ruby.git/.github/actions, branch master The Ruby Programming Language Bump actions/checkout to v6.0.3 2026-06-04T01:49:04+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-06-04T01:04:20+00:00 a50eaa3dcd6fcb3673d5356db886af26c4e15e52 Dependabot left the version comment as v6.0.2 on the four lines that carry a trailing `# zizmor: ignore[artipacked]`, since its comment rewriter only handles a version comment as the last token on the line. zizmor flagged the resulting hash/comment mismatch. Update every checkout pin in .github to the v6.0.3 commit and comment at once. 
Dependabot left the version comment as v6.0.2 on the four lines that
carry a trailing `# zizmor: ignore[artipacked]`, since its comment
rewriter only handles a version comment as the last token on the line.
zizmor flagged the resulting hash/comment mismatch. Update every
checkout pin in .github to the v6.0.3 commit and comment at once.
Add upload-artifact input to make-snapshot composite action 2026-05-21T04:39:15+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-21T02:27:52+00:00 32aad3f7f37b3e0758ae563e0a37cc96159ddb21 Lets callers opt out of the Packages and Info uploads. tarball-test keeps the default true so per-OS reusables can download them, while upload-tarball in ruby/actions can pass false once it runs the same composite in a matrix across four release branches without colliding on artifact names. 
Lets callers opt out of the Packages and Info uploads. tarball-test
keeps the default true so per-OS reusables can download them, while
upload-tarball in ruby/actions can pass false once it runs the same
composite in a matrix across four release branches without colliding
on artifact names.
Remove unused generate-tar-bz2 2026-05-20T05:33:19+00:00 Kazuhiro NISHIYAMA zn@mbf.nifty.com 2026-05-20T05:32:49+00:00 c13fe5aaaa9f9b152c6a6a87d5d90c19c8155e5c Release packages stopped to include `*.tar.bz2` since 3.0.0. https://bugs.ruby-lang.org/issues/16483 
Release packages stopped to include `*.tar.bz2` since 3.0.0.
https://bugs.ruby-lang.org/issues/16483
Promote archname to an explicit composite input 2026-05-19T08:25:10+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-19T04:43:40+00:00 e65d75790ed1465b7816b6a6a5c69e9c437e09a7 The composite action previously read $archname from the caller's job env, leaving the dependency implicit. Declare archname as a required input and pass it via with: so the action is self-contained and the linkage is visible at the call site. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 
The composite action previously read $archname from the caller's job
env, leaving the dependency implicit. Declare archname as a required
input and pass it via with: so the action is self-contained and the
linkage is visible at the call site.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pass inputs through env to avoid template injection 2026-05-19T08:25:10+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-19T04:33:34+00:00 942f45b2af17f3b6041baef3d466136c0e16d7b8 zizmor flags inline `${{ inputs.X }}` expansions inside run scripts as template-injection errors. Reusable workflow inputs come from the in-repo caller and are trusted, but routing them through env avoids the class of mistake entirely and silences the audit without per-line ignores. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 
zizmor flags inline `${{ inputs.X }}` expansions inside run scripts as
template-injection errors. Reusable workflow inputs come from the
in-repo caller and are trusted, but routing them through env avoids the
class of mistake entirely and silences the audit without per-line
ignores.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add tarball-test workflow for snapshot tarball CI 2026-05-19T08:25:10+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2026-05-19T03:55:47+00:00 bc8fc5da9116f40e9f44a795b97cdbe991206515 Port the daily snapshot tarball pipeline from ruby/actions into ruby/ruby so the tarball build and per-OS tests run on every push and pull request. The make-snapshot composite action gains a srcdir input so the same logic can either clone ruby/ruby (daily upload from ruby/actions) or operate on the working tree (this workflow). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 
Port the daily snapshot tarball pipeline from ruby/actions into
ruby/ruby so the tarball build and per-OS tests run on every push and
pull request. The make-snapshot composite action gains a srcdir input so
the same logic can either clone ruby/ruby (daily upload from ruby/actions)
or operate on the working tree (this workflow).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fix for zizmor 2026-05-16T04:16:52+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2026-05-16T04:16:52+00:00 3edf47de504f099857fd1e7719713674fcf3b9ee 






