From 51ba6e83e95aec2dd2e02d52dd243b3fac3a2a1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Aug 2022 06:01:26 +0000 Subject: [PATCH 01/26] chore: bump @npmcli/template-oss from 3.5.0 to 3.6.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 3.5.0 to 3.6.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v3.5.0...v3.6.0) --- updated-dependencies: - dependency-name: "@npmcli/template-oss" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e41c0f0..94c288b 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", - "@npmcli/template-oss": "3.5.0", + "@npmcli/template-oss": "3.6.0", "tap": "^16.0.1" }, "license": "ISC", From 1e2c30d7cb1a7c85e665954777c70d2452128444 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Tue, 23 Aug 2022 11:12:05 -0700 Subject: [PATCH 02/26] chore: postinstall for dependabot template-oss PR --- .github/matchers/tap.json | 32 +++++++++++++++++++++++++++ .github/workflows/audit.yml | 4 ++-- .github/workflows/ci.yml | 6 +++-- .github/workflows/codeql-analysis.yml | 4 ++-- package.json | 2 +- 5 files changed, 41 insertions(+), 7 deletions(-) create mode 100644 .github/matchers/tap.json diff --git a/.github/matchers/tap.json b/.github/matchers/tap.json new file mode 100644 index 0000000..ef11419 --- /dev/null +++ b/.github/matchers/tap.json @@ -0,0 +1,32 @@ +{ + "//@npmcli/template-oss": "This file is automatically added by @npmcli/template-oss. Do not edit.", + "problemMatcher": [ + { + "owner": "tap", + "pattern": [ + { + "regexp": "^\\s*not ok \\d+ - (.*)", + "message": 1 + }, + { + "regexp": "^\\s*---" + }, + { + "regexp": "^\\s*at:" + }, + { + "regexp": "^\\s*line:\\s*(\\d+)", + "line": 1 + }, + { + "regexp": "^\\s*column:\\s*(\\d+)", + "column": 1 + }, + { + "regexp": "^\\s*file:\\s*(.*)", + "file": 1 + } + ] + } + ] +} \ No newline at end of file diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 6471612..d46429e 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -5,8 +5,8 @@ name: Audit on: workflow_dispatch: schedule: - # "At 01:00 on Monday" https://crontab.guru/#0_1_*_*_1 - - cron: "0 1 * * 1" + # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1 + - cron: "0 8 * * 1" jobs: audit: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7a62d9a..3671e3b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,8 +12,8 @@ on: - main - latest schedule: - # "At 02:00 on Monday" https://crontab.guru/#0_2_*_*_1 - - cron: "0 2 * * 1" + # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 + - cron: "0 9 * * 1" jobs: lint: @@ -82,5 +82,7 @@ jobs: if: ${{ !startsWith(matrix.node-version, '10.') }} run: npm i --prefer-online --no-fund --no-audit -g npm@latest - run: npm -v + - name: add tap problem matcher + run: echo "::add-matcher::.github/matchers/tap.json" - run: npm i --ignore-scripts --no-audit --no-fund - run: npm test --ignore-scripts diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5d97411..cfd0db3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,8 +13,8 @@ on: - main - latest schedule: - # "At 03:00 on Monday" https://crontab.guru/#0_3_*_*_1 - - cron: "0 3 * * 1" + # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 + - cron: "0 10 * * 1" jobs: analyze: diff --git a/package.json b/package.json index 94c288b..17efeb0 100644 --- a/package.json +++ b/package.json @@ -36,6 +36,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "3.5.0" + "version": "3.6.0" } } From d422ccc9e2f61300b68b52521412dfa9c72d8e05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Sep 2022 06:02:50 +0000 Subject: [PATCH 03/26] chore: bump @npmcli/template-oss from 3.6.0 to 4.3.2 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 3.6.0 to 4.3.2. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v3.6.0...v4.3.2) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 17efeb0..5021089 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", - "@npmcli/template-oss": "3.6.0", + "@npmcli/template-oss": "4.3.2", "tap": "^16.0.1" }, "license": "ISC", From 6b70a480a47cac47b2da4ec40aba6b9b4bb77608 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Tue, 20 Sep 2022 16:09:55 -0700 Subject: [PATCH 04/26] feat!: postinstall for dependabot template-oss PR BREAKING CHANGE: `ini` is now compatible with the following semver range for node: `^14.17.0 || ^16.13.0 || >=18.0.0` --- .github/dependabot.yml | 2 +- .github/matchers/tap.json | 2 +- .github/workflows/audit.yml | 26 ++- .github/workflows/ci-release.yml | 154 +++++++++++++++++ .github/workflows/ci.yml | 81 +++++---- .github/workflows/codeql-analysis.yml | 20 +-- .github/workflows/post-dependabot.yml | 86 +++++++--- .github/workflows/pull-request.yml | 42 +++-- .github/workflows/release-please.yml | 26 --- .github/workflows/release.yml | 234 ++++++++++++++++++++++++++ .gitignore | 24 +-- .release-please-manifest.json | 3 + package.json | 13 +- release-please-config.json | 36 ++++ 14 files changed, 618 insertions(+), 131 deletions(-) create mode 100644 .github/workflows/ci-release.yml delete mode 100644 .github/workflows/release-please.yml create mode 100644 .github/workflows/release.yml create mode 100644 .release-please-manifest.json create mode 100644 release-please-config.json diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 96d8eaf..8da2a45 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,7 +4,7 @@ version: 2 updates: - package-ecosystem: npm - directory: "/" + directory: / schedule: interval: daily allow: diff --git a/.github/matchers/tap.json b/.github/matchers/tap.json index ef11419..2c81ea9 100644 --- a/.github/matchers/tap.json +++ b/.github/matchers/tap.json @@ -29,4 +29,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index d46429e..60bb334 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -10,18 +10,28 @@ on: jobs: audit: + name: Audit Dependencies + if: github.repository_owner == 'npm' runs-on: ubuntu-latest + defaults: + run: + shell: bash steps: - - uses: actions/checkout@v3 - - name: Setup git user + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - - uses: actions/setup-node@v3 + - name: Setup Node + uses: actions/setup-node@v3 with: - node-version: 16.x - - name: Update npm to latest + node-version: 18.x + - name: Install npm@latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - run: npm -v - - run: npm i --ignore-scripts --no-audit --no-fund --package-lock - - run: npm audit + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund --package-lock + - name: Run Audit + run: npm audit diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml new file mode 100644 index 0000000..6143296 --- /dev/null +++ b/.github/workflows/ci-release.yml @@ -0,0 +1,154 @@ +# This file is automatically added by @npmcli/template-oss. Do not edit. + +name: CI - Release + +on: + workflow_call: + inputs: + ref: + required: true + type: string + check-sha: + required: true + type: string + +jobs: + lint-all: + name: Lint All + if: github.repository_owner == 'npm' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Create Check + uses: LouisBrunner/checks-action@v1.3.1 + id: check + + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: in_progress + name: Lint All + sha: ${{ inputs.check-sha }} + # XXX: this does not work when using the default GITHUB_TOKEN. + # Instead we post the main job url to the PR as a comment which + # will link to all the other checks. To work around this we would + # need to create a GitHub that would create on-demand tokens. + # https://github.com/LouisBrunner/checks-action/issues/18 + # details_url: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.ref }} + - name: Setup Git User + run: | + git config --global user.email "npm-cli+bot@github.com" + git config --global user.name "npm CLI robot" + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: 18.x + - name: Install npm@latest + run: npm i --prefer-online --no-fund --no-audit -g npm@latest + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Lint + run: npm run lint --ignore-scripts + - name: Post Lint + run: npm run postlint --ignore-scripts + - name: Conclude Check + uses: LouisBrunner/checks-action@v1.3.1 + if: always() + with: + token: ${{ secrets.GITHUB_TOKEN }} + conclusion: ${{ job.status }} + check_id: ${{ steps.check.outputs.check_id }} + + test-all: + name: Test All - ${{ matrix.platform.name }} - ${{ matrix.node-version }} + if: github.repository_owner == 'npm' + strategy: + fail-fast: false + matrix: + platform: + - name: Linux + os: ubuntu-latest + shell: bash + - name: macOS + os: macos-latest + shell: bash + - name: Windows + os: windows-latest + shell: cmd + node-version: + - 14.17.0 + - 14.x + - 16.13.0 + - 16.x + - 18.0.0 + - 18.x + runs-on: ${{ matrix.platform.os }} + defaults: + run: + shell: ${{ matrix.platform.shell }} + steps: + - name: Create Check + uses: LouisBrunner/checks-action@v1.3.1 + id: check + + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: in_progress + name: Test All - ${{ matrix.platform.name }} - ${{ matrix.node-version }} + sha: ${{ inputs.check-sha }} + # XXX: this does not work when using the default GITHUB_TOKEN. + # Instead we post the main job url to the PR as a comment which + # will link to all the other checks. To work around this we would + # need to create a GitHub that would create on-demand tokens. + # https://github.com/LouisBrunner/checks-action/issues/18 + # details_url: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.ref }} + - name: Setup Git User + run: | + git config --global user.email "npm-cli+bot@github.com" + git config --global user.name "npm CLI robot" + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + - name: Update Windows npm + # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows + if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.')) + run: | + curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz + tar xf npm-7.5.4.tgz + cd package + node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz + cd .. + rmdir /s /q package + - name: Install npm@7 + if: startsWith(matrix.node-version, '10.') + run: npm i --prefer-online --no-fund --no-audit -g npm@7 + - name: Install npm@latest + if: ${{ !startsWith(matrix.node-version, '10.') }} + run: npm i --prefer-online --no-fund --no-audit -g npm@latest + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Add Problem Matcher + run: echo "::add-matcher::.github/matchers/tap.json" + - name: Test + run: npm test --ignore-scripts -ws -iwr --if-present + - name: Conclude Check + uses: LouisBrunner/checks-action@v1.3.1 + if: always() + with: + token: ${{ secrets.GITHUB_TOKEN }} + conclusion: ${{ job.status }} + check_id: ${{ steps.check.outputs.check_id }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3671e3b..7043ab9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,8 +5,6 @@ name: CI on: workflow_dispatch: pull_request: - branches: - - '*' push: branches: - main @@ -17,54 +15,73 @@ on: jobs: lint: + name: Lint + if: github.repository_owner == 'npm' runs-on: ubuntu-latest + defaults: + run: + shell: bash steps: - - uses: actions/checkout@v3 - - name: Setup git user + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - - uses: actions/setup-node@v3 + - name: Setup Node + uses: actions/setup-node@v3 with: - node-version: 16.x - - name: Update npm to latest + node-version: 18.x + - name: Install npm@latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - run: npm -v - - run: npm i --ignore-scripts --no-audit --no-fund - - run: npm run lint + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Lint + run: npm run lint --ignore-scripts + - name: Post Lint + run: npm run postlint --ignore-scripts test: + name: Test - ${{ matrix.platform.name }} - ${{ matrix.node-version }} + if: github.repository_owner == 'npm' strategy: fail-fast: false matrix: - node-version: - - 12.13.0 - - 12.x - - 14.15.0 - - 14.x - - 16.0.0 - - 16.x platform: - - os: ubuntu-latest + - name: Linux + os: ubuntu-latest shell: bash - - os: macos-latest + - name: macOS + os: macos-latest shell: bash - - os: windows-latest + - name: Windows + os: windows-latest shell: cmd + node-version: + - 14.17.0 + - 14.x + - 16.13.0 + - 16.x + - 18.0.0 + - 18.x runs-on: ${{ matrix.platform.os }} defaults: run: shell: ${{ matrix.platform.shell }} steps: - - uses: actions/checkout@v3 - - name: Setup git user + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - - uses: actions/setup-node@v3 + - name: Setup Node + uses: actions/setup-node@v3 with: node-version: ${{ matrix.node-version }} - - name: Update to workable npm (windows) + - name: Update Windows npm # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.')) run: | @@ -74,15 +91,17 @@ jobs: node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz cd .. rmdir /s /q package - - name: Update npm to 7 - # If we do test on npm 10 it needs npm7 + - name: Install npm@7 if: startsWith(matrix.node-version, '10.') run: npm i --prefer-online --no-fund --no-audit -g npm@7 - - name: Update npm to latest + - name: Install npm@latest if: ${{ !startsWith(matrix.node-version, '10.') }} run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - run: npm -v - - name: add tap problem matcher + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Add Problem Matcher run: echo "::add-matcher::.github/matchers/tap.json" - - run: npm i --ignore-scripts --no-audit --no-fund - - run: npm test --ignore-scripts + - name: Test + run: npm test --ignore-scripts -iwr diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index cfd0db3..66b9498 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,6 +1,6 @@ # This file is automatically added by @npmcli/template-oss. Do not edit. -name: "CodeQL" +name: CodeQL on: push: @@ -8,7 +8,6 @@ on: - main - latest pull_request: - # The branches below must be a subset of the branches above branches: - main - latest @@ -24,21 +23,16 @@ jobs: actions: read contents: read security-events: write - - strategy: - fail-fast: false - matrix: - language: [ javascript ] - steps: - - uses: actions/checkout@v3 - - name: Setup git user + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: - languages: ${{ matrix.language }} + languages: javascript - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index b6e81e6..98acf69 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -1,43 +1,91 @@ # This file is automatically added by @npmcli/template-oss. Do not edit. -name: Post Dependabot Actions +name: Post Dependabot on: pull_request -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions permissions: contents: write jobs: - template-oss-apply: + template-oss: + name: template-oss + if: github.repository_owner == 'npm' && github.actor == 'dependabot[bot]' runs-on: ubuntu-latest - if: github.actor == 'dependabot[bot]' + defaults: + run: + shell: bash steps: - - uses: actions/checkout@v3 - - name: Setup git user + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head_ref }} + - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - - uses: actions/setup-node@v3 + - name: Setup Node + uses: actions/setup-node@v3 with: - node-version: 16.x - - name: Update npm to latest + node-version: 18.x + - name: Install npm@latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - run: npm -v - - name: Dependabot metadata + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Fetch Dependabot Metadata id: metadata - uses: dependabot/fetch-metadata@v1.1.1 + uses: dependabot/fetch-metadata@v1 with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: npm install and commit + github-token: ${{ secrets.GITHUB_TOKEN }} + + # Dependabot can update multiple directories so we output which directory + # it is acting on so we can run the command for the correct root or workspace + - name: Get Dependabot Directory if: contains(steps.metadata.outputs.dependency-names, '@npmcli/template-oss') + id: flags + run: | + if [[ "${{ steps.metadata.outputs.directory }}" == "/" ]]; then + echo "::set-output name=workspace::-iwr" + else + echo "::set-output name=workspace::-w ${{ steps.metadata.outputs.directory }}" + fi + + - name: Apply Changes + if: steps.flags.outputs.workspace + id: apply + run: | + npm run template-oss-apply ${{ steps.flags.outputs.workspace }} + if [[ `git status --porcelain` ]]; then + echo "::set-output name=changes::true" + fi + + # This step will fail if template-oss has made any workflow updates. It is impossible + # for a workflow to update other workflows. In the case it does fail, we continue + # and then try to apply only a portion of the changes in the next step + - name: Push All Changes + if: steps.apply.outputs.changes + id: push + continue-on-error: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + git commit -am "chore: postinstall for dependabot template-oss PR" + git push + + - name: Push All Changes Except Workflows + if: steps.push.outcome == 'failure' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh pr checkout ${{ github.event.pull_request.number }} - npm install --ignore-scripts --no-audit --no-fund - npm run template-oss-apply - git add . + git reset HEAD~ + git checkout HEAD -- .github/workflows/ + git clean -fd .github/workflows/ git commit -am "chore: postinstall for dependabot template-oss PR" git push - npm run lint + + - name: Check Changes + if: steps.apply.outputs.changes + run: | + npm exec --offline ${{ steps.flags.outputs.workspace }} -- template-oss-check diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 7223076..1a1d1ee 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,6 +1,6 @@ # This file is automatically added by @npmcli/template-oss. Do not edit. -name: Pull Request Linting +name: Pull Request on: pull_request: @@ -11,28 +11,38 @@ on: - synchronize jobs: - check: - name: Check PR Title or Commits + commitlint: + name: Lint Commits + if: github.repository_owner == 'npm' runs-on: ubuntu-latest + defaults: + run: + shell: bash steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Setup git user + - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - - uses: actions/setup-node@v3 + - name: Setup Node + uses: actions/setup-node@v3 with: - node-version: 16.x - - name: Update npm to latest + node-version: 18.x + - name: Install npm@latest run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - run: npm -v - - name: Install deps - run: npm i -D @commitlint/cli @commitlint/config-conventional - - name: Check commits OR PR title - env: - PR_TITLE: ${{ github.event.pull_request.title }} + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Run Commitlint on Commits + id: commit + continue-on-error: true run: | - npx --offline commitlint -V --from origin/main --to ${{ github.event.pull_request.head.sha }} \ - || echo $PR_TITLE | npx --offline commitlint -V + npx --offline commitlint -V --from origin/${{ github.base_ref }} --to ${{ github.event.pull_request.head.sha }} + - name: Run Commitlint on PR Title + if: steps.commit.outcome == 'failure' + run: | + echo ${{ github.event.pull_request.title }} | npx --offline commitlint -V diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml deleted file mode 100644 index ab3a910..0000000 --- a/.github/workflows/release-please.yml +++ /dev/null @@ -1,26 +0,0 @@ -# This file is automatically added by @npmcli/template-oss. Do not edit. - -name: Release Please - -on: - push: - branches: - - main - - latest - -jobs: - release-please: - runs-on: ubuntu-latest - steps: - - uses: google-github-actions/release-please-action@v3 - id: release - with: - release-type: node - changelog-types: > - [ - {"type":"feat","section":"Features","hidden":false}, - {"type":"fix","section":"Bug Fixes","hidden":false}, - {"type":"docs","section":"Documentation","hidden":false}, - {"type":"deps","section":"Dependencies","hidden":false}, - {"type":"chore","hidden":true} - ] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..01a8d6a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,234 @@ +# This file is automatically added by @npmcli/template-oss. Do not edit. + +name: Release + +on: + push: + branches: + - main + - latest + +permissions: + contents: write + pull-requests: write + checks: write + +jobs: + release: + outputs: + pr: ${{ steps.release.outputs.pr }} + releases: ${{ steps.release.outputs.releases }} + release-flags: ${{ steps.release.outputs.release-flags }} + branch: ${{ steps.release.outputs.pr-branch }} + pr-number: ${{ steps.release.outputs.pr-number }} + comment-id: ${{ steps.pr-comment.outputs.result }} + check-id: ${{ steps.check.outputs.check_id }} + name: Release + if: github.repository_owner == 'npm' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Git User + run: | + git config --global user.email "npm-cli+bot@github.com" + git config --global user.name "npm CLI robot" + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: 18.x + - name: Install npm@latest + run: npm i --prefer-online --no-fund --no-audit -g npm@latest + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Release Please + id: release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + npx --offline template-oss-release-please ${{ github.ref_name }} + - name: Post Pull Request Comment + if: steps.release.outputs.pr-number + uses: actions/github-script@v6 + id: pr-comment + env: + PR_NUMBER: ${{ steps.release.outputs.pr-number }} + with: + script: | + const repo = { owner: context.repo.owner, repo: context.repo.repo } + const issue = { ...repo, issue_number: process.env.PR_NUMBER } + + const { data: workflow } = await github.rest.actions.getWorkflowRun({ ...repo, run_id: context.runId }) + + let body = '## Release Manager\n\n' + + const comments = await github.paginate(github.rest.issues.listComments, issue) + let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id + + body += `- Release workflow run: ${workflow.html_url}` + if (commentId) { + await github.rest.issues.updateComment({ ...repo, comment_id: commentId, body }) + } else { + const { data: comment } = await github.rest.issues.createComment({ ...issue, body }) + commentId = comment?.id + } + + return commentId + - name: Create Check + uses: LouisBrunner/checks-action@v1.3.1 + id: check + if: steps.release.outputs.pr-number + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: in_progress + name: Release + sha: ${{ steps.release.outputs.pr-sha }} + # XXX: this does not work when using the default GITHUB_TOKEN. + # Instead we post the main job url to the PR as a comment which + # will link to all the other checks. To work around this we would + # need to create a GitHub that would create on-demand tokens. + # https://github.com/LouisBrunner/checks-action/issues/18 + # details_url: + + update: + needs: release + outputs: + sha: ${{ steps.commit.outputs.sha }} + check-id: ${{ steps.check.outputs.check_id }} + name: Update - Release + if: github.repository_owner == 'npm' && needs.release.outputs.pr + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ needs.release.outputs.branch }} + - name: Setup Git User + run: | + git config --global user.email "npm-cli+bot@github.com" + git config --global user.name "npm CLI robot" + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: 18.x + - name: Install npm@latest + run: npm i --prefer-online --no-fund --no-audit -g npm@latest + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Run Post Pull Request Actions + env: + RELEASE_PR_NUMBER: ${{ needs.release.outputs.pr-number }} + RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + npm run rp-pull-request --ignore-scripts -ws -iwr --if-present + - name: Commit + id: commit + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + git commit --all --amend --no-edit || true + git push --force-with-lease + echo "::set-output name=sha::$(git rev-parse HEAD)" + - name: Create Check + uses: LouisBrunner/checks-action@v1.3.1 + id: check + + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: in_progress + name: Release + sha: ${{ steps.commit.outputs.sha }} + # XXX: this does not work when using the default GITHUB_TOKEN. + # Instead we post the main job url to the PR as a comment which + # will link to all the other checks. To work around this we would + # need to create a GitHub that would create on-demand tokens. + # https://github.com/LouisBrunner/checks-action/issues/18 + # details_url: + - name: Conclude Check + uses: LouisBrunner/checks-action@v1.3.1 + if: always() + with: + token: ${{ secrets.GITHUB_TOKEN }} + conclusion: ${{ job.status }} + check_id: ${{ needs.release.outputs.check-id }} + + ci: + name: CI - Release + needs: [ release, update ] + if: needs.release.outputs.pr + uses: ./.github/workflows/ci-release.yml + with: + ref: ${{ needs.release.outputs.branch }} + check-sha: ${{ needs.update.outputs.sha }} + + post-ci: + needs: [ release, update, ci ] + name: Post CI - Release + if: github.repository_owner == 'npm' && needs.release.outputs.pr && always() + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Get Needs Result + id: needs-result + run: | + result="" + if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then + result="failure" + elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then + result="cancelled" + else + result="success" + fi + echo "::set-output name=result::$result" + - name: Conclude Check + uses: LouisBrunner/checks-action@v1.3.1 + if: always() + with: + token: ${{ secrets.GITHUB_TOKEN }} + conclusion: ${{ steps.needs-result.outputs.result }} + check_id: ${{ needs.update.outputs.check-id }} + + post-release: + needs: release + name: Post Release - Release + if: github.repository_owner == 'npm' && needs.release.outputs.releases + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Git User + run: | + git config --global user.email "npm-cli+bot@github.com" + git config --global user.name "npm CLI robot" + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: 18.x + - name: Install npm@latest + run: npm i --prefer-online --no-fund --no-audit -g npm@latest + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Run Post Release Actions + env: + RELEASES: ${{ needs.release.outputs.releases }} + run: | + npm run rp-release --ignore-scripts --if-present ${{ join(fromJSON(needs.release.outputs.release-flags), ' ') }} diff --git a/.gitignore b/.gitignore index be5771f..0ec3c84 100644 --- a/.gitignore +++ b/.gitignore @@ -4,23 +4,25 @@ /* # keep these -!/.eslintrc.local.* !**/.gitignore -!/docs/ -!/tap-snapshots/ -!/test/ -!/map.js -!/scripts/ -!/README* -!/LICENSE* -!/CHANGELOG* !/.commitlintrc.js !/.eslintrc.js +!/.eslintrc.local.* !/.github/ !/.gitignore !/.npmrc -!/CODE_OF_CONDUCT.md -!/SECURITY.md +!/.release-please-manifest.json !/bin/ +!/CHANGELOG* +!/CODE_OF_CONDUCT.md +!/docs/ !/lib/ +!/LICENSE* +!/map.js !/package.json +!/README* +!/release-please-config.json +!/scripts/ +!/SECURITY.md +!/tap-snapshots/ +!/test/ diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 0000000..d6f5405 --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "3.0.1" +} diff --git a/package.json b/package.json index 5021089..d3a1512 100644 --- a/package.json +++ b/package.json @@ -15,9 +15,6 @@ "test": "tap", "snap": "tap", "posttest": "npm run lint", - "preversion": "npm test", - "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags", "postlint": "template-oss-check", "template-oss-apply": "template-oss-apply --force" }, @@ -32,10 +29,16 @@ "lib/" ], "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "3.6.0" + "version": "4.3.2" + }, + "tap": { + "nyc-arg": [ + "--exclude", + "tap-snapshots/**" + ] } } diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 0000000..73d1e35 --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,36 @@ +{ + "exclude-packages-from-root": true, + "group-pull-request-title-pattern": "chore: release ${version}", + "pull-request-title-pattern": "chore: release${component} ${version}", + "changelog-sections": [ + { + "type": "feat", + "section": "Features", + "hidden": false + }, + { + "type": "fix", + "section": "Bug Fixes", + "hidden": false + }, + { + "type": "docs", + "section": "Documentation", + "hidden": false + }, + { + "type": "deps", + "section": "Dependencies", + "hidden": false + }, + { + "type": "chore", + "hidden": true + } + ], + "packages": { + ".": { + "package-name": "" + } + } +} From 39451a644d1cac8ac21eb88f6a81bd36b645d99c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Sep 2022 06:02:25 +0000 Subject: [PATCH 05/26] chore: bump @npmcli/template-oss from 4.3.2 to 4.4.4 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.3.2 to 4.4.4. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.3.2...v4.4.4) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d3a1512..a672587 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", - "@npmcli/template-oss": "4.3.2", + "@npmcli/template-oss": "4.4.4", "tap": "^16.0.1" }, "license": "ISC", From 3b2ab871bb6a96537a945eccc7040fbe8a754612 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 29 Sep 2022 20:36:26 -0700 Subject: [PATCH 06/26] chore: postinstall for dependabot template-oss PR --- .github/workflows/ci.yml | 50 +++++++++++++++++++++++++++ .github/workflows/post-dependabot.yml | 42 ++++++++++++++++++---- package.json | 2 +- 3 files changed, 87 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7043ab9..aadd60a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,56 @@ on: - cron: "0 9 * * 1" jobs: + engines: + name: Engines - ${{ matrix.platform.name }} - ${{ matrix.node-version }} + if: github.repository_owner == 'npm' + strategy: + fail-fast: false + matrix: + platform: + - name: Linux + os: ubuntu-latest + shell: bash + node-version: + - 14.17.0 + - 16.13.0 + - 18.0.0 + runs-on: ${{ matrix.platform.os }} + defaults: + run: + shell: ${{ matrix.platform.shell }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Git User + run: | + git config --global user.email "npm-cli+bot@github.com" + git config --global user.name "npm CLI robot" + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + - name: Update Windows npm + # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows + if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.')) + run: | + curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz + tar xf npm-7.5.4.tgz + cd package + node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz + cd .. + rmdir /s /q package + - name: Install npm@7 + if: startsWith(matrix.node-version, '10.') + run: npm i --prefer-online --no-fund --no-audit -g npm@7 + - name: Install npm@latest + if: ${{ !startsWith(matrix.node-version, '10.') }} + run: npm i --prefer-online --no-fund --no-audit -g npm@latest + - name: npm Version + run: npm -v + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund --engines-strict + lint: name: Lint if: github.repository_owner == 'npm' diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 98acf69..e854e12 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head_ref }} + ref: ${{ github.ref_name }} - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" @@ -46,10 +46,13 @@ jobs: if: contains(steps.metadata.outputs.dependency-names, '@npmcli/template-oss') id: flags run: | - if [[ "${{ steps.metadata.outputs.directory }}" == "/" ]]; then + dependabot_dir="${{ steps.metadata.outputs.directory }}" + if [[ "$dependabot_dir" == "/" ]]; then echo "::set-output name=workspace::-iwr" else - echo "::set-output name=workspace::-w ${{ steps.metadata.outputs.directory }}" + # strip leading slash from directory so it works as a + # a path to the workspace flag + echo "::set-output name=workspace::-w ${dependabot_dir#/}" fi - name: Apply Changes @@ -60,6 +63,15 @@ jobs: if [[ `git status --porcelain` ]]; then echo "::set-output name=changes::true" fi + # This only sets the conventional commit prefix. This workflow can't reliably determine + # what the breaking change is though. If a BREAKING CHANGE message is required then + # this PR check will fail and the commit will be amended with stafftools + if [[ "${{ steps.dependabot-metadata.outputs.update-type }}" == "version-update:semver-major" ]]; then + prefix='feat!' + else + prefix='chore!' + fi + echo "::set-output name=message::$prefix: postinstall for dependabot template-oss PR" # This step will fail if template-oss has made any workflow updates. It is impossible # for a workflow to update other workflows. In the case it does fail, we continue @@ -71,21 +83,39 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - git commit -am "chore: postinstall for dependabot template-oss PR" + git commit -am "${{ steps.apply.outputs.message }}" git push + # If the previous step failed, then reset the commit and remove any workflow changes + # and attempt to commit and push again. This is helpful because we will have a commit + # with the correct prefix that we can then --amend with @npmcli/stafftools later. - name: Push All Changes Except Workflows - if: steps.push.outcome == 'failure' + if: steps.apply.outputs.changes && steps.push-all.outcome == 'failure' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | git reset HEAD~ git checkout HEAD -- .github/workflows/ git clean -fd .github/workflows/ - git commit -am "chore: postinstall for dependabot template-oss PR" + git commit -am "${{ steps.apply.outputs.message }}" git push + # Check if all the necessary template-oss changes were applied. Since we continued + # on errors in one of the previous steps, this check will fail if our follow up + # only applied a portion of the changes and we need to followup manually. + # + # Note that this used to run `lint` and `postlint` but that will fail this action + # if we've also shipped any linting changes separate from template-oss. We do + # linting in another action, so we want to fail this one only if there are + # template-oss changes that could not be applied. - name: Check Changes if: steps.apply.outputs.changes run: | npm exec --offline ${{ steps.flags.outputs.workspace }} -- template-oss-check + + - name: Fail on Breaking Change + if: steps.apply.outputs.changes && startsWith(steps.apply.outputs.message, 'feat!') + run: | + echo "This PR has a breaking change. Run 'npx -p @npmcli/stafftools gh template-oss-fix'" + echo "for more information on how to fix this with a BREAKING CHANGE footer." + exit 1 diff --git a/package.json b/package.json index a672587..868b098 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.3.2" + "version": "4.4.4" }, "tap": { "nyc-arg": [ From 82d4888c332138efb31c388567cedaf7243adce0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Oct 2022 06:02:59 +0000 Subject: [PATCH 07/26] chore: bump @npmcli/template-oss from 4.4.4 to 4.5.1 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.4.4 to 4.5.1. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.4.4...v4.5.1) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 868b098..4cdce5d 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", - "@npmcli/template-oss": "4.4.4", + "@npmcli/template-oss": "4.5.1", "tap": "^16.0.1" }, "license": "ISC", From 56912c00d7af1b9dcb7e8585af1d759fff41cc28 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Mon, 10 Oct 2022 11:36:54 -0700 Subject: [PATCH 08/26] chore: postinstall for dependabot template-oss PR --- .github/workflows/ci-release.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/post-dependabot.yml | 2 +- .github/workflows/release.yml | 3 ++- package.json | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 6143296..9cc6b28 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -144,7 +144,7 @@ jobs: - name: Add Problem Matcher run: echo "::add-matcher::.github/matchers/tap.json" - name: Test - run: npm test --ignore-scripts -ws -iwr --if-present + run: npm test --ignore-scripts - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 if: always() diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aadd60a..a6c934a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -154,4 +154,4 @@ jobs: - name: Add Problem Matcher run: echo "::add-matcher::.github/matchers/tap.json" - name: Test - run: npm test --ignore-scripts -iwr + run: npm test --ignore-scripts diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index e854e12..88ac403 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - ref: ${{ github.ref_name }} + ref: ${{ github.event.pull_request.head.ref }} - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 01a8d6a..1ed3865 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -132,7 +132,8 @@ jobs: RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npm run rp-pull-request --ignore-scripts -ws -iwr --if-present + npm exec --offline -- template-oss-release-manager + npm run rp-pull-request --ignore-scripts --if-present - name: Commit id: commit env: diff --git a/package.json b/package.json index 4cdce5d..c952d4d 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.4.4" + "version": "4.5.1" }, "tap": { "nyc-arg": [ From 626341caedc91c5485f8cf5853e132367772383f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 06:01:01 +0000 Subject: [PATCH 09/26] chore: bump @npmcli/eslint-config from 3.1.0 to 4.0.0 Bumps [@npmcli/eslint-config](https://github.com/npm/eslint-config) from 3.1.0 to 4.0.0. - [Release notes](https://github.com/npm/eslint-config/releases) - [Changelog](https://github.com/npm/eslint-config/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/eslint-config/compare/v3.1.0...v4.0.0) --- updated-dependencies: - dependency-name: "@npmcli/eslint-config" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c952d4d..00e47c3 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "template-oss-apply": "template-oss-apply --force" }, "devDependencies": { - "@npmcli/eslint-config": "^3.0.1", + "@npmcli/eslint-config": "^4.0.0", "@npmcli/template-oss": "4.5.1", "tap": "^16.0.1" }, From bbf47a2ef26bdf93ac6afeecf2d67338be665e8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Oct 2022 06:01:52 +0000 Subject: [PATCH 10/26] chore: bump @npmcli/template-oss from 4.5.1 to 4.6.1 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.5.1 to 4.6.1. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.5.1...v4.6.1) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 00e47c3..42a228d 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.5.1", + "@npmcli/template-oss": "4.6.1", "tap": "^16.0.1" }, "license": "ISC", From 923bba45f2a9e365ddb0b5e938ce43a8ed6f811e Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Mon, 17 Oct 2022 14:05:55 -0700 Subject: [PATCH 11/26] chore: postinstall for dependabot template-oss PR --- .github/workflows/ci-release.yml | 80 +++++++++++++++++++---- .github/workflows/post-dependabot.yml | 4 +- .github/workflows/release.yml | 93 ++++++++++++++++++++++----- package.json | 2 +- 4 files changed, 149 insertions(+), 30 deletions(-) diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 9cc6b28..6dad88c 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -21,6 +21,39 @@ jobs: run: shell: bash steps: + - name: Get Workflow Job + uses: actions/github-script@v6 + + id: check-output + env: + JOB_NAME: "Lint All" + MATRIX_NAME: "" + with: + script: | + const { owner, repo } = context.repo + + const { data } = await github.rest.actions.listJobsForWorkflowRun({ + owner, + repo, + run_id: context.runId, + per_page: 100 + }) + + const jobName = process.env.JOB_NAME + process.env.MATRIX_NAME + const job = data.jobs.find(j => j.name.endsWith(jobName)) + const jobUrl = job?.html_url + + const shaUrl = `${context.serverUrl}/${owner}/${repo}/commit/${{ inputs.check-sha }}` + + let summary = `This check is assosciated with ${shaUrl}\n\n` + + if (jobUrl) { + summary += `For run logs, click here: ${jobUrl}` + } else { + summary += `Run logs could not be found for a job with name: "${jobName}"` + } + + return { summary } - name: Create Check uses: LouisBrunner/checks-action@v1.3.1 id: check @@ -30,12 +63,7 @@ jobs: status: in_progress name: Lint All sha: ${{ inputs.check-sha }} - # XXX: this does not work when using the default GITHUB_TOKEN. - # Instead we post the main job url to the PR as a comment which - # will link to all the other checks. To work around this we would - # need to create a GitHub that would create on-demand tokens. - # https://github.com/LouisBrunner/checks-action/issues/18 - # details_url: + output: ${{ steps.check-output.outputs.result }} - name: Checkout uses: actions/checkout@v3 with: @@ -94,6 +122,39 @@ jobs: run: shell: ${{ matrix.platform.shell }} steps: + - name: Get Workflow Job + uses: actions/github-script@v6 + + id: check-output + env: + JOB_NAME: "Test All" + MATRIX_NAME: " - ${{ matrix.platform.name }} - ${{ matrix.node-version }}" + with: + script: | + const { owner, repo } = context.repo + + const { data } = await github.rest.actions.listJobsForWorkflowRun({ + owner, + repo, + run_id: context.runId, + per_page: 100 + }) + + const jobName = process.env.JOB_NAME + process.env.MATRIX_NAME + const job = data.jobs.find(j => j.name.endsWith(jobName)) + const jobUrl = job?.html_url + + const shaUrl = `${context.serverUrl}/${owner}/${repo}/commit/${{ inputs.check-sha }}` + + let summary = `This check is assosciated with ${shaUrl}\n\n` + + if (jobUrl) { + summary += `For run logs, click here: ${jobUrl}` + } else { + summary += `Run logs could not be found for a job with name: "${jobName}"` + } + + return { summary } - name: Create Check uses: LouisBrunner/checks-action@v1.3.1 id: check @@ -103,12 +164,7 @@ jobs: status: in_progress name: Test All - ${{ matrix.platform.name }} - ${{ matrix.node-version }} sha: ${{ inputs.check-sha }} - # XXX: this does not work when using the default GITHUB_TOKEN. - # Instead we post the main job url to the PR as a comment which - # will link to all the other checks. To work around this we would - # need to create a GitHub that would create on-demand tokens. - # https://github.com/LouisBrunner/checks-action/issues/18 - # details_url: + output: ${{ steps.check-output.outputs.result }} - name: Checkout uses: actions/checkout@v3 with: diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 88ac403..4393859 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -66,7 +66,7 @@ jobs: # This only sets the conventional commit prefix. This workflow can't reliably determine # what the breaking change is though. If a BREAKING CHANGE message is required then # this PR check will fail and the commit will be amended with stafftools - if [[ "${{ steps.dependabot-metadata.outputs.update-type }}" == "version-update:semver-major" ]]; then + if [[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-major" ]]; then prefix='feat!' else prefix='chore!' @@ -90,7 +90,7 @@ jobs: # and attempt to commit and push again. This is helpful because we will have a commit # with the correct prefix that we can then --amend with @npmcli/stafftools later. - name: Push All Changes Except Workflows - if: steps.apply.outputs.changes && steps.push-all.outcome == 'failure' + if: steps.apply.outputs.changes && steps.push.outcome == 'failure' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1ed3865..2f7dee0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,6 +3,7 @@ name: Release on: + workflow_dispatch: push: branches: - main @@ -51,17 +52,19 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npx --offline template-oss-release-please ${{ github.ref_name }} + npx --offline template-oss-release-please ${{ github.ref_name }} ${{ github.event_name }} - name: Post Pull Request Comment if: steps.release.outputs.pr-number uses: actions/github-script@v6 id: pr-comment env: PR_NUMBER: ${{ steps.release.outputs.pr-number }} + REF_NAME: ${{ github.ref_name }} with: script: | + const { REF_NAME, PR_NUMBER } = process.env const repo = { owner: context.repo.owner, repo: context.repo.repo } - const issue = { ...repo, issue_number: process.env.PR_NUMBER } + const issue = { ...repo, issue_number: PR_NUMBER } const { data: workflow } = await github.rest.actions.getWorkflowRun({ ...repo, run_id: context.runId }) @@ -70,7 +73,11 @@ jobs: const comments = await github.paginate(github.rest.issues.listComments, issue) let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id - body += `- Release workflow run: ${workflow.html_url}` + body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Rerun for This Release\n\n` + body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` + body += `To force CI to rerun, run this command:\n\n` + body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\`` + if (commentId) { await github.rest.issues.updateComment({ ...repo, comment_id: commentId, body }) } else { @@ -79,6 +86,39 @@ jobs: } return commentId + - name: Get Workflow Job + uses: actions/github-script@v6 + if: steps.release.outputs.pr-number + id: check-output + env: + JOB_NAME: "Release" + MATRIX_NAME: "" + with: + script: | + const { owner, repo } = context.repo + + const { data } = await github.rest.actions.listJobsForWorkflowRun({ + owner, + repo, + run_id: context.runId, + per_page: 100 + }) + + const jobName = process.env.JOB_NAME + process.env.MATRIX_NAME + const job = data.jobs.find(j => j.name.endsWith(jobName)) + const jobUrl = job?.html_url + + const shaUrl = `${context.serverUrl}/${owner}/${repo}/commit/${{ steps.release.outputs.pr-sha }}` + + let summary = `This check is assosciated with ${shaUrl}\n\n` + + if (jobUrl) { + summary += `For run logs, click here: ${jobUrl}` + } else { + summary += `Run logs could not be found for a job with name: "${jobName}"` + } + + return { summary } - name: Create Check uses: LouisBrunner/checks-action@v1.3.1 id: check @@ -88,12 +128,7 @@ jobs: status: in_progress name: Release sha: ${{ steps.release.outputs.pr-sha }} - # XXX: this does not work when using the default GITHUB_TOKEN. - # Instead we post the main job url to the PR as a comment which - # will link to all the other checks. To work around this we would - # need to create a GitHub that would create on-demand tokens. - # https://github.com/LouisBrunner/checks-action/issues/18 - # details_url: + output: ${{ steps.check-output.outputs.result }} update: needs: release @@ -142,6 +177,39 @@ jobs: git commit --all --amend --no-edit || true git push --force-with-lease echo "::set-output name=sha::$(git rev-parse HEAD)" + - name: Get Workflow Job + uses: actions/github-script@v6 + + id: check-output + env: + JOB_NAME: "Update - Release" + MATRIX_NAME: "" + with: + script: | + const { owner, repo } = context.repo + + const { data } = await github.rest.actions.listJobsForWorkflowRun({ + owner, + repo, + run_id: context.runId, + per_page: 100 + }) + + const jobName = process.env.JOB_NAME + process.env.MATRIX_NAME + const job = data.jobs.find(j => j.name.endsWith(jobName)) + const jobUrl = job?.html_url + + const shaUrl = `${context.serverUrl}/${owner}/${repo}/commit/${{ steps.commit.outputs.sha }}` + + let summary = `This check is assosciated with ${shaUrl}\n\n` + + if (jobUrl) { + summary += `For run logs, click here: ${jobUrl}` + } else { + summary += `Run logs could not be found for a job with name: "${jobName}"` + } + + return { summary } - name: Create Check uses: LouisBrunner/checks-action@v1.3.1 id: check @@ -151,12 +219,7 @@ jobs: status: in_progress name: Release sha: ${{ steps.commit.outputs.sha }} - # XXX: this does not work when using the default GITHUB_TOKEN. - # Instead we post the main job url to the PR as a comment which - # will link to all the other checks. To work around this we would - # need to create a GitHub that would create on-demand tokens. - # https://github.com/LouisBrunner/checks-action/issues/18 - # details_url: + output: ${{ steps.check-output.outputs.result }} - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 if: always() diff --git a/package.json b/package.json index 42a228d..d154c44 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.5.1" + "version": "4.6.1" }, "tap": { "nyc-arg": [ From 5eb3742ab5377c07183b669ea1a1d7bb55a172d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 06:02:27 +0000 Subject: [PATCH 12/26] chore: bump @npmcli/template-oss from 4.6.1 to 4.6.2 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.6.1...v4.6.2) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d154c44..d7b10f0 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.6.1", + "@npmcli/template-oss": "4.6.2", "tap": "^16.0.1" }, "license": "ISC", From b842a7a36e2b7dbf0838ddd05f37afc5bac6bb33 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Tue, 18 Oct 2022 23:21:49 -0700 Subject: [PATCH 13/26] chore: postinstall for dependabot template-oss PR --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d7b10f0..40ec2b3 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.6.1" + "version": "4.6.2" }, "tap": { "nyc-arg": [ From dc8f9d373118cc8c8e6bf7012f2d9c401a366ac5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Oct 2022 06:02:23 +0000 Subject: [PATCH 14/26] chore: bump @npmcli/template-oss from 4.6.2 to 4.8.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.6.2 to 4.8.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.6.2...v4.8.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 40ec2b3..2b58c3b 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.6.2", + "@npmcli/template-oss": "4.8.0", "tap": "^16.0.1" }, "license": "ISC", From ab0ae3411887818e9052ea59bdf78e82f5be04ec Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 27 Oct 2022 22:10:24 -0700 Subject: [PATCH 15/26] chore: postinstall for dependabot template-oss PR --- .github/workflows/audit.yml | 6 ++-- .github/workflows/ci-release.yml | 18 ++++++---- .github/workflows/ci.yml | 50 --------------------------- .github/workflows/post-dependabot.yml | 2 +- .github/workflows/release.yml | 13 +++---- package.json | 2 +- 6 files changed, 25 insertions(+), 66 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 60bb334..62892f9 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -33,5 +33,7 @@ jobs: run: npm -v - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund --package-lock - - name: Run Audit - run: npm audit + - name: Run Production Audit + run: npm audit --omit=dev + - name: Run Full Audit + run: npm audit --audit-level=none diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 6dad88c..6e80aa6 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -3,6 +3,12 @@ name: CI - Release on: + workflow_dispatch: + inputs: + ref: + required: true + type: string + default: main workflow_call: inputs: ref: @@ -23,7 +29,7 @@ jobs: steps: - name: Get Workflow Job uses: actions/github-script@v6 - + if: inputs.check-sha id: check-output env: JOB_NAME: "Lint All" @@ -57,7 +63,7 @@ jobs: - name: Create Check uses: LouisBrunner/checks-action@v1.3.1 id: check - + if: inputs.check-sha with: token: ${{ secrets.GITHUB_TOKEN }} status: in_progress @@ -88,7 +94,7 @@ jobs: run: npm run postlint --ignore-scripts - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 - if: always() + if: steps.check.outputs.check_id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} @@ -124,7 +130,7 @@ jobs: steps: - name: Get Workflow Job uses: actions/github-script@v6 - + if: inputs.check-sha id: check-output env: JOB_NAME: "Test All" @@ -158,7 +164,7 @@ jobs: - name: Create Check uses: LouisBrunner/checks-action@v1.3.1 id: check - + if: inputs.check-sha with: token: ${{ secrets.GITHUB_TOKEN }} status: in_progress @@ -203,7 +209,7 @@ jobs: run: npm test --ignore-scripts - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 - if: always() + if: steps.check.outputs.check_id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a6c934a..9cc149d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,56 +14,6 @@ on: - cron: "0 9 * * 1" jobs: - engines: - name: Engines - ${{ matrix.platform.name }} - ${{ matrix.node-version }} - if: github.repository_owner == 'npm' - strategy: - fail-fast: false - matrix: - platform: - - name: Linux - os: ubuntu-latest - shell: bash - node-version: - - 14.17.0 - - 16.13.0 - - 18.0.0 - runs-on: ${{ matrix.platform.os }} - defaults: - run: - shell: ${{ matrix.platform.shell }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Git User - run: | - git config --global user.email "npm-cli+bot@github.com" - git config --global user.name "npm CLI robot" - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - - name: Update Windows npm - # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows - if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.')) - run: | - curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz - tar xf npm-7.5.4.tgz - cd package - node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz - cd .. - rmdir /s /q package - - name: Install npm@7 - if: startsWith(matrix.node-version, '10.') - run: npm i --prefer-online --no-fund --no-audit -g npm@7 - - name: Install npm@latest - if: ${{ !startsWith(matrix.node-version, '10.') }} - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v - - name: Install Dependencies - run: npm i --ignore-scripts --no-audit --no-fund --engines-strict - lint: name: Lint if: github.repository_owner == 'npm' diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 4393859..19902bd 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -69,7 +69,7 @@ jobs: if [[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-major" ]]; then prefix='feat!' else - prefix='chore!' + prefix='chore' fi echo "::set-output name=message::$prefix: postinstall for dependabot template-oss PR" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2f7dee0..15d37cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,7 @@ on: branches: - main - latest + - release/v* permissions: contents: write @@ -88,7 +89,7 @@ jobs: return commentId - name: Get Workflow Job uses: actions/github-script@v6 - if: steps.release.outputs.pr-number + if: steps.release.outputs.pr-sha id: check-output env: JOB_NAME: "Release" @@ -122,7 +123,7 @@ jobs: - name: Create Check uses: LouisBrunner/checks-action@v1.3.1 id: check - if: steps.release.outputs.pr-number + if: steps.release.outputs.pr-sha with: token: ${{ secrets.GITHUB_TOKEN }} status: in_progress @@ -179,7 +180,7 @@ jobs: echo "::set-output name=sha::$(git rev-parse HEAD)" - name: Get Workflow Job uses: actions/github-script@v6 - + if: steps.commit.outputs.sha id: check-output env: JOB_NAME: "Update - Release" @@ -213,7 +214,7 @@ jobs: - name: Create Check uses: LouisBrunner/checks-action@v1.3.1 id: check - + if: steps.commit.outputs.sha with: token: ${{ secrets.GITHUB_TOKEN }} status: in_progress @@ -222,7 +223,7 @@ jobs: output: ${{ steps.check-output.outputs.result }} - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 - if: always() + if: needs.release.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} @@ -260,7 +261,7 @@ jobs: echo "::set-output name=result::$result" - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 - if: always() + if: needs.update.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ steps.needs-result.outputs.result }} diff --git a/package.json b/package.json index 2b58c3b..0dd5059 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.6.2" + "version": "4.8.0" }, "tap": { "nyc-arg": [ From d7ac1c4387c2934ddae7d3908a2dae8786eec64d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Nov 2022 06:09:29 +0000 Subject: [PATCH 16/26] chore: bump @npmcli/template-oss from 4.8.0 to 4.10.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.8.0 to 4.10.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.8.0...v4.10.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0dd5059..874ab3a 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.8.0", + "@npmcli/template-oss": "4.10.0", "tap": "^16.0.1" }, "license": "ISC", From 80720cac5920d1d95e035d0b341b40104722c25a Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Sat, 12 Nov 2022 14:29:07 -0700 Subject: [PATCH 17/26] chore: postinstall for dependabot template-oss PR --- .github/workflows/release.yml | 6 +++--- SECURITY.md | 13 ++++++++++++- package.json | 2 +- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 15d37cb..264cf3d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -74,9 +74,9 @@ jobs: const comments = await github.paginate(github.rest.issues.listComments, issue) let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id - body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Rerun for This Release\n\n` + body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` - body += `To force CI to rerun, run this command:\n\n` + body += `To force CI to update this PR, run this command:\n\n` body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\`` if (commentId) { @@ -168,7 +168,7 @@ jobs: RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npm exec --offline -- template-oss-release-manager + npm exec --offline -- template-oss-release-manager --lockfile=false npm run rp-pull-request --ignore-scripts --if-present - name: Commit id: commit diff --git a/SECURITY.md b/SECURITY.md index a93106d..4e7c26c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,14 @@ -Please send vulnerability reports through [hackerone](https://hackerone.com/github). +GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). + +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. + +If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). + +If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award. + +**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** + +Thanks for helping make GitHub safe for everyone. + diff --git a/package.json b/package.json index 874ab3a..4bb6bd9 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.8.0" + "version": "4.10.0" }, "tap": { "nyc-arg": [ From 09788ef91982d80113a0df176080c273cd5a5c53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Dec 2022 06:00:42 +0000 Subject: [PATCH 18/26] chore: bump @npmcli/template-oss from 4.10.0 to 4.11.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.10.0 to 4.11.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.10.0...v4.11.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 4bb6bd9..2f1e15b 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.10.0", + "@npmcli/template-oss": "4.11.0", "tap": "^16.0.1" }, "license": "ISC", From 8c5f040393fab27e85fc01d1e1a132e149a79bc3 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Sat, 10 Dec 2022 12:30:12 -0700 Subject: [PATCH 19/26] chore: postinstall for dependabot template-oss PR --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2f1e15b..51a205d 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.10.0" + "version": "4.11.0" }, "tap": { "nyc-arg": [ From e4faaf1c957b1c5abad0867195d4fb02a214b2eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Jan 2023 06:00:58 +0000 Subject: [PATCH 20/26] chore: bump @npmcli/template-oss from 4.11.0 to 4.11.3 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.11.0 to 4.11.3. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.11.0...v4.11.3) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 51a205d..ce6e313 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.0", + "@npmcli/template-oss": "4.11.3", "tap": "^16.0.1" }, "license": "ISC", From f7e31059adb82559b625df58599923d5564b70af Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 25 Jan 2023 11:21:41 -0700 Subject: [PATCH 21/26] chore: postinstall for dependabot template-oss PR --- .github/workflows/pull-request.yml | 4 +- .github/workflows/release.yml | 148 ++++++++++++++++++++++++----- package.json | 2 +- 3 files changed, 129 insertions(+), 25 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1a1d1ee..99877da 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -41,8 +41,8 @@ jobs: id: commit continue-on-error: true run: | - npx --offline commitlint -V --from origin/${{ github.base_ref }} --to ${{ github.event.pull_request.head.sha }} + npx --offline commitlint -V --from 'origin/${{ github.base_ref }}' --to ${{ github.event.pull_request.head.sha }} - name: Run Commitlint on PR Title if: steps.commit.outcome == 'failure' run: | - echo ${{ github.event.pull_request.title }} | npx --offline commitlint -V + echo '${{ github.event.pull_request.title }}' | npx --offline commitlint -V diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 264cf3d..f6daab5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,8 +19,8 @@ jobs: release: outputs: pr: ${{ steps.release.outputs.pr }} + release: ${{ steps.release.outputs.release }} releases: ${{ steps.release.outputs.releases }} - release-flags: ${{ steps.release.outputs.release-flags }} branch: ${{ steps.release.outputs.pr-branch }} pr-number: ${{ steps.release.outputs.pr-number }} comment-id: ${{ steps.pr-comment.outputs.result }} @@ -63,26 +63,25 @@ jobs: REF_NAME: ${{ github.ref_name }} with: script: | - const { REF_NAME, PR_NUMBER } = process.env - const repo = { owner: context.repo.owner, repo: context.repo.repo } - const issue = { ...repo, issue_number: PR_NUMBER } + const { REF_NAME, PR_NUMBER: issue_number } = process.env + const { runId, repo: { owner, repo } } = context - const { data: workflow } = await github.rest.actions.getWorkflowRun({ ...repo, run_id: context.runId }) + const { data: workflow } = await github.rest.actions.getWorkflowRun({ owner, repo, run_id: runId }) let body = '## Release Manager\n\n' - const comments = await github.paginate(github.rest.issues.listComments, issue) - let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id + const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) + let commentId = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` body += `To force CI to update this PR, run this command:\n\n` - body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\`` + body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo}\n\`\`\`` if (commentId) { - await github.rest.issues.updateComment({ ...repo, comment_id: commentId, body }) + await github.rest.issues.updateComment({ owner, repo, comment_id: commentId, body }) } else { - const { data: comment } = await github.rest.issues.createComment({ ...issue, body }) + const { data: comment } = await github.rest.issues.createComment({ owner, repo, issue_number, body }) commentId = comment?.id } @@ -276,12 +275,45 @@ jobs: run: shell: bash steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Git User - run: | - git config --global user.email "npm-cli+bot@github.com" - git config --global user.name "npm CLI robot" + - name: Create Release PR Comment + uses: actions/github-script@v6 + env: + RELEASES: ${{ needs.release.outputs.releases }} + with: + script: | + const releases = JSON.parse(process.env.RELEASES) + const { runId, repo: { owner, repo } } = context + const issue_number = releases[0].prNumber + + let body = '## Release Workflow\n\n' + for (const { pkgName, version, url } of releases) { + body += `- \`${pkgName}@${version}\` ${url}\n` + } + + const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) + const releaseComments = comments.filter(c => c.user.login === 'github-actions[bot]' && c.body.includes('Release is at')) + + for (const comment of releaseComments) { + await github.rest.issues.deleteComment({ owner, repo, comment_id: comment.id }) + } + + const runUrl = `https://github.com/${owner}/${repo}/actions/runs/${runId}` + await github.rest.issues.createComment({ + owner, + repo, + issue_number, + body: `${body}- Workflow run: :arrows_counterclockwise: ${runUrl}`, + }) + + release-integration: + needs: release + name: Release Integration + if: needs.release.outputs.release + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: - name: Setup Node uses: actions/setup-node@v3 with: @@ -290,10 +322,82 @@ jobs: run: npm i --prefer-online --no-fund --no-audit -g npm@latest - name: npm Version run: npm -v - - name: Install Dependencies - run: npm i --ignore-scripts --no-audit --no-fund - - name: Run Post Release Actions - env: - RELEASES: ${{ needs.release.outputs.releases }} + - name: View in Registry + run: | + EXIT_CODE=0 + + function is_published { + if npm view "$@" --loglevel=error > /dev/null; then + echo 0 + else + echo 1 + fi + } + + for release in $(echo '${{ needs.release.outputs.releases }}' | jq -r '.[] | @base64'); do + name=$(echo "$release" | base64 --decode | jq -r .pkgName) + version=$(echo "$release" | base64 --decode | jq -r .version) + spec="$name@$version" + status=$(is_published "$spec") + if [[ "$status" -eq 1 ]]; then + echo "$spec ERROR" + EXIT_CODE=$status + else + echo "$spec OK" + fi + done + + exit $EXIT_CODE + + post-release-integration: + needs: [ release, release-integration ] + name: Post Release Integration - Release + if: github.repository_owner == 'npm' && needs.release.outputs.release && always() + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Get Needs Result + id: needs-result run: | - npm run rp-release --ignore-scripts --if-present ${{ join(fromJSON(needs.release.outputs.release-flags), ' ') }} + result="" + if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then + result="x" + elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then + result="heavy_multiplication_x" + else + result="white_check_mark" + fi + echo "::set-output name=result::$result" + - name: Update Release PR Comment + uses: actions/github-script@v6 + env: + PR_NUMBER: ${{ fromJSON(needs.release.outputs.release).prNumber }} + RESULT: ${{ steps.needs-result.outputs.result }} + with: + script: | + const { PR_NUMBER: issue_number, RESULT } = process.env + const { repo: { owner, repo } } = context + + const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) + const updateComment = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith('## Release Workflow\n\n')) + + if (updateComment) { + console.log('Found comment to update:', JSON.stringify(updateComment, null, 2)) + let body = updateComment.body.replace(/Workflow run: :[a-z_]+:/, `Workflow run: :${RESULT}:`) + if (RESULT === 'x') { + body += `\n\n:rotating_light:` + body += ` @npm/cli-team: The post-release workflow failed for this release.