Skip to content

Commit 5713ce0

Browse files
DavidoniumDavidonium
authored
Merge branch 'main' into chore/dhernando/fix-zizmor-cache-poisoning-rule
2 parents e206006 + 7fde60c commit 5713ce0

10 files changed

Lines changed: 179 additions & 9 deletions

File tree

.github/dependabot.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
version: 2
2+
3+
updates:
4+
- package-ecosystem: "gomod"
5+
directory: "/"
6+
schedule:
7+
interval: "weekly"
8+
9+
- package-ecosystem: "github-actions"
10+
directory: "/"
11+
schedule:
12+
interval: "weekly"

.github/workflows/build.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,12 @@ jobs:
1919
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2020
with:
2121
fetch-depth: 0
22+
persist-credentials: false
2223

2324
- name: Set up tools
2425
uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3
2526
with:
26-
version: 2026.3.8 # renovate: datasource=github-releases depName=jdx/mise
27+
version: 2026.3.8
2728

2829
- name: Run GoReleaser
2930
run: goreleaser release --clean --snapshot

.github/workflows/ci.yml

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,11 +17,13 @@ jobs:
1717
steps:
1818
- name: Checkout
1919
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
20+
with:
21+
persist-credentials: false
2022

2123
- name: Set up tools
2224
uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3
2325
with:
24-
version: 2026.3.8 # renovate: datasource=github-releases depName=jdx/mise
26+
version: 2026.3.8
2527

2628
- name: Run golangci-lint
2729
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
@@ -34,11 +36,13 @@ jobs:
3436
steps:
3537
- name: Checkout
3638
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
39+
with:
40+
persist-credentials: false
3741

3842
- name: Set up tools
3943
uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3
4044
with:
41-
version: 2026.3.8 # renovate: datasource=github-releases depName=jdx/mise
45+
version: 2026.3.8
4246

4347
- name: Run tests
4448
run: go test -coverpkg=./internal/... -coverprofile=build/coverage.txt -v -race ./...
@@ -48,11 +52,13 @@ jobs:
4852
steps:
4953
- name: Checkout
5054
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
55+
with:
56+
persist-credentials: false
5157

5258
- name: Set up tools
5359
uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3
5460
with:
55-
version: 2026.3.8 # renovate: datasource=github-releases depName=jdx/mise
61+
version: 2026.3.8
5662

5763
- name: Run go mod tidy
5864
run: go mod tidy

.github/workflows/lint-workflows.yaml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
name: Lint workflows
2+
on:
3+
pull_request:
4+
paths:
5+
- '.github/workflows/**'
6+
7+
jobs:
8+
zizmor:
9+
name: Security audit
10+
runs-on: ubuntu-latest
11+
permissions:
12+
security-events: write
13+
contents: read
14+
actions: read
15+
steps:
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
with:
18+
persist-credentials: false
19+
- uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
20+
with:
21+
persona: regular
22+
min-severity: medium

.github/workflows/release.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ jobs:
1515
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1616
with:
1717
fetch-depth: 0
18+
persist-credentials: false
1819

1920
# zizmor: ignore[cache-poisoning] -- mise verifies tool checksums via mise.lock
2021
- uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3

.github/workflows/releaser-pleaser.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: releaser-pleaser
33
on:
44
push:
55
branches: [main]
6-
pull_request_target:
6+
pull_request_target: # zizmor: ignore[dangerous-triggers]
77
types:
88
- edited
99
- labeled
@@ -23,6 +23,6 @@ jobs:
2323
- name: releaser-pleaser
2424
uses: apricote/releaser-pleaser@a1ce9493fd3f3abe60f22c37249d257bc10081dc # v0.8.0
2525
with:
26-
token: ${{ secrets.RELEASER_PLEASER_TOKEN }}
26+
token: ${{ secrets.RELEASER_PLEASER_TOKEN }} # zizmor: ignore[secrets-outside-env]
2727
extra-files: |
2828
cmd/qcloud/main.go

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ require (
77
github.com/dustin/go-humanize v1.0.1
88
github.com/google/uuid v1.6.0
99
github.com/jedib0t/go-pretty/v6 v6.7.8
10-
github.com/qdrant/qdrant-cloud-public-api v0.112.2
10+
github.com/qdrant/qdrant-cloud-public-api v0.113.0
1111
github.com/robfig/cron/v3 v3.0.1
1212
github.com/spf13/cobra v1.10.2
1313
github.com/spf13/pflag v1.0.10

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,8 +68,8 @@ github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0
6868
github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
6969
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
7070
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
71-
github.com/qdrant/qdrant-cloud-public-api v0.112.2 h1:zhyGyKpjhO5ixdAa7Vq9Ouu6UrHch7FcoM794fojrlw=
72-
github.com/qdrant/qdrant-cloud-public-api v0.112.2/go.mod h1:rKYk7KAO12FHK/YMvMdbzWhWVf3HIXmLcoZzobFVlJc=
71+
github.com/qdrant/qdrant-cloud-public-api v0.113.0 h1:GUsD0xWuSDeJi/hurOt0/VHov9rDlJQ7YALPmzuaHYo=
72+
github.com/qdrant/qdrant-cloud-public-api v0.113.0/go.mod h1:rKYk7KAO12FHK/YMvMdbzWhWVf3HIXmLcoZzobFVlJc=
7373
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
7474
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
7575
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

mise.lock

Lines changed: 125 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,125 @@
1+
# @generated - this file is auto-generated by `mise lock` https://mise.jdx.dev/dev-tools/mise-lock.html
2+
3+
[[tools."github:golangci/golangci-lint"]]
4+
version = "2.11.3"
5+
backend = "github:golangci/golangci-lint"
6+
7+
[tools."github:golangci/golangci-lint"."platforms.linux-arm64"]
8+
checksum = "sha256:ee3d95f301359e7d578e6d99c8ad5aeadbabc5a13009a30b2b0df11c8058afe9"
9+
url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-linux-arm64.tar.gz"
10+
url_api = "https://api.github.com/repos/golangci/golangci-lint/releases/assets/370749014"
11+
provenance = "github-attestations"
12+
13+
[tools."github:golangci/golangci-lint"."platforms.linux-arm64-musl"]
14+
checksum = "sha256:ee3d95f301359e7d578e6d99c8ad5aeadbabc5a13009a30b2b0df11c8058afe9"
15+
url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-linux-arm64.tar.gz"
16+
url_api = "https://api.github.com/repos/golangci/golangci-lint/releases/assets/370749014"
17+
provenance = "github-attestations"
18+
19+
[tools."github:golangci/golangci-lint"."platforms.linux-x64"]
20+
checksum = "sha256:87bb8cddbcc825d5778b64e8a91b46c0526b247f4e2f2904dea74ec7450475d1"
21+
url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-linux-amd64.tar.gz"
22+
url_api = "https://api.github.com/repos/golangci/golangci-lint/releases/assets/370748984"
23+
provenance = "github-attestations"
24+
25+
[tools."github:golangci/golangci-lint"."platforms.linux-x64-musl"]
26+
checksum = "sha256:87bb8cddbcc825d5778b64e8a91b46c0526b247f4e2f2904dea74ec7450475d1"
27+
url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-linux-amd64.tar.gz"
28+
url_api = "https://api.github.com/repos/golangci/golangci-lint/releases/assets/370748984"
29+
provenance = "github-attestations"
30+
31+
[tools."github:golangci/golangci-lint"."platforms.macos-arm64"]
32+
checksum = "sha256:30ee39979c516b9d1adca289a3f93429d130c4c0fda5e57d637850894221f6cc"
33+
url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-darwin-arm64.tar.gz"
34+
url_api = "https://api.github.com/repos/golangci/golangci-lint/releases/assets/370749042"
35+
provenance = "github-attestations"
36+
37+
[tools."github:golangci/golangci-lint"."platforms.macos-x64"]
38+
checksum = "sha256:f93bda1f2cc981fd1326464020494be62f387bbf262706e1b3b644e5afacc440"
39+
url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-darwin-amd64.tar.gz"
40+
url_api = "https://api.github.com/repos/golangci/golangci-lint/releases/assets/370749038"
41+
provenance = "github-attestations"
42+
43+
[tools."github:golangci/golangci-lint"."platforms.windows-x64"]
44+
checksum = "sha256:cd42e890176bc5cfeb36225a77e66b9410ddd3a59a03551e23f6b210d29e1f67"
45+
url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-windows-amd64.zip"
46+
url_api = "https://api.github.com/repos/golangci/golangci-lint/releases/assets/370749053"
47+
provenance = "github-attestations"
48+
49+
[[tools."github:goreleaser/goreleaser"]]
50+
version = "2.14.3"
51+
backend = "github:goreleaser/goreleaser"
52+
53+
[tools."github:goreleaser/goreleaser"."platforms.linux-arm64"]
54+
checksum = "sha256:581a10e53c1176b3e81ee45cf531e02dbf899db0bc7b795669347df4276ce948"
55+
url = "https://github.com/goreleaser/goreleaser/releases/download/v2.14.3/goreleaser_Linux_arm64.tar.gz"
56+
