From 29e537c2a4068f0d7d9bf22669e01c580c17c40a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Oct 2022 09:38:49 +0000 Subject: [PATCH 01/24] chore: bump @npmcli/template-oss from 4.7.1 to 4.8.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.7.1 to 4.8.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.7.1...v4.8.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6122599..0b45f69 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.7.1", + "@npmcli/template-oss": "4.8.0", "tap": "^16.0.1" }, "files": [ From 6477b018db3cd88598fd70e632abfec2b783b0f1 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Fri, 28 Oct 2022 12:52:05 -0700 Subject: [PATCH 02/24] chore: postinstall for dependabot template-oss PR --- .github/workflows/audit.yml | 6 +++-- .github/workflows/ci.yml | 50 ------------------------------------- package.json | 2 +- 3 files changed, 5 insertions(+), 53 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 60bb334..62892f9 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -33,5 +33,7 @@ jobs: run: npm -v - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund --package-lock - - name: Run Audit - run: npm audit + - name: Run Production Audit + run: npm audit --omit=dev + - name: Run Full Audit + run: npm audit --audit-level=none diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a6c934a..9cc149d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,56 +14,6 @@ on: - cron: "0 9 * * 1" jobs: - engines: - name: Engines - ${{ matrix.platform.name }} - ${{ matrix.node-version }} - if: github.repository_owner == 'npm' - strategy: - fail-fast: false - matrix: - platform: - - name: Linux - os: ubuntu-latest - shell: bash - node-version: - - 14.17.0 - - 16.13.0 - - 18.0.0 - runs-on: ${{ matrix.platform.os }} - defaults: - run: - shell: ${{ matrix.platform.shell }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Git User - run: | - git config --global user.email "npm-cli+bot@github.com" - git config --global user.name "npm CLI robot" - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - - name: Update Windows npm - # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows - if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.')) - run: | - curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz - tar xf npm-7.5.4.tgz - cd package - node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz - cd .. - rmdir /s /q package - - name: Install npm@7 - if: startsWith(matrix.node-version, '10.') - run: npm i --prefer-online --no-fund --no-audit -g npm@7 - - name: Install npm@latest - if: ${{ !startsWith(matrix.node-version, '10.') }} - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v - - name: Install Dependencies - run: npm i --ignore-scripts --no-audit --no-fund --engines-strict - lint: name: Lint if: github.repository_owner == 'npm' diff --git a/package.json b/package.json index 0b45f69..13494c0 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.7.1" + "version": "4.8.0" } } From 6015c70bae4b53e2a38867ab6effc2058d79615e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Nov 2022 09:24:12 +0000 Subject: [PATCH 03/24] chore: bump @npmcli/template-oss from 4.8.0 to 4.10.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.8.0 to 4.10.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.8.0...v4.10.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 13494c0..f693dd2 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.8.0", + "@npmcli/template-oss": "4.10.0", "tap": "^16.0.1" }, "files": [ From cf8115d6fa056fbfb0d63d4d13bde6116b2a02e0 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Sat, 12 Nov 2022 14:29:06 -0700 Subject: [PATCH 04/24] chore: postinstall for dependabot template-oss PR --- .github/workflows/release.yml | 6 +++--- SECURITY.md | 13 ++++++++++++- package.json | 2 +- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 15d37cb..264cf3d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -74,9 +74,9 @@ jobs: const comments = await github.paginate(github.rest.issues.listComments, issue) let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id - body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Rerun for This Release\n\n` + body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` - body += `To force CI to rerun, run this command:\n\n` + body += `To force CI to update this PR, run this command:\n\n` body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\`` if (commentId) { @@ -168,7 +168,7 @@ jobs: RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npm exec --offline -- template-oss-release-manager + npm exec --offline -- template-oss-release-manager --lockfile=false npm run rp-pull-request --ignore-scripts --if-present - name: Commit id: commit diff --git a/SECURITY.md b/SECURITY.md index a93106d..4e7c26c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,14 @@ -Please send vulnerability reports through [hackerone](https://hackerone.com/github). +GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). + +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. + +If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). + +If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award. + +**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** + +Thanks for helping make GitHub safe for everyone. + diff --git a/package.json b/package.json index f693dd2..1931272 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.8.0" + "version": "4.10.0" } } From 8c0603da3aaf214cb2734869449ee4e2fc46003b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Dec 2022 09:09:06 +0000 Subject: [PATCH 05/24] chore: bump @npmcli/template-oss from 4.10.0 to 4.11.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.10.0 to 4.11.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.10.0...v4.11.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1931272..cd1865d 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.10.0", + "@npmcli/template-oss": "4.11.0", "tap": "^16.0.1" }, "files": [ From 1070c1642005a7a74b096f55154a1694af20c8d3 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Sat, 10 Dec 2022 12:29:56 -0700 Subject: [PATCH 06/24] chore: postinstall for dependabot template-oss PR --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index cd1865d..0f9d87c 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.10.0" + "version": "4.11.0" } } From e653bdb46b79af833d0878cc2f91120e98a558f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Jan 2023 09:08:10 +0000 Subject: [PATCH 07/24] chore: bump @npmcli/template-oss from 4.11.0 to 4.11.3 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.11.0 to 4.11.3. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.11.0...v4.11.3) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0f9d87c..bf8df8e 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.0", + "@npmcli/template-oss": "4.11.3", "tap": "^16.0.1" }, "files": [ From 006d6bb543054a87db19bfde13aac3f31123c7be Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 25 Jan 2023 11:21:42 -0700 Subject: [PATCH 08/24] chore: postinstall for dependabot template-oss PR --- .github/workflows/pull-request.yml | 4 +- .github/workflows/release.yml | 148 ++++++++++++++++++++++++----- package.json | 2 +- 3 files changed, 129 insertions(+), 25 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1a1d1ee..99877da 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -41,8 +41,8 @@ jobs: id: commit continue-on-error: true run: | - npx --offline commitlint -V --from origin/${{ github.base_ref }} --to ${{ github.event.pull_request.head.sha }} + npx --offline commitlint -V --from 'origin/${{ github.base_ref }}' --to ${{ github.event.pull_request.head.sha }} - name: Run Commitlint on PR Title if: steps.commit.outcome == 'failure' run: | - echo ${{ github.event.pull_request.title }} | npx --offline commitlint -V + echo '${{ github.event.pull_request.title }}' | npx --offline commitlint -V diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 264cf3d..f6daab5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,8 +19,8 @@ jobs: release: outputs: pr: ${{ steps.release.outputs.pr }} + release: ${{ steps.release.outputs.release }} releases: ${{ steps.release.outputs.releases }} - release-flags: ${{ steps.release.outputs.release-flags }} branch: ${{ steps.release.outputs.pr-branch }} pr-number: ${{ steps.release.outputs.pr-number }} comment-id: ${{ steps.pr-comment.outputs.result }} @@ -63,26 +63,25 @@ jobs: REF_NAME: ${{ github.ref_name }} with: script: | - const { REF_NAME, PR_NUMBER } = process.env - const repo = { owner: context.repo.owner, repo: context.repo.repo } - const issue = { ...repo, issue_number: PR_NUMBER } + const { REF_NAME, PR_NUMBER: issue_number } = process.env + const { runId, repo: { owner, repo } } = context - const { data: workflow } = await github.rest.actions.getWorkflowRun({ ...repo, run_id: context.runId }) + const { data: workflow } = await github.rest.actions.getWorkflowRun({ owner, repo, run_id: runId }) let body = '## Release Manager\n\n' - const comments = await github.paginate(github.rest.issues.listComments, issue) - let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id + const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) + let commentId = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` body += `To force CI to update this PR, run this command:\n\n` - body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\`` + body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo}\n\`\`\`` if (commentId) { - await github.rest.issues.updateComment({ ...repo, comment_id: commentId, body }) + await github.rest.issues.updateComment({ owner, repo, comment_id: commentId, body }) } else { - const { data: comment } = await github.rest.issues.createComment({ ...issue, body }) + const { data: comment } = await github.rest.issues.createComment({ owner, repo, issue_number, body }) commentId = comment?.id } @@ -276,12 +275,45 @@ jobs: run: shell: bash steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Setup Git User - run: | - git config --global user.email "npm-cli+bot@github.com" - git config --global user.name "npm CLI robot" + - name: Create Release PR Comment + uses: actions/github-script@v6 + env: + RELEASES: ${{ needs.release.outputs.releases }} + with: + script: | + const releases = JSON.parse(process.env.RELEASES) + const { runId, repo: { owner, repo } } = context + const issue_number = releases[0].prNumber + + let body = '## Release Workflow\n\n' + for (const { pkgName, version, url } of releases) { + body += `- \`${pkgName}@${version}\` ${url}\n` + } + + const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) + const releaseComments = comments.filter(c => c.user.login === 'github-actions[bot]' && c.body.includes('Release is at')) + + for (const comment of releaseComments) { + await github.rest.issues.deleteComment({ owner, repo, comment_id: comment.id }) + } + + const runUrl = `https://github.com/${owner}/${repo}/actions/runs/${runId}` + await github.rest.issues.createComment({ + owner, + repo, + issue_number, + body: `${body}- Workflow run: :arrows_counterclockwise: ${runUrl}`, + }) + + release-integration: + needs: release + name: Release Integration + if: needs.release.outputs.release + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: - name: Setup Node uses: actions/setup-node@v3 with: @@ -290,10 +322,82 @@ jobs: run: npm i --prefer-online --no-fund --no-audit -g npm@latest - name: npm Version run: npm -v - - name: Install Dependencies - run: npm i --ignore-scripts --no-audit --no-fund - - name: Run Post Release Actions - env: - RELEASES: ${{ needs.release.outputs.releases }} + - name: View in Registry + run: | + EXIT_CODE=0 + + function is_published { + if npm view "$@" --loglevel=error > /dev/null; then + echo 0 + else + echo 1 + fi + } + + for release in $(echo '${{ needs.release.outputs.releases }}' | jq -r '.[] | @base64'); do + name=$(echo "$release" | base64 --decode | jq -r .pkgName) + version=$(echo "$release" | base64 --decode | jq -r .version) + spec="$name@$version" + status=$(is_published "$spec") + if [[ "$status" -eq 1 ]]; then + echo "$spec ERROR" + EXIT_CODE=$status + else + echo "$spec OK" + fi + done + + exit $EXIT_CODE + + post-release-integration: + needs: [ release, release-integration ] + name: Post Release Integration - Release + if: github.repository_owner == 'npm' && needs.release.outputs.release && always() + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - name: Get Needs Result + id: needs-result run: | - npm run rp-release --ignore-scripts --if-present ${{ join(fromJSON(needs.release.outputs.release-flags), ' ') }} + result="" + if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then + result="x" + elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then + result="heavy_multiplication_x" + else + result="white_check_mark" + fi + echo "::set-output name=result::$result" + - name: Update Release PR Comment + uses: actions/github-script@v6 + env: + PR_NUMBER: ${{ fromJSON(needs.release.outputs.release).prNumber }} + RESULT: ${{ steps.needs-result.outputs.result }} + with: + script: | + const { PR_NUMBER: issue_number, RESULT } = process.env + const { repo: { owner, repo } } = context + + const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) + const updateComment = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith('## Release Workflow\n\n')) + + if (updateComment) { + console.log('Found comment to update:', JSON.stringify(updateComment, null, 2)) + let body = updateComment.body.replace(/Workflow run: :[a-z_]+:/, `Workflow run: :${RESULT}:`) + if (RESULT === 'x') { + body += `\n\n:rotating_light:` + body += ` @npm/cli-team: The post-release workflow failed for this release.` + body += ` Manual steps may need to be taken after examining the workflow output` + body += ` from the above workflow run. :rotating_light:` + } + await github.rest.issues.updateComment({ + owner, + repo, + body, + comment_id: updateComment.id, + }) + } else { + console.log('No matching comments found:', JSON.stringify(comments, null, 2)) + } diff --git a/package.json b/package.json index bf8df8e..37b5bf0 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.0" + "version": "4.11.3" } } From 2c3bc51f9b8eeae84f9bab3d15694992116361c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Feb 2023 09:09:11 +0000 Subject: [PATCH 09/24] chore: bump @npmcli/template-oss from 4.11.3 to 4.11.4 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.11.3 to 4.11.4. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.11.3...v4.11.4) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 37b5bf0..3b6ee9b 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.3", + "@npmcli/template-oss": "4.11.4", "tap": "^16.0.1" }, "files": [ From f9c7064bdb9b04d0a2a12bdab974cef387d5e86a Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 8 Feb 2023 10:08:50 -0700 Subject: [PATCH 10/24] chore: postinstall for dependabot template-oss PR --- .github/workflows/release.yml | 23 +++++++++++++++++------ package.json | 2 +- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f6daab5..f9299c9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,10 @@ name: Release on: workflow_dispatch: + inputs: + release-pr: + description: a release PR number to rerun release jobs on + type: string push: branches: - main @@ -53,7 +57,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npx --offline template-oss-release-please ${{ github.ref_name }} ${{ github.event_name }} + npx --offline template-oss-release-please "${{ github.ref_name }}" "${{ inputs.release-pr }}" - name: Post Pull Request Comment if: steps.release.outputs.pr-number uses: actions/github-script@v6 @@ -76,7 +80,7 @@ jobs: body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` body += `To force CI to update this PR, run this command:\n\n` - body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo}\n\`\`\`` + body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo} -f release-pr=${issue_number}\n\`\`\`` if (commentId) { await github.rest.issues.updateComment({ owner, repo, comment_id: commentId, body }) @@ -291,14 +295,17 @@ jobs: } const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) - const releaseComments = comments.filter(c => c.user.login === 'github-actions[bot]' && c.body.includes('Release is at')) + .then(cs => cs.map(c => ({ id: c.id, login: c.user.login, body: c.body }))) + console.log(`Found comments: ${JSON.stringify(comments, null, 2)}`) + const releaseComments = comments.filter(c => c.login === 'github-actions[bot]' && c.body.includes('Release is at')) for (const comment of releaseComments) { + console.log(`Release comment: ${JSON.stringify(comment, null, 2)}`) await github.rest.issues.deleteComment({ owner, repo, comment_id: comment.id }) } const runUrl = `https://github.com/${owner}/${repo}/actions/runs/${runId}` - await github.rest.issues.createComment({ + await github.rest.issues.createComment({ owner, repo, issue_number, @@ -378,10 +385,14 @@ jobs: with: script: | const { PR_NUMBER: issue_number, RESULT } = process.env - const { repo: { owner, repo } } = context + const { runId, repo: { owner, repo } } = context const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number }) - const updateComment = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith('## Release Workflow\n\n')) + const updateComment = comments.find(c => + c.user.login === 'github-actions[bot]' && + c.body.startsWith('## Release Workflow\n\n') && + c.body.includes(runId) + ) if (updateComment) { console.log('Found comment to update:', JSON.stringify(updateComment, null, 2)) diff --git a/package.json b/package.json index 3b6ee9b..f1a2c70 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.3" + "version": "4.11.4" } } From a329f3cd8d7e96b347edad6d75275ce24096dcdd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Mar 2023 10:03:38 +0000 Subject: [PATCH 11/24] chore: bump @npmcli/template-oss from 4.11.4 to 4.12.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.11.4 to 4.12.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.11.4...v4.12.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f1a2c70..3c49093 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "tap": "^16.0.1" }, "files": [ From d242175486a9a2475d0764078bdd6e7356dfdf98 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Tue, 7 Mar 2023 17:23:31 -0700 Subject: [PATCH 12/24] chore: postinstall for dependabot template-oss PR --- .github/workflows/post-dependabot.yml | 8 ++++---- .github/workflows/release.yml | 10 +++++----- SECURITY.md | 3 +-- package.json | 2 +- 4 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 19902bd..ce38340 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -48,11 +48,11 @@ jobs: run: | dependabot_dir="${{ steps.metadata.outputs.directory }}" if [[ "$dependabot_dir" == "/" ]]; then - echo "::set-output name=workspace::-iwr" + echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a # a path to the workspace flag - echo "::set-output name=workspace::-w ${dependabot_dir#/}" + echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT fi - name: Apply Changes @@ -61,7 +61,7 @@ jobs: run: | npm run template-oss-apply ${{ steps.flags.outputs.workspace }} if [[ `git status --porcelain` ]]; then - echo "::set-output name=changes::true" + echo "changes=true" >> $GITHUB_OUTPUT fi # This only sets the conventional commit prefix. This workflow can't reliably determine # what the breaking change is though. If a BREAKING CHANGE message is required then @@ -71,7 +71,7 @@ jobs: else prefix='chore' fi - echo "::set-output name=message::$prefix: postinstall for dependabot template-oss PR" + echo "message=$prefix: postinstall for dependabot template-oss PR" >> $GITHUB_OUTPUT # This step will fail if template-oss has made any workflow updates. It is impossible # for a workflow to update other workflows. In the case it does fail, we continue diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f9299c9..780bcc9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -180,7 +180,7 @@ jobs: run: | git commit --all --amend --no-edit || true git push --force-with-lease - echo "::set-output name=sha::$(git rev-parse HEAD)" + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - name: Get Workflow Job uses: actions/github-script@v6 if: steps.commit.outputs.sha @@ -261,7 +261,7 @@ jobs: else result="success" fi - echo "::set-output name=result::$result" + echo "result=$result" >> $GITHUB_OUTPUT - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 if: needs.update.outputs.check-id && always() @@ -368,7 +368,6 @@ jobs: - name: Get Needs Result id: needs-result run: | - result="" if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then result="x" elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then @@ -376,7 +375,7 @@ jobs: else result="white_check_mark" fi - echo "::set-output name=result::$result" + echo "result=$result" >> $GITHUB_OUTPUT - name: Update Release PR Comment uses: actions/github-script@v6 env: @@ -397,7 +396,8 @@ jobs: if (updateComment) { console.log('Found comment to update:', JSON.stringify(updateComment, null, 2)) let body = updateComment.body.replace(/Workflow run: :[a-z_]+:/, `Workflow run: :${RESULT}:`) - if (RESULT === 'x') { + const tagCodeowner = RESULT !== 'white_check_mark' + if (tagCodeowner) { body += `\n\n:rotating_light:` body += ` @npm/cli-team: The post-release workflow failed for this release.` body += ` Manual steps may need to be taken after examining the workflow output` diff --git a/SECURITY.md b/SECURITY.md index 4e7c26c..9cd2dea 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,11 +4,10 @@ GitHub takes the security of our software products and services seriously, inclu If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. -If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). +If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** Thanks for helping make GitHub safe for everyone. - diff --git a/package.json b/package.json index 3c49093..c00da8e 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4" + "version": "4.12.0" } } From 26c6bde1fde05f1f5a2ce6e069c8966e0099f3f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 10:22:07 -0700 Subject: [PATCH 13/24] chore: bump @npmcli/template-oss from 4.12.0 to 4.13.0 (#194) * chore: bump @npmcli/template-oss from 4.12.0 to 4.13.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.12.0 to 4.13.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.12.0...v4.13.0) --- updated-dependencies: - dependency-name: "@npmcli/template-oss" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * chore: postinstall for dependabot template-oss PR * chore: postinstall for dependabot template-oss PR --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: npm CLI robot Co-authored-by: Gar --- .github/workflows/release.yml | 42 +++++++++++------------------------ package.json | 5 +++-- 2 files changed, 16 insertions(+), 31 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 780bcc9..0eb163d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -171,7 +171,7 @@ jobs: RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - npm exec --offline -- template-oss-release-manager --lockfile=false + npm exec --offline -- template-oss-release-manager --lockfile=false --publish=true npm run rp-pull-request --ignore-scripts --if-present - name: Commit id: commit @@ -320,41 +320,25 @@ jobs: defaults: run: shell: bash + permissions: + deployments: write steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ fromJSON(needs.release.outputs.release).tagName }} - name: Setup Node uses: actions/setup-node@v3 with: node-version: 18.x - name: Install npm@latest - run: npm i --prefer-online --no-fund --no-audit -g npm@latest - - name: npm Version - run: npm -v - - name: View in Registry run: | - EXIT_CODE=0 - - function is_published { - if npm view "$@" --loglevel=error > /dev/null; then - echo 0 - else - echo 1 - fi - } - - for release in $(echo '${{ needs.release.outputs.releases }}' | jq -r '.[] | @base64'); do - name=$(echo "$release" | base64 --decode | jq -r .pkgName) - version=$(echo "$release" | base64 --decode | jq -r .version) - spec="$name@$version" - status=$(is_published "$spec") - if [[ "$status" -eq 1 ]]; then - echo "$spec ERROR" - EXIT_CODE=$status - else - echo "$spec OK" - fi - done - - exit $EXIT_CODE + npm i --prefer-online --no-fund --no-audit -g npm@latest + npm config set '//registry.npmjs.org/:_authToken'=\${PUBLISH_TOKEN} + - name: Publish + env: + PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} + run: npm publish post-release-integration: needs: [ release, release-integration ] diff --git a/package.json b/package.json index c00da8e..42ace69 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.12.0", + "@npmcli/template-oss": "4.13.0", "tap": "^16.0.1" }, "files": [ @@ -54,6 +54,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.12.0" + "version": "4.13.0", + "publish": "true" } } From 5caeb24a4c96e54446903ecf8caad0f9175f812f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Apr 2023 09:53:03 -0700 Subject: [PATCH 14/24] chore: bump @npmcli/template-oss from 4.13.0 to 4.14.1 (#200) * chore: bump @npmcli/template-oss from 4.13.0 to 4.14.1 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.13.0 to 4.14.1. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.13.0...v4.14.1) --- updated-dependencies: - dependency-name: "@npmcli/template-oss" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * chore: postinstall for dependabot template-oss PR * chore: postinstall for dependabot template-oss PR --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: npm CLI robot Co-authored-by: nlf --- .github/workflows/release.yml | 3 ++- package.json | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0eb163d..e40f482 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -322,6 +322,7 @@ jobs: shell: bash permissions: deployments: write + id-token: write steps: - name: Checkout uses: actions/checkout@v3 @@ -338,7 +339,7 @@ jobs: - name: Publish env: PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} - run: npm publish + run: npm publish --provenance post-release-integration: needs: [ release, release-integration ] diff --git a/package.json b/package.json index 42ace69..e23094d 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.13.0", + "@npmcli/template-oss": "4.14.1", "tap": "^16.0.1" }, "files": [ @@ -54,7 +54,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.13.0", + "version": "4.14.1", "publish": "true" } } From 59846ce60e28f10d21d30d3c8316ce1c91513cf0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 May 2023 09:59:47 +0000 Subject: [PATCH 15/24] chore: bump @npmcli/template-oss from 4.14.1 to 4.15.1 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.14.1 to 4.15.1. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.14.1...v4.15.1) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e23094d..b81dcb2 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.15.1", "tap": "^16.0.1" }, "files": [ From 6fe1993bce5ecc7607e42c39cd989eb6131dace6 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 31 May 2023 10:41:43 -0700 Subject: [PATCH 16/24] chore: postinstall for dependabot template-oss PR --- .github/settings.yml | 28 +++++++++++++++-- .github/workflows/ci-release.yml | 8 ++--- .github/workflows/pull-request.yml | 4 ++- .github/workflows/release.yml | 8 ++--- .gitignore | 1 + CONTRIBUTING.md | 50 ++++++++++++++++++++++++++++++ package.json | 2 +- 7 files changed, 89 insertions(+), 12 deletions(-) create mode 100644 CONTRIBUTING.md diff --git a/.github/settings.yml b/.github/settings.yml index 1019e26..107aa0a 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -1,2 +1,26 @@ ---- -_extends: '.github:npm-cli/settings.yml' +# This file is automatically added by @npmcli/template-oss. Do not edit. + +repository: + allow_merge_commit: false + allow_rebase_merge: true + allow_squash_merge: true + squash_merge_commit_title: PR_TITLE + squash_merge_commit_message: PR_BODY + delete_branch_on_merge: true + enable_automated_security_fixes: true + enable_vulnerability_alerts: true + +branches: + - name: main + protection: + required_status_checks: null + enforce_admins: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 6e80aa6..88e7905 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -61,7 +61,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: inputs.check-sha with: @@ -93,7 +93,7 @@ jobs: - name: Post Lint run: npm run postlint --ignore-scripts - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: steps.check.outputs.check_id && always() with: token: ${{ secrets.GITHUB_TOKEN }} @@ -162,7 +162,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: inputs.check-sha with: @@ -208,7 +208,7 @@ jobs: - name: Test run: npm test --ignore-scripts - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: steps.check.outputs.check_id && always() with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 99877da..721ea3c 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -44,5 +44,7 @@ jobs: npx --offline commitlint -V --from 'origin/${{ github.base_ref }}' --to ${{ github.event.pull_request.head.sha }} - name: Run Commitlint on PR Title if: steps.commit.outcome == 'failure' + env: + PR_TITLE: ${{ github.event.pull_request.title }} run: | - echo '${{ github.event.pull_request.title }}' | npx --offline commitlint -V + echo '$PR_TITLE' | npx --offline commitlint -V diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e40f482..9aae072 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -124,7 +124,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: steps.release.outputs.pr-sha with: @@ -215,7 +215,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: steps.commit.outputs.sha with: @@ -225,7 +225,7 @@ jobs: sha: ${{ steps.commit.outputs.sha }} output: ${{ steps.check-output.outputs.result }} - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: needs.release.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} @@ -263,7 +263,7 @@ jobs: fi echo "result=$result" >> $GITHUB_OUTPUT - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: needs.update.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 0ec3c84..b3eeced 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,7 @@ !/bin/ !/CHANGELOG* !/CODE_OF_CONDUCT.md +!/CONTRIBUTING.md !/docs/ !/lib/ !/LICENSE* diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..69e8878 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,50 @@ + + +# Contributing + +## Code of Conduct + +All interactions in the **npm** organization on GitHub are considered to be covered by our standard [Code of Conduct](https://docs.npmjs.com/policies/conduct). + +## Reporting Bugs + +Before submitting a new bug report please search for an existing or similar report. + +Use one of our existing issue templates if you believe you've come across a unique problem. + +Duplicate issues, or issues that don't use one of our templates may get closed without a response. + +## Pull Request Conventions + +### Commits + +We use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). + +When opening a pull request please be sure that either the pull request title, or each commit in the pull request, has one of the following prefixes: + + - `feat`: For when introducing a new feature. The result will be a new semver minor version of the package when it is next published. + - `fix`: For bug fixes. The result will be a new semver patch version of the package when it is next published. + - `docs`: For documentation updates. The result will be a new semver patch version of the package when it is next published. + - `chore`: For changes that do not affect the published module. Often these are changes to tests. The result will be *no* change to the version of the package when it is next published (as the commit does not affect the published version). + +### Test Coverage + +Pull requests made against this repo will run `npm test` automatically. Please make sure tests pass locally before submitting a PR. + +Every new feature or bug fix should come with a corresponding test or tests that validate the solutions. Testing also reports on code coverage and will fail if code coverage drops. + +### Linting + +Linting is also done automatically once tests pass. `npm run lintfix` will fix most linting errors automatically. + +Please make sure linting passes before submitting a PR. + +## What _not_ to contribute? + +### Dependencies + +It should be noted that our team does not accept third-party dependency updates/PRs. If you submit a PR trying to update our dependencies we will close it with or without a reference to these contribution guidelines. + +### Tools/Automation + +Our core team is responsible for the maintenance of the tooling/automation in this project and we ask contributors to not make changes to these when contributing (e.g. `.github/*`, `.eslintrc.json`, `.licensee.json`). Most of those files also have a header at the top to remind folks they are automatically generated. Pull requests that alter these will not be accepted. diff --git a/package.json b/package.json index b81dcb2..2b41bba 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.15.1", "publish": "true" } } From a0c1004ad41cba38e925f8d26fddcd3082ae14b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 09:53:59 +0000 Subject: [PATCH 17/24] chore: bump @npmcli/template-oss from 4.15.1 to 4.17.