From 90a824024b3f5107211cc2757e12417034f32a79 Mon Sep 17 00:00:00 2001 From: Andreas Arvidsson Date: Sun, 8 Mar 2026 07:41:16 +0100 Subject: [PATCH 1/2] Update workflows --- .github/workflows/codeql.yml | 26 +++++++------------------- .github/workflows/deploy.yaml | 19 +++++++++++++------ .github/workflows/forbid-todo.yml | 2 +- .github/workflows/pre-commit.yml | 10 +++++----- .github/workflows/test-docs.yml | 4 ++-- .github/workflows/test.yml | 14 +++++++------- 6 files changed, 35 insertions(+), 40 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e333813880..6c257088b8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,37 +45,25 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} + # JavaScript and Python are interpreted, so CodeQL can analyze them without a build. + build-mode: none # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # Details on CodeQL's query packs refer to : + # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v4 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 721c18bbc3..7cc7307ece 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -16,16 +16,18 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: # This is needed to get the number of commits in the current branch fetch-depth: 0 + # Deploy the exact commit that passed the test workflow. + ref: ${{ github.event.workflow_run.head_sha }} - name: Install pnpm uses: pnpm/action-setup@v4 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version-file: .nvmrc cache: pnpm @@ -66,13 +68,16 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 + with: + # Deploy the exact commit that passed the test workflow. + ref: ${{ github.event.workflow_run.head_sha }} - name: Install pnpm uses: pnpm/action-setup@v4 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version-file: .nvmrc cache: pnpm @@ -89,7 +94,7 @@ jobs: CURSORLESS_DEPLOY: true - name: Checkout cursorless.nvim plugin repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: token: ${{ secrets.CURSORLESS_BOT_TOKEN }} repository: hands-free-vim/cursorless.nvim @@ -121,10 +126,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 token: ${{ secrets.CURSORLESS_BOT_TOKEN }} + # Push from the exact commit that passed the test workflow. + ref: ${{ github.event.workflow_run.head_sha }} - name: Configure GPG Key run: | diff --git a/.github/workflows/forbid-todo.yml b/.github/workflows/forbid-todo.yml index 040b25c201..fa2fdd54d8 100644 --- a/.github/workflows/forbid-todo.yml +++ b/.github/workflows/forbid-todo.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Forbid TODO run: ./scripts/forbid-todo.sh diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index f1346a3d5b..9413256614 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup python uses: actions/setup-python@v6 @@ -31,7 +31,7 @@ jobs: uses: pnpm/action-setup@v4 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version-file: .nvmrc cache: pnpm @@ -40,16 +40,16 @@ jobs: run: pnpm --color install - name: Install lua - uses: leafo/gh-actions-lua@v11 + uses: leafo/gh-actions-lua@v12 - name: Install luarocks - uses: leafo/gh-actions-luarocks@v5 + uses: leafo/gh-actions-luarocks@v6 - name: Run pre-commit hooks uses: pre-commit/action@v3.0.1 - name: Auto-fix pre-commit issues - uses: pre-commit-ci/lite-action@v1.0.2 + uses: pre-commit-ci/lite-action@v1.1.0 if: always() - name: Pyright diff --git a/.github/workflows/test-docs.yml b/.github/workflows/test-docs.yml index 14e7384e1d..07f18a61de 100644 --- a/.github/workflows/test-docs.yml +++ b/.github/workflows/test-docs.yml @@ -14,13 +14,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install pnpm uses: pnpm/action-setup@v4 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version-file: .nvmrc cache: pnpm diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4853f7168e..5e87cb85c3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,13 +38,13 @@ jobs: run: git config --global core.autocrlf false - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install pnpm uses: pnpm/action-setup@v4 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version-file: .nvmrc cache: pnpm @@ -128,22 +128,22 @@ jobs: if: runner.os == 'Linux' && matrix.app_version == 'stable' - name: Upload vsix (Linux) - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 if: runner.os == 'Linux' && matrix.app_version == 'stable' with: name: vsix path: cursorless-development.vsix - name: Archive logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: - name: logs + name: logs-${{ matrix.os }}-${{ matrix.app_version }} path: ${{ env.VSCODE_LOGS_DIR }} if: failure() - name: Archive dumps - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: - name: dumps + name: dumps-${{ matrix.os }}-${{ matrix.app_version }} path: ${{ env.VSCODE_CRASH_DIR }} if: failure() From 0f549ab4d76994371cdaf31c625d9ffc33c4f1d2 Mon Sep 17 00:00:00 2001 From: Andreas Arvidsson Date: Sun, 8 Mar 2026 07:55:49 +0100 Subject: [PATCH 2/2] update deploy talon --- .github/workflows/deploy.yaml | 2 ++ scripts/deploy-cursorless-talon.sh | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 7cc7307ece..adf9d52446 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -123,6 +123,8 @@ jobs: runs-on: ubuntu-latest needs: publish-extension environment: production + env: + DEPLOY_SHA: ${{ github.event.workflow_run.head_sha }} steps: - name: Checkout repository diff --git a/scripts/deploy-cursorless-talon.sh b/scripts/deploy-cursorless-talon.sh index d7ee17fef9..4f0d443365 100755 --- a/scripts/deploy-cursorless-talon.sh +++ b/scripts/deploy-cursorless-talon.sh @@ -4,11 +4,13 @@ # cherrypicking any new commits onto the cursorless-talon main branch set -euo pipefail +: "${DEPLOY_SHA:?DEPLOY_SHA must be set}" + # Check out staging branch git switch -c cursorless-talon-staging origin/cursorless-talon-staging # Exit if there were no changes to the cursorless-talon directory -[[ "$(git rev-parse "${GITHUB_SHA}:cursorless-talon")" == "$(git rev-parse 'cursorless-talon-staging^{tree}')" ]] && exit 0 +[[ "$(git rev-parse "${DEPLOY_SHA}:cursorless-talon")" == "$(git rev-parse 'cursorless-talon-staging^{tree}')" ]] && exit 0 # Fetch current cursorless-talon main git remote add cursorless-talon 'https://github.com/cursorless-dev/cursorless-talon.git' @@ -21,7 +23,7 @@ git fetch cursorless-talon git tag cursorless-talon-staging-previous cursorless-talon-staging # Update the staging branch -git switch -c github-sha "$GITHUB_SHA" +git switch -c github-sha "$DEPLOY_SHA" git subtree split --prefix=cursorless-talon --branch=cursorless-talon-staging # Sanity check that the previous staging commit is an ancestor of the new one @@ -36,7 +38,7 @@ git cherry-pick cursorless-talon-staging-previous..cursorless-talon-staging # Sanity check that cursorless-talon-main is identical to cursorless-talon # subdirectory of cursorless-vscode -[[ "$(git rev-parse 'cursorless-talon-main^{tree}')" == "$(git rev-parse "${GITHUB_SHA}:cursorless-talon")" ]] +[[ "$(git rev-parse 'cursorless-talon-main^{tree}')" == "$(git rev-parse "${DEPLOY_SHA}:cursorless-talon")" ]] # Push to cursorless-talon git push cursorless-talon cursorless-talon-main:main