url_api = "https://api.github.com/repos/goreleaser/goreleaser/releases/assets/370190230"
57+
provenance = "github-attestations"
58+
59+
[tools."github:goreleaser/goreleaser"."platforms.linux-arm64-musl"]
60+
checksum = "sha256:581a10e53c1176b3e81ee45cf531e02dbf899db0bc7b795669347df4276ce948"
61+
url = "https://github.com/goreleaser/goreleaser/releases/download/v2.14.3/goreleaser_Linux_arm64.tar.gz"
62+
url_api = "https://api.github.com/repos/goreleaser/goreleaser/releases/assets/370190230"
63+
provenance = "github-attestations"
64+
65+
[tools."github:goreleaser/goreleaser"."platforms.linux-x64"]
66+
checksum = "sha256:dc7faeeeb6da8bdfda788626263a4ae725892a8c7504b975c3234127d4a44579"
67+
url = "https://github.com/goreleaser/goreleaser/releases/download/v2.14.3/goreleaser_Linux_x86_64.tar.gz"
68+
url_api = "https://api.github.com/repos/goreleaser/goreleaser/releases/assets/370190264"
69+
provenance = "github-attestations"
70+
71+
[tools."github:goreleaser/goreleaser"."platforms.linux-x64-musl"]
72+
checksum = "sha256:dc7faeeeb6da8bdfda788626263a4ae725892a8c7504b975c3234127d4a44579"
73+
url = "https://github.com/goreleaser/goreleaser/releases/download/v2.14.3/goreleaser_Linux_x86_64.tar.gz"
74+
url_api = "https://api.github.com/repos/goreleaser/goreleaser/releases/assets/370190264"
75+
provenance = "github-attestations"
76+
77+
[tools."github:goreleaser/goreleaser"."platforms.macos-arm64"]
78+
checksum = "sha256:6dae42fecaed39f36d0ac9ce98f36ee14804e483f5c1446e205796ac91b7be4e"
79+
url = "https://github.com/goreleaser/goreleaser/releases/download/v2.14.3/goreleaser_Darwin_arm64.tar.gz"
80+
url_api = "https://api.github.com/repos/goreleaser/goreleaser/releases/assets/370190287"
81+
provenance = "github-attestations"
82+
83+
[tools."github:goreleaser/goreleaser"."platforms.macos-x64"]
84+
checksum = "sha256:d8fcc408826058986df90950ce2824ed037e57e3229eb23dcf0badc8d23123bc"
85+
url = "https://github.com/goreleaser/goreleaser/releases/download/v2.14.3/goreleaser_Darwin_x86_64.tar.gz"
86+
url_api = "https://api.github.com/repos/goreleaser/goreleaser/releases/assets/370190276"
87+
provenance = "github-attestations"
88+
89+
[tools."github:goreleaser/goreleaser"."platforms.windows-x64"]
90+
checksum = "sha256:3deea8ff471aa258a2d99f3e5302971d7028647ae8ddaf103257a8113e485a31"
91+
url = "https://github.com/goreleaser/goreleaser/releases/download/v2.14.3/goreleaser_Windows_x86_64.zip"
92+
url_api = "https://api.github.com/repos/goreleaser/goreleaser/releases/assets/370190313"
93+
provenance = "github-attestations"
94+
95+
[[tools.go]]
96+
version = "1.26.0"
97+
backend = "core:go"
98+
99+
[tools.go."platforms.linux-arm64"]
100+
checksum = "sha256:bd03b743eb6eb4193ea3c3fd3956546bf0e3ca5b7076c8226334afe6b75704cd"
101+
url = "https://dl.google.com/go/go1.26.0.linux-arm64.tar.gz"
102+
103+
[tools.go."platforms.linux-arm64-musl"]
104+
checksum = "sha256:bd03b743eb6eb4193ea3c3fd3956546bf0e3ca5b7076c8226334afe6b75704cd"
105+
url = "https://dl.google.com/go/go1.26.0.linux-arm64.tar.gz"
106+
107+
[tools.go."platforms.linux-x64"]
108+
checksum = "sha256:aac1b08a0fb0c4e0a7c1555beb7b59180b05dfc5a3d62e40e9de90cd42f88235"
109+
url = "https://dl.google.com/go/go1.26.0.linux-amd64.tar.gz"
110+
111+
[tools.go."platforms.linux-x64-musl"]
112+
checksum = "sha256:aac1b08a0fb0c4e0a7c1555beb7b59180b05dfc5a3d62e40e9de90cd42f88235"
113+
url = "https://dl.google.com/go/go1.26.0.linux-amd64.tar.gz"
114+
115+
[tools.go."platforms.macos-arm64"]
116+
checksum = "sha256:b1640525dfe68f066d56f200bef7bf4dce955a1a893bd061de6754c211431023"
117+
url = "https://dl.google.com/go/go1.26.0.darwin-arm64.tar.gz"
118+
119+
[tools.go."platforms.macos-x64"]
120+
checksum = "sha256:1ca28b7703cbea05a65b2a1d92d6b308610ef92f8824578a0874f2e60c9d5a22"
121+
url = "https://dl.google.com/go/go1.26.0.darwin-amd64.tar.gz"
122+
123+
[tools.go."platforms.windows-x64"]
124+
checksum = "sha256:9bbe0fc64236b2b51f6255c05c4232532b8ecc0e6d2e00950bd3021d8a4d07d4"
125+
url = "https://dl.google.com/go/go1.26.0.windows-amd64.zip"

mise.toml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,6 @@
22
go = "1.26.0"
33
"github:golangci/golangci-lint" = "2.11.3"
44
"github:goreleaser/goreleaser" = "v2.14.3"
5+
6+
[settings]
7+
lockfile = true

0 commit comments

Comments
 (0)