sync: update 5 files from source repository (#48)

mrz1836 · web-flow · commit f17090257398 · 2025-10-22T17:50:18.000-04:00
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -5,11 +5,7 @@ Security is a priority. We maintain a proactive stance to identify and fix vulne
 <br/>
 
 ## 🛠️ Supported & Maintained Versions
-
-| Version | Status               |
-|---------|----------------------|
-| 0.x.x   | ✅ Supported & Active |
-| 1.x.x   | ✅ Supported & Active |
+Any released version of **go-subtree** that is not marked as deprecated is actively supported and maintained.
 
 <br/>
 
@@ -70,7 +66,7 @@ We follow the [OpenSSF](https://openssf.org) best practices to ensure this repos
 
 To proactively protect this repository, we use several automated GitHub workflows:
 
-- **[CodeQL Analysis](./workflows/codeql-analysis.yml)**: Scans the codebase for security vulnerabilities and coding errors using GitHub's CodeQL engine on every push and pull request to the `master` branch.
-- **[OpenSSF Scorecard](./workflows/scorecard.yml)**: Periodically evaluates the repository against OpenSSF Scorecard checks, providing insights and recommendations for improving supply chain security and best practices.
+- **[CodeQL Analysis](./github/workflows/codeql-analysis.yml)**: Scans the codebase for security vulnerabilities and coding errors using GitHub's CodeQL engine on every push and pull request to the `main/master` branch.
+- **[OpenSSF Scorecard](./github/workflows/scorecard.yml)**: Periodically evaluates the repository against OpenSSF Scorecard checks, providing insights and recommendations for improving supply chain security and best practices.
 
-These workflows help us identify, remediate, and prevent security issues as early as possible in the development lifecycle. For more details, see the workflow files in the [`.github/workflows/`](https://github.com/bsv-blockchain/go-subtree/tree/master/.github/workflows) directory.
+These workflows help us identify, remediate, and prevent security issues as early as possible in the development lifecycle. For more details, see the workflow files in the [`.github/workflows/`](.github/workflows) directory.
diff --git a/.github/tech-conventions/dependency-management.md b/.github/tech-conventions/dependency-management.md
@@ -42,7 +42,7 @@ brew install gitleaks
 gitleaks detect --source . --log-opts="--all" --verbose
 ```
 
-* Address critical advisories before merging changes into `master`
+* Address critical advisories before merging changes into `main/master`
 
 * Document any intentionally ignored vulnerabilities with clear justification and issue tracking
 
diff --git a/.github/tech-conventions/labeling-conventions.md b/.github/tech-conventions/labeling-conventions.md
@@ -2,7 +2,7 @@
 
 > Labels serve as shared vocabulary for categorizing issues, pull requests, and discussions. Proper labeling improves triage, prioritization, automation, and clarity across the engineering lifecycle.
 
-Current labels are located in `.github/labels.yml` and automatically synced into GitHub upon updating the `master` branch.
+Current labels are located in `.github/labels.yml` and automatically synced into GitHub upon updating the `main/master` branch.
 
 <br><br>
 
diff --git a/.github/workflows/fortress-coverage.yml b/.github/workflows/fortress-coverage.yml
@@ -365,12 +365,17 @@ jobs:
             --jq ".workflow_runs[] | select(.status == \"completed\" and (.conclusion == \"success\" or .conclusion == \"failure\") and .head_branch == \"$CURRENT_BRANCH\") | .id" \
             --paginate 2>/dev/null | head -8 || echo "")
 
-          # If no runs found for current branch and it's not master, also get master branch history
-          if [[ -z "$WORKFLOW_RUNS" ]] && [[ "$CURRENT_BRANCH" != "master" ]]; then
-            echo "ℹ️ No history found for branch '$CURRENT_BRANCH', checking master branch..."
-            WORKFLOW_RUNS=$(gh api repos/${{ github.repository }}/actions/runs \
-              --jq '.workflow_runs[] | select(.status == "completed" and (.conclusion == "success" or .conclusion == "failure") and .head_branch == "master") | .id' \
-              --paginate 2>/dev/null | head -5 || echo "")
+          # If no runs found for current branch and it's not the default branch, check default branch history
+          if [[ -z "$WORKFLOW_RUNS" ]]; then
+            # Detect the default branch dynamically
+            DEFAULT_BRANCH=$(gh api repos/${{ github.repository }} --jq '.default_branch' 2>/dev/null || echo "")
+
+            if [[ -n "$DEFAULT_BRANCH" ]] && [[ "$CURRENT_BRANCH" != "$DEFAULT_BRANCH" ]]; then
+              echo "ℹ️ No history found for branch '$CURRENT_BRANCH', checking $DEFAULT_BRANCH branch..."
+              WORKFLOW_RUNS=$(gh api repos/${{ github.repository }}/actions/runs \
+                --jq ".workflow_runs[] | select(.status == \"completed\" and (.conclusion == \"success\" or .conclusion == \"failure\") and .head_branch == \"$DEFAULT_BRANCH\") | .id" \
+                --paginate 2>/dev/null | head -5 || echo "")
+            fi
           fi
 
           if [[ -z "$WORKFLOW_RUNS" ]]; then
@@ -922,7 +927,7 @@ jobs:
           GITHUB_SHA: ${{ inputs.commit-sha || github.event.pull_request.head.sha }}
           GITHUB_REF_NAME: ${{ inputs.branch-name || github.event.pull_request.head.ref }}
           GITHUB_HEAD_REF: ${{ github.event.pull_request.head.ref }}
-          GITHUB_BASE_REF: ${{ github.event.pull_request.base.ref || 'master' }}
+          GITHUB_BASE_REF: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }}
           COVERAGE_PR_COMMENT_BEHAVIOR: ${{ env.COVERAGE_PR_COMMENT_BEHAVIOR }}
           COVERAGE_LOG_LEVEL: debug
         run: |
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -14,7 +14,11 @@
             "default": "master",
             "description": "Target branch for version bump",
             "id": "targetBranch",
-            "type": "promptString"
+            "options": [
+                "master",
+                "main"
+            ],
+            "type": "pickString"
         },
         {
             "default": "cancel",
@@ -675,7 +679,7 @@
             "type": "shell"
         },
         {
-            "command": "magex version:bump push=true bump=major branch=${input:targetBranch} confirm=${input:majorConfirm}",
+            "command": "magex version:bump push=true bump=major branch=${input:targetBranch} ${input:majorConfirm}",
             "detail": "Bump major version (X.0.0) and push to remote - requires confirmation",
             "group": "none",
             "label": "magex: version:bump:major",
