Skip to content

Update Go API bindings to version 0.0.59 and automate future updates#59

Merged
cloudsmith-iduffy merged 1 commit into
masterfrom
update-bindings-v0.0.59-tooling
Jul 15, 2026
Merged

Update Go API bindings to version 0.0.59 and automate future updates#59
cloudsmith-iduffy merged 1 commit into
masterfrom
update-bindings-v0.0.59-tooling

Conversation

@cloudsmith-iduffy

Copy link
Copy Markdown
Contributor

Updates the generated Go bindings to the latest CloudSmith API and ports the tooling/automation from cloudsmith-io/cloudsmith-api#96, adapted for this Go-only, Docker-generated repo.

Bindings

  • Binding version: 0.0.59 (previously 0.0.58)
  • CloudSmith API version: 1.1288.1

Tooling & automation

  • mise-managed toolchain — a top-level .mise.toml pins the host tools (go, jq) so local dev and CI share the same setup. Docker (openapi-generator) remains a separate prerequisite on purpose.
  • Update API bindings GitHub Actions workflow — regenerates the bindings and opens a PR on demand (workflow_dispatch, optionally with a specific version) or daily on a schedule. It opens a PR only when the regenerated bindings actually change, and closes any superseded automated PRs first.
  • zizmor — a pre-commit hook plus a dedicated Security workflow (.github/workflows/zizmor.yml) using the official zizmorcore/zizmor-action. Workflows are hardened against zizmor findings: workflow_dispatch inputs and step outputs pass through env rather than being interpolated into run blocks, persist-credentials: false on checkout, minimal permissions, and all actions hash-pinned.
  • Hardened go.yml — hash-pinned actions, persist-credentials: false, explicit permissions, and mise-managed toolchain.
  • bin/generate — added a gsedsed shim and a case-insensitive CONTRIBUTING guard so the daily build runs correctly on Linux CI runners.
  • Documented the mise + Docker workflow in CONTRIBUTING.md.

Notes

🤖 Generated with Claude Code

Binding version: 0.0.59
Cloudsmith API version: 1.1288.1

Also ports the tooling/automation from cloudsmith-io/cloudsmith-api#96,
adapted for this Go-only, Docker-generated repo:

- .mise.toml pins the host toolchain (go, jq) and adds generate /
  update-bindings tasks. Docker remains a separate prerequisite.
- Update API bindings workflow: regenerates and opens a PR on demand
  (workflow_dispatch) or daily on a schedule, only when the bindings
  actually change, closing any superseded automated PRs first.
- zizmor Security workflow + pre-commit hook.
- Hardened go.yml (hash-pinned actions, persist-credentials: false,
  explicit permissions, mise-managed toolchain).
- bin/generate: gsed->sed shim and case-insensitive CONTRIBUTING guard
  so the daily build works on Linux runners.
- Documented the mise + Docker workflow in CONTRIBUTING.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 15, 2026 13:47

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@cloudsmith-iduffy cloudsmith-iduffy merged commit 1e77919 into master Jul 15, 2026
3 checks passed
@cloudsmith-iduffy cloudsmith-iduffy deleted the update-bindings-v0.0.59-tooling branch July 15, 2026 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

4 participants