Skip to content

Enhance CI/CD pipeline and documentation for ztigit v0.0.3#8

Merged
ditahkk merged 2 commits into
mainfrom
issues/7-one-liner-install
Dec 20, 2025
Merged

Enhance CI/CD pipeline and documentation for ztigit v0.0.3#8
ditahkk merged 2 commits into
mainfrom
issues/7-one-liner-install

Conversation

@ditahkk

@ditahkk ditahkk commented Dec 20, 2025

Copy link
Copy Markdown
Member

Added:

  • install.ps1 for Windows (irm | iex)
  • install.sh for macOS/Linux/WSL (curl | bash)
  • examples/unix.md and examples/windows.md
  • Script linting CI (shellcheck + PSScriptAnalyzer)
  • Windows arm64 binary support

Changed:

  • Efficient path-based CI pipeline
  • Simplified README, references examples folder
  • Updated dependencies (godbus/dbus v5.2.1, gitlab-org/api v1.10.0)
  • Updated Trivy scanner to 0.33.0

Fixed:

  • Quote TMP_FILE in trap for paths with spaces
  • Reject 32-bit Windows (not supported)
  • Recommend keychain over plain text token files"

Summary by CodeRabbit

  • New Features

    • One-line installers for Windows (PowerShell) and macOS/Linux/WSL
    • Windows arm64 support and multi‑platform build artifacts
  • Documentation

    • Quick Install, platform examples (Unix/Windows), expanded README and release docs
    • Updated usage, authentication, installation, and example guides
  • Chores

    • CI converted to file-change driven gating with expanded linting, security checks, and cross‑platform release packaging
    • Updated module dependencies

✏️ Tip: You can customize this high-level summary in your review settings.

@ditahkk ditahkk self-assigned this Dec 20, 2025
@ditahkk ditahkk linked an issue Dec 20, 2025 that may be closed by this pull request
4 tasks
@coderabbitai

coderabbitai Bot commented Dec 20, 2025

Copy link
Copy Markdown

Walkthrough

Path-based CI gating added with a change-detection job, conditional lint/test/security/build jobs, a cross-platform build matrix, Bash/PowerShell one-line installers, expanded install/platform docs, updated release packaging to include installers, and two Go module version bumps.

Changes

Cohort / File(s) Summary
CI/CD Workflow
\.github/workflows/build.yml
Replaces static push/PR path gating with a change-detection job that sets flags for Go/scripts/workflow changes; adds lint-scripts job; gates test and security jobs on detected changes; makes build matrix cross-OS/arch; adjusts Trivy usage, artifact naming, and job sequencing/conditions.
Installer Scripts
scripts/install.sh, scripts/install.ps1
New one-line installers (Bash and PowerShell) that detect OS/arch, download the matching release asset, install to a user-configurable location, attempt PATH updates, and perform basic verification and error handling.
Installation & Release Documentation
docs/installation.md, docs/development/RELEASE.md, RELEASE_NOTES.md
Replaces binary-download instructions with Quick Install using installers, adds Windows manual install guidance and Windows arm64 mention, and lists install.sh / install.ps1 among release artifacts and build outputs.
Core Documentation
README.md, CHANGELOG.md
Removes per-OS binary instructions in favor of installers; updates Quick Start, command references, and adds CHANGELOG entry for v0.0.3 describing installers, CI changes, and platform support.
Platform Examples
examples/unix.md, examples/windows.md
Adds comprehensive platform-specific examples and CI snippets covering installation, authentication, mirroring, scripting, and CI integration.
Go Dependencies
go.mod
Bumps gitlab.com/gitlab-org/api/client-go v1.9.1 → v1.10.0 and github.com/godbus/dbus/v5 v5.2.0 → v5.2.1.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

  • Review focus:
    • .github/workflows/build.yml — verify change-detection logic, job conditions/expressions, and build matrix naming.
    • scripts/install.sh / scripts/install.ps1 — confirm asset URL construction, architecture detection, permission handling (sudo/Windows PATH updates), and verification steps.
    • Docs (README.md, docs/*, RELEASE_NOTES.md, examples/*) — ensure examples, binary/installer names, and install instructions are consistent.

