Use Go 1.26 in CI, check for capability growth not exact match

Rework caps.sh to detect new capabilities rather than requiring an exact match, so the baseline works across Go versions. Add a forbidden capabilities list (UNSAFE_POINTER, NETWORK, CGO, EXEC) that will always fail the check. Use Go 1.26 and capslock@latest in CI. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
2026-03-24 02:05:24 +00:00
parent e0ceae2490
commit 2336b98a36
2 changed files with 62 additions and 13 deletions
@@ -18,8 +18,8 @@ jobs:
      - name: Setup go
        uses: actions/setup-go@v6
        with:
-          go-version: "1.24"
+          go-version: "1.26"
      - name: Install capslock
-        run: go install github.com/google/capslock/cmd/capslock@v0.3.1
+        run: go install github.com/google/capslock/cmd/capslock@latest
      - name: Check for new capabilities
        run: ./caps.sh check