35C4n0r
e25a972d7d
fix(workflows/version-bump.yaml): fix typo in case statement ( #687 )
...
## Description
- Fix typo in version bump workflow
## Type of Change
- [ ] New module
- [ ] New template
- [x] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
## Testing & Validation
- [x] Tests pass (`bun test`)
- [x] Code formatted (`bun fmt`)
- [x] Changes tested locally
2026-02-02 15:33:56 +00:00
dependabot[bot]
6e0291cdb9
chore(deps): bump the github-actions group with 5 updates ( #673 )
...
Bumps the github-actions group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `6.0.0` |
`6.0.2` |
| [coder/coder](https://github.com/coder/coder ) | `2.29.1` | `2.29.2` |
| [crate-ci/typos](https://github.com/crate-ci/typos ) | `1.42.0` |
`1.42.1` |
| [actions/setup-go](https://github.com/actions/setup-go ) | `6.1.0` |
`6.2.0` |
|
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action )
| `0.3.0` | `0.4.1` |
Updates `actions/checkout` from 6.0.0 to 6.0.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases ">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID
is set by <a
href="https://github.com/TingluoHuang "><code>@TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2355 ">actions/checkout#2355</a></li>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356 ">actions/checkout#2356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2 ">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2 </a></p>
<h2>v6.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update all references from v5 and v4 to v6 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2314 ">actions/checkout#2314</a></li>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327 ">actions/checkout#2327</a></li>
<li>Clarify v6 README by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2328 ">actions/checkout#2328</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.1 ">https://github.com/actions/checkout/compare/v6...v6.0.1 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md ">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v6.0.2</h2>
<ul>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356 ">actions/checkout#2356</a></li>
</ul>
<h2>v6.0.1</h2>
<ul>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327 ">actions/checkout#2327</a></li>
</ul>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286 ">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248 ">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301 ">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226 ">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305 ">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss "><code>@motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971 ">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail "><code>@mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977 ">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells "><code>@benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043 ">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044 ">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194 ">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang "><code>@TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224 ">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236 ">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3 "><code>@jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941 ">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946 ">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924 ">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome "><code>@lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180 ">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777 ">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872 ">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739 ">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697 ">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774 ">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3 "><code>@jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776 ">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732 ">actions/checkout#1732</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de0fac2e45https://redirect.github.com/actions/checkout/issues/2356 ">#2356</a>)</li>
<li><a
href="064fe7f3318e8c483db8https://redirect.github.com/actions/checkout/issues/2328 ">#2328</a>)</li>