Use setup/ubuntu action for cross-compiling
2026-05-16T02:22:40+00:00

Nobuyoshi Nakada
nobu@ruby-lang.org

2026-05-13T15:39:53+00:00

0cebfe9474b06f8ef4f92aeff82ab3fe4e181fb2












Extract setup/baseruby
2026-05-16T02:09:37+00:00

Nobuyoshi Nakada
nobu@ruby-lang.org

2026-05-13T12:14:23+00:00

a14260294f5bdfe9b07d168d7c44d64bb2d831e0












Bump the github-actions group across 2 directories with 5 updates
2026-05-13T03:59:24+00:00

dependabot[bot]
49699333+dependabot[bot]@users.noreply.github.com

2026-05-13T03:52:30+00:00

62d754ba7c6164e466410d36f99bab92e77f7272

Bumps the github-actions group with 4 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [github/codeql-action](https://github.com/github/codeql-action), [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) and [taiki-e/install-action](https://github.com/taiki-e/install-action).
Bumps the github-actions group with 1 update in the /.github/actions/slack directory: [ruby/action-slack](https://github.com/ruby/action-slack).


Updates `ruby/setup-ruby` from 1.306.0 to 1.307.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/c4e5b1316158f92e3d49443a9d58b31d25ac0f8f...6aaa311d81eba98ae12eaffbcb63296ace0efcde)

Updates `github/codeql-action` from 4.35.3 to 4.35.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...68bde559dea0fdcac2102bfdf6230c5f70eb485e)

Updates `actions-rust-lang/setup-rust-toolchain` from 1.16.0 to 1.16.1
- [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases)
- [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions-rust-lang/setup-rust-toolchain/compare/2b1f5e9b395427c92ee4e3331786ca3c37afe2d7...46268bd060767258de96ed93c1251119784f2ab6)

Updates `taiki-e/install-action` from 2.77.1 to 2.77.7
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/install-action/compare/cca35edeb1d01366c2843b68fc3ca441446d73d3...3235f8901fd37ffed0052b276cec25a362fb82e9)

Updates `ruby/action-slack` from 3.2.2 to 4.0.0
- [Release notes](https://github.com/ruby/action-slack/releases)
- [Commits](https://github.com/ruby/action-slack/compare/54175162371f1f7c8eb94d7c8644ee2479fcd375...d260b61aa817726d5bedd22dd6cc305787fa4cdd)

---
updated-dependencies:
- dependency-name: actions-rust-lang/setup-rust-toolchain
  dependency-version: 1.16.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: ruby/action-slack
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: ruby/setup-ruby
  dependency-version: 1.307.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: taiki-e/install-action
  dependency-version: 2.77.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>




Bumps the github-actions group with 4 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [github/codeql-action](https://github.com/github/codeql-action), [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) and [taiki-e/install-action](https://github.com/taiki-e/install-action).
Bumps the github-actions group with 1 update in the /.github/actions/slack directory: [ruby/action-slack](https://github.com/ruby/action-slack).


Updates `ruby/setup-ruby` from 1.306.0 to 1.307.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/c4e5b1316158f92e3d49443a9d58b31d25ac0f8f...6aaa311d81eba98ae12eaffbcb63296ace0efcde)

Updates `github/codeql-action` from 4.35.3 to 4.35.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...68bde559dea0fdcac2102bfdf6230c5f70eb485e)

Updates `actions-rust-lang/setup-rust-toolchain` from 1.16.0 to 1.16.1
- [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases)
- [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions-rust-lang/setup-rust-toolchain/compare/2b1f5e9b395427c92ee4e3331786ca3c37afe2d7...46268bd060767258de96ed93c1251119784f2ab6)

Updates `taiki-e/install-action` from 2.77.1 to 2.77.7
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/install-action/compare/cca35edeb1d01366c2843b68fc3ca441446d73d3...3235f8901fd37ffed0052b276cec25a362fb82e9)

Updates `ruby/action-slack` from 3.2.2 to 4.0.0
- [Release notes](https://github.com/ruby/action-slack/releases)
- [Commits](https://github.com/ruby/action-slack/compare/54175162371f1f7c8eb94d7c8644ee2479fcd375...d260b61aa817726d5bedd22dd6cc305787fa4cdd)

---
updated-dependencies:
- dependency-name: actions-rust-lang/setup-rust-toolchain
  dependency-version: 1.16.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: ruby/action-slack
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: ruby/setup-ruby
  dependency-version: 1.307.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: taiki-e/install-action
  dependency-version: 2.77.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>