From 1d97ed1e1ccc4891445e9e7ff2b8f2da410d42e9 Mon Sep 17 00:00:00 2001
From: Taiki Ono <taiki@finatext.com>
Date: Thu, 19 Jun 2025 07:42:44 +0900
Subject: [PATCH 1/4] Switch to gha-fix

Signed-off-by: Taiki Ono <taiki@finatext.com>
---
 .github/workflows/gha-lint.yml | 73 +++++++++++++++-------------------
 1 file changed, 31 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/gha-lint.yml b/.github/workflows/gha-lint.yml
index c821b60..4e45d79 100644
--- a/.github/workflows/gha-lint.yml
+++ b/.github/workflows/gha-lint.yml
@@ -2,78 +2,67 @@ name: Lint GHA workflow files
 on: workflow_call
 jobs:
   lint:
-    timeout-minutes: 5
+    timeout-minutes: 10
     runs-on: ubuntu-latest
     if: github.event.pull_request.draft == false
     permissions:
       contents: read
       pull-requests: write
     steps:
-      - name: Install pinact and ghatm
+      - name: Install gha-fix
         shell: bash
         run: |
           set -x
-          VERSION=1.6.0
-          TARGET=linux_amd64
-          SHA256_SUM=5562dfae2b70b9a14ba6bac99c691bec0bff41951411c713b5ea3fdbd28fbcc1
+          VERSION=0.2.0
+          SHA256_SUM=67308ee5d6d19a241cf5fd578ec6f8739054a9a46a7293c6e8160e0b618c8f4d
           curl --silent --show-error --fail --connect-timeout 3 --max-time 10 --retry 3 \
             --location --remote-name \
-            "https://github.com/suzuki-shunsuke/pinact/releases/download/v${VERSION}/pinact_${TARGET}.tar.gz"
-          echo "${SHA256_SUM} pinact_${TARGET}.tar.gz" | sha256sum -c
-          tar --extract --gzip --file "pinact_${TARGET}.tar.gz" --verbose
-          sudo install pinact /usr/local/bin/pinact
-
-          VERSION=0.3.4
-          TARGET=linux_amd64
-          SHA256_SUM=8724d5946f5f62defa01d17b5651629eb9ff47963f0d2114dd2da30c0bad7205
-          curl --silent --show-error --fail --connect-timeout 3 --max-time 10 --retry 3 \
-            --location --remote-name \
-            "https://github.com/suzuki-shunsuke/ghatm/releases/download/v${VERSION}/ghatm_${TARGET}.tar.gz"
-          echo "${SHA256_SUM} ghatm_${TARGET}.tar.gz" | sha256sum -c
-          tar --extract --gzip --file "ghatm_${TARGET}.tar.gz" --verbose
-          sudo install ghatm /usr/local/bin/ghatm
+            "https://github.com/Finatext/gha-fix/releases/download/v${VERSION}/gha-fix_Linux_x86_64.tar.gz"
+          echo "${SHA256_SUM} gha-fix_Linux_x86_64.tar.gz" | sha256sum -c
+          tar --extract --gzip --file gha-fix_Linux_x86_64.tar.gz --verbose
+          sudo install gha-fix /usr/local/bin/gha-fix
 
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.head_ref }}
           sparse-checkout: .github
 
-      - name: Run pinact lint and capture diff
-        id: pinact
+      - name: Run gha-fix pin and capture diff
+        id: pin
         shell: bash
         run: |
           set -x
-          PINACT_DIFF_FILE="$(mktemp)"
-          echo "diff_file=${PINACT_DIFF_FILE}" >> "${GITHUB_OUTPUT}"
+          PIN_DIFF_FILE="$(mktemp)"
+          echo "diff_file=${PIN_DIFF_FILE}" >> "${GITHUB_OUTPUT}"
 
-          pinact run
+          gha-fix pin --ignore-owners Finatext -l debug
 
-          git diff > "${PINACT_DIFF_FILE}"
+          git diff > "${PIN_DIFF_FILE}"
 
-          if [[ -s "${PINACT_DIFF_FILE}" ]]; then
+          if [[ -s "${PIN_DIFF_FILE}" ]]; then
             echo "has_changes=true" >> "${GITHUB_OUTPUT}"
-            cat "${PINACT_DIFF_FILE}"
+            cat "${PIN_DIFF_FILE}"
           else
             echo "has_changes=false" >> "${GITHUB_OUTPUT}"
           fi
 
           git reset --hard HEAD
 
-      - name: Run ghatm lint and capture diff
-        id: ghatm
+      - name: Run gha-fix timeout and capture diff
+        id: timeout
         shell: bash
         run: |
           set -x
-          GHATM_DIFF_FILE="$(mktemp)"
-          echo "diff_file=${GHATM_DIFF_FILE}" >> "${GITHUB_OUTPUT}"
+          TIMEOUT_DIFF_FILE="$(mktemp)"
+          echo "diff_file=${TIMEOUT_DIFF_FILE}" >> "${GITHUB_OUTPUT}"
 
-          ghatm set --timeout-minutes 5
+          gha-fix timeout -l debug
 
-          git diff > "${GHATM_DIFF_FILE}"
+          git diff > "${TIMEOUT_DIFF_FILE}"
 