<li><a
href="033fa0dc0bhttps://redirect.github.com/actions/checkout/issues/2327 ">#2327</a>)</li>
<li><a
href="c2d88d3ecchttps://redirect.github.com/actions/checkout/issues/2314 ">#2314</a>)</li>
<li>See full diff in <a
href="1af3b93b68...de0fac2e45https://github.com/coder/coder/releases ">coder/coder's
releases</a>.</em></p>
<blockquote>
<h2>v2.29.2</h2>
<h2>Changelog</h2>
<blockquote>
<p>[!NOTE]
This is a mainline Coder release. We advise enterprise customers without
a staging environment to install our <a
href="https://github.com/coder/coder/releases/latest ">latest stable
release</a> while we refine this version. Learn more about our <a
href="https://coder.com/docs/install/releases ">Release Schedule</a>.</p>
</blockquote>
<h3>Features</h3>
<ul>
<li>CLI: Backport <a
href="https://redirect.github.com/coder/coder/issues/21374 ">#21374</a>
to 2.29 (<a
href="https://redirect.github.com/coder/coder/issues/21561 ">#21561</a>,
2e2d0dde4)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Backport update boundary version to 2.29 (<a
href="https://redirect.github.com/coder/coder/issues/21290 ">#21290</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/21575 ">#21575</a>,
2314e4a94)</li>
<li>Backport migration fixes (<a
href="https://redirect.github.com/coder/coder/issues/21611 ">#21611</a>,
b5360a918)</li>
</ul>
<h3>Chores</h3>
<ul>
<li>Add antigravity to allowed protocols list (<a
href="https://redirect.github.com/coder/coder/issues/20873 ">#20873</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/21122 ">#21122</a>,
bd76c602e)</li>
</ul>
<p>Compare: <a
href="https://github.com/coder/coder/compare/v2.29.1...v2.29.2 "><code>v2.29.1...v2.29.2</code></a></p>
<h2>Container image</h2>
<ul>
<li><code>docker pull ghcr.io/coder/coder:v2.29.2</code></li>
</ul>
<h2>Install/upgrade</h2>
<p>Refer to our docs to <a
href="https://coder.com/docs/install ">install</a> or <a
href="https://coder.com/docs/install/upgrade ">upgrade</a> Coder, or use
a release asset below.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b5360a9180https://redirect.github.com/coder/coder/issues/21611 ">#21611</a>)</li>
<li><a
href="2e2d0dde44https://redirect.github.com/coder/coder/issues/21374 ">#21374</a>
to 2.29 (<a
href="https://redirect.github.com/coder/coder/issues/21561 ">#21561</a>)</li>
<li><a
href="2314e4a94ehttps://redirect.github.com/coder/coder/issues/21290 ">#21290</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/21575 ">#21575</a>)</li>
<li><a
href="bd76c602e4https://redirect.github.com/coder/coder/issues/20873 ">#20873</a>)
(<a
href="https://redirect.github.com/coder/coder/issues/21122 ">#21122</a>)</li>
<li>See full diff in <a
href="59cdd7e21f...b5360a9180https://github.com/crate-ci/typos/releases ">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.42.1</h2>
<h2>[1.42.1] - 2026-01-19</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore hex literals with suffixes (e.g. <code>0xffffUL</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md ">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/ ">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/ ">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.42.1] - 2026-01-19</h2>
<h3>Fixes</h3>
<ul>
<li>Ignore hex literals with suffixes (e.g. <code>0xffffUL</code>)</li>
</ul>
<h2>[1.42.0] - 2026-01-07</h2>
<h3>Features</h3>
<ul>
<li>Dictionary updates</li>
</ul>
<h2>[1.41.0] - 2025-12-31</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1431 ">December
2025</a> changes</li>
</ul>
<h2>[1.40.1] - 2025-12-29</h2>
<h3>Fixes</h3>
<ul>
<li>Treat <code>incrementer</code> and <code>incrementor</code> the same
for now</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Don't correct ITerm2</li>
</ul>
<h2>[1.40.0] - 2025-11-26</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1405 ">November
2025</a> changes</li>
</ul>
<h2>[1.39.2] - 2025-11-13</h2>
<h3>Fixes</h3>
<ul>
<li>Don't offer <code>entry</code> as a correction for
<code>entrys</code></li>
</ul>
<h2>[1.39.1] - 2025-11-12</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65120634e72049566b9ccbc66c9a85https://redirect.github.com/crate-ci/typos/issues/1471 ">#1471</a>
from epage/hex</li>
<li><a
href="207157952c7300bb096401955c0f2a5d4cfab7393cee018e3fhttps://redirect.github.com/crate-ci/typos/issues/1468 ">#1468</a>
from Wilfred/patch-1</li>
