ci: use bashunit GitHub action

[sandr01d]

Check list

• I have performed a self-review of my code
• I have commented my code in hard-to-understand areas
• I have added unit tests for my code
• I have made corresponding changes to the documentation

Description

I noticed that the CI broke due to the bashunit install script being moved and our installation command not following the HTTP 301 redirect, see https://github.com/wfxr/forgit/actions/runs/27641954596/job/81764126377. While fixing it, I noticed that bashunit now has a GitHub action. This comes in pretty handy as it allows dependabot to handle bashunit updates for the CI now.

Type of change

• Bug fix
• New feature
• Refactor
• Breaking change
• Test
• Documentation change
• CI change

Summary by CodeRabbit

Summary

• Chores
  • Updated the continuous integration workflow to use BashUnit 0.40.0 and to run the test suite via the standard bashunit tests command.
• Documentation
  • Updated contributing/install instructions to use BashUnit 0.40.0 and revised the curl options for a more reliable download during the curl | bash setup.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The PR modernizes BashUnit installation in the CI workflow by adopting the official TypedDevs/bashunit@v0 GitHub Action configured for version 0.40.0 with checksum verification, replacing manual curl-based installation. The test invocation is updated to use the action-provided binary. Documentation is synchronized to reflect the version upgrade with additional curl hardening.

Changes

BashUnit 0.40.0 upgrade and GitHub Action adoption

Layer / File(s)	Summary
GitHub Action adoption for BashUnit in CI workflow .github/workflows/ci.yaml	CI workflow adopts the official TypedDevs/bashunit@v0 action for version 0.40.0 with checksum verification, removing manual curl-based installation (0.31.0) and updating test command from lib/bashunit . to bashunit tests.
Documentation for manual BashUnit installation CONTRIBUTING.md	Contributor documentation updated to reference BashUnit 0.40.0 with hardened curl flags (--silent --fail --location).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A bunny hops through CI lanes,
Upgrading tools to ease the pains,
From manual curl to actions so slick,
With checksum checks and --fail kick,
BashUnit 0.40 now leads the way—robust and keen! 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The PR title 'ci: use bashunit GitHub action' accurately describes the main change—replacing the curl-based bashunit installation with the TypedDevs/bashunit GitHub Action—which is the primary focus of the changeset.
Description check	✅ Passed	The PR description adequately addresses the CI failure and rationale for switching to GitHub Action, with clear explanation of the problem and solution.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yaml:
- Line 43: The BashUnit version referenced in the curl installation command is
0.40.0, which does not exist and will cause CI failures. Update the version
parameter in the curl command to 0.36.0 (or another verified compatible release
that actually exists). Additionally, ensure CONTRIBUTING.md is updated to
document the same BashUnit version to maintain consistency between CI
configuration and contributor documentation, eliminating confusion and
preventing local/CI discrepancies.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fb70b829-3a05-452e-97f8-37c94160df27

📥 Commits

Reviewing files that changed from the base of the PR and between 3dbcacd and 473d939.

📒 Files selected for processing (1)

• .github/workflows/ci.yaml

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/ci.yaml (1)

30-30: Consider pinning the action to an immutable commit SHA for enhanced supply-chain security.

Line 30 uses TypedDevs/bashunit@v0 (floating tag). While not currently enforced across the repository, pinning to a full commit SHA reduces exposure to supply-chain drift. If adopted, pin to a commit SHA and retain the human-readable version in a comment.

Example approach

-    - uses: TypedDevs/bashunit@v0
+    - uses: TypedDevs/bashunit@<FULL_40_CHAR_COMMIT_SHA> # v0.40.0

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yaml at line 30, The TypedDevs/bashunit action in the
CI workflow is using a floating tag reference (v0) instead of being pinned to a
specific commit SHA, which poses a supply-chain security risk. Replace the
floating tag with a pinned commit SHA for the bashunit action, and optionally
add a comment with the human-readable version tag to maintain clarity about
which release this corresponds to.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/ci.yaml:
- Line 30: The TypedDevs/bashunit action in the CI workflow is using a floating
tag reference (v0) instead of being pinned to a specific commit SHA, which poses
a supply-chain security risk. Replace the floating tag with a pinned commit SHA
for the bashunit action, and optionally add a comment with the human-readable
version tag to maintain clarity about which release this corresponds to.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 26c21546-867e-4497-92b8-3dcb5fc73cbe

📥 Commits

Reviewing files that changed from the base of the PR and between e5ce3b1 and a282ed2.

📒 Files selected for processing (2)

• .github/workflows/ci.yaml
• CONTRIBUTING.md

🚧 Files skipped from review as they are similar to previous changes (1)

• CONTRIBUTING.md