Install the logmind CLI on a GitHub Actions runner.
logmind is a decision-logging tool for AI-assisted development. This action
fetches a signed, notarized release binary from the logmind release
page and puts it on the
runner's $PATH so subsequent steps can call logmind directly.
The recommended pattern is a static pin to an exact action version. Let Dependabot bump the pin when new versions ship.
steps:
- uses: actions/checkout@v4
- uses: thrillmade/[email protected]
- run: logmind check-linksBy default this installs the latest logmind release. Pin the CLI version too if you want fully reproducible CI:
- uses: thrillmade/[email protected]
with:
version: v1.0.1Add this to .github/dependabot.yml in your repo and Dependabot will open a
PR whenever setup-logmind (or any other thrillmade/* action) cuts a new
release:
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
groups:
thrillmade-actions:
patterns:
- "thrillmade/*"This is the path we recommend over moving major tags. Static pins keep your workflow files an audit trail of what actually ran.
| Input | Default | Description |
|---|---|---|
version |
latest |
logmind version to install. Accepts latest, an exact tag (v1.0.1), or a major float (v1) that resolves to the newest matching. |
prefix |
${RUNNER_TEMP}/logmind |
Install prefix. The binary lands at <prefix>/bin/logmind and <prefix>/bin is appended to $GITHUB_PATH. |
token |
(none) | Optional. GitHub token used for release-lookup API calls. Defaults to no auth — logmind is a public repo and anonymous GitHub API requests work fine (60 req/hour per runner IP is well above CI volume). Pass a token only if you need cross-repo rate-limit headroom. |
| Output | Description |
|---|---|
version |
The resolved logmind version actually installed (e.g. v1.0.1). |
Use it downstream like:
- id: lm
uses: thrillmade/[email protected]
- run: echo "Installed ${{ steps.lm.outputs.version }}"Major float (@v1) — friendlier for first-five-minutes / scratch projects
- uses: thrillmade/setup-logmind@v1
with:
version: v1 # or omit to track latest stableThe v1 tag moves to point at the newest v1.x.y release whenever we tag
one. This is convenient for hobby workflows, but the static-pin + Dependabot
pattern above is the supported path for production CI.
For workflows that audit every action by SHA (we recommend this for any workflow with secrets):
- uses: thrillmade/setup-logmind@<full-sha-of-v1.0.1-tag>
with:
version: v1.0.1Find the SHA at https://github.com/thrillmade/setup-logmind/releases/tag/v1.0.1 and pin to it. Dependabot natively supports SHA-pinned actions — it'll open PRs with the SHA bumped and the comment annotated with the version.
| OS / arch | Supported |
|---|---|
| Linux x86_64 | yes |
| Linux arm64 | yes |
| macOS arm64 | yes |
| macOS x86_64 | yes |
| Windows x86_64 | yes |
Every release is exercised on ubuntu-latest, macos-latest, and
windows-latest in CI before the tag is published.
The action is composite (shell-only — no Docker, no JS). On Linux and macOS
it pipes the upstream logmind installer
so the SHA-256 verification stays in one place. On Windows it downloads the
release zip directly, verifies it against the same SHA256SUMS file, and
unpacks logmind.exe into the install prefix.
Either way, <prefix>/bin is appended to $GITHUB_PATH so subsequent steps
in the same job can call logmind without qualifying the path.
v1.0.1— fix: action no longer requiresGH_TOKEN. v1.0.0 usedgh apifor release lookup, which neededGH_TOKENexposed by the caller. Composite actions don't inheritGH_TOKENautomatically, so any consumer that didn't explicitly passwith: token:orenv: GH_TOKEN:failed withgh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. v1.0.1 switches the API lookups tocurl + jqagainst the public logmind release endpoint, removing theghdependency entirely. Thetokeninput is still accepted but no longer required.v1.0.0— initial release.
See Releases for the full history.
MIT. See LICENSE.