chore: update CI/CD workflows, Homebrew release, modernize contributors#552
chore: update CI/CD workflows, Homebrew release, modernize contributors#552
Conversation
- Bump actions/checkout v5 to v6 in all workflows - Bump goreleaser/goreleaser-action v6 to v7 - Add Homebrew tap publishing via GoReleaser brews config - Add tar.gz archive format for Homebrew compatibility - Fix dependabot target branch from dev to main - Add dependabot ignore rules for modernc.org/sqlite (Go 1.21+) and golang.org/x/text (planned removal) - Remove release-drafter (use GitHub draft release instead) - Remove contributors workflow and SVG, use contrib.rocks
moonD4rk
changed the title
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #552 +/- ##
=======================================
Coverage 70.25% 70.25%
=======================================
Files 47 47
Lines 1718 1718
=======================================
Hits 1207 1207
Misses 394 394
Partials 117 117
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Updates the repository’s automation and release tooling by modernizing GitHub Actions workflows, adding Homebrew tap publishing via GoReleaser, and switching the contributors section to an automated README updater.
Changes:
- Update CI/CD workflows to newer action versions and simplify the release workflow (remove release-drafter step/config).
- Extend GoReleaser to produce
tar.gzarchives and publish a Homebrew formula tomoonD4rk/homebrew-tap. - Replace the contributors image with README comment markers and a new contributors update workflow using a GitHub App token.
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Replace static contributors asset with marker comments for automated insertion. |
| .goreleaser.yml | Add tar.gz archives and configure brews Homebrew tap publishing. |
| .github/workflows/test.yml | Bump checkout action version. |
| .github/workflows/lint.yml | Bump checkout action version. |
| .github/workflows/build.yml | Bump checkout action version. |
| .github/workflows/release.yml | Bump actions, add Homebrew tap token env, remove release-drafter job/permission. |
| .github/workflows/contributors.yml | Switch to contributors README action and GitHub App token-based push. |
| .github/release-drafter.yml | Remove release-drafter configuration file. |
| .github/dependabot.yml | Fix target branch to main and add ignore rules. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ignore: | ||
| - dependency-name: "modernc.org/sqlite" | ||
| versions: [">=1.32.0"] # v1.32+ requires Go 1.21, project is pinned to Go 1.20 | ||
| - dependency-name: "golang.org/x/text" # will be removed in upcoming refactoring |
There was a problem hiding this comment.
Dependabot ignore entries require a condition (e.g., versions and/or update-types). The golang.org/x/text entry only sets dependency-name, which will make the dependabot config invalid and stop updates from running. Add an explicit ignore condition (or remove this entry until you have one).
| - dependency-name: "golang.org/x/text" # will be removed in upcoming refactoring |
| - cron: '0 1 * * 0' # At 01:00 on Sunday. | ||
| push: | ||
| branches: | ||
| - main |
There was a problem hiding this comment.
This workflow triggers on push to main, and it also commits back to main (contributors update). That means every time it makes a commit, it will immediately re-trigger itself (at least one extra run per update). Consider removing the push trigger (keep schedule/workflow_dispatch), adding paths filters, or adding a guard like if: github.actor != 'github-actions[bot]' / checking the commit message to prevent self-trigger loops.
| - main | |
| - main | |
| paths-ignore: | |
| - README.md |
Replace contrib.rocks with akhilmhdh/contributors-readme-action which generates individually clickable contributor avatars and auto-creates PRs when branch protection is enabled.
moonD4rk
force-pushed
the
chore/update-ci-cd
branch
from
4b795ff to
96d2a6b
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 10 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| formats: | ||
| - zip |
There was a problem hiding this comment.
In GoReleaser archive config, format_overrides typically expects a singular format per override entry. Using formats: here may be ignored or fail validation, causing Windows artifacts to be produced as tar.gz instead of zip. Consider changing the override to use the correct key so Windows archives are reliably zipped.
| formats: | |
| - zip | |
| format: zip |
| on: | ||
| schedule: | ||
| - cron: '0 1 * * 0' # At 01:00 on Sunday. | ||
| push: | ||
| branches: | ||
| - main | ||
| paths-ignore: |
There was a problem hiding this comment.
This workflow triggers on push to main and also uses a GitHub App token to push commits back to main. Unlike pushes made with GITHUB_TOKEN, pushes made with an app/PAT token will re-trigger push workflows, which can cause a self-triggering loop. Consider removing the push trigger (leave schedule/workflow_dispatch) or add an explicit guard (e.g., skip when the actor is the app/bot) to prevent recursion.
| ignore: | ||
| - dependency-name: "modernc.org/sqlite" | ||
| versions: [">=1.32.0"] # v1.32+ requires Go 1.21, project is pinned to Go 1.20 | ||
| - dependency-name: "golang.org/x/text" # will be removed in upcoming refactoring |
There was a problem hiding this comment.
The ignore entry for golang.org/x/text only specifies dependency-name but no versions or update-types. Dependabot’s config schema requires at least one of those fields, so this is likely to make the config invalid and stop updates. Add an explicit ignore rule (e.g., ignore all versions via versions or all update types via update-types).
| - dependency-name: "golang.org/x/text" # will be removed in upcoming refactoring | |
| - dependency-name: "golang.org/x/text" # will be removed in upcoming refactoring | |
| update-types: | |
| - "version-update:semver-major" | |
| - "version-update:semver-minor" | |
| - "version-update:semver-patch" |
Branch protection requires all code to go through PRs, so the pull_request trigger is sufficient. This eliminates 9 redundant checks that ran after every merge to main.
Summary
actions/checkoutv5 → v6,goreleaser/goreleaser-actionv6 → v7 in all workflowsbrewsconfig (pushes formula tomoonD4rk/homebrew-tap)tar.gzarchive format for Homebrew compatibilitytarget-branchfromdevtomainmodernc.org/sqlite(v1.32+ requires Go 1.21) andgolang.org/x/text(planned removal)release-drafter(use GitHub draft release workflow instead)bubkoo/contributors-listwithakhilmhdh/contributors-readme-actionusinghackbrowserdata-botGitHub App for branch protection bypassCONTRIBUTORS.svgChecklist
devbranch (chore(deps): bump golang.org/x/text from 0.19.0 to 0.35.0 #504, chore(deps): bump modernc.org/sqlite from 1.31.1 to 1.48.0 #529, chore(deps): bump goreleaser/goreleaser-action from 6 to 7 #531-chore(deps): bump release-drafter/release-drafter from 6 to 7 #535)