ci(release): drop unsupported windows/arm targets

Co-authored-by: Thomas Pelletier <thomas@pelletier.dev>
2026-03-03 06:15:04 +00:00
13 changed files with 12 additions and 174 deletions
@@ -1,25 +0,0 @@
 name: capabilities
 on:
  push:
    branches:
      - v2
  pull_request:
    branches:
      - v2
 jobs:
  check:
    name: check capabilities
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Setup go
        uses: actions/setup-go@v6
        with:
          go-version: "1.26"
      - name: Install capslock
        run: go install github.com/google/capslock/cmd/capslock@latest
      - name: Check for new capabilities
        run: ./caps.sh check
@@ -15,6 +15,6 @@ jobs:
      - name: Setup go
        uses: actions/setup-go@v6
        with:
-          go-version: "1.26"
+          go-version: "1.25"
      - name: Run tests with coverage
        run: ./ci.sh coverage -d "${GITHUB_BASE_REF-HEAD}"
@@ -20,7 +20,7 @@ jobs:
          fetch-depth: 0
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3
      - name: Run Go versions compatibility test
        run: |
@@ -15,7 +15,7 @@ jobs:
      - name: Setup go
        uses: actions/setup-go@v6
        with:
-          go-version: "1.26"
+          go-version: "1.24"
      - name: Run golangci-lint
        uses: golangci/golangci-lint-action@v9
        with:
@@ -22,9 +22,9 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
-          go-version: "1.26"
+          go-version: "1.25"
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v4
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -13,7 +13,7 @@ jobs:
      fail-fast: false
      matrix:
        os: [ 'ubuntu-latest', 'windows-latest', 'macos-latest', 'macos-14' ]
-        go: [ '1.25', '1.26' ]
+        go: [ '1.24', '1.25' ]
    runs-on: ${{ matrix.os }}
    name: ${{ matrix.go }}/${{ matrix.os }}
    steps:
@@ -53,14 +53,6 @@ go-toml is a TOML library for Go. The goal is to provide an easy-to-use and effi
 - Commit messages must explain **why** the change is needed
 - Keep messages clear and informative even if details are in the PR description
 ### Capabilities
 go-toml tracks system-level capabilities using [capslock](https://github.com/google/capslock). The baseline is in `capability_baseline.txt` and CI enforces that it does not grow.
 - **Do not introduce new capabilities.** PRs that increase the capability set (e.g., adding network access, subprocess execution, syscalls) are unlikely to be accepted.
 - If a change causes the capabilities check to fail, do not update the baseline to make it pass. Instead, rethink the approach to avoid requiring new capabilities.
 - To check locally: `./caps.sh check` (requires `capslock` installed via `go install github.com/google/capslock/cmd/capslock@latest`)
 ## Pull Request Checklist
 Before submitting:
@@ -69,5 +61,4 @@ Before submitting:
 2. No backward-incompatible changes (unless discussed)
 3. Relevant documentation added/updated
 4. No performance regression (verify with benchmarks)
-5. Capabilities are not increasing (`./caps.sh check`)
+5. Title is clear and understandable for changelog
 6. Title is clear and understandable for changelog
@@ -180,25 +180,6 @@ description. Pull requests that lower performance will receive more scrutiny.
 [benchstat]: https://pkg.go.dev/golang.org/x/perf/cmd/benchstat
 ### Capabilities
 We use [capslock](https://github.com/google/capslock) to track what
 system-level capabilities (file access, network, syscalls, etc.) each package
 requires. The current baseline is in `capability_baseline.txt`. CI will fail if
 a change introduces a new capability.
 **Pull requests that increase the set of capabilities are unlikely to be
 accepted.** go-toml is a parsing library and should not need network access,
 subprocess execution, or other capabilities beyond what it already uses.
 If you believe a new capability is genuinely needed, discuss it in an issue
 first. To update the baseline after approval:
 ```bash
 go install github.com/google/capslock/cmd/capslock@latest
 ./caps.sh generate
 ```
 ### Style
 Try to look around and follow the same format and structure as the rest of the
@@ -1 +0,0 @@
 github.com/pelletier/go-toml/v2: CAPABILITY_REFLECT, CAPABILITY_UNANALYZED, CAPABILITY_UNSAFE_POINTER
@@ -1,101 +0,0 @@
 #!/usr/bin/env bash
 #
 # Generates or checks the capability baseline for go-toml.
 #
 # Usage:
 #   ./caps.sh generate   # regenerate capability_baseline.txt
 #   ./caps.sh check      # check that capabilities haven't grown
 #
 # Requires: go, capslock (go install github.com/google/capslock/cmd/capslock@latest)
 set -euo pipefail
 BASELINE="capability_baseline.txt"
 CAPSLOCK="${CAPSLOCK:-capslock}"
 # Capabilities that must never appear in any package.
 FORBIDDEN_CAPS=(
    CAPABILITY_NETWORK
    CAPABILITY_CGO
    CAPABILITY_EXEC
 )
 capslock_to_baseline() {
    "$CAPSLOCK" -packages=. -output=package -granularity=package \
        | jq -r 'to_entries | sort_by(.key) | .[] | .key + ": " + (.value | sort | join(", "))'
 }
 generate() {
    capslock_to_baseline > "$BASELINE"
    echo "Wrote $BASELINE"
 }
 check() {
    if [ ! -f "$BASELINE" ]; then
        echo "ERROR: $BASELINE not found. Run '$0 generate' first."
