Skip to content

ci(security): pin vacuum to v0.29.7 in OpenAPI validation#512

Merged
ericfitz merged 1 commit into
mainfrom
ci/pin-vacuum-version
Jul 1, 2026
Merged

ci(security): pin vacuum to v0.29.7 in OpenAPI validation#512
ericfitz merged 1 commit into
mainfrom
ci/pin-vacuum-version

Conversation

@ericfitz

@ericfitz ericfitz commented Jul 1, 2026

Copy link
Copy Markdown
Owner

The OpenAPI Validation job installed vacuum via curl … install_vacuum.sh | sudo sh, which auto-detects the latest release. When that detection hiccups it builds a bad URL with an empty version (.../download/v/vacuum_linux_x86_64_.tar.gz) and 404s — flaking this required check (hit #511, needed a re-run).

Fix: download a pinned release asset (v0.29.7) directly, so the step is deterministic. Bump the pin when we want a newer vacuum.

This PR's own OpenAPI Validation run exercises the pinned installer.

🤖 Generated with Claude Code

The `install_vacuum.sh` bootstrap auto-detects the latest release; when that
detection hiccups it builds a download URL with an empty version
(.../download/v/vacuum_linux_x86_64_.tar.gz) and 404s, flaking the required
OpenAPI Validation check (seen on #511). Download a pinned release asset
directly instead so the step is deterministic.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Kk9GxWS9EpazjbwBKfMpUX
@ericfitz ericfitz merged commit a8f41b0 into main Jul 1, 2026
9 checks passed
@ericfitz ericfitz deleted the ci/pin-vacuum-version branch July 1, 2026 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant