Skip to content

[Sync] Update project files from source repository (6b279b0)#305

Merged
mrz1836 merged 1 commit intomasterfrom
chore/sync-files-bitcoin-schema-20260428-133825-6b279b0
Apr 28, 2026
Merged

[Sync] Update project files from source repository (6b279b0)#305
mrz1836 merged 1 commit intomasterfrom
chore/sync-files-bitcoin-schema-20260428-133825-6b279b0

Conversation

@mrz1836
Copy link
Copy Markdown
Member

@mrz1836 mrz1836 commented Apr 28, 2026

What Changed

  • Updated goreleaser/goreleaser-action from commit e24998b8b67b290c2fa8b7c14fcfa7de2c5c9b8c (v7.1.0) to 1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8 (v7.2.1) in .github/actions/setup-goreleaser/action.yml
  • Bumped MAGE_X_VERSION from v1.20.15 to v1.20.16 in .github/env/10-mage-x.env
  • Updated MAGE_X_GORELEASER_VERSION from v2.15.3 to v2.15.4 in .github/env/10-mage-x.env
  • Updated MAGE_X_MAGE_VERSION from v1.17.1 to v1.17.2 in .github/env/10-mage-x.env
  • Added rate-limiting detection and graceful handling for Nancy security scans in .github/workflows/fortress-security-scans.yml and .github/workflows/fortress.yml - when OSS Index rate-limits requests, the scan is now marked as rate-limited instead of failing CI, with instructions to configure OSSI_USERNAME and OSSI_TOKEN secrets

Why It Was Necessary

  • Keep GitHub Actions and build tooling dependencies up to date with latest stable versions for bug fixes and improvements
  • Improve developer experience by preventing false-negative CI failures when Nancy scans are rate-limited by OSS Index
  • Provide clear guidance to developers on how to authenticate with OSS Index to lift rate limiting restrictions

Testing Performed

  • CI workflow executes successfully with updated GoReleaser action version
  • Updated mage-x and dependency versions are compatible with existing build processes
  • Nancy scan rate-limiting logic correctly detects rate-limit messages and outputs appropriate warnings without failing the build

Impact / Risk

  • Breaking Change: None - all updates are backward compatible
  • Risk: Low - minor version updates to build tools with rate-limiting handling as a safety improvement
  • CI Behavior: Nancy scans will no longer fail CI when rate-limited; teams should configure OSS Index credentials for authenticated scanning if rate limits become frequent

Copilot AI review requested due to automatic review settings April 28, 2026 17:38
@mrz1836 mrz1836 self-assigned this Apr 28, 2026
@mrz1836 mrz1836 added automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps labels Apr 28, 2026
@github-actions github-actions Bot added size/M Medium change (51–200 lines) update General updates labels Apr 28, 2026
Copilot AI reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Synchronizes GitHub workflow/tooling configuration from the source repository to keep CI dependencies current and to make Nancy security scans resilient to OSS Index rate limiting.

Changes:

  • Updated goreleaser/goreleaser-action pin to v7.2.1 in the composite setup-goreleaser action.
  • Bumped mage-x and related tool version environment variables.
  • Added OSS Index rate-limit detection for Nancy scans, marking runs as rate-limited (warning/inconclusive) instead of failing CI, with remediation guidance in annotations and job summary.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
.github/workflows/fortress.yml Updates GoFortress workflow header version/release metadata.
.github/workflows/fortress-security-scans.yml Adds rate-limit handling + warning annotations/summary messaging for Nancy OSS Index throttling.
.github/env/10-mage-x.env Bumps mage-x, goreleaser, and mage version pins.
.github/actions/setup-goreleaser/action.yml Updates goreleaser-action pin used for GoReleaser installation on cache miss.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mrz1836 mrz1836 merged commit 3a7edcb into master Apr 28, 2026
47 checks passed
@github-actions github-actions Bot deleted the chore/sync-files-bitcoin-schema-20260428-133825-6b279b0 branch April 28, 2026 17:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@mrz1836 mrz1836

Labels

automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps size/M Medium change (51–200 lines) update General updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrz1836