Skip to content

Replace curl|bash Bun install with oven-sh/setup-bun action#143

Merged
jgowdy-godaddy merged 2 commits intomainfrom
use-setup-bun-action
Mar 4, 2026
Merged

Replace curl|bash Bun install with oven-sh/setup-bun action#143
jgowdy-godaddy merged 2 commits intomainfrom
use-setup-bun-action

Conversation

@jgowdy-godaddy
Copy link
Collaborator

@jgowdy-godaddy jgowdy-godaddy commented Mar 4, 2026

Summary

  • Replace manual curl -fsSL https://bun.sh/install | bash + path wrangling with oven-sh/setup-bun@v2 in both CI workflows
  • Remove the "Verify Bun is available" step from publish.yml (setup-bun handles this)
  • Net: -55 lines of shell script, +2 lines of action config

Motivation

Piping curl to bash is a security anti-pattern. The official oven-sh/setup-bun action downloads a verified binary, handles caching, and manages PATH setup automatically.

Test plan

  • Workflow syntax is valid YAML
  • CI run confirms Bun is available and tests pass (will verify on this PR's CI run)

jgowdy added 2 commits March 4, 2026 10:41
@jgowdy
Replace curl|bash Bun install with oven-sh/setup-bun action
058704e 
Replaces manual curl|bash installation and path wrangling with the
official oven-sh/setup-bun@v2 GitHub Action in both test and publish
workflows.
@jgowdy
Pin oven-sh/setup-bun to commit SHA
eff2206 
Pin to ecf28ddc73e819eb6fa29df6b34ef8921c743461 (v2) to prevent a
compromised upstream tag from injecting code into CI.
@jgowdy-godaddy jgowdy-godaddy merged commit 43733b7 into main Mar 4, 2026
2 checks passed
@jgowdy-godaddy jgowdy-godaddy deleted the use-setup-bun-action branch March 4, 2026 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jgowdy-godaddy @jgowdy