Skip to content

fix(sbom): use mise install script instead of GitHub releases download#79

Merged
pgmac merged 1 commit into
mainfrom
fix/mise-action-fetch-from-github
Jun 14, 2026
Merged

fix(sbom): use mise install script instead of GitHub releases download#79
pgmac merged 1 commit into
mainfrom
fix/mise-action-fetch-from-github

Conversation

@pgmac

@pgmac pgmac commented Jun 14, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • jdx/mise-action@v4 with fetch_from_github: true (default) downloads the mise binary directly from GitHub releases
  • When a new mise version is freshly cut, release assets can briefly 404 while being published — this is what caused the failure in run 27491105710: mise v2026.6.7 was detected via the VERSION endpoint but mise-v2026.6.7-linux-x64.tar.gz wasn't yet available on GitHub releases
  • fetch_from_github: false uses the mise install script (curl mise.jdx.dev/install.sh) which downloads from the CDN and is available immediately after a release

Test plan

  • Trigger SBOM workflow — Install tools via mise step downloads and installs mise without 404

🤖 Generated with Claude Code

jdx/mise-action with fetch_from_github: true (default) downloads the mise
binary directly from GitHub releases. When a new mise version is just cut,
the release assets can 404 briefly while being published, breaking CI.

Switching to fetch_from_github: false uses the mise install script which
pulls from the mise CDN (mise.jdx.dev), which is available immediately.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@pgmac pgmac requested a review from a team as a code owner June 14, 2026 07:25
@github-actions

Copy link
Copy Markdown

SBoM Vulnerability Scan Results

Scan Summary:

  • Total vulnerabilities found: 1
  • Critical: 0
  • High: 1
  • Medium: 0

SBoM Details:

  • Generated from commit: 9a3a4f3
  • SBoM format: CycloneDX
  • Repository: pgmac-net/pg-actions

View full SARIF report

This comment will be updated on each commit

@pgmac pgmac merged commit d4b89ff into main Jun 14, 2026
3 checks passed
@pgmac pgmac deleted the fix/mise-action-fetch-from-github branch June 14, 2026 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant