From a73d86e8ec14a706fe7cd319274f8db1a53a6b63 Mon Sep 17 00:00:00 2001 From: Jonathan Langevin Date: Sat, 6 Jun 2026 18:39:49 -0400 Subject: [PATCH 1/3] ci: modernize workflow action pins --- .github/workflows/ci.yml | 1 + .github/workflows/release.yml | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3e5c492..0196919 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,7 @@ jobs: - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod + cache: false - name: Configure private Go modules env: RELEASES_TOKEN: ${{ secrets.RELEASES_TOKEN || github.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3cf2900..e0f9886 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,6 +16,7 @@ jobs: - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod + cache: false - name: Configure private Go modules env: RELEASES_TOKEN: ${{ secrets.RELEASES_TOKEN || github.token }} @@ -23,12 +24,13 @@ jobs: git config --global url."https://x-access-token:${RELEASES_TOKEN}@github.com/GoCodeAlone/".insteadOf "https://github.com/GoCodeAlone/" go env -w GOPRIVATE=github.com/GoCodeAlone/* go env -w GONOSUMDB=github.com/GoCodeAlone/* - - name: Install wfctl v0.74.5 + - uses: GoCodeAlone/setup-wfctl@bcd880980f5bbe8d192d0c20ff6279d25331f956 # v1 + with: + version: v0.74.6 + - name: Export wfctl path for GoReleaser hooks run: | mkdir -p "${RUNNER_TEMP}/wfctl-bin" - curl -sSfL -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -o "${RUNNER_TEMP}/wfctl-bin/wfctl" \ - "https://github.com/GoCodeAlone/workflow/releases/download/v0.74.5/wfctl-linux-amd64" + cp "$(command -v wfctl)" "${RUNNER_TEMP}/wfctl-bin/wfctl" chmod +x "${RUNNER_TEMP}/wfctl-bin/wfctl" - uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2 with: @@ -66,6 +68,7 @@ jobs: - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod + cache: false - name: Configure private Go modules for runtime image env: RELEASES_TOKEN: ${{ secrets.RELEASES_TOKEN || github.token }} @@ -75,15 +78,15 @@ jobs: go env -w GONOSUMDB=github.com/GoCodeAlone/* - name: Build product capture provider binary run: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o docker/product-capture-browser/product-capture-provider ./cmd/product-capture-provider - - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 + - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push product capture browser image id: build - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . file: docker/product-capture-browser/Dockerfile @@ -104,7 +107,7 @@ jobs: timeout-minutes: 5 steps: - name: Notify workflow-registry of new release - uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ secrets.REPO_DISPATCH_TOKEN }} repository: GoCodeAlone/workflow-registry From f9f7f311531eef07873b8f8ef41a50f7d98a9727 Mon Sep 17 00:00:00 2001 From: Jon Langevin Date: Sat, 6 Jun 2026 18:40:23 -0400 Subject: [PATCH 2/3] ci: bump Go and Node runtime defaults --- docker/product-capture-browser/Dockerfile | 2 +- go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/product-capture-browser/Dockerfile b/docker/product-capture-browser/Dockerfile index 75ec716..67b2503 100644 --- a/docker/product-capture-browser/Dockerfile +++ b/docker/product-capture-browser/Dockerfile @@ -1,4 +1,4 @@ -FROM node:22-bookworm-slim +FROM node:24-bookworm-slim ENV NODE_PATH=/usr/local/lib/node_modules \ HOME=/tmp \ diff --git a/go.mod b/go.mod index 61880e8..de006b1 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/GoCodeAlone/workflow-plugin-product-capture -go 1.26.0 +go 1.26.4 require ( github.com/GoCodeAlone/workflow v0.74.5 From a8c4fa798675b449ac7237f6d5ea005fc5cea7a0 Mon Sep 17 00:00:00 2001 From: Jonathan Langevin Date: Sat, 6 Jun 2026 18:49:17 -0400 Subject: [PATCH 3/3] ci: address release workflow review --- .github/workflows/release.yml | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e0f9886..a10e849 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,14 +24,24 @@ jobs: git config --global url."https://x-access-token:${RELEASES_TOKEN}@github.com/GoCodeAlone/".insteadOf "https://github.com/GoCodeAlone/" go env -w GOPRIVATE=github.com/GoCodeAlone/* go env -w GONOSUMDB=github.com/GoCodeAlone/* - - uses: GoCodeAlone/setup-wfctl@bcd880980f5bbe8d192d0c20ff6279d25331f956 # v1 - with: - version: v0.74.6 - - name: Export wfctl path for GoReleaser hooks + - name: Install wfctl v0.74.6 + env: + GH_TOKEN: ${{ secrets.RELEASES_TOKEN || github.token }} + WFCTL_VERSION: v0.74.6 run: | + set -euo pipefail + runner_arch=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') + asset="wfctl-linux-${runner_arch}" + download_dir="$(mktemp -d)" + gh release download "${WFCTL_VERSION}" \ + --repo GoCodeAlone/workflow \ + --pattern "${asset}" \ + --pattern checksums.txt \ + --dir "${download_dir}" + (cd "${download_dir}" && grep " ${asset}$" checksums.txt | sha256sum -c -) mkdir -p "${RUNNER_TEMP}/wfctl-bin" - cp "$(command -v wfctl)" "${RUNNER_TEMP}/wfctl-bin/wfctl" - chmod +x "${RUNNER_TEMP}/wfctl-bin/wfctl" + install -m 0755 "${download_dir}/${asset}" "${RUNNER_TEMP}/wfctl-bin/wfctl" + echo "${RUNNER_TEMP}/wfctl-bin" >> "$GITHUB_PATH" - uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2 with: distribution: goreleaser @@ -78,15 +88,15 @@ jobs: go env -w GONOSUMDB=github.com/GoCodeAlone/* - name: Build product capture provider binary run: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o docker/product-capture-browser/product-capture-provider ./cmd/product-capture-provider - - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 + - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push product capture browser image id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: . file: docker/product-capture-browser/Dockerfile