` + body += ` Manual steps may need to be taken after examining the workflow output` + body += ` from the above workflow run. :rotating_light:` + } + await github.rest.issues.updateComment({ + owner, + repo, + body, + comment_id: updateComment.id, + }) + } else { + console.log('No matching comments found:', JSON.stringify(comments, null, 2)) + } diff --git a/package.json b/package.json index ce6e313..f8f963d 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.0" + "version": "4.11.3" }, "tap": { "nyc-arg": [ From f318574044566d85eab5061d10d12b90c464a787 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Feb 2023 06:00:42 +0000 Subject: [PATCH 22/26] chore: bump @npmcli/template-oss from 4.11.3 to 4.11.4 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.11.3 to 4.11.4. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.11.3...v4.11.4) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f8f963d..820f481 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.3", + "@npmcli/template-oss": "4.11.4", "tap": "^16.0.1" }, "license": "ISC", From c9017845ae9bd802fdc6edb53ca084dbff801c22 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 8 Feb 2023 10:09:19 -0700 Subject: [PATCH 23/26] chore: postinstall for dependabot template-oss PR --- .github/workflows/release.yml | 23 +++++++++++++++++------ package.json | 2 +- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f6daab5..f9299c9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,10 @@ name: Release on: workflow_dispatch: + inputs: + release-pr: + description: a release PR number to rerun release jobs on + type: string push: branches: - main @@ -53,7 +57,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npx --offline template-oss-release-please ${{ github.ref_name }} ${{ github.event_name }} + npx --offline template-oss-release-please "${{ github.ref_name }}" "${{ inputs.release-pr }}" - name: Post Pull Request Comment if: steps.release.outputs.pr-number uses: actions/github-script@v6 @@ -76,7 +80,7 @@ jobs: body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` body += `To force CI to update this PR, run this command:\n\n` - body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo}\n\`\`\`` + body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo} -f release-pr=${issue_number}\n\`\`\`` if (commentId) { await github.rest.issues.updateComment({ owner, repo, comment_id: commentId, body }) @@ -291,14 +295,17 @@ jobs: } const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) - const releaseComments = comments.filter(c => c.user.login === 'github-actions[bot]' && c.body.includes('Release is at')) + .then(cs => cs.map(c => ({ id: c.id, login: c.user.login, body: c.body }))) + console.log(`Found comments: ${JSON.stringify(comments, null, 2)}`) + const releaseComments = comments.filter(c => c.login === 'github-actions[bot]' && c.body.includes('Release is at')) for (const comment of releaseComments) { + console.log(`Release comment: ${JSON.stringify(comment, null, 2)}`) await github.rest.issues.deleteComment({ owner, repo, comment_id: comment.id }) } const runUrl = `https://github.com/${owner}/${repo}/actions/runs/${runId}` - await github.rest.issues.createComment({ + await github.rest.issues.createComment({ owner, repo, issue_number, @@ -378,10 +385,14 @@ jobs: with: script: | const { PR_NUMBER: issue_number, RESULT } = process.env - const { repo: { owner, repo } } = context + const { runId, repo: { owner, repo } } = context const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) - const updateComment = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith('## Release Workflow\n\n')) + const updateComment = comments.find(c => + c.user.login === 'github-actions[bot]' && + c.body.startsWith('## Release Workflow\n\n') && + c.body.includes(runId) + ) if (updateComment) { console.log('Found comment to update:', JSON.stringify(updateComment, null, 2)) diff --git a/package.json b/package.json index 820f481..ca89196 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.3" + "version": "4.11.4" }, "tap": { "nyc-arg": [ From 589601a86defb8071dbb71304a21055b7b0b877d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Mar 2023 06:57:08 +0000 Subject: [PATCH 24/26] chore: bump @npmcli/template-oss from 4.11.4 to 4.12.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.11.4 to 4.12.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.11.4...v4.12.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ca89196..c50c870 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "tap": "^16.0.1" }, "license": "ISC", From 9e30c74a12569dc3468dec08f6d2c84bff330152 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Tue, 7 Mar 2023 17:23:32 -0700 Subject: [PATCH 25/26] chore: postinstall for dependabot template-oss PR --- .github/workflows/post-dependabot.yml | 8 ++++---- .github/workflows/release.yml | 10 +++++----- SECURITY.md | 3 +-- package.json | 2 +- 4 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 19902bd..ce38340 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -48,11 +48,11 @@ jobs: run: | dependabot_dir="${{ steps.metadata.outputs.directory }}" if [[ "$dependabot_dir" == "/" ]]; then - echo "::set-output name=workspace::-iwr" + echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a # a path to the workspace flag - echo "::set-output name=workspace::-w ${dependabot_dir#/}" + echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT fi - name: Apply Changes @@ -61,7 +61,7 @@ jobs: run: | npm run template-oss-apply ${{ steps.flags.outputs.workspace }} if [[ `git status --porcelain` ]]; then - echo "::set-output name=changes::true" + echo "changes=true" >> $GITHUB_OUTPUT fi # This only sets the conventional commit prefix. This workflow can't reliably determine # what the breaking change is though. If a BREAKING CHANGE message is required then @@ -71,7 +71,7 @@ jobs: else prefix='chore' fi - echo "::set-output name=message::$prefix: postinstall for dependabot template-oss PR" + echo "message=$prefix: postinstall for dependabot template-oss PR" >> $GITHUB_OUTPUT # This step will fail if template-oss has made any workflow updates. It is impossible # for a workflow to update other workflows. In the case it does fail, we continue diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f9299c9..780bcc9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -180,7 +180,7 @@ jobs: run: | git commit --all --amend --no-edit || true git push --force-with-lease - echo "::set-output name=sha::$(git rev-parse HEAD)" + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - name: Get Workflow Job uses: actions/github-script@v6 if: steps.commit.outputs.sha @@ -261,7 +261,7 @@ jobs: else result="success" fi - echo "::set-output name=result::$result" + echo "result=$result" >> $GITHUB_OUTPUT - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 if: needs.update.outputs.check-id && always() @@ -368,7 +368,6 @@ jobs: - name: Get Needs Result id: needs-result run: | - result="" if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then result="x" elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then @@ -376,7 +375,7 @@ jobs: else result="white_check_mark" fi - echo "::set-output name=result::$result" + echo "result=$result" >> $GITHUB_OUTPUT - name: Update Release PR Comment uses: actions/github-script@v6 env: @@ -397,7 +396,8 @@ jobs: if (updateComment) { console.log('Found comment to update:', JSON.stringify(updateComment, null, 2)) let body = updateComment.body.replace(/Workflow run: :[a-z_]+:/, `Workflow run: :${RESULT}:`) - if (RESULT === 'x') { + const tagCodeowner = RESULT !== 'white_check_mark' + if (tagCodeowner) { body += `\n\n:rotating_light:` body += ` @npm/cli-team: The post-release workflow failed for this release.` body += ` Manual steps may need to be taken after examining the workflow output` diff --git a/SECURITY.md b/SECURITY.md index 4e7c26c..9cd2dea 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,11 +4,10 @@ GitHub takes the security of our software products and services seriously, inclu If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. -If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). +If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** Thanks for helping make GitHub safe for everyone. - diff --git a/package.json b/package.json index c50c870..4ff1245 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4" + "version": "4.12.0" }, "tap": { "nyc-arg": [ From 83dd01c251a63459fb0603f7447804e1c652732c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 8 Mar 2023 00:52:18 +0000 Subject: [PATCH 26/26] chore: release 4.0.0 --- .release-please-manifest.json | 2 +- CHANGELOG.md | 10 ++++++++++ package.json | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index d6f5405..e6f8775 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "3.0.1" + ".": "4.0.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 244cb11..c43708d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # Changelog +## [4.0.0](https://github.com/npm/ini/compare/v3.0.1...v4.0.0) (2023-03-08) + +### ⚠️ BREAKING CHANGES + +* `ini` is now compatible with the following semver range for node: `^14.17.0 || ^16.13.0 || >=18.0.0` + +### Features + +* [`6b70a48`](https://github.com/npm/ini/commit/6b70a480a47cac47b2da4ec40aba6b9b4bb77608) [#176](https://github.com/npm/ini/pull/176) postinstall for dependabot template-oss PR (@lukekarrys) + ## [3.0.1](https://github.com/npm/ini/compare/v3.0.0...v3.0.1) (2022-08-22) diff --git a/package.json b/package.json index 4ff1245..08890d2 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "author": "GitHub Inc.", "name": "ini", "description": "An ini encoder/decoder for node", - "version": "3.0.1", + "version": "4.0.0", "repository": { "type": "git", "url": "https://github.com/npm/ini.git"