Skip to content

Commit

Permalink
chore: postinstall for dependabot template-oss PR
Browse files Browse the repository at this point in the history
  • Loading branch information
lukekarrys committed Mar 8, 2023
1 parent e2443b8 commit 7328f8a
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 12 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/post-dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,11 @@ jobs:
run: |
dependabot_dir="${{ steps.metadata.outputs.directory }}"
if [[ "$dependabot_dir" == "/" ]]; then
echo "::set-output name=workspace::-iwr"
echo "workspace=-iwr" >> $GITHUB_OUTPUT
else
# strip leading slash from directory so it works as a
# a path to the workspace flag
echo "::set-output name=workspace::-w ${dependabot_dir#/}"
echo "workspace=-w ${dependabot_dir#/}" >> $GITHUB_OUTPUT
fi
- name: Apply Changes
Expand All @@ -61,7 +61,7 @@ jobs:
run: |
npm run template-oss-apply ${{ steps.flags.outputs.workspace }}
if [[ `git status --porcelain` ]]; then
echo "::set-output name=changes::true"
echo "changes=true" >> $GITHUB_OUTPUT
fi
# This only sets the conventional commit prefix. This workflow can't reliably determine
# what the breaking change is though. If a BREAKING CHANGE message is required then
Expand All @@ -71,7 +71,7 @@ jobs:
else
prefix='chore'
fi
echo "::set-output name=message::$prefix: postinstall for dependabot template-oss PR"
echo "message=$prefix: postinstall for dependabot template-oss PR" >> $GITHUB_OUTPUT
# This step will fail if template-oss has made any workflow updates. It is impossible
# for a workflow to update other workflows. In the case it does fail, we continue
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ jobs:
run: |
git commit --all --amend --no-edit || true
git push --force-with-lease
echo "::set-output name=sha::$(git rev-parse HEAD)"
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
- name: Get Workflow Job
uses: actions/github-script@v6
if: steps.commit.outputs.sha
Expand Down Expand Up @@ -261,7 +261,7 @@ jobs:
else
result="success"
fi
echo "::set-output name=result::$result"
echo "result=$result" >> $GITHUB_OUTPUT
- name: Conclude Check
uses: LouisBrunner/checks-action@v1.3.1
if: needs.update.outputs.check-id && always()
Expand Down Expand Up @@ -368,15 +368,14 @@ jobs:
- name: Get Needs Result
id: needs-result
run: |
result=""
if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then
result="x"
elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
result="heavy_multiplication_x"
else
result="white_check_mark"
fi
echo "::set-output name=result::$result"
echo "result=$result" >> $GITHUB_OUTPUT
- name: Update Release PR Comment
uses: actions/github-script@v6
env:
Expand All @@ -397,7 +396,8 @@ jobs:
if (updateComment) {
console.log('Found comment to update:', JSON.stringify(updateComment, null, 2))
let body = updateComment.body.replace(/Workflow run: :[a-z_]+:/, `Workflow run: :${RESULT}:`)
if (RESULT === 'x') {
const tagCodeowner = RESULT !== 'white_check_mark'
if (tagCodeowner) {
body += `\n\n:rotating_light:`
body += ` @npm/cli-team: The post-release workflow failed for this release.`
body += ` Manual steps may need to be taken after examining the workflow output`
Expand Down
3 changes: 1 addition & 2 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,10 @@ GitHub takes the security of our software products and services seriously, inclu

If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways.

If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com).

If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award.

**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**

Thanks for helping make GitHub safe for everyone.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,6 @@
],
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"version": "4.11.4"
"version": "4.12.0"
}
}

0 comments on commit 7328f8a

Please sign in to comment.