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.15.1 to 4.17.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.15.1...v4.17.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2b41bba..7d6b79b 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.15.1", + "@npmcli/template-oss": "4.17.0", "tap": "^16.0.1" }, "files": [ From fe72dbcc3e794e359aafc6839b627134f9f8be32 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 12 Jul 2023 11:34:48 -0700 Subject: [PATCH 18/24] chore: postinstall for dependabot template-oss PR --- .github/settings.yml | 26 ++++++++++++++++++++++++++ .github/workflows/ci.yml | 1 + .github/workflows/codeql-analysis.yml | 2 ++ .github/workflows/release.yml | 2 +- package.json | 2 +- 5 files changed, 31 insertions(+), 2 deletions(-) diff --git a/.github/settings.yml b/.github/settings.yml index 107aa0a..adbef7e 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -24,3 +24,29 @@ branches: apps: [] users: [] teams: [ "cli-team" ] + - name: latest + protection: + required_status_checks: null + enforce_admins: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] + - name: release/v* + protection: + required_status_checks: null + enforce_admins: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9cc149d..5762610 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,7 @@ on: branches: - main - latest + - release/v* schedule: # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 - cron: "0 9 * * 1" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 66b9498..2124487 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -7,10 +7,12 @@ on: branches: - main - latest + - release/v* pull_request: branches: - main - latest + - release/v* schedule: # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 - cron: "0 10 * * 1" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9aae072..1710109 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -78,7 +78,7 @@ jobs: let commentId = comments.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n` - body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. ` + body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`${REF_NAME}\`. ` body += `To force CI to update this PR, run this command:\n\n` body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME} -R ${owner}/${repo} -f release-pr=${issue_number}\n\`\`\`` diff --git a/package.json b/package.json index 7d6b79b..e66cc9f 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.15.1", + "version": "4.17.0", "publish": "true" } } From 86e5f70866426363afc845346f7ee045e567061f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Jul 2023 10:01:57 +0000 Subject: [PATCH 19/24] chore: bump @npmcli/template-oss from 4.17.0 to 4.18.0 Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from 4.17.0 to 4.18.0. - [Release notes](https://github.com/npm/template-oss/releases) - [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/template-oss/compare/v4.17.0...v4.18.0) --- updated-dependencies: - dependency-name: @npmcli/template-oss dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e66cc9f..62c7d8c 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.17.0", + "@npmcli/template-oss": "4.18.0", "tap": "^16.0.1" }, "files": [ From 94ebaa5d37bf4a78fb3bc1b6ee7eae1146fa2db8 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Wed, 19 Jul 2023 08:10:16 -0700 Subject: [PATCH 20/24] chore: postinstall for dependabot template-oss PR --- .github/dependabot.yml | 17 +++++++++++++++++ .github/settings.yml | 17 +++-------------- .github/workflows/ci.yml | 1 - .github/workflows/codeql-analysis.yml | 2 -- .github/workflows/pull-request.yml | 2 +- .github/workflows/release.yml | 1 - package.json | 2 +- 7 files changed, 22 insertions(+), 20 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8da2a45..8ad626d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,7 @@ updates: directory: / schedule: interval: daily + target-branch: "main" allow: - dependency-type: direct versioning-strategy: increase-if-necessary @@ -15,3 +16,19 @@ updates: prefix-development: chore labels: - "Dependencies" + - package-ecosystem: npm + directory: / + schedule: + interval: daily + target-branch: "release/v5" + allow: + - dependency-type: direct + dependency-name: "@npmcli/template-oss" + versioning-strategy: increase-if-necessary + commit-message: + prefix: deps + prefix-development: chore + labels: + - "Dependencies" + - "Backport" + - "release/v5" diff --git a/.github/settings.yml b/.github/settings.yml index adbef7e..f9e45f1 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -15,6 +15,7 @@ branches: protection: required_status_checks: null enforce_admins: true + block_creations: true required_pull_request_reviews: required_approving_review_count: 1 require_code_owner_reviews: true @@ -24,23 +25,11 @@ branches: apps: [] users: [] teams: [ "cli-team" ] - - name: latest - protection: - required_status_checks: null - enforce_admins: true - required_pull_request_reviews: - required_approving_review_count: 1 - require_code_owner_reviews: true - require_last_push_approval: true - dismiss_stale_reviews: true - restrictions: - apps: [] - users: [] - teams: [ "cli-team" ] - - name: release/v* + - name: release/v5 protection: required_status_checks: null enforce_admins: true + block_creations: true required_pull_request_reviews: required_approving_review_count: 1 require_code_owner_reviews: true diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5762610..4c1e684 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,6 @@ on: push: branches: - main - - latest - release/v* schedule: # "At 09:00 UTC (02:00 PT) on Monday" https://crontab.guru/#0_9_*_*_1 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2124487..9fb3f79 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -6,12 +6,10 @@ on: push: branches: - main - - latest - release/v* pull_request: branches: - main - - latest - release/v* schedule: # "At 10:00 UTC (03:00 PT) on Monday" https://crontab.guru/#0_10_*_*_1 diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 721ea3c..b2c2479 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -47,4 +47,4 @@ jobs: env: PR_TITLE: ${{ github.event.pull_request.title }} run: | - echo '$PR_TITLE' | npx --offline commitlint -V + echo "$PR_TITLE" | npx --offline commitlint -V diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1710109..7bf0cfe 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,7 +11,6 @@ on: push: branches: - main - - latest - release/v* permissions: diff --git a/package.json b/package.json index 62c7d8c..868b49f 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.17.0", + "version": "4.18.0", "publish": "true" } } From ecdd7decf24f66297ca5f459b4f1f36d41352e23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:35:09 +0000 Subject: [PATCH 21/24] deps: bump lru-cache from 7.18.3 to 10.0.1 Bumps [lru-cache](https://github.com/isaacs/node-lru-cache) from 7.18.3 to 10.0.1. - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-lru-cache/compare/v7.18.3...v10.0.1) --- updated-dependencies: - dependency-name: lru-cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 868b49f..0314e38 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "template-oss-apply": "template-oss-apply --force" }, "dependencies": { - "lru-cache": "^7.5.1" + "lru-cache": "^10.0.1" }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", From c98e90807775bf5c306a30426d7f6c6ebe9842d5 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Mon, 14 Aug 2023 12:38:55 -0700 Subject: [PATCH 22/24] fix: drop node14 support BREAKING CHANGE: support for node 14 has been removed --- .github/workflows/ci-release.yml | 4 +--- .github/workflows/ci.yml | 4 +--- package.json | 10 ++++++++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 88e7905..380de5e 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -117,9 +117,7 @@ jobs: os: windows-latest shell: cmd node-version: - - 14.17.0 - - 14.x - - 16.13.0 + - 16.14.0 - 16.x - 18.0.0 - 18.x diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4c1e684..83b1955 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,9 +60,7 @@ jobs: os: windows-latest shell: cmd node-version: - - 14.17.0 - - 14.x - - 16.13.0 + - 16.14.0 - 16.x - 18.0.0 - 18.x diff --git a/package.json b/package.json index 0314e38..eb41c42 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "lib/" ], "engines": { - "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + "node": "^16.14.0 || >=18.0.0" }, "tap": { "color": 1, @@ -55,6 +55,12 @@ "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", "version": "4.18.0", - "publish": "true" + "publish": "true", + "ciVersions": [ + "16.14.0", + "16.x", + "18.0.0", + "18.x" + ] } } From f9f7fde1385d3f99ed7a52b9d4b079d8074fc99f Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Mon, 14 Aug 2023 12:56:39 -0700 Subject: [PATCH 23/24] fix: use lru-cache named export --- lib/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/index.js b/lib/index.js index a7339c2..0c9d0b0 100644 --- a/lib/index.js +++ b/lib/index.js @@ -1,11 +1,11 @@ 'use strict' -const LRU = require('lru-cache') +const { LRUCache } = require('lru-cache') const hosts = require('./hosts.js') const fromUrl = require('./from-url.js') const parseUrl = require('./parse-url.js') -const cache = new LRU({ max: 1000 }) +const cache = new LRUCache({ max: 1000 }) class GitHost { constructor (type, user, auth, project, committish, defaultRepresentation, opts = {}) { From 1cfe4e8bb2c9373eeb84f2d94ddad6abc000f6f8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 23:02:30 +0000 Subject: [PATCH 24/24] chore: release 7.0.0 --- .release-please-manifest.json | 2 +- CHANGELOG.md | 15 +++++++++++++++ package.json | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 0f6aa44..aeda91d 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "6.1.1" + ".": "7.0.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 0081c96..8906934 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,20 @@ # Changelog +## [7.0.0](https://github.com/npm/hosted-git-info/compare/v6.1.1...v7.0.0) (2023-08-14) + +### ⚠️ BREAKING CHANGES + +* support for node 14 has been removed + +### Bug Fixes + +* [`f9f7fde`](https://github.com/npm/hosted-git-info/commit/f9f7fde1385d3f99ed7a52b9d4b079d8074fc99f) [#209](https://github.com/npm/hosted-git-info/pull/209) use lru-cache named export (@lukekarrys) +* [`c98e908`](https://github.com/npm/hosted-git-info/commit/c98e90807775bf5c306a30426d7f6c6ebe9842d5) [#209](https://github.com/npm/hosted-git-info/pull/209) drop node14 support (@lukekarrys) + +### Dependencies + +* [`ecdd7de`](https://github.com/npm/hosted-git-info/commit/ecdd7decf24f66297ca5f459b4f1f36d41352e23) [#209](https://github.com/npm/hosted-git-info/pull/209) bump lru-cache from 7.18.3 to 10.0.1 + ## [6.1.1](https://github.com/npm/hosted-git-info/compare/v6.1.0...v6.1.1) (2022-10-27) ### Bug Fixes diff --git a/package.json b/package.json index eb41c42..262a6c2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "hosted-git-info", - "version": "6.1.1", + "version": "7.0.0", "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", "main": "./lib/index.js", "repository": {