From 80c689f1b2d4fb6e4a0bb6468b38752fc4bad34b Mon Sep 17 00:00:00 2001 From: Kevin Tang <73975146+vt128@users.noreply.github.com> Date: Mon, 15 Jun 2026 23:25:50 +0800 Subject: [PATCH] [fix] go-ci.yml: pin meta gate tools by SHA (GOPROXY @master lags) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `go run …/doccov@master` resolves via the Go module proxy, which can serve a stale master pseudo-version for a long time after a push — so a freshly merged doccov feature (e.g. -config) is invisible to CI for a while, breaking the doc-coverage step ("flag provided but not defined: -config"). Pin doccov, covcheck, and footprint to a full commit SHA (resolved on demand, deterministic) instead of @master. Bump the SHA when these tools change. Co-Authored-By: Claude Opus 4.8 --- .github/workflows/go-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml index 8b44203..5e3ada2 100644 --- a/.github/workflows/go-ci.yml +++ b/.github/workflows/go-ci.yml @@ -133,7 +133,7 @@ jobs: # doc-coverage input on starpkg domain modules. - name: Doc coverage if: ${{ fromJSON(env.IS_CHECKS) && inputs.doc-coverage }} - run: go run github.com/1set/meta/doccov@master -readme "${{ inputs.doc-coverage-file }}" ${{ inputs.doc-coverage-config && '-config' || '' }} . + run: go run github.com/1set/meta/doccov@cc6a3ec4d182169381eb8ca5a492be0d57013c0c -readme "${{ inputs.doc-coverage-file }}" ${{ inputs.doc-coverage-config && '-config' || '' }} . - name: Test run: make ci # Test-coverage gate (ratchet): covcheck parses the coverage.txt that @@ -141,7 +141,7 @@ jobs: # leg. Gated on cov-min > 0 so repos opt in with their ratchet floor. - name: Coverage gate if: ${{ fromJSON(env.IS_REPORT) && inputs.cov-min > 0 }} - run: go run github.com/1set/meta/covcheck@master -min ${{ inputs.cov-min }} coverage.txt + run: go run github.com/1set/meta/covcheck@cc6a3ec4d182169381eb8ca5a492be0d57013c0c -min ${{ inputs.cov-min }} coverage.txt # Binary footprint (opt-in): measure the marginal binary size the module # adds over a bare starlet host; fails if the stripped delta exceeds # footprint-max-mb (0 = report only). Floor leg for comparable numbers. @@ -149,7 +149,7 @@ jobs: if: ${{ fromJSON(env.IS_REPORT) && inputs.footprint }} run: | modpath=$(awk '/^module /{print $2; exit}' go.mod) - go run github.com/1set/meta/footprint@master -modpath "$modpath" -dir . -max-mb ${{ inputs.footprint-max-mb }} + go run github.com/1set/meta/footprint@cc6a3ec4d182169381eb8ca5a492be0d57013c0c -modpath "$modpath" -dir . -max-mb ${{ inputs.footprint-max-mb }} # govulncheck is informational (continue-on-error): it surfaces dependency # CVEs in the run log without gating merges. Promote to gating once the # ecosystem floor lets known findings be fixed in-place.