Prepare v0.1.1

.devcontainer/devcontainer.json

@@ -0,0 +1,40 @@
+{
+  "name": "xk6-python",
+  "image": "mcr.microsoft.com/devcontainers/base:1-bookworm",
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "go.lintTool": "golangci-lint",
+        "go.lintFlags": ["--fast"]
+      },
+      "extensions": [
+        "EditorConfig.EditorConfig",
+        "esbenp.prettier-vscode",
+        "github.vscode-github-actions",
+        "github.vscode-pull-request-github",
+        "jetmartin.bats",
+        "mads-hartmann.bash-ide-vscode",
+        "foxundermoon.shell-format"
+      ]
+    }
+  },
+
+  // Do not change the formatting of this property, it is used by renovate regex to detect versions
+  "features": {
+    "ghcr.io/devcontainers/features/github-cli:1": {},
+    "ghcr.io/devcontainers/features/go:1": { "version": "1.24", "golangciLintVersion": "2.1.6" },
+    "ghcr.io/guiyomh/features/goreleaser:0": { "version": "2.9.0" },
+    "ghcr.io/michidk/devcontainers-features/bun:1": { "version": "1.2.12" },
+    "ghcr.io/szkiba/devcontainer-features/gosec:1": { "version": "2.22.4" },
+    "ghcr.io/szkiba/devcontainer-features/govulncheck:1": { "version": "1.1.4" },
+    "ghcr.io/szkiba/devcontainer-features/cdo:1": { "version": "0.1.2" },
+    "ghcr.io/szkiba/devcontainer-features/mdcode:1": { "version": "0.2.0" },
+    "ghcr.io/szkiba/devcontainer-features/bats:1": { "version": "1.11.1" },
+    "ghcr.io/grafana/devcontainer-features/xk6:1": { "version": "1.2.6" }
+  },
+
+  "remoteEnv": {
+    "GH_TOKEN": "${localEnv:GH_TOKEN}",
+    "GITHUB_TOKEN": "${localEnv:GITHUB_TOKEN}"
+  }
+}

.github/workflows/docs.yml

@@ -17,6 +17,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           fetch-depth: 0
 
       - name: Set up Python

.github/workflows/release.yml

@@ -1,30 +1,20 @@
-name: release
+name: Release
+
+permissions: {}
+
 on:
   push:
-    tags:
-      - "v*"
+    tags: ["v*.*.*"]
 
 jobs:
   release:
-    name: Bundle xk6 extensions
-    runs-on: ubuntu-latest
+    name: Release
+    uses: grafana/xk6/.github/workflows/extension-release.yml@v1.2.6
     permissions:
       contents: write
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Build
-        id: build
-        uses: szkiba/xk6bundler@v0
-        with:
-          with: github.com/grafana/xk6-python=/github/workspace
-          k6_version: v0.52.0
-
-      - name: Create Release
-        uses: softprops/action-gh-release@v2
-        with:
-          files: dist/*.tar.gz
+    with:
+      go-version: "1.24.x"
+      os: '["linux", "windows", "darwin"]'
+      arch: '["amd64", "arm64"]'
+      k6-version: "v1.4.2"
+      xk6-version: "1.2.6"

.github/workflows/validate.yml

@@ -0,0 +1,26 @@
+name: Validate
+
+permissions: {}
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main", "master"]
+  pull_request:
+    branches: ["main", "master"]
+
+jobs:
+  validate:
+    name: Validate
+    uses: grafana/xk6/.github/workflows/extension-validate.yml@v1.2.6
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+    with:
+      go-version: "1.24.x"
+      go-versions: '["1.24.x","1.25.x"]'
+      golangci-lint-version: "v2.1.6"
+      platforms: '["ubuntu-latest", "windows-latest", "macos-latest"]'
+      k6-versions: '["v1.4.2", "v1.0.0"]'
+      xk6-version: "1.2.6"

.github/zizmor.yml

@@ -0,0 +1,15 @@
+rules:
+  unpinned-uses:
+    config:
+      policies:
+        "*": hash-pin
+        actions/*: any
+        grafana/*: any
+  forbidden-uses:
+    config:
+      deny:
+        # Policy-banned by our security team due to CVE-2025-30066 & CVE-2025-30154.
+        # https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction
+        # https://nvd.nist.gov/vuln/detail/cve-2025-30066
+        # https://nvd.nist.gov/vuln/detail/cve-2025-30154
+        - reviewdog/*