diff --git a/.commitlintrc.js b/.commitlintrc.js index 5b0b1a52..b706e527 100644 --- a/.commitlintrc.js +++ b/.commitlintrc.js @@ -5,6 +5,8 @@ module.exports = { rules: { 'type-enum': [2, 'always', ['feat', 'fix', 'docs', 'deps', 'chore']], 'header-max-length': [2, 'always', 80], - 'subject-case': [0, 'always', ['lower-case', 'sentence-case', 'start-case']], + 'subject-case': [0], + 'body-max-line-length': [0], + 'footer-max-line-length': [0], }, } diff --git a/.eslintrc.js b/.eslintrc.js index 5db9f815..f21d26ec 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -10,6 +10,9 @@ const localConfigs = readdir(__dirname) module.exports = { root: true, + ignorePatterns: [ + 'tap-testdir*/', + ], extends: [ '@npmcli', ...localConfigs, diff --git a/.github/actions/create-check/action.yml b/.github/actions/create-check/action.yml new file mode 100644 index 00000000..d1220c90 --- /dev/null +++ b/.github/actions/create-check/action.yml @@ -0,0 +1,52 @@ +# This file is automatically added by @npmcli/template-oss. Do not edit. + +name: 'Create Check' +inputs: + name: + required: true + token: + required: true + sha: + required: true + check-name: + default: '' +outputs: + check-id: + value: ${{ steps.create-check.outputs.check_id }} +runs: + using: "composite" + steps: + - name: Get Workflow Job + uses: actions/github-script@v7 + id: workflow + env: + JOB_NAME: "${{ inputs.name }}" + SHA: "${{ inputs.sha }}" + with: + result-encoding: string + script: | + const { repo: { owner, repo}, runId, serverUrl } = context + const { JOB_NAME, SHA } = process.env + + const job = await github.rest.actions.listJobsForWorkflowRun({ + owner, + repo, + run_id: runId, + per_page: 100 + }).then(r => r.data.jobs.find(j => j.name.endsWith(JOB_NAME))) + + return [ + `This check is assosciated with ${serverUrl}/${owner}/${repo}/commit/${SHA}.`, + 'Run logs:', + job?.html_url || `could not be found for a job ending with: "${JOB_NAME}"`, + ].join(' ') + - name: Create Check + uses: LouisBrunner/checks-action@v1.6.0 + id: create-check + with: + token: ${{ inputs.token }} + sha: ${{ inputs.sha }} + status: in_progress + name: ${{ inputs.check-name || inputs.name }} + output: | + {"summary":"${{ steps.workflow.outputs.result }}"} diff --git a/.github/actions/install-latest-npm/action.yml b/.github/actions/install-latest-npm/action.yml new file mode 100644 index 00000000..580603dd --- /dev/null +++ b/.github/actions/install-latest-npm/action.yml @@ -0,0 +1,58 @@ +# This file is automatically added by @npmcli/template-oss. Do not edit. + +name: 'Install Latest npm' +description: 'Install the latest version of npm compatible with the Node version' +inputs: + node: + description: 'Current Node version' + required: true +runs: + using: "composite" + steps: + # node 10/12/14 ship with npm@6, which is known to fail when updating itself in windows + - name: Update Windows npm + if: | + runner.os == 'Windows' && ( + startsWith(inputs.node, 'v10.') || + startsWith(inputs.node, 'v12.') || + startsWith(inputs.node, 'v14.') + ) + shell: cmd + run: | + curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz + tar xf npm-7.5.4.tgz + cd package + node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz + cd .. + rmdir /s /q package + - name: Install Latest npm + shell: bash + env: + NODE_VERSION: ${{ inputs.node }} + working-directory: ${{ runner.temp }} + run: | + MATCH="" + SPECS=("latest" "next-10" "next-9" "next-8" "next-7" "next-6") + + echo "node@$NODE_VERSION" + + for SPEC in ${SPECS[@]}; do + ENGINES=$(npm view npm@$SPEC --json | jq -r '.engines.node') + echo "Checking if node@$NODE_VERSION satisfies npm@$SPEC ($ENGINES)" + + if npx semver -r "$ENGINES" "$NODE_VERSION" > /dev/null; then + MATCH=$SPEC + echo "Found compatible version: npm@$MATCH" + break + fi + done + + if [ -z $MATCH ]; then + echo "Could not find a compatible version of npm for node@$NODE_VERSION" + exit 1 + fi + + npm i --prefer-online --no-fund --no-audit -g npm@$MATCH + - name: npm Version + shell: bash + run: npm -v diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8da2a452..d735ccf2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,7 @@ updates: directory: / schedule: interval: daily + target-branch: "main" allow: - dependency-type: direct versioning-strategy: increase-if-necessary @@ -15,3 +16,38 @@ updates: prefix-development: chore labels: - "Dependencies" + open-pull-requests-limit: 10 + - package-ecosystem: npm + directory: / + schedule: + interval: daily + target-branch: "release/v5" + allow: + - dependency-type: direct + dependency-name: "@npmcli/template-oss" + versioning-strategy: increase-if-necessary + commit-message: + prefix: deps + prefix-development: chore + labels: + - "Dependencies" + - "Backport" + - "release/v5" + open-pull-requests-limit: 10 + - package-ecosystem: npm + directory: / + schedule: + interval: daily + target-branch: "release/v6" + allow: + - dependency-type: direct + dependency-name: "@npmcli/template-oss" + versioning-strategy: increase-if-necessary + commit-message: + prefix: deps + prefix-development: chore + labels: + - "Dependencies" + - "Backport" + - "release/v6" + open-pull-requests-limit: 10 diff --git a/.github/settings.yml b/.github/settings.yml index 1019e26f..206b6eeb 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -1,2 +1,55 @@ ---- -_extends: '.github:npm-cli/settings.yml' +# This file is automatically added by @npmcli/template-oss. Do not edit. + +repository: + allow_merge_commit: false + allow_rebase_merge: true + allow_squash_merge: true + squash_merge_commit_title: PR_TITLE + squash_merge_commit_message: PR_BODY + delete_branch_on_merge: true + enable_automated_security_fixes: true + enable_vulnerability_alerts: true + +branches: + - name: main + protection: + required_status_checks: null + enforce_admins: true + block_creations: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] + - name: release/v5 + protection: + required_status_checks: null + enforce_admins: true + block_creations: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] + - name: release/v6 + protection: + required_status_checks: null + enforce_admins: true + block_creations: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 60bb334b..a3ae7257 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -18,20 +18,24 @@ jobs: shell: bash steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node with: - node-version: 18.x - - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + node-version: 22.x + check-latest: contains('22.x', '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm + with: + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund --package-lock - - name: Run Audit - run: npm audit + - name: Run Production Audit + run: npm audit --omit=dev + - name: Run Full Audit + run: npm audit --audit-level=none diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 6e80aa69..d8d761f2 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -27,65 +27,32 @@ jobs: run: shell: bash steps: - - name: Get Workflow Job - uses: actions/github-script@v6 - if: inputs.check-sha - id: check-output - env: - JOB_NAME: "Lint All" - MATRIX_NAME: "" - with: - script: | - const { owner, repo } = context.repo - - const { data } = await github.rest.actions.listJobsForWorkflowRun({ - owner, - repo, - run_id: context.runId, - per_page: 100 - }) - - const jobName = process.env.JOB_NAME + process.env.MATRIX_NAME - const job = data.jobs.find(j => j.name.endsWith(jobName)) - const jobUrl = job?.html_url - - const shaUrl = `${context.serverUrl}/${owner}/${repo}/commit/${{ inputs.check-sha }}` - - let summary = `This check is assosciated with ${shaUrl}\n\n` - - if (jobUrl) { - summary += `For run logs, click here: ${jobUrl}` - } else { - summary += `Run logs could not be found for a job with name: "${jobName}"` - } - - return { summary } - - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 - id: check - if: inputs.check-sha - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: in_progress - name: Lint All - sha: ${{ inputs.check-sha }} - output: ${{ steps.check-output.outputs.result }} - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ inputs.ref }} - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" + - name: Create Check + id: create-check + if: ${{ inputs.check-sha }} + uses: ./.github/actions/create-check + with: + name: "Lint All" + token: ${{ secrets.GITHUB_TOKEN }} + sha: ${{ inputs.check-sha }} - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node + with: + node-version: 22.x + check-latest: contains('22.x', '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm with: - node-version: 18.x - - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund - name: Lint @@ -93,12 +60,12 @@ jobs: - name: Post Lint run: npm run postlint --ignore-scripts - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 - if: steps.check.outputs.check_id && always() + uses: LouisBrunner/checks-action@v1.6.0 + if: steps.create-check.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} - check_id: ${{ steps.check.outputs.check_id }} + check_id: ${{ steps.create-check.outputs.check-id }} test-all: name: Test All - ${{ matrix.platform.name }} - ${{ matrix.node-version }} @@ -113,6 +80,9 @@ jobs: - name: macOS os: macos-latest shell: bash + - name: macOS + os: macos-13 + shell: bash - name: Windows os: windows-latest shell: cmd @@ -123,84 +93,56 @@ jobs: - 16.x - 18.0.0 - 18.x + - 20.x + - 22.x + exclude: + - platform: { name: macOS, os: macos-latest, shell: bash } + node-version: 14.17.0 + - platform: { name: macOS, os: macos-latest, shell: bash } + node-version: 14.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 16.13.0 + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 16.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 18.0.0 + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 18.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 20.