Possibly related PRs

Suggested reviewers

  • godsonten

Poem

🐰 Hopped through YAML and scripts with care,

I bundled a bash and a PowerShell pair.
CI now watches the files that move,
Builds many platforms, sending artifacts to prove.
A tiny rabbit cheers — releases light as air!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title clearly and concisely summarizes the main changes: enhanced CI/CD pipeline and updated documentation for version 0.0.3, which aligns with the primary objectives.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch issues/7-one-liner-install

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (4)
CHANGELOG.md (1)

23-26: Consider rewording to avoid adverb repetition.

Line 25 uses "only" twice. While the meaning is clear, consider this alternative for improved readability:

-- Script changes → lint-scripts job only
+- Script changes → lint-scripts job
examples/windows.md (1)

137-139: Add language identifier to fenced code block.

The code block should specify a language identifier for proper syntax highlighting.

🔎 Proposed fix
-```
+```text
 powershell.exe -ExecutionPolicy Bypass -File C:\Scripts\backup-repos.ps1
</details>

</blockquote></details>
<details>
<summary>scripts/install.ps1 (1)</summary><blockquote>

`52-57`: **PATH update logic could be more robust.**

The current check `$userPath -notlike "*$installDir*"` may produce false positives if `$installDir` appears as a substring in another path entry.



