Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 19 additions & 19 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ jobs:
name: govulncheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand All @@ -35,8 +35,8 @@ jobs:
name: release + installer integrity (local E2E)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand All @@ -60,8 +60,8 @@ jobs:
GIT_COMMITTER_NAME: nilcore-ci
GIT_COMMITTER_EMAIL: ci@nilcore.local
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand All @@ -82,8 +82,8 @@ jobs:
GIT_COMMITTER_NAME: nilcore-ci
GIT_COMMITTER_EMAIL: ci@nilcore.local
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand All @@ -107,8 +107,8 @@ jobs:
GIT_COMMITTER_NAME: nilcore-ci
GIT_COMMITTER_EMAIL: ci@nilcore.local
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand All @@ -119,13 +119,13 @@ jobs:
name: golangci-lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
- name: golangci-lint
uses: golangci/golangci-lint-action@v7
uses: golangci/golangci-lint-action@v9
with:
version: v2.12.2

Expand All @@ -138,8 +138,8 @@ jobs:
name: namespace sandbox (linux confinement)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand Down Expand Up @@ -170,8 +170,8 @@ jobs:
GIT_COMMITTER_NAME: nilcore-ci
GIT_COMMITTER_EMAIL: ci@nilcore.local
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand All @@ -195,8 +195,8 @@ jobs:
name: browser behavioral verification (D1 live run)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ jobs:
goos: [darwin, linux]
goarch: [amd64, arm64]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
Expand Down Expand Up @@ -52,7 +52,7 @@ jobs:
# before running the downloaded binary. The file holds "<hash> <asset>" so a
# consumer can `sha256sum -c` it directly.
( cd dist && sha256sum "${out}" > "${out}.sha256" )
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@v7
with:
name: nilcore-${{ matrix.goos }}-${{ matrix.goarch }}
path: dist/*
Expand All @@ -63,8 +63,8 @@ jobs:
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- uses: actions/checkout@v7
- uses: actions/download-artifact@v8
with:
path: dist
merge-multiple: true
Expand Down
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ the distribution gap: patched Go and system dependencies, reachable-vulnerabilit
fail-closed checksums and installer tests, complete four-platform asset verification, and version
identity stamped and executed before publication.

- **ci-node24-actions** — Move the CI and release workflows to the current Node 24 action majors (`checkout@v7`, `setup-go@v6`, `upload-artifact@v7`, `download-artifact@v8`, `golangci-lint-action@v9`), eliminating the runner's forced Node 20 compatibility shims before v1.2.0. _Owns:_ `.github/workflows/{ci,release}.yml`, `CHANGELOG.md`. _(CI maintenance)_

- **release-v1.2.0** — Cut the v1.2.0 changelog boundary, refresh the public release/reference metrics from the live tree, and record the fully gated release baseline; tag publication remains a separately approved irreversible action. _Owns:_ `CHANGELOG.md`, `README.md`, `STATE.md`, `docs/REFERENCE.md`. _(release)_

- **release-version-stamp** — Stamp validated version tags into every release binary, execute the native matrix asset to prove `nilcore version` matches the tag, and refuse malformed release refs before publication; the release E2E now verifies identity as well as checksums and completeness. _Owns:_ `.github/workflows/release.yml`, `test/release-assets-e2e.sh`, `CHANGELOG.md`. _(release hardening)_
Expand Down