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 22.x runs-on: ${{ matrix.platform.os }} defaults: run: shell: ${{ matrix.platform.shell }} steps: - - name: Get Workflow Job - uses: actions/github-script@v6 - if: inputs.check-sha - id: check-output - env: - JOB_NAME: "Test All" - MATRIX_NAME: " - ${{ matrix.platform.name }} - ${{ matrix.node-version }}" - with: - script: | - const { owner, repo } = context.repo - - const { data } = await github.rest.actions.listJobsForWorkflowRun({ - owner, - repo, - run_id: context.runId, - per_page: 100 - }) - - const jobName = process.env.JOB_NAME + process.env.MATRIX_NAME - const job = data.jobs.find(j => j.name.endsWith(jobName)) - const jobUrl = job?.html_url - - const shaUrl = `${context.serverUrl}/${owner}/${repo}/commit/${{ inputs.check-sha }}` - - let summary = `This check is assosciated with ${shaUrl}\n\n` - - if (jobUrl) { - summary += `For run logs, click here: ${jobUrl}` - } else { - summary += `Run logs could not be found for a job with name: "${jobName}"` - } - - return { summary } - - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 - id: check - if: inputs.check-sha - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: in_progress - name: Test All - ${{ matrix.platform.name }} - ${{ matrix.node-version }} - sha: ${{ inputs.check-sha }} - output: ${{ steps.check-output.outputs.result }} - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ inputs.ref }} - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" + - name: Create Check + id: create-check + if: ${{ inputs.check-sha }} + uses: ./.github/actions/create-check + with: + name: "Test All - ${{ matrix.platform.name }} - ${{ matrix.node-version }}" + token: ${{ secrets.GITHUB_TOKEN }} + sha: ${{ inputs.check-sha }} - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node with: node-version: ${{ matrix.node-version }} - - name: Update Windows npm - # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows - if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.')) - run: | - curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz - tar xf npm-7.5.4.tgz - cd package - node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz - cd .. - rmdir /s /q package - - name: Install npm@7 - if: startsWith(matrix.node-version, '10.') - run: npm i --prefer-online --no-fund --no-audit -g npm@7 - - name: Install npm@latest - if: ${{ !startsWith(matrix.node-version, '10.') }} - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + check-latest: contains(matrix.node-version, '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm + with: + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund - name: Add Problem Matcher @@ -208,9 +150,9 @@ jobs: - name: Test run: npm test --ignore-scripts - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 - if: steps.check.outputs.check_id && always() + uses: LouisBrunner/checks-action@v1.6.0 + if: steps.create-check.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} - check_id: ${{ steps.check.outputs.check_id }} + check_id: ${{ steps.create-check.outputs.check-id }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a6c934ae..3760663d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,62 +8,12 @@ on: push: branches: - main - - latest + - release/v* schedule: # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 - cron: "0 9 * * 1" jobs: - engines: - name: Engines - ${{ matrix.platform.name }} - ${{ matrix.node-version }} - if: github.repository_owner == 'npm' - strategy: - fail-fast: false - matrix: - platform: - - name: Linux - os: ubuntu-latest - shell: bash - node-version: - - 14.17.0 - - 16.13.0 - - 18.0.0 - runs-on: ${{ matrix.platform.os }} - defaults: - run: - shell: ${{ matrix.platform.shell }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Git User - run: | - git config --global user.email "npm-cli+bot@github.com" - git config --global user.name "npm CLI robot" - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - - name: Update Windows npm - # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows - if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.')) - run: | - curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz - tar xf npm-7.5.4.tgz - cd package - node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz - cd .. - rmdir /s /q package - - name: Install npm@7 - if: startsWith(matrix.node-version, '10.') - run: npm i --prefer-online --no-fund --no-audit -g npm@7 - - name: Install npm@latest - if: ${{ !startsWith(matrix.node-version, '10.') }} - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v - - name: Install Dependencies - run: npm i --ignore-scripts --no-audit --no-fund --engines-strict - lint: name: Lint if: github.repository_owner == 'npm' @@ -73,19 +23,21 @@ jobs: shell: bash steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node + with: + node-version: 22.x + check-latest: contains('22.x', '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm with: - node-version: 18.x - - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund - name: Lint @@ -106,6 +58,9 @@ jobs: - name: macOS os: macos-latest shell: bash + - name: macOS + os: macos-13 + shell: bash - name: Windows os: windows-latest shell: cmd @@ -116,39 +71,46 @@ jobs: - 16.x - 18.0.0 - 18.x + - 20.x + - 22.x + exclude: + - platform: { name: macOS, os: macos-latest, shell: bash } + node-version: 14.17.0 + - platform: { name: macOS, os: macos-latest, shell: bash } + node-version: 14.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 16.13.0 + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 16.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 18.0.0 + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 18.