Conversation
… state Reverts the transitive dependency bumps introduced by PRs #1739–#1753 which broke `go tool -modfile=tools/go.mod goreleaser check` due to an incompatibility between goreleaser v2.9.0 and the newer gitlab-org/api/client-go (v0.143.3) pulled in transitively by the sigstore/cosign bump (#1753).
anthony-gomez-fastly
approved these changes
Apr 27, 2026
3 tasks
rcaril
added a commit
that referenced
this pull request
Apr 27, 2026
### Change summary This PR is a fast follow up to #1762 - we are replacing deprecated archives.builds and archives.format properties in `.goreleaser.yml` . All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? <!-- You can erase any parts of this template not applicable to your Pull Request. --> ### New Feature Submissions: * [x] Does your submission pass tests?
rcaril
added a commit
that referenced
this pull request
Apr 28, 2026
### Change summary Since we skip any release steps for all PRs that aren't tagged as a release, we need to add a CI job to test `goreleaser` tools builds against Dependabot PRs. This ensures that future dependency PRs opened will validate that they do not conflict with the current version of `goreleaser` to prevent scenarios like #1762. All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? <!-- You can erase any parts of this template not applicable to your Pull Request. --> ### New Feature Submissions: * [x] Does your submission pass tests? ### Notes: We are only testing against `ubuntu-latest` as we are just looking for collision errors, which should be available on any architecture. So this should be sufficient for this use case.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Change summary
Reverts the transitive dependency bumps introduced by PRs #1739–#1753
which broke
go tool -modfile=tools/go.mod goreleaser checkdue toan incompatibility between goreleaser v2.9.0 and the newer
gitlab-org/api/client-go (v0.143.3) pulled in transitively by the
sigstore/cosign bump (#1753).
All Submissions:
New Feature Submissions:
Are there any considerations that need to be addressed for release?
We'll need to do a fast follow up PR after this to correct the go-releaser format deprecations.