fix(ci): install betterleaks via mise so the pre-release gate finds it#120
Merged
Conversation
Merged
theagenticguy
added a commit
that referenced
this pull request
May 16, 2026
🤖 Automated release via release-please --- <details><summary>analysis: 0.3.0</summary> ## [0.3.0](analysis-v0.2.0...analysis-v0.3.0) (2026-05-16) ### ⚠ BREAKING CHANGES * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ### Features * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ([49e14fd](49e14fd)) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/storage bumped to 0.2.0 * @opencodehub/wiki bumped to 0.2.0 </details> <details><summary>cli: 0.5.0</summary> ## [0.5.0](cli-v0.4.0...cli-v0.5.0) (2026-05-16) ### ⚠ BREAKING CHANGES * drop detect-secrets; ship tuned betterleaks default config ([#118](#118)) * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ### Features * drop detect-secrets; ship tuned betterleaks default config ([#118](#118)) ([d370f9e](d370f9e)) * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ([49e14fd](49e14fd)) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/analysis bumped to 0.3.0 * @opencodehub/ingestion bumped to 0.4.1 * @opencodehub/mcp bumped to 0.4.0 * @opencodehub/pack bumped to 0.2.0 * @opencodehub/scanners bumped to 0.2.0 * @opencodehub/search bumped to 0.2.0 * @opencodehub/storage bumped to 0.2.0 * @opencodehub/wiki bumped to 0.2.0 </details> <details><summary>cobol-proleap: 0.1.5</summary> ## [0.1.5](cobol-proleap-v0.1.4...cobol-proleap-v0.1.5) (2026-05-16) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/ingestion bumped to 0.4.1 </details> <details><summary>ingestion: 0.4.1</summary> ## [0.4.1](ingestion-v0.4.0...ingestion-v0.4.1) (2026-05-16) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/analysis bumped to 0.3.0 * @opencodehub/scip-ingest bumped to 0.2.2 * @opencodehub/storage bumped to 0.2.0 </details> <details><summary>mcp: 0.4.0</summary> ## [0.4.0](mcp-v0.3.2...mcp-v0.4.0) (2026-05-16) ### ⚠ BREAKING CHANGES * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ### Features * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ([49e14fd](49e14fd)) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/analysis bumped to 0.3.0 * @opencodehub/pack bumped to 0.2.0 * @opencodehub/scanners bumped to 0.2.0 * @opencodehub/search bumped to 0.2.0 * @opencodehub/storage bumped to 0.2.0 </details> <details><summary>pack: 0.2.0</summary> ## [0.2.0](pack-v0.1.4...pack-v0.2.0) (2026-05-16) ### ⚠ BREAKING CHANGES * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ### Features * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ([49e14fd](49e14fd)) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/analysis bumped to 0.3.0 * @opencodehub/ingestion bumped to 0.4.1 * @opencodehub/storage bumped to 0.2.0 </details> <details><summary>scanners: 0.2.0</summary> ## [0.2.0](scanners-v0.1.2...scanners-v0.2.0) (2026-05-16) ### ⚠ BREAKING CHANGES * drop detect-secrets; ship tuned betterleaks default config ([#118](#118)) ### Features * drop detect-secrets; ship tuned betterleaks default config ([#118](#118)) ([d370f9e](d370f9e)) </details> <details><summary>scip-ingest: 0.2.2</summary> ## [0.2.2](scip-ingest-v0.2.1...scip-ingest-v0.2.2) (2026-05-16) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/analysis bumped to 0.3.0 </details> <details><summary>search: 0.2.0</summary> ## [0.2.0](search-v0.1.2...search-v0.2.0) (2026-05-16) ### ⚠ BREAKING CHANGES * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ### Features * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ([49e14fd](49e14fd)) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/storage bumped to 0.2.0 </details> <details><summary>storage: 0.2.0</summary> ## [0.2.0](storage-v0.1.2...storage-v0.2.0) (2026-05-16) ### ⚠ BREAKING CHANGES * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ### Features * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ([49e14fd](49e14fd)) </details> <details><summary>wiki: 0.2.0</summary> ## [0.2.0](wiki-v0.1.1...wiki-v0.2.0) (2026-05-16) ### ⚠ BREAKING CHANGES * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ### Features * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ([49e14fd](49e14fd)) ### Dependencies * The following workspace dependencies were updated * dependencies * @opencodehub/storage bumped to 0.2.0 </details> <details><summary>root: 0.6.0</summary> ## [0.6.0](root-v0.5.0...root-v0.6.0) (2026-05-16) ### ⚠ BREAKING CHANGES * drop detect-secrets; ship tuned betterleaks default config ([#118](#118)) * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ### Features * drop detect-secrets; ship tuned betterleaks default config ([#118](#118)) ([d370f9e](d370f9e)) * lbug-only graph backend; rip DuckDB graph adapter ([#117](#117)) ([49e14fd](49e14fd)) ### Bug Fixes * **ci:** grant id-token: write at release-please.yml top level ([#115](#115)) ([a87a6eb](a87a6eb)) * **ci:** install betterleaks via mise so the pre-release gate finds it ([#120](#120)) ([522a4ec](522a4ec)) * **ci:** pre-release gate aggregator needs betterleaks (was detect-secrets) ([#119](#119)) ([a6f3448](a6f3448)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Laith Al-Saadoon <alsaadoonlaith@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The new
betterleaks full sweepstep inpre-release-gate.yml(added in #118) uses thebetterleaksbinary, but it isn't on the GitHub runner's PATH unlessmiseinstalls it. Job exited 127 (command not found) on PR #116.Fix
Add
"aqua:betterleaks/betterleaks" = "1.2.0"to[tools]inmise.toml.mise-actionin the workflow already provisions every entry of[tools], so the binary lands on PATH automatically. Also benefitscodehub analyzeself-scan runs — they previously skipped betterleaks with a "binary not found" warning; now they'll actually run it.Test plan
mise installresolves theaqua:source locally (already had it via global config)🤖 Generated with Claude Code