From f1a141c46b88e60571565582b7fcf77ef10ed2f9 Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Tue, 22 Jul 2025 13:58:54 +0100 Subject: [PATCH 1/2] Disable credential persistence Do not persist Git credentials. --- .github/workflows/codeql.yml | 1 + .github/workflows/dependency-review.yml | 1 + .github/workflows/lint.yml | 1 + .github/workflows/ossf-scorecard.yml | 1 + 4 files changed, 4 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9c90564..59907c7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,6 +31,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: filter: 'tree:0' + persist-credentials: false show-progress: false - name: Initialize CodeQL diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9c23f6c..78b3b31 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -20,6 +20,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: filter: 'tree:0' + persist-credentials: false show-progress: false - name: Review dependencies diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2cff2a7..8f59887 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -34,6 +34,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: filter: 'tree:0' + persist-credentials: false show-progress: false - name: Add actionlint problem matcher diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 0656a0f..2b1e903 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -23,6 +23,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: filter: 'tree:0' + persist-credentials: false show-progress: false - name: Run analysis From 1e49418d59285bdaeadbec94dc45d3a9095b26e9 Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Tue, 22 Jul 2025 14:00:12 +0100 Subject: [PATCH 2/2] Add release notes configuration Add a configuration file for generating GitHub release notes. See https://docs.github.com/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes. --- .github/release.yml | 8 ++++++++ .github/workflows/release.yml | 19 +++---------------- 2 files changed, 11 insertions(+), 16 deletions(-) create mode 100644 .github/release.yml diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..a51ab2c --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,8 @@ +changelog: + exclude: + authors: + - dependabot[bot] + - costellobot + - costellobot[bot] + - github-actions[bot] + - renovate[bot] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 59a6d5a..59d7ed6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,29 +52,16 @@ jobs: const tag_name = `v${version}`; const name = tag_name; - - const { data: notes } = await github.rest.repos.generateReleaseNotes({ - owner, - repo, - tag_name, - target_commitish: process.env.DEFAULT_BRANCH, - }); - - const body = notes.body - .split('\n') - .filter((line) => !line.includes(' @costellobot ')) - .filter((line) => !line.includes(' @dependabot ')) - .filter((line) => !line.includes(' @github-actions ')) - .filter((line) => !line.includes(' @renovate[bot] ')) - .join('\n'); + const target_commitish = process.env.DEFAULT_BRANCH; const { data: release } = await github.rest.repos.createRelease({ owner, repo, tag_name, + target_commitish, name, - body, draft, + generate_release_notes: true, }); core.notice(`Created release ${release.name}: ${release.html_url}`);