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 20.x + - platform: { name: macOS, os: macos-13, shell: bash } + node-version: 22.x runs-on: ${{ matrix.platform.os }} defaults: run: shell: ${{ matrix.platform.shell }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node with: node-version: ${{ matrix.node-version }} - - name: Update Windows npm - # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows - if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.')) - run: | - curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz - tar xf npm-7.5.4.tgz - cd package - node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz - cd .. - rmdir /s /q package - - name: Install npm@7 - if: startsWith(matrix.node-version, '10.') - run: npm i --prefer-online --no-fund --no-audit -g npm@7 - - name: Install npm@latest - if: ${{ !startsWith(matrix.node-version, '10.') }} - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + check-latest: contains(matrix.node-version, '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm + with: + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund - name: Add Problem Matcher diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 66b9498a..f8b17025 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -6,11 +6,11 @@ on: push: branches: - main - - latest + - release/v* pull_request: branches: - main - - latest + - release/v* schedule: # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 - cron: "0 10 * * 1" @@ -25,14 +25,14 @@ jobs: security-events: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: javascript - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 19902bdc..1ea8693c 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -17,7 +17,7 @@ jobs: shell: bash steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} - name: Setup Git User @@ -25,13 +25,15 @@ jobs: git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node with: - node-version: 18.x - - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + node-version: 22.x + check-latest: contains('22.x', '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm + with: + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund - name: Fetch Dependabot Metadata @@ -47,12 +49,12 @@ jobs: id: flags run: | dependabot_dir="${{ steps.metadata.outputs.directory }}" - if [[ "$dependabot_dir" == "/" ]]; then - echo "::set-output name=workspace::-iwr" + if [[ "$dependabot_dir" == "/" || "$dependabot_dir" == "/main" ]]; then + echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a # a path to the workspace flag - echo "::set-output name=workspace::-w ${dependabot_dir#/}" + echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT fi - name: Apply Changes @@ -61,7 +63,7 @@ jobs: run: | npm run template-oss-apply ${{ steps.flags.outputs.workspace }} if [[ `git status --porcelain` ]]; then - echo "::set-output name=changes::true" + echo "changes=true" >> $GITHUB_OUTPUT fi # This only sets the conventional commit prefix. This workflow can't reliably determine # what the breaking change is though. If a BREAKING CHANGE message is required then @@ -71,7 +73,7 @@ jobs: else prefix='chore' fi - echo "::set-output name=message::$prefix: postinstall for dependabot template-oss PR" + echo "message=$prefix: postinstall for dependabot template-oss PR" >> $GITHUB_OUTPUT # This step will fail if template-oss has made any workflow updates. It is impossible # for a workflow to update other workflows. In the case it does fail, we continue diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1a1d1ee8..7dbdfd41 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -20,7 +20,7 @@ jobs: shell: bash steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Git User @@ -28,21 +28,23 @@ jobs: git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node with: - node-version: 18.x - - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + node-version: 22.x + check-latest: contains('22.x', '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm + with: + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund - name: Run Commitlint on Commits id: commit continue-on-error: true - run: | - npx --offline commitlint -V --from origin/${{ github.base_ref }} --to ${{ github.event.pull_request.head.sha }} + run: npx --offline commitlint -V --from 'origin/${{ github.base_ref }}' --to ${{ github.event.pull_request.head.sha }} - name: Run Commitlint on PR Title if: steps.commit.outcome == 'failure' - run: | - echo ${{ github.event.pull_request.title }} | npx --offline commitlint -V + env: + PR_TITLE: ${{ github.event.pull_request.title }} + run: echo "$PR_TITLE" | npx --offline commitlint -V diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml new file mode 100644 index 00000000..bcec6860 --- /dev/null +++ b/.github/workflows/release-integration.yml @@ -0,0 +1,63 @@ +# This file is automatically added by @npmcli/template-oss. Do not edit. + +name: Release Integration + +on: + workflow_dispatch: + inputs: + releases: + required: true + type: string + description: 'A json array of releases. Required fields: publish: tagName, publishTag. publish check: pkgName, version' + workflow_call: + inputs: + releases: + required: true + type: string + description: 'A json array of releases. Required fields: publish: tagName, publishTag. publish check: pkgName, version' + +jobs: + publish: + name: Check Publish + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup Git User + run: | + git config --global user.email "npm-cli+bot@github.com" + git config --global user.name "npm CLI robot" + - name: Setup Node + uses: actions/setup-node@v4 + id: node + with: + node-version: 22.x + check-latest: contains('22.x', '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm + with: + node: ${{ steps.node.outputs.node-version }} + - name: Install Dependencies + run: npm i --ignore-scripts --no-audit --no-fund + - name: Check If Published + env: + RELEASES: ${{ inputs.releases }} + run: | + EXIT_CODE=0 + + for release in $(echo $RELEASES | jq -r '.