From 62d406cf49e664dd9ce08ecb3ed52f4f93e89517 Mon Sep 17 00:00:00 2001
From: mojatter <uz@trycatch.jp>
Date: Tue, 7 Apr 2026 18:13:49 +0900
Subject: [PATCH 1/4] chore: lower minimum Go to 1.24 and add CI matrix

Drop go.mod's go directive from 1.26 to 1.24 so the module can be
consumed from projects that have not yet moved to the latest toolchain.
Add a Go version matrix (1.24, 1.25, stable) to tests.yaml so future
regressions against the lowest supported version are caught in CI.
---
 .github/workflows/tests.yaml | 6 +++++-
 go.mod                       | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 51c20de..045929b 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -12,6 +12,10 @@ on:
 jobs:
   tests:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: ['1.24', '1.25', 'stable']
     steps:
       -
         name: Checkout
@@ -22,7 +26,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version-file: go.mod
+          go-version: ${{ matrix.go-version }}
       -
         name: Cache Go modules
         uses: actions/cache@v5
diff --git a/go.mod b/go.mod
index 517ae52..0df4ee1 100644
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,3 @@
 module github.com/mojatter/wfs
 
-go 1.26
+go 1.24

From de4a7a6c72a83a1c4c307809cf44811d71258d86 Mon Sep 17 00:00:00 2001
From: mojatter <uz@trycatch.jp>
Date: Tue, 7 Apr 2026 18:19:28 +0900
Subject: [PATCH 2/4] ci: only run staticcheck and gosec on the latest Go in
 the matrix

staticcheck v0.7.0 requires Go >= 1.25 and therefore fails to install
on the matrix's 1.24 job. Gate the staticcheck and gosec steps on
matrix.go-version == 'stable' so the lint pass runs once per workflow
on the latest toolchain while go test still exercises every supported
Go version.
---
 .github/workflows/tests.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 045929b..0160836 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -41,12 +41,17 @@ jobs:
           go mod tidy
           go test -v ./...
       -
+        # staticcheck v0.7.0 requires Go >= 1.25, so only run linters on
+        # the latest toolchain in the matrix. Tests still cover all
+        # supported Go versions.
         name: Run staticcheck
+        if: matrix.go-version == 'stable'
         run: |
           go install honnef.co/go/tools/cmd/staticcheck@v0.7.0
           staticcheck ./...
       -
         name: Run gosec
+        if: matrix.go-version == 'stable'
         run: |
           go install github.com/securego/gosec/v2/cmd/gosec@v2.24.7
           gosec ./...

From a9d6c7d1594d9a06a71a2bfcb48798f98a35fa38 Mon Sep 17 00:00:00 2001
From: mojatter <uz@trycatch.jp>
Date: Tue, 7 Apr 2026 18:22:36 +0900
Subject: [PATCH 3/4] ci: drop redundant Go 1.25 from matrix

The matrix only needs the minimum supported (1.24) and the latest
(stable) toolchains; the in-between 1.25 entry adds CI time without
catching anything the two endpoints would not.
---
 .github/workflows/tests.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 0160836..508fd13 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -15,7 +15,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go-version: ['1.24', '1.25', 'stable']
+        go-version: ['1.24', 'stable']
     steps:
       -
         name: Checkout

From 7cb430198730939ae0a1887052c6a07fb9ccb135 Mon Sep 17 00:00:00 2001
From: mojatter <uz@trycatch.jp>
Date: Tue, 7 Apr 2026 18:43:57 +0900
Subject: [PATCH 4/4] ci: add tests aggregator job for branch protection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adding the matrix renamed the per-version checks to 'tests (1.24)' /
'tests (stable)', so the branch protection required check named
'tests' is never reported and PRs hang in 'Expected — Waiting for
status to be reported'. Rename the matrix job to 'test' and add a
trivial 'tests' aggregator that depends on it; this keeps the required
check name stable across future matrix changes without touching
branch protection.
---
 .github/workflows/tests.yaml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 508fd13..6959ea1 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -10,7 +10,7 @@ on:
   workflow_call:
 
 jobs:
-  tests:
+  test:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -55,3 +55,18 @@ jobs:
         run: |
           go install github.com/securego/gosec/v2/cmd/gosec@v2.24.7
           gosec ./...
+
+  # Aggregator job kept under the stable name "tests" so the branch
+  # protection required check does not need to be reconfigured every
+  # time the matrix changes.
+  tests:
+    runs-on: ubuntu-latest
+    needs: test
+    if: always()
+    steps:
+      - name: Check matrix results
+        run: |
+          if [ "${{ needs.test.result }}" != "success" ]; then
+            echo "matrix job failed: ${{ needs.test.result }}"
+            exit 1
+          fi