<li><a
href="a96a636d4e837ad2701bhttps://redirect.github.com/crate-ci/typos/issues/1467 ">#1467</a>
from Wilfred/full_examples_in_reference</li>
<li>Additional commits viewable in <a
href="bb4666ad77...65120634e7https://github.com/actions/setup-go/releases ">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Example for restore-only cache in documentation by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/696 ">actions/setup-go#696</a></li>
<li>Update Node.js version in action.yml by <a
href="https://github.com/ccoVeille "><code>@ccoVeille</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/691 ">actions/setup-go#691</a></li>
<li>Documentation update of actions/checkout by <a
href="https://github.com/deining "><code>@deining</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/683 ">actions/setup-go#683</a></li>
</ul>
<h3>Dependency updates</h3>
<ul>
<li>Upgrade js-yaml from 3.14.1 to 3.14.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/682 ">actions/setup-go#682</a></li>
<li>Upgrade <code>@actions/cache</code> to v5 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/695 ">actions/setup-go#695</a></li>
<li>Upgrade actions/checkout from 5 to 6 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/686 ">actions/setup-go#686</a></li>
<li>Upgrade qs from 6.14.0 to 6.14.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/703 ">actions/setup-go#703</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ccoVeille "><code>@ccoVeille</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/691 ">actions/setup-go#691</a></li>
<li><a href="https://github.com/deining "><code>@deining</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/683 ">actions/setup-go#683</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.2.0 ">https://github.com/actions/setup-go/compare/v6...v6.2.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7a3fe6cf4chttps://redirect.github.com/actions/setup-go/issues/703 ">#703</a>)</li>
<li><a
href="b9adafd441https://redirect.github.com/actions/setup-go/issues/686 ">#686</a>)</li>
<li><a
href="d73f6bcfc2https://redirect.github.com/actions/setup-go/issues/683 ">#683</a>)</li>
<li><a
href="ae252ee6fbhttps://redirect.github.com/actions/setup-go/issues/695 ">#695</a>)</li>
<li><a
href="bf7446afafhttps://redirect.github.com/actions/setup-go/issues/682 ">#682</a>)</li>
<li><a
href="02aadfee7fhttps://redirect.github.com/actions/setup-go/issues/691 ">#691</a>)</li>
<li><a
href="4aaadf4266https://redirect.github.com/actions/setup-go/issues/696 ">#696</a>)</li>
<li>See full diff in <a
href="4dc6199c7b...7a3fe6cf4chttps://github.com/zizmorcore/zizmor-action/releases ">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.1</h2>
<p>This version fixes an error in the 0.4.0 release that prevented
non-relative use
of the action.</p>
<h2>What's Changed</h2>
<ul>
<li>Fix version file path by <a
href="https://github.com/woodruffw "><code>@woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/83 ">zizmorcore/zizmor-action#83</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1 ">https://github.com/zizmorcore/zizmor-action/compare/v0.4.0...v0.4.1 </a></p>
<h2>v0.4.0</h2>
<p>This new version of <code>zizmor-action</code> brings two major
changes:</p>
<ul>
<li>
<p>The new <code>fail-on-no-inputs</code> option can be used to control
whether
<code>zizmor-action</code> fails if no inputs were collected by
<code>zizmor</code>. The default
remains <code>true</code>, reflecting the pre-existing behavior.</p>
</li>
<li>
<p>The action's use of the official <code>zizmor</code> Docker images is
now fully
hash-checked internally, preventing accidental or malicious modification
to the images. This also means that subsequent releases of
<code>zizmor</code>
will induce a release of this action, rather than the action always
picking
up the latest version by default.</p>
</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>docs: extended permissions required for internal repos by <a
href="https://github.com/AntoineSebert "><code>@AntoineSebert</code></a>
in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/61 ">zizmorcore/zizmor-action#61</a></li>
<li>docs: clarify description of "token" to indicate it is
only used for online audits by <a
href="https://github.com/rmuir "><code>@rmuir</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/63 ">zizmorcore/zizmor-action#63</a></li>