[] | @base64'); do + SPEC="$(echo "$release" | base64 --decode | jq -r .pkgName)@$(echo "$release" | base64 --decode | jq -r .version)" + npm view "$SPEC" --json + STATUS=$? + if [[ "$STATUS" -eq 1 ]]; then + EXIT_CODE=$STATUS + echo "$SPEC ERROR" + else + echo "$SPEC OK" + fi + done + + exit $EXIT_CODE diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 15d37cb6..80060b69 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,11 +3,9 @@ name: Release on: - workflow_dispatch: push: branches: - main - - latest - release/v* permissions: @@ -19,12 +17,12 @@ jobs: release: outputs: pr: ${{ steps.release.outputs.pr }} - releases: ${{ steps.release.outputs.releases }} - release-flags: ${{ steps.release.outputs.release-flags }} - branch: ${{ steps.release.outputs.pr-branch }} + pr-branch: ${{ steps.release.outputs.pr-branch }} pr-number: ${{ steps.release.outputs.pr-number }} - comment-id: ${{ steps.pr-comment.outputs.result }} - check-id: ${{ steps.check.outputs.check_id }} + pr-sha: ${{ steps.release.outputs.pr-sha }} + releases: ${{ steps.release.outputs.releases }} + comment-id: ${{ steps.create-comment.outputs.comment-id || steps.update-comment.outputs.comment-id }} + check-id: ${{ steps.create-check.outputs.check-id }} name: Release if: github.repository_owner == 'npm' runs-on: ubuntu-latest @@ -33,109 +31,75 @@ jobs: shell: bash steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node + with: + node-version: 22.x + check-latest: contains('22.x', '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm with: - node-version: 18.x - - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund - name: Release Please id: release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - npx --offline template-oss-release-please ${{ github.ref_name }} ${{ github.event_name }} - - name: Post Pull Request Comment + run: npx --offline template-oss-release-please --branch="${{ github.ref_name }}" --backport="" --defaultTag="latest" + - name: Create Release Manager Comment Text if: steps.release.outputs.pr-number - uses: actions/github-script@v6 - id: pr-comment - env: - PR_NUMBER: ${{ steps.release.outputs.pr-number }} - REF_NAME: ${{ github.ref_name }} + uses: actions/github-script@v7 + id: comment-text with: + result-encoding: string script: | - const { REF_NAME, PR_NUMBER } = process.env - const repo = { owner: context.repo.owner, repo: context.repo.repo } - const issue = { ...repo, issue_number: PR_NUMBER } - - const { data: workflow } = await github.rest.actions.getWorkflowRun({ ...repo, run_id: context.runId }) - - let body = '## Release Manager\n\n' - - const comments = await github.paginate(github.rest.issues.listComments, issue) - let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id - - body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Rerun for This Release\n\n` - body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` - body += `To force CI to rerun, run this command:\n\n` - body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\`` - - if (commentId) { - await github.rest.issues.updateComment({ ...repo, comment_id: commentId, body }) - } else { - const { data: comment } = await github.rest.issues.createComment({ ...issue, body }) - commentId = comment?.id - } - - return commentId - - name: Get Workflow Job - uses: actions/github-script@v6 - if: steps.release.outputs.pr-sha - id: check-output - env: - JOB_NAME: "Release" - MATRIX_NAME: "" + const { runId, repo: { owner, repo } } = context + const { data: workflow } = await github.rest.actions.getWorkflowRun({ owner, repo, run_id: runId }) + return['## Release Manager', `Release workflow run: ${workflow.html_url}`].join('\n\n') + - name: Find Release Manager Comment + uses: peter-evans/find-comment@v2 + if: steps.release.outputs.pr-number + id: found-comment with: - script: | - const { owner, repo } = context.repo - - const { data } = await github.rest.actions.listJobsForWorkflowRun({ - owner, - repo, - run_id: context.runId, - per_page: 100 - }) - - const jobName = process.env.JOB_NAME + process.env.MATRIX_NAME - const job = data.jobs.find(j => j.name.endsWith(jobName)) - const jobUrl = job?.html_url - - const shaUrl = `${context.serverUrl}/${owner}/${repo}/commit/${{ steps.release.outputs.pr-sha }}` - - let summary = `This check is assosciated with ${shaUrl}\n\n` - - if (jobUrl) { - summary += `For run logs, click here: ${jobUrl}` - } else { - summary += `Run logs could not be found for a job with name: "${jobName}"` - } - - return { summary } + issue-number: ${{ steps.release.outputs.pr-number }} + comment-author: 'github-actions[bot]' + body-includes: '## Release Manager' + - name: Create Release Manager Comment + id: create-comment + if: steps.release.outputs.pr-number && !steps.found-comment.outputs.comment-id + uses: peter-evans/create-or-update-comment@v3 + with: + issue-number: ${{ steps.release.outputs.pr-number }} + body: ${{ steps.comment-text.outputs.result }} + - name: Update Release Manager Comment + id: update-comment + if: steps.release.outputs.pr-number && steps.found-comment.outputs.comment-id + uses: peter-evans/create-or-update-comment@v3 + with: + comment-id: ${{ steps.found-comment.outputs.comment-id }} + body: ${{ steps.comment-text.outputs.result }} + edit-mode: 'replace' - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 - id: check + id: create-check + uses: ./.github/actions/create-check if: steps.release.outputs.pr-sha with: + name: "Release" token: ${{ secrets.GITHUB_TOKEN }} - status: in_progress - name: Release sha: ${{ steps.release.outputs.pr-sha }} - output: ${{ steps.check-output.outputs.result }} update: needs: release outputs: sha: ${{ steps.commit.outputs.sha }} - check-id: ${{ steps.check.outputs.check_id }} + check-id: ${{ steps.create-check.outputs.check-id }} name: Update - Release if: github.repository_owner == 'npm' && needs.release.outputs.pr runs-on: ubuntu-latest @@ -144,32 +108,41 @@ jobs: shell: bash steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ needs.release.outputs.branch }} + ref: ${{ needs.release.outputs.pr-branch }} - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" git config --global user.name "npm CLI robot" - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 + id: node + with: + node-version: 22.x + check-latest: contains('22.x', '.x') + - name: Install Latest npm + uses: ./.github/actions/install-latest-npm with: - node-version: 18.x - - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v + node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund + - name: Create Release Manager Checklist Text + id: comment-text + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: npm exec --offline -- template-oss-release-manager --pr="${{ needs.release.outputs.pr-number }}" --backport="" --defaultTag="latest" + - name: Append Release Manager Comment + uses: peter-evans/create-or-update-comment@v3 + with: + comment-id: ${{ needs.release.outputs.comment-id }} + body: ${{ steps.comment-text.outputs.result }} + edit-mode: 'append' - name: Run Post Pull Request Actions env: - RELEASE_PR_NUMBER: ${{ needs.release.outputs.pr-number }} - RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - npm exec --offline -- template-oss-release-manager - npm run rp-pull-request --ignore-scripts --if-present + run: npm run rp-pull-request --ignore-scripts --if-present -- --pr="${{ needs.release.outputs.pr-number }}" --commentId="${{ needs.release.outputs.comment-id }}" - name: Commit id: commit env: @@ -177,53 +150,17 @@ jobs: run: | git commit --all --amend --no-edit || true git push --force-with-lease - echo "::set-output name=sha::$(git rev-parse HEAD)" - - name: Get Workflow Job - uses: actions/github-script@v6 - if: steps.commit.outputs.sha - id: check-output - env: - JOB_NAME: "Update - Release" - MATRIX_NAME: "" - with: - script: | - const { owner, repo } = context.repo - - const { data } = await github.rest.actions.listJobsForWorkflowRun({ - owner, - repo, - run_id: context.runId, - per_page: 100 - }) - - const jobName = process.env.JOB_NAME + process.env.MATRIX_NAME - const job = data.jobs.find(j => j.name.endsWith(jobName)) - const jobUrl = job?.html_url - - const shaUrl = `${context.serverUrl}/${owner}/${repo}/commit/${{ steps.commit.outputs.sha }}` - - let summary = `This check is assosciated with ${shaUrl}\n\n` - - if (jobUrl) { - summary += `For run logs, click here: ${jobUrl}` - } else { - summary += `Run logs could not be found for a job with name: "${jobName}"` - } - - return { summary } + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 - id: check - if: steps.commit.outputs.sha + id: create-check + uses: ./.github/actions/create-check with: + name: "Update - Release" + check-name: "Release" token: ${{ secrets.GITHUB_TOKEN }} - status: in_progress - name: Release sha: ${{ steps.commit.outputs.sha }} - output: ${{ steps.check-output.outputs.result }} - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 - if: needs.release.outputs.check-id && always() + uses: LouisBrunner/checks-action@v1.6.0 with: token: ${{ secrets.GITHUB_TOKEN }} conclusion: ${{ job.status }} @@ -235,7 +172,7 @@ jobs: if: needs.release.outputs.pr uses: ./.github/workflows/ci-release.yml with: - ref: ${{ needs.release.outputs.branch }} + ref: ${{ needs.release.outputs.pr-branch }} check-sha: ${{ needs.update.outputs.sha }} post-ci: @@ -247,8 +184,8 @@ jobs: run: shell: bash steps: - - name: Get Needs Result - id: needs-result + - name: Get CI Conclusion + id: conclusion run: | result="" if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then @@ -258,17 +195,18 @@ jobs: else result="success" fi - echo "::set-output name=result::$result" + echo "result=$result" >> $GITHUB_OUTPUT - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 - if: needs.update.outputs.check-id && always() + uses: LouisBrunner/checks-action@v1.6.0 with: token: ${{ secrets.GITHUB_TOKEN }} - conclusion: ${{ steps.needs-result.outputs.result }} + conclusion: ${{ steps.conclusion.outputs.result }} check_id: ${{ needs.update.outputs.check-id }} post-release: needs: release + outputs: + comment-id: ${{ steps.create-comment.outputs.comment-id }} name: Post Release - Release if: github.repository_owner == 'npm' && needs.release.outputs.releases runs-on: ubuntu-latest @@ -276,24 +214,91 @@ jobs: run: shell: bash steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Git