From d9227734a48b3d2fa1362e68836e290601307dc5 Mon Sep 17 00:00:00 2001 From: Jon Langevin Date: Mon, 1 Jun 2026 14:10:11 -0400 Subject: [PATCH 1/3] chore: apply plugin version discipline --- .github/workflows/release.yml | 3 + .github/workflows/sync-plugin-version.yml | 59 ------------ plugin.json | 112 +++++++++++----------- 3 files changed, 59 insertions(+), 115 deletions(-) delete mode 100644 .github/workflows/sync-plugin-version.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 47455bf..187682e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -47,6 +47,9 @@ jobs: exit 0 fi "${{ runner.temp }}/wfctl-bin/wfctl" plugin verify-capabilities --binary "$BIN" . + - name: Verify shipped plugin.json carries tag (post-build) + run: | + "${{ runner.temp }}/wfctl-bin/wfctl" plugin validate-contract --for-publish --tag ${{ github.ref_name }} --release-dir . . - name: Publish GitHub release if: ${{ success() }} env: diff --git a/.github/workflows/sync-plugin-version.yml b/.github/workflows/sync-plugin-version.yml deleted file mode 100644 index f74f8a9..0000000 --- a/.github/workflows/sync-plugin-version.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: Sync plugin.json version -on: - push: - tags: ['v*'] -permissions: - contents: write - pull-requests: write -jobs: - sync: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - ref: main - fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - name: Compute target version from tag - id: ver - run: | - TAG="${GITHUB_REF_NAME}" - VERSION="${TAG#v}" - echo "version=$VERSION" >> $GITHUB_OUTPUT - echo "tag=$TAG" >> $GITHUB_OUTPUT - - name: Update plugin.json - run: | - if [ ! -f plugin.json ]; then echo "no plugin.json; skipping"; exit 0; fi - CURRENT=$(python3 -c "import json; print(json.load(open('plugin.json')).get('version',''))") - TARGET="${{ steps.ver.outputs.version }}" - if [ "$CURRENT" = "$TARGET" ]; then - echo "plugin.json already at $TARGET; no action" - exit 0 - fi - python3 -c " - import json - p = json.load(open('plugin.json')) - p['version'] = '$TARGET' - json.dump(p, open('plugin.json', 'w'), indent=2) - open('plugin.json', 'a').write('\n') - " - - name: Open sync PR if plugin.json changed - run: | - if git diff --quiet plugin.json; then - echo "no changes" - exit 0 - fi - BRANCH="chore/sync-plugin-version-${{ steps.ver.outputs.tag }}" - git config user.email "github-actions[bot]@users.noreply.github.com" - git config user.name "github-actions[bot]" - git checkout -b "$BRANCH" - git add plugin.json - git commit -m "chore: sync plugin.json version to ${{ steps.ver.outputs.tag }}" - git push origin "$BRANCH" - gh pr create \ - --base main \ - --head "$BRANCH" \ - --title "chore: sync plugin.json version to ${{ steps.ver.outputs.tag }}" \ - --body "Triggered by release ${{ steps.ver.outputs.tag }}. Auto-sync to prevent drift. Closes workflow-registry#37." - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/plugin.json b/plugin.json index 7d39bee..fcb7e07 100644 --- a/plugin.json +++ b/plugin.json @@ -1,60 +1,60 @@ { - "name": "workflow-plugin-ws-auth", - "version": "0.1.6", - "description": "WebSocket HMAC authentication with challenge-response handshake and per-connection keys", - "author": "GoCodeAlone", - "license": "MIT", - "type": "external", - "tier": "community", - "minEngineVersion": "0.51.7", - "keywords": [ - "websocket", - "hmac", - "auth", - "challenge-response" + "name": "workflow-plugin-ws-auth", + "version": "0.0.0", + "description": "WebSocket HMAC authentication with challenge-response handshake and per-connection keys", + "author": "GoCodeAlone", + "license": "MIT", + "type": "external", + "tier": "community", + "minEngineVersion": "0.51.7", + "keywords": [ + "websocket", + "hmac", + "auth", + "challenge-response" + ], + "homepage": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth", + "repository": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth", + "downloads": [ + { + "os": "linux", + "arch": "amd64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-linux-amd64.tar.gz" + }, + { + "os": "linux", + "arch": "arm64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-linux-arm64.tar.gz" + }, + { + "os": "darwin", + "arch": "amd64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-darwin-amd64.tar.gz" + }, + { + "os": "darwin", + "arch": "arm64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-darwin-arm64.tar.gz" + }, + { + "os": "windows", + "arch": "amd64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-windows-amd64.tar.gz" + }, + { + "os": "windows", + "arch": "arm64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-windows-arm64.tar.gz" + } + ], + "capabilities": { + "configProvider": false, + "moduleTypes": [ + "ws_auth.hmac" ], - "homepage": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth", - "repository": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth", - "downloads": [ - { - "os": "linux", - "arch": "amd64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-linux-amd64.tar.gz" - }, - { - "os": "linux", - "arch": "arm64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-linux-arm64.tar.gz" - }, - { - "os": "darwin", - "arch": "amd64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-darwin-amd64.tar.gz" - }, - { - "os": "darwin", - "arch": "arm64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-darwin-arm64.tar.gz" - }, - { - "os": "windows", - "arch": "amd64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-windows-amd64.tar.gz" - }, - { - "os": "windows", - "arch": "arm64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-windows-arm64.tar.gz" - } + "stepTypes": [ + "step.ws_auth_identity" ], - "capabilities": { - "configProvider": false, - "moduleTypes": [ - "ws_auth.hmac" - ], - "stepTypes": [ - "step.ws_auth_identity" - ], - "triggerTypes": [] - } + "triggerTypes": [] + } } From 5a9777fc95175132dedeeda7c5a06c6e0abc2c70 Mon Sep 17 00:00:00 2001 From: Jon Langevin Date: Mon, 1 Jun 2026 14:10:42 -0400 Subject: [PATCH 2/3] chore: preserve manifest formatting --- plugin.json | 112 ++++++++++++++++++++++++++-------------------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/plugin.json b/plugin.json index fcb7e07..d36439e 100644 --- a/plugin.json +++ b/plugin.json @@ -1,60 +1,60 @@ { - "name": "workflow-plugin-ws-auth", - "version": "0.0.0", - "description": "WebSocket HMAC authentication with challenge-response handshake and per-connection keys", - "author": "GoCodeAlone", - "license": "MIT", - "type": "external", - "tier": "community", - "minEngineVersion": "0.51.7", - "keywords": [ - "websocket", - "hmac", - "auth", - "challenge-response" - ], - "homepage": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth", - "repository": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth", - "downloads": [ - { - "os": "linux", - "arch": "amd64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-linux-amd64.tar.gz" - }, - { - "os": "linux", - "arch": "arm64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-linux-arm64.tar.gz" - }, - { - "os": "darwin", - "arch": "amd64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-darwin-amd64.tar.gz" - }, - { - "os": "darwin", - "arch": "arm64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-darwin-arm64.tar.gz" - }, - { - "os": "windows", - "arch": "amd64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-windows-amd64.tar.gz" - }, - { - "os": "windows", - "arch": "arm64", - "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-windows-arm64.tar.gz" - } - ], - "capabilities": { - "configProvider": false, - "moduleTypes": [ - "ws_auth.hmac" + "name": "workflow-plugin-ws-auth", + "version": "0.0.0", + "description": "WebSocket HMAC authentication with challenge-response handshake and per-connection keys", + "author": "GoCodeAlone", + "license": "MIT", + "type": "external", + "tier": "community", + "minEngineVersion": "0.51.7", + "keywords": [ + "websocket", + "hmac", + "auth", + "challenge-response" ], - "stepTypes": [ - "step.ws_auth_identity" + "homepage": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth", + "repository": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth", + "downloads": [ + { + "os": "linux", + "arch": "amd64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-linux-amd64.tar.gz" + }, + { + "os": "linux", + "arch": "arm64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-linux-arm64.tar.gz" + }, + { + "os": "darwin", + "arch": "amd64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-darwin-amd64.tar.gz" + }, + { + "os": "darwin", + "arch": "arm64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-darwin-arm64.tar.gz" + }, + { + "os": "windows", + "arch": "amd64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-windows-amd64.tar.gz" + }, + { + "os": "windows", + "arch": "arm64", + "url": "https://github.com/GoCodeAlone/workflow-plugin-ws-auth/releases/download/v0.1.0/workflow-plugin-ws-auth-windows-arm64.tar.gz" + } ], - "triggerTypes": [] - } + "capabilities": { + "configProvider": false, + "moduleTypes": [ + "ws_auth.hmac" + ], + "stepTypes": [ + "step.ws_auth_identity" + ], + "triggerTypes": [] + } } From 3ace6bbf14c76275e59d60882d08ba1cec901ddd Mon Sep 17 00:00:00 2001 From: Jon Langevin Date: Mon, 1 Jun 2026 14:17:51 -0400 Subject: [PATCH 3/3] fix: harden release validation quoting --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 187682e..78b7865 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: "https://github.com/GoCodeAlone/workflow/releases/download/v0.63.2/wfctl-linux-amd64" chmod +x "${RUNNER_TEMP}/wfctl-bin/wfctl" - name: Validate plugin contract for publish (pre-build) - run: "${{ runner.temp }}/wfctl-bin/wfctl plugin validate-contract --for-publish --tag ${{ github.ref_name }} ." + run: "${{ runner.temp }}/wfctl-bin/wfctl plugin validate-contract --for-publish --tag "${{ github.ref_name }}" ." - uses: goreleaser/goreleaser-action@v7 with: version: '~> v2' @@ -49,7 +49,7 @@ jobs: "${{ runner.temp }}/wfctl-bin/wfctl" plugin verify-capabilities --binary "$BIN" . - name: Verify shipped plugin.json carries tag (post-build) run: | - "${{ runner.temp }}/wfctl-bin/wfctl" plugin validate-contract --for-publish --tag ${{ github.ref_name }} --release-dir . . + "${{ runner.temp }}/wfctl-bin/wfctl" plugin validate-contract --for-publish --tag "${{ github.ref_name }}" --release-dir . . - name: Publish GitHub release if: ${{ success() }} env: