Skip to content

chore: bump workflow pin v0.51.11-pseudo → v0.53.1; release v1.1.2#12

Merged
intel352 merged 1 commit into
mainfrom
chore/workflow-v0.53.1-pin-bump
May 16, 2026
Merged

chore: bump workflow pin v0.51.11-pseudo → v0.53.1; release v1.1.2#12
intel352 merged 1 commit into
mainfrom
chore/workflow-v0.53.1-pin-bump

Conversation

@intel352
Copy link
Copy Markdown
Contributor

@intel352 intel352 commented May 16, 2026

Pin sweep per https://github.com/GoCodeAlone/workflow/blob/main/docs/plans/2026-05-16-post-cloud-sdk-plugin-sweep-design.md.

Closes part of GoCodeAlone/workflow#656.

Workflow pin was a pseudo-version v0.51.11-0.20260514225636-522748f35474 in the raw require block (no replace directive). Bumped to clean tag v0.53.1; go mod tidy resolved cleanly. minEngineVersion 0.52.00.53.0.

Test plan

  • GOWORK=off go build ./... clean
  • GOWORK=off go test ./... -race PASS (internal 2.255s, driver 1.239s, statebackend 1.460s)
  • minEngineVersion bumped to 0.53.0 (tested-floor)
  • go mod tidy diff is the expected pin + transitives only

@intel352 intel352 merged commit 76364db into main May 16, 2026
4 checks passed
@intel352 intel352 deleted the chore/workflow-v0.53.1-pin-bump branch May 16, 2026 02:18
intel352 added a commit that referenced this pull request May 17, 2026
@intel352
ci: add tag-format validation + restore downloads-update (DO only)
5bd5a33 
Addresses Copilot findings on the workflow_dispatch escape-hatch PR:
- Add explicit tag regex validation (^vN.N.N(-suffix)?$) before any
  shell/Python interpolation — addresses 3 shell-injection inlines
  raised by Copilot across the 4 plugin PRs (gcp #12 line 26, DO #122
  lines 29 + 43, aws #19 line 26).
- DO only: restore the downloads[*].url update block that the prior
  push clobbered. DO has a regression-gate test
  TestSyncPluginVersionWorkflowUpdatesDownloads asserting the python
  block updates dl['url'] per release tag.
- aws/gcp/azure: NOT adding downloads-update because their goreleaser
  binary naming convention differs (`{name}_{version}_{goos}_{goarch}`
  vs DO's `{name}-{goos}-{goarch}`) — would create broken URLs. The
  downloads[] staleness is cosmetic; workflow-registry has authoritative
  download URLs.
intel352 added a commit that referenced this pull request May 17, 2026
@intel352
ci: add workflow_dispatch escape hatch to sync-plugin-version.yml (#15)
d47b2fa 
* ci: add workflow_dispatch escape hatch to sync-plugin-version.yml

Defensive fix for the failure mode surfaced by workflow-plugin-aws#18:
sync-plugin-version.yml did not fire on a v1.2.0 tag push despite the
matching `tags: ['v*']` trigger that worked on v1.1.0. Root cause was
not identified (likely transient GitHub Actions backend hiccup); the
workaround was a manual one-line plugin.json sync PR.

This change adds a workflow_dispatch trigger taking a tag input so the
sync workflow can be manually re-fired when the push-tag trigger
silently no-ops. The same patch is being applied across all 4 IaC
plugin repos (aws/gcp/azure/digitalocean) since they share the workflow
file pattern.

The push-tag trigger path is unchanged; the manual dispatch path uses
`inputs.tag` and falls back to `github.ref_name` otherwise via the
`inputs.tag || github.ref_name` expression.

Closes workflow-plugin-aws#18 (defensive fix; no root cause identified).

* ci: add tag-format validation + restore downloads-update (DO only)

Addresses Copilot findings on the workflow_dispatch escape-hatch PR:
- Add explicit tag regex validation (^vN.N.N(-suffix)?$) before any
  shell/Python interpolation — addresses 3 shell-injection inlines
  raised by Copilot across the 4 plugin PRs (gcp #12 line 26, DO #122
  lines 29 + 43, aws #19 line 26).
- DO only: restore the downloads[*].url update block that the prior
  push clobbered. DO has a regression-gate test
  TestSyncPluginVersionWorkflowUpdatesDownloads asserting the python
  block updates dl['url'] per release tag.
- aws/gcp/azure: NOT adding downloads-update because their goreleaser
  binary naming convention differs (`{name}_{version}_{goos}_{goarch}`
  vs DO's `{name}-{goos}-{goarch}`) — would create broken URLs. The
  downloads[] staleness is cosmetic; workflow-registry has authoritative
  download URLs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@intel352