User - run: | - git config --global user.email "npm-cli+bot@github.com" - git config --global user.name "npm CLI robot" - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version: 18.x - - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v - - name: Install Dependencies - run: npm i --ignore-scripts --no-audit --no-fund - - name: Run Post Release Actions + - name: Create Release PR Comment Text + id: comment-text + uses: actions/github-script@v7 env: RELEASES: ${{ needs.release.outputs.releases }} + with: + result-encoding: string + script: | + const releases = JSON.parse(process.env.RELEASES) + const { runId, repo: { owner, repo } } = context + const issue_number = releases[0].prNumber + const runUrl = `https://github.com/${owner}/${repo}/actions/runs/${runId}` + + return [ + '## Release Workflow\n', + ...releases.map(r => `- \`${r.pkgName}@${r.version}\` ${r.url}`), + `- Workflow run: :arrows_counterclockwise: ${runUrl}`, + ].join('\n') + - name: Create Release PR Comment + id: create-comment + uses: peter-evans/create-or-update-comment@v3 + with: + issue-number: ${{ fromJSON(needs.release.outputs.releases)[0].prNumber }} + body: ${{ steps.comment-text.outputs.result }} + + release-integration: + needs: release + name: Release Integration + if: needs.release.outputs.releases + uses: ./.github/workflows/release-integration.yml + with: + releases: ${{ needs.release.outputs.releases }} + + post-release-integration: + needs: [ release, release-integration, post-release ] + name: Post Release Integration - Release + if: github.repository_owner == 'npm' && needs.release.outputs.releases && always() + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Get Post Release Conclusion + id: conclusion run: | - npm run rp-release --ignore-scripts --if-present ${{ join(fromJSON(needs.release.outputs.release-flags), ' ') }} + if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then + result="x" + elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then + result="heavy_multiplication_x" + else + result="white_check_mark" + fi + echo "result=$result" >> $GITHUB_OUTPUT + - name: Find Release PR Comment + uses: peter-evans/find-comment@v2 + id: found-comment + with: + issue-number: ${{ fromJSON(needs.release.outputs.releases)[0].prNumber }} + comment-author: 'github-actions[bot]' + body-includes: '## Release Workflow' + - name: Create Release PR Comment Text + id: comment-text + if: steps.found-comment.outputs.comment-id + uses: actions/github-script@v7 + env: + RESULT: ${{ steps.conclusion.outputs.result }} + BODY: ${{ steps.found-comment.outputs.comment-body }} + with: + result-encoding: string + script: | + const { RESULT, BODY } = process.env + const body = [BODY.replace(/(Workflow run: :)[a-z_]+(:)/, `$1${RESULT}$2`)] + if (RESULT !== 'white_check_mark') { + body.push(':rotating_light::rotating_light::rotating_light:') + body.push([ + '@npm/cli-team: The post-release workflow failed for this release.', + 'Manual steps may need to be taken after examining the workflow output.' + ].join(' ')) + body.push(':rotating_light::rotating_light::rotating_light:') + } + return body.join('\n\n').trim() + - name: Update Release PR Comment + if: steps.comment-text.outputs.result + uses: peter-evans/create-or-update-comment@v3 + with: + comment-id: ${{ steps.found-comment.outputs.comment-id }} + body: ${{ steps.comment-text.outputs.result }} + edit-mode: 'replace' diff --git a/.gitignore b/.gitignore index 0ec3c847..2bab6d1d 100644 --- a/.gitignore +++ b/.gitignore @@ -3,18 +3,21 @@ # ignore everything in the root /* -# keep these !**/.gitignore !/.commitlintrc.js !/.eslintrc.js !/.eslintrc.local.* +!/.git-blame-ignore-revs !/.github/ !/.gitignore !/.npmrc +!/.prettierignore +!/.prettierrc.js !/.release-please-manifest.json !/bin/ !/CHANGELOG* !/CODE_OF_CONDUCT.md +!/CONTRIBUTING.md !/docs/ !/lib/ !/LICENSE* @@ -26,3 +29,5 @@ !/SECURITY.md !/tap-snapshots/ !/test/ +!/tsconfig.json +tap-testdir*/ diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 0f6aa44e..5e404df8 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "6.1.1" + ".": "6.1.2" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 0081c965..91acbdbf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [6.1.2](https://github.com/npm/hosted-git-info/compare/v6.1.1...v6.1.2) (2024-11-21) +### Bug Fixes +* [`09061c0`](https://github.com/npm/hosted-git-info/commit/09061c0d8304a27aa356ab91421321b34a4f0bc1) [#276](https://github.com/npm/hosted-git-info/pull/276) break up greedy host fragment parsing regex (#276) (@wraithgar) +### Chores +* [`3d8f14e`](https://github.com/npm/hosted-git-info/commit/3d8f14ea3339b36508c3e07a4aa484f5640cd96c) [#278](https://github.com/npm/hosted-git-info/pull/278) bump @npmcli/template-oss from 4.7.1 to 4.23.4 (#278) (@dependabot[bot], @wraithgar) + ## [6.1.1](https://github.com/npm/hosted-git-info/compare/v6.1.0...v6.1.1) (2022-10-27) ### Bug Fixes diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..69e88788 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,50 @@ + + +# Contributing + +## Code of Conduct + +All interactions in the **npm** organization on GitHub are considered to be covered by our standard [Code of Conduct](https://docs.npmjs.com/policies/conduct). + +## Reporting Bugs + +Before submitting a new