<li>Hash-check zizmor Docker images by <a
href="https://github.com/woodruffw "><code>@woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/68 ">zizmorcore/zizmor-action#68</a></li>
<li>Add <code>fail-on-no-inputs</code> option by <a
href="https://github.com/woodruffw "><code>@woodruffw</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/67 ">zizmorcore/zizmor-action#67</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/AntoineSebert "><code>@AntoineSebert</code></a>
made their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/61 ">zizmorcore/zizmor-action#61</a></li>
<li><a href="https://github.com/rmuir "><code>@rmuir</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/63 ">zizmorcore/zizmor-action#63</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.3.0...v0.4.0 ">https://github.com/zizmorcore/zizmor-action/compare/v0.3.0...v0.4.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="135698455dhttps://redirect.github.com/zizmorcore/zizmor-action/issues/83 ">#83</a>)</li>
<li><a
href="72469cf6cchttps://redirect.github.com/zizmorcore/zizmor-action/issues/80 ">#80</a>)</li>
<li><a
href="3aa7e2f1adhttps://redirect.github.com/zizmorcore/zizmor-action/issues/79 ">#79</a>)</li>
<li><a
href="92fc377b74https://redirect.github.com/zizmorcore/zizmor-action/issues/78 ">#78</a>)</li>
<li><a
href="5aff8efe9fhttps://redirect.github.com/zizmorcore/zizmor-action/issues/67 ">#67</a>)</li>
<li><a
href="4d497b9cc8https://redirect.github.com/zizmorcore/zizmor-action/issues/75 ">#75</a>)</li>
<li><a
href="5fa0711fa5https://redirect.github.com/zizmorcore/zizmor-action/issues/69 ">#69</a>)</li>
<li><a
href="c823f2c8e6https://redirect.github.com/zizmorcore/zizmor-action/issues/68 ">#68</a>)</li>
<li><a
href="706c51b5bchttps://redirect.github.com/zizmorcore/zizmor-action/issues/66 ">#66</a>)</li>
<li><a
href="cb3d8e846ehttps://redirect.github.com/zizmorcore/zizmor-action/issues/65 ">#65</a>)</li>
<li>Additional commits viewable in <a
href="e639db9933...135698455d
2026-01-28 22:16:41 +00:00
Lukasz
ec57cb5c0f
CI: Pin GitHub Actions and fix zizmor high-severity findings ( #667 )
...
## Description
This PR fixes zizmor --min-severity high findings in our GitHub Actions
workflows by:
- Pinning all uses: references to immutable commit SHAs (replaces
floating tags like @v6 / @main).
- Pinning internal Terraform setup action usage
(coder/coder/.github/actions/setup-tf@main) to a fixed ref/commit.
- Pinning crate-ci/typos to a commit SHA.
- Removing GitHub expression template expansion inside a run: block in
version-bump.yaml (prevents template injection flagged by zizmor).
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [x] Other
## Module Information
N/A
## Template Information
N/A
## Testing & Validation
- [ ] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [x] Changes tested locally - zizmor .github/workflows/* --min-severity
high
## Related Issues
- coder/registry#642
- https://github.com/coder/registry/pull/662
2026-01-21 11:42:10 +01:00
DevCats
77a3e74e0b
feat: enhance version bump script and CI workflow with ci mode ( #615 )
...
## Description
Add CI mode to version bump script to output Pass or Fail with a less
verbose comment when it fails
<!-- Briefly describe what this PR does and why -->
## Type of Change
- [ ] New module
- [ ] New template
- [ ] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [X] Other
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun fmt`)
- [X] Changes tested locally
## Related Issues
<!-- Link related issues or write "None" if not applicable -->
2025-12-17 15:31:11 -06:00
dependabot[bot]
faff2be207
chore(deps): bump actions/checkout from 5 to 6 in the github-actions group ( #561 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 07:47:55 +00:00
dependabot[bot]
17734c073a
chore(deps): bump the github-actions group across 1 directory with 5 updates ( #415 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 16:54:57 +05:00
dependabot[bot]
f08bb30b53
chore(deps): bump actions/checkout from 4 to 5 ( #334 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-18 12:25:16 +00:00
DevCats
a47ff911e1
fix: Version-Bump Workflow/Script - Formatting before diff ( #155 )
...
## Description
Set up Pre-Req's, and ensure that formatting is done before checking
diff since it likes to not respect prettier formatting.
