handlebars.compile('{{constructor.staticProperty}}');
document.getElementById('output').innerHTML = template(new SomeClass());
// expected: 'static', but now this is empty.
```

This kind of access is not the intended use of Handlebars and leads to
the vulnerability described in
[#&#8203;1495](https://redirect.github.com/wycats/handlebars.js/issues/1495).
We will **not** increase the major version, because such use is not
intended or documented, and because of the potential impact of the issue
(we fear that most people won't use a new major version and the issue
may not be resolved on many systems).


[Commits](https://redirect.github.com/handlebars-lang/handlebars.js/compare/v4.0.12...v4.1.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled because a matching PR was automerged
previously.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42OS4xIiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-18 13:39:42 -06:00
.github chore(deps): update github/codeql-action digest to 4bdb89f (#362) 2026-01-18 19:35:33 +00:00
.husky chore(deps): lock file maintenance (#102) 2024-07-29 18:40:29 +00:00
dist fix(cache): isolate cache keys per working_directory in monorepos (#360) 2026-01-18 13:33:20 -06:00
scripts chore: remove duplicate release-plz logic 2025-08-18 11:57:51 -05:00
src fix(cache): isolate cache keys per working_directory in monorepos (#360) 2026-01-18 13:33:20 -06:00
.eslintrc.yml feat: support windows (#122) 2024-09-25 21:27:52 +00:00
.gitattributes updated action template base from actions/typescript-action (#170) 2023-10-16 19:18:57 -05:00
.gitignore updated action template base from actions/typescript-action (#170) 2023-10-16 19:18:57 -05:00
.prettierignore updated action template base from actions/typescript-action (#170) 2023-10-16 19:18:57 -05:00
.prettierrc.json updated action template base from actions/typescript-action (#170) 2023-10-16 19:18:57 -05:00
action.yml docs: fix description for mise_toml input (#351) 2026-01-05 13:13:32 +00:00
AGENTS.md fix(cache): isolate cache keys per working_directory in monorepos (#360) 2026-01-18 13:33:20 -06:00
CHANGELOG.md chore: release v3.5.1 (#330) 2025-11-24 06:04:17 -06:00
CLAUDE.md docs: add CLAUDE.md 2025-08-18 11:42:46 -05:00
cliff.toml docs: hide release entries in CHANGELOG 2025-08-18 11:50:35 -05:00
CODEOWNERS jdxcode -> jdx 2023-08-27 12:12:44 -05:00
eslint.config.mjs chore: updated deps 2024-11-27 18:10:51 -06:00
LICENSE Initial commit 2023-01-14 08:11:40 -06:00
mise.toml chore: added release-plz 2025-07-16 04:49:54 +00:00
package-lock.json chore(deps): update dependency @types/handlebars to v4.1.0 (#349) 2026-01-18 13:39:42 -06:00
package.json chore: release v3.5.1 (#330) 2025-11-24 06:04:17 -06:00
README.md docs: update to v3 in README (#290) 2025-10-08 08:08:33 -05:00
tsconfig.json updated action template base from actions/typescript-action (#170) 2023-10-16 19:18:57 -05:00

README.md

Example Workflow

name: test
on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: jdx/mise-action@v3
        with:
          version: 2024.10.0 # [default: latest] mise version to install
          install: true # [default: true] run `mise install`
          install_args: "bun" # [default: ""] additional arguments to `mise install`
          cache: true # [default: true] cache mise using GitHub's cache
          experimental: true # [default: false] enable experimental features
          log_level: debug # [default: info] log level
          # automatically write this .tool-versions file
          tool_versions: |
            shellcheck 0.9.0
          # or, if you prefer .mise.toml format:
          mise_toml: |
            [tools]
            shellcheck = "0.9.0"
          working_directory: app # [default: .] directory to run mise in
          reshim: false # [default: false] run `mise reshim -f`
          github_token: ${{ secrets.GITHUB_TOKEN }} # [default: ${{ github.token }}] GitHub token for API authentication
      - run: shellcheck scripts/*.sh
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: jdx/mise-action@v3
      # .tool-versions will be read from repo root
      - run: node ./my_app.js

Cache Configuration

You can customize the cache key used by the action:

- uses: jdx/mise-action@v3
  with:
    cache_key: "my-custom-cache-key"  # Override the entire cache key
    cache_key_prefix: "mise-v1"       # Or just change the prefix (default: "mise-v0")

Template Variables in Cache Keys

When using cache_key, you can use template variables to reference internal values:

- uses: jdx/mise-action@v3
  with:
    cache_key: "mise-{{platform}}-{{version}}-{{file_hash}}"
    version: "2024.10.0"
    install_args: "node python"

Available template variables:

  • {{version}} - The mise version (from the version input)
  • {{cache_key_prefix}} - The cache key prefix (from cache_key_prefix input or default)
  • {{platform}} - The target platform (e.g., "linux-x64", "macos-arm64")
  • {{file_hash}} - Hash of all mise configuration files
  • {{mise_env}} - The MISE_ENV environment variable value
  • {{install_args_hash}} - SHA256 hash of the sorted tools from install args
  • {{default}} - The processed default cache key (useful for extending)

Conditional logic is also supported using Handlebars syntax like {{#if version}}...{{/if}}.

Example using multiple variables:

- uses: jdx/mise-action@v3
  with:
    cache_key: "mise-v1-{{platform}}-{{install_args_hash}}-{{file_hash}}"
    install_args: "node@20 python@3.12"

You can also extend the default cache key:

- uses: jdx/mise-action@v3
  with:
    cache_key: "{{default}}-custom-suffix"
    install_args: "node@20 python@3.12"

This gives you full control over cache invalidation based on the specific aspects that matter to your workflow.

GitHub API Rate Limits

When installing tools hosted on GitHub (like gh, node, bun, etc.), mise needs to make API calls to GitHub's releases API. Without authentication, these calls are subject to GitHub's rate limit of 60 requests per hour, which can cause installation failures.

- uses: jdx/mise-action@v3
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    # your other configuration

Note: The action automatically uses ${{ github.token }} as the default, so in most cases you don't need to explicitly provide it. However, if you encounter rate limit errors, make sure the token is being passed correctly.

Alternative Installation

Alternatively, mise is easy to use in GitHub Actions even without this:

jobs:
  build:
    steps:
    - run: |
        curl https://mise.run | sh
        echo "$HOME/.local/share/mise/bin" >> $GITHUB_PATH
        echo "$HOME/.local/share/mise/shims" >> $GITHUB_PATH