bug report please search for an existing or similar report. + +Use one of our existing issue templates if you believe you've come across a unique problem. + +Duplicate issues, or issues that don't use one of our templates may get closed without a response. + +## Pull Request Conventions + +### Commits + +We use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). + +When opening a pull request please be sure that either the pull request title, or each commit in the pull request, has one of the following prefixes: + + - `feat`: For when introducing a new feature. The result will be a new semver minor version of the package when it is next published. + - `fix`: For bug fixes. The result will be a new semver patch version of the package when it is next published. + - `docs`: For documentation updates. The result will be a new semver patch version of the package when it is next published. + - `chore`: For changes that do not affect the published module. Often these are changes to tests. The result will be *no* change to the version of the package when it is next published (as the commit does not affect the published version). + +### Test Coverage + +Pull requests made against this repo will run `npm test` automatically. Please make sure tests pass locally before submitting a PR. + +Every new feature or bug fix should come with a corresponding test or tests that validate the solutions. Testing also reports on code coverage and will fail if code coverage drops. + +### Linting + +Linting is also done automatically once tests pass. `npm run lintfix` will fix most linting errors automatically. + +Please make sure linting passes before submitting a PR. + +## What _not_ to contribute? + +### Dependencies + +It should be noted that our team does not accept third-party dependency updates/PRs. If you submit a PR trying to update our dependencies we will close it with or without a reference to these contribution guidelines. + +### Tools/Automation + +Our core team is responsible for the maintenance of the tooling/automation in this project and we ask contributors to not make changes to these when contributing (e.g. `.github/*`, `.eslintrc.json`, `.licensee.json`). Most of those files also have a header at the top to remind folks they are automatically generated. Pull requests that alter these will not be accepted. diff --git a/SECURITY.md b/SECURITY.md index a93106d0..4fe06a2a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,13 @@ -Please send vulnerability reports through [hackerone](https://hackerone.com/github). +GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). + +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. + +If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). + +If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award. + +**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** + +Thanks for helping make GitHub safe for everyone. diff --git a/lib/hosts.js b/lib/hosts.js index 013712b7..d610993e 100644 --- a/lib/hosts.js +++ b/lib/hosts.js @@ -4,7 +4,11 @@ const maybeJoin = (...args) => args.every(arg => arg) ? args.join('') : '' const maybeEncode = (arg) => arg ? encodeURIComponent(arg) : '' -const formatHashFragment = (f) => f.toLowerCase().replace(/^\W+|\/|\W+$/g, '').replace(/\W+/g, '-') +const formatHashFragment = (f) => f.toLowerCase() + .replace(/^\W+/g, '') // strip leading non-characters + .replace(/\W+$/g, '') // strip trailing non-characters + .replace(/\//g, '') // strip all slashes + .replace(/\W+/g, '-') // replace remaining non-characters with '-' const defaults = { sshtemplate: ({ domain, user, project, committish }) => diff --git a/package.json b/package.json index 61225994..c6958e92 100644 --- a/package.json +++ b/package.json @@ -1,11 +1,11 @@ { "name": "hosted-git-info", - "version": "6.1.1", + "version": "6.1.2", "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", "main": "./lib/index.js", "repository": { "type": "git", - "url": "https://github.com/npm/hosted-git-info.git" + "url": "git+https://github.com/npm/hosted-git-info.git" }, "keywords": [ "git", @@ -24,17 +24,18 @@ "snap": "tap", "test": "tap", "test:coverage": "tap --coverage-report=html", - "lint": "eslint \"**/*.js\"", + "lint": "npm run eslint", "postlint": "template-oss-check", - "lintfix": "npm run lint -- --fix", - "template-oss-apply": "template-oss-apply --force" + "lintfix": "npm run eslint -- --fix", + "template-oss-apply": "template-oss-apply --force", + "eslint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"" }, "dependencies": { "lru-cache": "^7.5.1" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.7.1", + "@npmcli/template-oss": "4.23.4", "tap": "^16.0.1" }, "files": [ @@ -54,6 +55,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.7.1" + "version": "4.23.4" } } diff --git a/release-please-config.json b/release-please-config.json index 73d1e353..a1676b9c 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -1,5 +1,4 @@ { - "exclude-packages-from-root": true, "group-pull-request-title-pattern": "chore: release ${version}", "pull-request-title-pattern": "chore: release${component} ${version}", "changelog-sections": [ @@ -25,6 +24,7 @@ }, { "type": "chore", + "section": "Chores", "hidden": true } ], @@ -32,5 +32,6 @@ ".": { "package-name": "" } - } + }, + "prerelease-type": "pre" }