go test occasionally regenerates a go.sum next to a parsed-only go.mod
fixture even though the test path never resolves modules. Stop tracking
the pattern so the working tree stays clean across test runs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Outputs are now written in fixed order so partial writes are reproducible.
- artifact-path output and S3 upload source are resolved to absolute paths,
matching the README's "absolute path" promise.
- New TestRun_FailureStillRunsCleanup integration test injects a notarization
failure and asserts the temporary keychain is still deleted, proving the
cleanup stack runs on every error path.
- go.mod pinned to go 1.22 (matches sample fixture; works on standard macOS
runner images) instead of the local-development 1.25.0.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Same artefact go get/test sometimes leaves in fixture directories.
modfile.Parse is text-only and the test path never resolves modules;
the file is unnecessary and matches the cleanup we did after Task 5.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Exercises the full run() pipeline using fake shell scripts on PATH that
record their argv to a temp RECORD_DIR. Verifies all external commands
were invoked, outputs contain the expected version/app/artifact values,
ditto was called twice (pre- and post-staple), and security delete-keychain
ran during cleanup.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DeveloperIDCertBase64 is the .p12 contents and equally sensitive as
the password — register it with the log scrubber so a future code
path that accidentally wraps cfg in a debug log can't leak it. Also
documents why maskSecrets writes to stdout rather than stderr.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous tidy commit accidentally staged a stray go-built binary
at the repo root via git add -A. Untrack it and gitignore the path
so future builds don't re-stage it.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
go mod tidy promotes golang.org/x/mod from indirect to a direct
require now that internal/wails imports it. Also removes the
testdata/sample/go.sum that go get accidentally generated inside
the fixture.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces the handwritten bytesBuf/eof workaround with the canonical
bytes.NewReader + io.EOF, and adds behavioural tests for the Dir, Env,
and Stdin branches of Real.Run that the original plan didn't cover.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
18-task TDD plan covering scaffolding, runner abstraction, version /
config / wails / archive / cleanup / codesign / notarize / upload /
actions packages, the orchestrator, an end-to-end integration test
with fake binaries, and the action.yml + README finalization.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Fold action.yml into a single composite step so the binary's
resolved path is computed in the same shell that just installed it.
- Specify shell-style splitting for extra-build-flags.
- Spell out auto-detection edge cases for notarization-method.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Captures the validated brainstorming output: composite Forgejo Action
that go installs and runs a Go binary to build, sign, notarize, and
optionally upload a Wails macOS app to S3-compatible storage.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Leon Mika