ci: add GitHub Actions CI + prepare v0.1.2 release#6
Merged
Conversation
- gate every PR and push to main through the Makefile's verification discipline: gofmt → vet → race tests (with coverage) → official Lua 5.4 conformance fixtures, so the repo's pre-push gate now runs remotely - add CI-only hardening the Makefile doesn't cover: govulncheck plus a cross-platform build matrix (ubuntu/macos/windows) proving the README's portability claim; bench runs observationally (non-gating) - trigger only on source-affecting paths so doc-only changes skip CI Tags: #ci #github-actions Co-Authored-By: htjulia <htjulia1@gmail.com>
- the new CI gofmt gate flagged misaligned trailing comments on the LuaRelease/Version consts; no semantic change chore: raise minimum Go to 1.25.11 - CI govulncheck flagged 4 stdlib advisories present in the go1.24.x standard library — GO-2026-5037 (crypto/x509), GO-2026-4971 (net), GO-2026-4602 (os), GO-2026-4601 (net/url) - all are fixed in the go1.25.x stdlib; bump the go directive so builds pull the patched standard library and the govulncheck gate passes - raises this library's minimum Go requirement to 1.25.11 Tags: #ci #security #gofmt Co-Authored-By: htjulia <htjulia1@gmail.com>
- bump the engine Version constant to 0.1.2 (exposed to Lua as _LUAPURE_VERSION and by the debug MCP adapters); it had been left at 0.1.0 through the 0.1.1 release, so the banner now reports the real release version - add the [0.1.2] CHANGELOG entry covering the new CI pipeline and the Go 1.25.11 security bump docs: state the Go 1.25.11 minimum in the README - update the Go badge and the requirements line to 1.25.11 so the public library advertises the correct minimum after the stdlib security bump Tags: #release #docs #changelog Co-Authored-By: htjulia <htjulia1@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds the repo's first CI pipeline and, in doing so, prepares the v0.1.2 release (the CI's govulncheck/gofmt gates surfaced two fixes that belong in a release).
CI —
.github/workflows/ci.ymlMirrors the
go-lua-perfCI structure, adapted to lua-pure's Makefile.gofmt -lclean checkmake vet→ race tests + coverage →make conformance(official Lua 5.4 fixtures)golang.org/x/vulnscango vet+go buildon ubuntu / macOS / windowsmake benchcontinue-on-error)v0.1.2 release changes
godirective; README badge + requirements line updated.lua/luaconf.go(the new gofmt gate caught misaligned comments)._LUAPURE_VERSION/ debug MCP adapters had been stuck at0.1.0through the 0.1.1 release. Banner now readsluapure 0.1.2 (Lua 5.4.8).[0.1.2] — 2026-07-05entry added.Verification
make checkpasses (build + vet + race + conformance 30/33;gc.luaRUN-ERR is a known non-fatal case).govulncheck ./...→ No vulnerabilities found.After merge: tag
v0.1.2onmainand cut the GitHub release.