<details>
<summary>🔎 More precise PATH checking</summary>

```diff
 # Add to PATH if not already there (persists across sessions)
 $userPath = [Environment]::GetEnvironmentVariable("PATH", "User")
-if ($userPath -notlike "*$installDir*") {
+$pathEntries = $userPath -split ';' | Where-Object { $_ }
+if ($installDir -notin $pathEntries) {
     Write-Host "  Adding to PATH..." -ForegroundColor Gray
-    [Environment]::SetEnvironmentVariable("PATH", "$userPath;$installDir", "User")
+    $newPath = if ($userPath) { "$userPath;$installDir" } else { $installDir }
+    [Environment]::SetEnvironmentVariable("PATH", $newPath, "User")
 }
.github/workflows/build.yml (1)

187-202: Security findings won't fail the pipeline.

All security tools use continue-on-error: true or || true, meaning vulnerabilities won't block merges. This may be intentional during initial adoption, but consider removing these guards once baselines are established.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9c2c790 and c33174a.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (11)
  • .github/workflows/build.yml (5 hunks)
  • CHANGELOG.md (1 hunks)
  • README.md (1 hunks)
  • RELEASE_NOTES.md (1 hunks)
  • docs/development/RELEASE.md (1 hunks)
  • docs/installation.md (2 hunks)
  • examples/unix.md (1 hunks)
  • examples/windows.md (1 hunks)
  • go.mod (1 hunks)
  • scripts/install.ps1 (1 hunks)
  • scripts/install.sh (1 hunks)
🧰 Additional context used
🪛 LanguageTool
examples/windows.md

[grammar] ~100-~100: Ensure spelling is correct
Context: ...ew current config ztigit config ## Environment Protection powershell # List enviro...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

examples/unix.md

[grammar] ~70-~70: Ensure spelling is correct
Context: ...ew current config ztigit config ## Environment Protection bash # List environments...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

CHANGELOG.md

[style] ~25-~25: This adverb was used twice in the sentence. Consider removing one of them or replacing them with a synonym.
Context: ...y - Script changes → lint-scripts job only - Docs/examples changes → no CI (skip...

(ADVERB_REPETITION_PREMIUM)

🪛 markdownlint-cli2 (0.18.1)
examples/windows.md

137-137: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🔇 Additional comments (19)
docs/installation.md (1)

3-16: LGTM! Clear and user-friendly installation flow.

The Quick Install section effectively prioritizes the new installer scripts while maintaining platform-specific clarity. The structure guides users to the recommended installation method upfront.

examples/unix.md (1)

1-144: LGTM! Excellent documentation with security best practices.

The Unix examples are comprehensive and well-organized. Notable strengths:

  • Clear security guidance (keychain preferred over plain text)
  • Proper file permission recommendations (chmod 600)
  • Practical CI/CD integration examples for multiple platforms
scripts/install.sh (1)

47-48: LGTM! Proper quoting handles paths with spaces.

The trap statement correctly quotes $TMP_FILE, which prevents issues when the temporary file path contains spaces. This addresses the fix mentioned in the PR objectives.

docs/development/RELEASE.md (1)

39-44: LGTM! Documentation accurately reflects build artifacts.

The updated artifact list clearly documents the new installer scripts alongside existing archives and checksums, providing complete visibility into release deliverables.

go.mod (1)

13-13: Remove or correct inaccurate dependency version information.

The stated dependency versions cannot be verified: godbus/dbus v5.2.0 and v5.2.1 do not exist (latest is v5.1.0). Additionally, gitlab.com/gitlab-org/api/client-go v1.10.0 cannot be confirmed. Verify the actual dependency versions in the go.mod file and ensure the review accurately reflects the actual updates.

README.md (4)

8-18: LGTM - Clear cross-platform installation instructions.

The one-liner installation commands follow standard patterns (irm | iex for PowerShell, curl | bash for Unix). The URLs correctly point to the release assets that will be published by the CI workflow.


22-30: LGTM - Quick Start covers both platforms.

Good approach showing both Unix (export) and PowerShell ($env:) syntax side-by-side, making it immediately useful for users on any platform.


49-60: LGTM - Configuration priority is well documented.

Clear ordering of token sources (keychain → env vars → config file) helps users understand the precedence.


32-47: Verify that referenced example files exist.

The README references example files at examples/unix.md and examples/windows.md. Ensure these files are present at the specified paths.

RELEASE_NOTES.md (4)

1-28: LGTM - What's New section is well-structured.

The release highlights are clear and actionable. The one-liner installation examples match the README, and the new features (SSH support, Windows arm64) are properly documented.


32-91: LGTM - Feature documentation is comprehensive.

The mirror command examples cover various use cases (URL, org name, custom directory, SSH, max-age). The authentication flow and environment protection commands are well-documented with practical examples.


100-109: Platforms table aligns with build matrix.

The 6 OS/architecture combinations match the build job matrix in the workflow file.


111-128: LGTM - Installation section provides both quick and manual options.

Good structure with quick install for most users and a link to detailed manual installation docs.

.github/workflows/build.yml (6)

18-44: LGTM - Path-based change detection is well-designed.

The filter categories (go, scripts, workflow) provide efficient gating for downstream jobs. Skipping on tags and workflow_dispatch is correct since those trigger build/release directly.


46-72: LGTM - Shell script linting is thorough.

Good combination of shellcheck for static analysis and bash -n for syntax validation. The -x flag for shellcheck properly handles sourced files.


161-168: Security job condition may cause skipped runs.

The security job requires needs.changes.outputs.go == 'true', but the changes job is skipped on workflow_dispatch. This means security analysis won't run on manual dispatches even when targeting PRs to main. Consider if this is intentional.


207-227: LGTM - Build matrix covers all documented platforms.

The 6 OS/architecture combinations match the platforms table in RELEASE_NOTES.md. The Windows arm64 addition aligns with the PR objectives.


293-313: LGTM - Release packaging includes install scripts.

Good addition of install.sh and install.ps1 to the release artifacts, enabling the one-liner installation documented in README and RELEASE_NOTES.


113-116: Go 1.24 is a valid stable release and is correctly specified.

Go 1.24.0 is a major release of Go, with go1.24.1 released 2025-03-04 and multiple subsequent patch releases available. This version is appropriate for the workflow and no change is needed.

Comment thread .github/workflows/build.yml
Comment thread scripts/install.ps1
Comment thread scripts/install.sh

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/build.yml (1)

85-97: The $errors variable initialization issue remains unresolved.

As noted in the previous review, the $errors variable is used with [ref]$errors on line 90 but is never initialized. This should be fixed by initializing $errors at the start of each loop iteration.

🔎 Proposed fix
          foreach ($script in Get-ChildItem scripts/*.ps1) {
+           $errors = $null
            $null = [System.Management.Automation.Language.Parser]::ParseFile($script.FullName, [ref]$null, [ref]$errors)
            if ($errors) {
📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c33174a and a9d4c2c.

📒 Files selected for processing (2)
  • .github/workflows/build.yml (6 hunks)
  • scripts/install.sh (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • scripts/install.sh
🔇 Additional comments (5)
.github/workflows/build.yml (5)

99-160: Excellent test job implementation.

The test job correctly:

  • Gates execution based on relevant file changes
  • Tests across multiple OSes (Ubuntu, Windows, macOS)
  • Handles Windows line-ending differences for formatting checks
  • Validates CLI commands after build

207-275: Well-structured cross-platform build matrix.

The build job correctly:

  • Runs only on tags or manual dispatch
  • Covers all major platforms (Linux, macOS, Windows) and architectures (amd64, arm64)
  • Extracts version from git tags or generates dev versions
  • Tests the linux-amd64 binary on the ubuntu runner
  • Uploads artifacts with appropriate naming and retention

The addition of Windows arm64 support aligns with the PR objectives.


309-310: Good addition of installer scripts to release artifacts.

Including the installation scripts (install.sh and install.ps1) in the release artifacts enables the one-line installation flows mentioned in the PR objectives. This aligns well with the goal of providing easy installation methods for all platforms.


3-7: Excellent implementation of path-based CI gating.

The workflow transformation introduces efficient, file-change-driven execution that:

  • Skips unnecessary jobs when only documentation changes
  • Runs linting only when scripts or workflows change
  • Executes tests and security scans only for Go code changes
  • Builds and releases only on tags

This significantly reduces CI resource consumption while maintaining comprehensive coverage. The numbered job naming (1. Detect Changes, 2a. Lint Scripts, 2b. Test, etc.) improves readability.

Also applies to: 19-50, 99-103, 161-168


30-31: No changes needed. The dorny/paths-filter@v3 version is correct and stable.

Comment thread .github/workflows/build.yml Outdated
@ditahkk ditahkk force-pushed the issues/7-one-liner-install branch from a9d4c2c to 170909d Compare December 20, 2025 18:08

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (2)
.github/workflows/build.yml (2)

188-188: Consider updating trivy-action to v0.33.1 (latest).