---
## Type of Change
- [ ] New module
- [X] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
---
## Testing & Validation
- [X] Tests pass (`bun test`)
- [X] Code formatted (`bun run fmt`)
- [ ] Changes tested locally
---------
Co-authored-by: Atif Ali <atif@coder.com>
2025-06-19 16:35:10 -05:00
DevCats
960ec18d35
fix: clean up version-bump workflow script output handling ( #153 )
...
## Description
Removed unnecessary comments and added commands to reset the working
directory and clean untracked files in the version-bump workflow. This
improves the script's reliability by ensuring a clean state after
executing version checks.
---
## Type of Change
- [ ] New module
- [X] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
---
## Related Issues
None
2025-06-16 19:52:56 -05:00
DevCats
eae64160bd
fix: update GitHub Actions permissions in version-bump workflow ( #152 )
...
## Description
update GitHub Actions permissions in version-bump workflow by adding
issues permission for commenting on PR's
---
## Type of Change
- [ ] New module
- [X] Bug fix
- [ ] Feature/enhancement
- [ ] Documentation
- [ ] Other
---
## Related Issues
None
2025-06-16 14:32:09 -05:00
blink-so[bot]
f5bf6687e7
feat: extract version bump logic into reusable script ( #140 )
...
# Extract Version Bump Logic into Reusable Script
This PR extracts the version bump logic from the GitHub Actions workflow
(PR #137 ) into a reusable script and implements the requirements as
requested.
## ✅ What This PR Delivers
### 🔧 **Version Bump Script**: `.github/scripts/version-bump.sh`
- Extracts all version bump logic from the original workflow
- Supports `patch`, `minor`, and `major` version bumps
- Configurable base reference for diff comparison (defaults to
`origin/main`)
- Comprehensive error handling and semantic version validation
- Can be used standalone or in workflows
### 🔍 **Version Check Workflow**: `.github/workflows/version-check.yaml`
- **Required CI check** that runs on all PRs modifying modules
- Verifies that module versions have been properly updated
- Fails if versions need bumping but haven't been updated
- Provides clear instructions on how to fix version issues
### 🚀 **Version Bump Workflow**: `.github/workflows/version-bump.yaml`
- Simplified workflow that uses the extracted script
- Triggered by PR labels (`version:patch`, `version:minor`,
`version:major`)
- Automatically commits version updates and comments on PR
### 📚 **Updated Documentation**: `CONTRIBUTING.md`
- Clear instructions on how to use the version bump script
- Examples for different bump types
- Information about PR labels as an alternative
- Explains that CI will check version updates
## 🎯 Key Features
✅ **Script Logic Extracted**: All complex bash logic moved from workflow
to reusable script
✅ **Required CI Check**: Version check workflow ensures versions are
updated
✅ **Diff Verification**: Script checks git diff to detect modified
modules
✅ **Contribution Docs Updated**: Clear instructions for contributors
✅ **Backward Compatible**: Maintains all original functionality
✅ **Error Handling**: Comprehensive validation and clear error messages
## 📖 Usage Examples
```bash
# For bug fixes
./.github/scripts/version-bump.sh patch
# For new features
./.github/scripts/version-bump.sh minor
# For breaking changes
./.github/scripts/version-bump.sh major
```
## 🔄 Workflow Integration
1. **Developer makes changes** to modules
2. **CI runs version-check** workflow automatically
3. **If versions need updating**, CI fails with instructions
4. **Developer runs script** or adds PR label
5. **Versions get updated** automatically
6. **CI passes** and PR can be merged
## 🧪 Testing
The script has been tested with:
- ✅ Valid and invalid bump types
- ✅ Module detection from git diff
- ✅ Version calculation and validation
- ✅ README version updates
- ✅ Error handling for edge cases
This implementation addresses all the original requirements while making
the logic more maintainable and reusable.
---------
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: DevelopmentCats <christofer@coder.com>
2025-06-10 21:17:39 -05:00
35C4n0r