Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 130 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
# GitHub Actions CI — mirrors the Makefile's verification discipline
# (vet → test/race → conformance → build, plus bench) on pull requests and
# pushes to main, and only when source files change (doc-only changes are
# skipped). The Makefile is the single source of truth: jobs call `make <target>`
# where a target exists; the extra hardening steps (gofmt gate, govulncheck,
# cross-platform build, coverage) are CI-only and call `go` directly.
#
# luapure is a zero-dependency pure-Go port, so there is no go.sum: `make test`
# is already race-enabled and `make conformance` runs the official Lua 5.4
# fixtures as a hard gate.

name: CI

on:
push:
branches: [main]
paths:
- "**/*.go"
- "go.mod"
- "Makefile"
- "conformance/**"
- "_lua5.4-tests/**"
- "_glue5.4-tests/**"
- ".github/workflows/ci.yml"
pull_request:
paths:
- "**/*.go"
- "go.mod"
- "Makefile"
- "conformance/**"
- "_lua5.4-tests/**"
- "_glue5.4-tests/**"
- ".github/workflows/ci.yml"

concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true

jobs:
# Fast fail on formatting before spending time on the heavier jobs.
format:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
- name: gofmt
run: |
unformatted=$(gofmt -l .)
if [ -n "$unformatted" ]; then
echo "These files are not gofmt-clean:"; echo "$unformatted"
exit 1
fi

# The canonical pre-push gate: vet → race-enabled tests (with coverage) →
# official Lua 5.4 conformance fixtures. Equivalent to `make check` minus the
# build step (which the cross-platform build job below proves separately).
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod # tracks the toolchain pinned in go.mod
cache: true # build cache, keyed on go.mod (no go.sum: zero deps)
- run: make vet
# `make test` is `go test -race -count=1 ./...`; add a coverage profile.
# covermode=atomic is required under -race.
- name: test (race, with coverage)
run: go test -race -covermode=atomic -coverprofile=coverage.out -count=1 ./...
- name: conformance (official Lua 5.4 fixtures)
run: make conformance
- name: upload coverage
uses: actions/upload-artifact@v7
with:
name: coverage
path: coverage.out
if-no-files-found: warn

# Scan dependencies and code for known vulnerabilities.
govulncheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
- name: govulncheck
env:
# govulncheck@latest requires a newer Go than go.mod pins; allow the
# toolchain to auto-upgrade for the tool install. setup-go v6 defaults
# GOTOOLCHAIN to "local", which otherwise blocks this.
GOTOOLCHAIN: auto
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

# build runs only after verify passes, mirroring the Makefile's
# "build only after tests pass", and proves the engine + all `go` targets are
# cross-platform. `make` isn't assumed on Windows, so call `go` directly.
build:
needs: verify
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
- run: go vet ./...
- run: go build ./...

# bench is observational, not a gate — a slow/noisy run must not fail CI.
bench:
needs: verify
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
cache: true
- run: make bench
22 changes: 22 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,28 @@ separately from the luapure release version.
- Performance: keep narrowing the speed/allocation gap to the reference (see
[`ROADMAP.md`](ROADMAP.md) for the current levers).

## [0.1.2] — 2026-07-05

Tooling and security. No API or observable-behaviour change; conformance
stays at 30/33.

### Added
- **Continuous integration.** A GitHub Actions workflow
([`.github/workflows/ci.yml`](.github/workflows/ci.yml)) now gates every pull
request and push to `main`: gofmt → `go vet` → race-enabled tests with
coverage → the official Lua 5.4 conformance fixtures. CI-only hardening adds
`govulncheck`, a cross-platform build matrix (Linux/macOS/Windows), and an
observational (non-gating) benchmark run.

### Changed
- **Minimum Go raised to 1.25.11.** `govulncheck` flagged four advisories in
the go1.24.x standard library — GO-2026-5037 (`crypto/x509`), GO-2026-4971
(`net`), GO-2026-4602 (`os`), and GO-2026-4601 (`net/url`) — all fixed in
go1.25.x. Bumping the `go` directive pulls the patched standard library.
- **Version constant synced.** `Version` (exposed to Lua as `_LUAPURE_VERSION`,
and reported by the debug MCP adapters) now tracks the release version; it had
been left at `0.1.0` through the 0.1.1 release.

## [0.1.1] — 2026-06-29

Performance and documentation. No API or observable-behaviour change;
Expand Down
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# LuaPure — a pure Go Lua VM

[![Go Reference](https://pkg.go.dev/badge/github.com/htcom-code/lua-pure/lua.svg)](https://pkg.go.dev/github.com/htcom-code/lua-pure/lua)
[![Go 1.24+](https://img.shields.io/badge/Go-1.24%2B-00ADD8.svg)](go.mod)
[![Go 1.25.11+](https://img.shields.io/badge/Go-1.25.11%2B-00ADD8.svg)](go.mod)
[![Lua 5.4.8](https://img.shields.io/badge/Lua-5.4.8-000080.svg)](https://www.lua.org/)
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
[![Status: alpha](https://img.shields.io/badge/status-alpha-orange.svg)](#project-status)
Expand Down Expand Up @@ -61,7 +61,8 @@ or tag if you depend on it. [`ROADMAP.md`](ROADMAP.md) tracks what comes next
go get github.com/htcom-code/lua-pure/lua
```

Requires Go 1.24 (uses the `weak` package for weak tables).
Requires Go 1.25.11 (the `weak` package for weak tables needs 1.24; the
1.25.11 floor also clears known standard-library security advisories).

## Quickstart

Expand Down
2 changes: 1 addition & 1 deletion cmd/luadbg-mcp/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func main() {
NewState: newState,
Source: resolver,
Name: "luapure-debug",
Version: "0.1.0",
Version: "0.1.2",
}

t := debugmcp.NewStdioTransport(os.Stdin, os.Stdout, nil)
Expand Down
2 changes: 1 addition & 1 deletion debugmcp/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ func (s *Server) initialize(params json.RawMessage) any {
name = "luapure-debug"
}
if version == "" {
version = "0.1.0"
version = "0.1.2"
}
return map[string]any{
"protocolVersion": ver,
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
module github.com/htcom-code/lua-pure

go 1.24
go 1.25.11
6 changes: 3 additions & 3 deletions lua/luaconf.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,12 @@ package luapure
// here and to Lua via the _LUAPURE_VERSION global.
const (
LuaVersion = "Lua 5.4" // == _VERSION; PUC LUA_VERSION (DO NOT CHANGE)
LuaRelease = "5.4.8" // PUC patch level this engine tracks
Version = "0.1.0" // luapure implementation version
LuaRelease = "5.4.8" // PUC patch level this engine tracks
Version = "0.1.2" // luapure implementation version
)

// VersionString returns the full implementation banner, e.g.
// "luapure 0.1.0 (Lua 5.4.8)". It is the value exposed to Lua as the global
// "luapure 0.1.2 (Lua 5.4.8)". It is the value exposed to Lua as the global
// _LUAPURE_VERSION.
func VersionString() string {
return "luapure " + Version + " (Lua " + LuaRelease + ")"
Expand Down
Loading