-          if [[ -s "${GHATM_DIFF_FILE}" ]]; then
+          if [[ -s "${TIMEOUT_DIFF_FILE}" ]]; then
             echo "has_changes=true" >> "${GITHUB_OUTPUT}"
-            cat "${GHATM_DIFF_FILE}"
+            cat "${TIMEOUT_DIFF_FILE}"
           else
             echo "has_changes=false" >> "${GITHUB_OUTPUT}"
           fi
@@ -81,7 +70,7 @@ jobs:
           git reset --hard HEAD
 
       - name: Install reviewdog
-        if: steps.pinact.outputs.has_changes == 'true' || steps.ghatm.outputs.has_changes == 'true'
+        if: steps.pin.outputs.has_changes == 'true' || steps.timeout.outputs.has_changes == 'true'
         shell: bash
         run: |
           set -x
@@ -95,20 +84,20 @@ jobs:
           tar --extract --gzip --file "reviewdog_${VERSION}_${TARGET}.tar.gz" --verbose
           sudo install reviewdog /usr/local/bin/reviewdog
 
-      - name: Report pinact suggestions with reviewdog
-        if: steps.pinact.outputs.has_changes == 'true'
+      - name: Report gha-fix pin suggestions with reviewdog
+        if: steps.pin.outputs.has_changes == 'true'
         env:
           REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         shell: bash
         run: |
           set -x
-          reviewdog -f=diff -f.diff.strip=1 -name="pinact" -reporter=github-pr-review < ${{ steps.pinact.outputs.diff_file }}
+          reviewdog -f=diff -f.diff.strip=1 -name="gha-fix pin" -reporter=github-pr-review < ${{ steps.pin.outputs.diff_file }}
 
-      - name: Report ghatm suggestions with reviewdog
-        if: steps.ghatm.outputs.has_changes == 'true'
+      - name: Report gha-fix timeout suggestions with reviewdog
+        if: steps.timeout.outputs.has_changes == 'true'
         env:
           REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         shell: bash
         run: |
           set -x
-          reviewdog -f=diff -f.diff.strip=1 -name="ghatm" -reporter=github-pr-review < ${{ steps.ghatm.outputs.diff_file }}
+          reviewdog -f=diff -f.diff.strip=1 -name="gha-fix timeout" -reporter=github-pr-review < ${{ steps.timeout.outputs.diff_file }}

From 13c02a0080a5bf1ed6da5ba1cd07c6364db2ed0e Mon Sep 17 00:00:00 2001
From: Taiki Ono <taiki@finatext.com>
Date: Thu, 19 Jun 2025 07:44:22 +0900
Subject: [PATCH 2/4] Pass GITHUB_TOKEN

Signed-off-by: Taiki Ono <taiki@finatext.com>
---
 .github/workflows/gha-lint.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/gha-lint.yml b/.github/workflows/gha-lint.yml
index 4e45d79..0005931 100644
--- a/.github/workflows/gha-lint.yml
+++ b/.github/workflows/gha-lint.yml
@@ -29,6 +29,8 @@ jobs:
 
       - name: Run gha-fix pin and capture diff
         id: pin
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         shell: bash
         run: |
           set -x

From 156b32021b6c3b84c3f0cd5f89837bab79772d98 Mon Sep 17 00:00:00 2001
From: Taiki Ono <taiki45@users.noreply.github.com>
Date: Thu, 19 Jun 2025 07:45:22 +0900
Subject: [PATCH 3/4] Test workflow

---
 .github/workflows/gha-lint.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/gha-lint.yml b/.github/workflows/gha-lint.yml
index 0005931..7965b2a 100644
--- a/.github/workflows/gha-lint.yml
+++ b/.github/workflows/gha-lint.yml
@@ -2,7 +2,6 @@ name: Lint GHA workflow files
 on: workflow_call
 jobs:
   lint:
-    timeout-minutes: 10
     runs-on: ubuntu-latest
     if: github.event.pull_request.draft == false
     permissions:
@@ -22,7 +21,7 @@ jobs:
           tar --extract --gzip --file gha-fix_Linux_x86_64.tar.gz --verbose
           sudo install gha-fix /usr/local/bin/gha-fix
 
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.head_ref }}
           sparse-checkout: .github

From d8d86131f7ff310a7cdfc45a719ceec40bf6b9db Mon Sep 17 00:00:00 2001
From: Taiki Ono <taiki45@users.noreply.github.com>
Date: Thu, 19 Jun 2025 07:48:30 +0900
Subject: [PATCH 4/4] Update .github/workflows/gha-lint.yml

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 .github/workflows/gha-lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/gha-lint.yml b/.github/workflows/gha-lint.yml
index 7965b2a..3fec9a4 100644
--- a/.github/workflows/gha-lint.yml
+++ b/.github/workflows/gha-lint.yml
@@ -21,7 +21,7 @@ jobs:
           tar --extract --gzip --file gha-fix_Linux_x86_64.tar.gz --verbose
           sudo install gha-fix /usr/local/bin/gha-fix
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.head_ref }}
           sparse-checkout: .github