        exit 1
    fi
    current=$(mktemp)
    trap 'rm -f "$current"' EXIT
    capslock_to_baseline > "$current"
    failed=0
    # Check for forbidden capabilities in current output.
    for cap in "${FORBIDDEN_CAPS[@]}"; do
        if grep -q "$cap" "$current"; then
            echo "FORBIDDEN capability found: $cap"
            grep "$cap" "$current"
            failed=1
        fi
    done
    # Extract all unique capability names from baseline and current.
    baseline_caps=$(grep -oE 'CAPABILITY_[A-Z_]+' "$BASELINE" | sort -u)
    current_caps=$(grep -oE 'CAPABILITY_[A-Z_]+' "$current" | sort -u)
    # Check for new capability names not in the baseline.
    new_caps=$(comm -13 <(echo "$baseline_caps") <(echo "$current_caps"))
    if [ -n "$new_caps" ]; then
        echo "NEW capabilities detected (not in baseline):"
        echo "$new_caps"
        failed=1
    fi
    # Check for new per-package capabilities (a package gained a capability it didn't have before).
    while IFS=': ' read -r pkg caps; do
        baseline_pkg_caps=$(grep "^${pkg}:" "$BASELINE" 2>/dev/null | sed 's/^[^:]*: //' || true)
        if [ -z "$baseline_pkg_caps" ]; then
            echo "NEW package with capabilities: $pkg: $caps"
            failed=1
            continue
        fi
        # Check each capability in current for this package
        for cap in $(echo "$caps" | tr ', ' '\n' | grep -v '^$'); do
            if ! echo "$baseline_pkg_caps" | grep -q "$cap"; then
                echo "NEW capability for $pkg: $cap"
                failed=1
            fi
        done
    done < "$current"
    if [ "$failed" -eq 1 ]; then
        echo ""
        echo "FAILED: capabilities have grown."
        echo "If this is intentional, run '$0 generate' and commit the updated $BASELINE."
        exit 1
    fi
    echo "OK: no new capabilities detected."
 }
 case "${1:-}" in
    generate) generate ;;
    check)    check ;;
    *)
        echo "Usage: $0 {generate|check}"
        exit 1
        ;;
 esac
@@ -259,12 +259,6 @@ func TestDecodeError_Position(t *testing.T) {
 			expectedRow: 3,
 			minCol:      5,
 		},
 		{
 			name:        "missing equals on last line without trailing newline",
 			doc:         "a = 1\nb = 2\nc",
 			expectedRow: 3,
 			minCol:      1,
 		},
 	}
 	for _, e := range examples {
@@ -9,7 +9,7 @@ YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color
-# Go versions to test (1.11 through 1.26)
+# Go versions to test (1.11 through 1.25)
 GO_VERSIONS=(
    "1.11"
    "1.12"
@@ -26,7 +26,6 @@ GO_VERSIONS=(
    "1.23"
    "1.24"
    "1.25"
    "1.26"
 )
 # Default values
@@ -65,7 +64,7 @@ EXAMPLES:
    $0                          # Test all Go versions in parallel
    $0 --sequential             # Test all Go versions sequentially
    $0 1.21 1.22 1.23          # Test specific versions
-    $0 --verbose --output ./results 1.25 1.26  # Verbose output to custom directory
+    $0 --verbose --output ./results 1.24 1.25  # Verbose output to custom directory
 EXIT CODES:
    0                   Recent Go versions pass (good compatibility)
@@ -137,8 +136,8 @@ fi
 # Validate Go versions
 for version in "${GO_VERSIONS[@]}"; do
-    if ! [[ "$version" =~ ^1\.(1[1-9]|2[0-6])$ ]]; then
+    if ! [[ "$version" =~ ^1\.(1[1-9]|2[0-5])$ ]]; then
-        log_error "Invalid Go version: $version. Supported versions: 1.11-1.26"
+        log_error "Invalid Go version: $version. Supported versions: 1.11-1.25"
        exit 1
    fi
 done
@@ -345,7 +345,7 @@ func (p *Parser) parseKeyval(b []byte) (reference, []byte, error) {
 	b = p.parseWhitespace(b)
 	if len(b) == 0 {
-		return invalidReference, nil, NewParserError(startB[:len(startB)-len(b)], "expected = after a key, but the document ends there")
+		return invalidReference, nil, NewParserError(b, "expected = after a key, but the document ends there")
 	}
 	b, err = expect('=', b)
		`@@ -1 +0,0 @@`
			`github.com/pelletier/go-toml/v2: CAPABILITY_REFLECT, CAPABILITY_UNANALYZED, CAPABILITY_UNSAFE_POINTER`