Version 0.33.1 is the latest release of trivy-action. If there's no specific reason for using v0.33.0, upgrade to 0.33.1 to get the latest fixes and improvements.


85-97: Fix: Uninitialized $errors variable in PowerShell syntax validation.

The $errors variable is used with [ref]$errors but is never initialized, which can cause issues. Initialize it before use.

🔎 Proposed fix
          foreach ($script in Get-ChildItem scripts/*.ps1) {
+           $errors = $null
            $null = [System.Management.Automation.Language.Parser]::ParseFile($script.FullName, [ref]$null, [ref]$errors)
            if ($errors) {
🧹 Nitpick comments (2)
.github/workflows/build.yml (2)

187-202: All security checks are non-blocking.

All security tools (Trivy, golangci-lint, govulncheck) use continue-on-error: true or || true, making them informational only. This means security issues won't fail the workflow.

While this aligns with the "Chill" review mode and may be intentional, consider whether at least some critical security checks should block PRs to main.


309-310: Add existence checks for installer scripts.

The release job copies install.sh and install.ps1 without verifying they exist. If these files are missing, the workflow will fail at release time.

🔎 Proposed fix to validate script existence
+         # Copy installer scripts
+         if [ -f scripts/install.sh ]; then
            cp scripts/install.sh release/
+         else
+           echo "Warning: scripts/install.sh not found"
+           exit 1
+         fi
+         if [ -f scripts/install.ps1 ]; then
            cp scripts/install.ps1 release/
+         else
+           echo "Warning: scripts/install.ps1 not found"
+           exit 1
+         fi
📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a9d4c2c and 170909d.

📒 Files selected for processing (3)
  • .github/workflows/build.yml (6 hunks)
  • scripts/install.ps1 (1 hunks)
  • scripts/install.sh (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • scripts/install.ps1
  • scripts/install.sh
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: 3. Security Analysis
🔇 Additional comments (4)
.github/workflows/build.yml (4)

99-159: LGTM: Comprehensive cross-platform test coverage.

The test job correctly uses change detection to gate execution and provides thorough validation across Ubuntu, Windows, and macOS, including formatting checks, build verification, and CLI command testing.


207-274: LGTM: Comprehensive cross-platform build matrix.

The build job correctly implements a matrix strategy covering all major platforms and architectures, including the newly added Windows ARM64 support mentioned in the PR objectives. The conditional execution (tags or manual dispatch only) appropriately prevents unnecessary builds on every commit.


1-17: LGTM: Well-structured path-based CI/CD pipeline.

The workflow implements an efficient change detection strategy with clear documentation. The trigger configuration comprehensively covers development workflows (feature branches, PRs, tags, manual dispatch) while the path-based gating ensures only relevant jobs run for each change type.


20-27: This design choice is intentional and documented. The workflow's inline comment (lines 3-7) states "Tags → build + release jobs only," and the release process (docs/development/RELEASE.md) creates tags only from the main branch after running git pull origin main, ensuring tests have already passed. This assumes main branch has proper branch protection rules enforcing test runs before merge.

If you want to guarantee test execution at release time regardless of prior main branch tests, you could modify the build job's if condition to remove the tag-based skip. Otherwise, this pattern is acceptable if main branch protection is properly configured.

@ditahkk ditahkk force-pushed the issues/7-one-liner-install branch from 170909d to 25ad180 Compare December 20, 2025 18:22
fix: improve temporary file cleanup in install script
@ditahkk ditahkk force-pushed the issues/7-one-liner-install branch from 25ad180 to f4c8f0b Compare December 20, 2025 18:31

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (2)
scripts/install.ps1 (1)

48-54: Checksum verification for download integrity was previously suggested.

A past review comment already addressed the lack of checksum verification for the downloaded binary. Consider implementing it if a checksums.txt file is published with releases.

scripts/install.sh (1)

45-56: Checksum verification for download integrity was previously suggested.

A past review comment already addressed the lack of checksum verification. The workflow now generates checksums.txt in releases, so this enhancement could be implemented.

🧹 Nitpick comments (4)
scripts/install.ps1 (1)

56-61: PATH substring match may cause false positives.

The -notlike "*$installDir*" check could match unintended paths. For example, if $installDir is C:\Users\Bob\Tools, it would match C:\Users\Bob\Tools2 as well.

🔎 More precise PATH check
 $userPath = [Environment]::GetEnvironmentVariable("PATH", "User")
-if ($userPath -notlike "*$installDir*") {
+$pathEntries = $userPath -split ';' | Where-Object { $_ -ne '' }
+if ($installDir -notin $pathEntries) {
     Write-Host "  Adding to PATH..." -ForegroundColor Gray
-    [Environment]::SetEnvironmentVariable("PATH", "$userPath;$installDir", "User")
+    $newPath = ($pathEntries + $installDir) -join ';'
+    [Environment]::SetEnvironmentVariable("PATH", $newPath, "User")
 }
scripts/install.sh (2)

64-69: Redundant chmod +x after sudo mv.

Line 58 already runs chmod +x "$TMP_FILE" before the move. The sudo chmod +x "$DEST_PATH" on line 68 is redundant since file permissions are preserved by mv.

🔎 Remove redundant chmod
 if [[ -w "$INSTALL_DIR" ]]; then
     mv "$TMP_FILE" "$DEST_PATH"
 else
     sudo mv "$TMP_FILE" "$DEST_PATH"
-    sudo chmod +x "$DEST_PATH"
 fi

71-85: Verification may fail immediately after install if INSTALL_DIR is not in PATH.

The command -v ztigit check on line 72 will fail if INSTALL_DIR (e.g., /usr/local/bin) isn't in the current shell's PATH, causing the script to take the fallback branch even on successful installs. Consider using $DEST_PATH --version directly for verification.

🔎 Use direct path for verification
 # Verify
-if command -v ztigit &> /dev/null; then
-    VERSION=$(ztigit --version 2>&1 || echo "ztigit (version unavailable)")
+if "$DEST_PATH" --version &> /dev/null; then
+    VERSION=$("$DEST_PATH" --version 2>&1 || echo "ztigit (version unavailable)")
     echo ""
     ok "Installed successfully!"
     echo "  $VERSION"
.github/workflows/build.yml (1)

197-203: Redundant error suppression: || true with continue-on-error: true.

Both lines 198 and 202 use || true in the command AND have continue-on-error: true on the step. One of these is sufficient; using both is redundant. The continue-on-error approach is cleaner for workflows.

🔎 Remove redundant `|| true`
       - name: Run golangci-lint with security checks
-        run: $(go env GOPATH)/bin/golangci-lint run --enable gosec || true
+        run: $(go env GOPATH)/bin/golangci-lint run --enable gosec
         continue-on-error: true
 
       - name: Run Go vulnerability check
-        run: govulncheck ./... || true
+        run: govulncheck ./...
         continue-on-error: true
📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 170909d and f4c8f0b.

📒 Files selected for processing (3)
  • .github/workflows/build.yml (5 hunks)
  • scripts/install.ps1 (1 hunks)
  • scripts/install.sh (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: 3. Security Analysis
🔇 Additional comments (9)
scripts/install.ps1 (2)

1-14: LGTM! Well-documented script header.

The synopsis, description, and example usage are clear. The PSScriptAnalyzer suppression for Write-Host is appropriately scoped and documented.


22-28: LGTM! Architecture detection logic is correct.

Properly rejects 32-bit Windows and correctly distinguishes ARM64 from AMD64 using $env:PROCESSOR_ARCHITECTURE.

scripts/install.sh (2)

1-18: LGTM! Good script setup with strict mode and helper functions.

The set -euo pipefail ensures robust error handling, and the color output functions provide consistent formatting.


25-40: LGTM! OS and architecture detection is comprehensive.

Proper handling of macOS, Linux, and Windows shell environments (with appropriate error). Architecture mapping covers both naming conventions (x86_64/amd64, aarch64/arm64).

.github/workflows/build.yml (5)

19-44: LGTM! Well-designed path-based change detection.

The changes job efficiently gates downstream jobs based on affected file paths. The filter patterns appropriately cover Go source, scripts, and workflow files. Skipping on workflow_dispatch and tags is correct since those should run unconditionally.


85-98: LGTM! PowerShell syntax validation is now correct.

The $errors = $null initialization on line 90 properly addresses the previous review comment about the uninitialized variable.


188-195: Trivy action updated to v0.33.1.

This addresses the previous review comment suggesting the upgrade from v0.33.0.


294-314: LGTM! Release packaging correctly includes installer scripts.

The release job now copies both install.sh and install.ps1 to the release directory, ensuring they're included in GitHub releases alongside the binaries and checksums.


114-117: Go version 1.24 is available and actively maintained.

Go 1.24.0 is a major release of Go and go1.24.11 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the runtime. The workflow can use Go 1.24 without concerns; however, consider upgrading to the current stable version Go 1.25.5 (released December 2, 2025) for access to the latest features and improvements.

@ditahkk ditahkk merged commit acffa7e into main Dec 20, 2025
9 checks passed
@coderabbitai coderabbitai Bot mentioned this pull request Dec 21, 2025
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Create One-Liner Installation Scripts

2 participants