STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10593 commits 87 branches 0 tags 160 MiB
Commit graph

362 commits

Author SHA1 Message Date
Babak K. Shandiz
dd6783868b
ci: fix binary artifact dir paths used in Windows job 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-12-15 18:56:07 +00:00
Babak K. Shandiz
a777a95e9a
ci: upgrade to GoReleaser v2 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-12-15 18:44:25 +00:00
dependabot[bot]
9af5c5f95c chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 9.0.0 to 9.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](0a35821d5c...e7fa5ac41e)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: 9.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 16:43:26 +01:00
dependabot[bot]
13d9ab631d chore(deps): bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 16:24:05 +01:00
dependabot[bot]
1a06438f91
chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](4afd733a84...0a35821d5c)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-13 11:57:15 +00:00
Kynan Ware
cc178cf5e4
Update .github/workflows/lint.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-07 09:31:36 -07:00
Kynan Ware
b917c4cd50 Annotate go-licenses install with version tag 
Added a comment specifying the installed go-licenses commit corresponds to v2.0.1 for clarity in the lint workflow.
 2025-11-07 09:27:40 -07:00
Kynan Ware
9eb019ae56 Integrate license checks back into lint workflow 
Reverts https://github.com/cli/cli/pull/11370
 2025-11-06 11:57:51 -07:00
Kynan Ware
c0d5f164f2
Merge pull request #12089 from cli/kw/use-source-govulncheck-scan-lint 
CI: Update lint govulncheck to use source mode
 2025-11-03 13:18:27 -07:00
Kynan Ware
52391ff0f8
Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-03 13:08:16 -07:00
Kynan Ware
b151f53d02 Add note on govulncheck source mode for Go 1.25 2025-11-03 13:05:33 -07:00
Kynan Ware
6c1d1c4f49 Update lint govulncheck to use source mode 
Replaces binary mode scan of 'bin/gh' with source mode scan of all packages using govulncheck.
 2025-11-03 12:55:13 -07:00
Babak K. Shandiz
eaddf5baf9
chore: add workflow_dispatch to govulncheck triggers 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-11-03 19:43:01 +00:00
Babak K. Shandiz
594e210581
ci: bump Golangci-lint to v2.6.0 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-10-30 12:27:12 +00:00
Kynan Ware
eb79e4a2f2
Merge pull request #12032 from cli/dependabot/github_actions/actions/download-artifact-6 
chore(deps): bump actions/download-artifact from 5 to 6
 2025-10-27 09:33:52 -06:00
dependabot[bot]
ac8eafd51e
chore(deps): bump actions/download-artifact from 5 to 6 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 15:10:59 +00:00
dependabot[bot]
366169500f
chore(deps): bump actions/upload-artifact from 4 to 5 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 15:01:02 +00:00
Kynan Ware
a30277b9d0
Merge pull request #11750 from cli/dependabot/github_actions/mislav/bump-homebrew-formula-action-3.6 
chore(deps): bump mislav/bump-homebrew-formula-action from 3.4 to 3.6
 2025-10-22 10:17:14 -06:00
dependabot[bot]
3b4d6e9f1e
chore(deps): bump mislav/bump-homebrew-formula-action from 3.4 to 3.6 
Bumps [mislav/bump-homebrew-formula-action](https://github.com/mislav/bump-homebrew-formula-action) from 3.4 to 3.6.
- [Release notes](https://github.com/mislav/bump-homebrew-formula-action/releases)
- [Commits](8e2baa47da...56a283fa15)

---
updated-dependencies:
- dependency-name: mislav/bump-homebrew-formula-action
  dependency-version: '3.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 16:06:26 +00:00
dependabot[bot]
c7bf1b0a18
chore(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](9c156ee8a1...e435ccd777)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 16:01:40 +00:00
Kynan Ware
e627f0132e
Merge pull request #11612 from cli/dependabot/github_actions/actions/attest-build-provenance-3.0.0 
chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0
 2025-10-17 14:51:03 -06:00
Kynan Ware
fd651e9adc
Update .github/workflows/govulncheck.yml 2025-10-17 11:29:37 -06:00
dependabot[bot]
af0905efeb
chore(deps): bump github/codeql-action from 3 to 4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-08 14:03:20 +00:00
Babak K. Shandiz
986b952aaa
ci: pin release runner to Windows 2022 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-09-23 17:31:35 +01:00
Kynan Ware
aecbf992ee
Merge pull request #11662 from cli/dependabot/github_actions/actions/setup-go-6 
chore(deps): bump actions/setup-go from 5 to 6
 2025-09-04 11:17:16 -06:00
dependabot[bot]
615b3ccb6c
chore(deps): bump actions/stale from 9 to 10 
Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9...v10)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 14:52:56 +00:00
dependabot[bot]
4f37579efa
chore(deps): bump actions/setup-go from 5 to 6 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 14:48:13 +00:00
dependabot[bot]
325743e78b
chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](e8998f9491...977bb373ed)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-29 14:02:11 +00:00
dependabot[bot]
6710bbc2be
chore(deps): bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-14 15:35:09 +00:00
Kynan Ware
245484cc51
Merge pull request #11458 from cli/dependabot/github_actions/actions/download-artifact-5 
chore(deps): bump actions/download-artifact from 4 to 5
 2025-08-14 09:33:54 -06:00
Kynan Ware
3f55855e8b Update govulncheck workflow to scan source code 
Changed govulncheck to run on all source files (./...) instead of the built binary. This fixes uploading to GitHub Code Scanning as the location data will be valid, so it will get accepted.
 2025-08-08 16:10:22 -06:00
dependabot[bot]
ce527971d1
chore(deps): bump actions/download-artifact from 4 to 5 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-06 14:35:09 +00:00
Andy Feller
cf7c2b9b8c
Merge pull request #11435 from cli/andyfeller/11408-close-suspected-spam-issues 
Update spam detection to comment on and close issue
 2025-08-04 08:40:41 -04:00
Andy Feller
ccc1b4f8c7
Apply suggestion from @Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-08-04 08:30:16 -04:00
Andy Feller
1e69d8a1a0
Update .github/workflows/scripts/spam-detection/process-issue.sh 
Co-authored-by: Babak K. Shandiz <babakks@github.com>
 2025-08-04 08:30:04 -04:00
Andy Feller
60fdb7ec2b Update spam detection to comment on and close issue 
Fixes #11408

These changes enhance the GitHub CLI spam detection logic to automatically comment on and close suspected spam based on the past weeks of usage.

Additionally, there were a few minor enhancements to the script, allowing it to be executed from anywhere rather than the root of the local repository.
 2025-08-01 16:50:55 -04:00
Andy Feller
24f502ba1f
Merge pull request #11370 from cli/andyfeller/11270-improve-dependabot-pr-thirdparty-checks 
Regenerate third-party licenses on trunk pushes
 2025-08-01 16:05:02 -04:00
Andy Feller
8037c61827 Update permissions and events for workflow 
This commit makes a few notable changes:

1. Use the GitHub Actions automatic token for committing changes
2. Include workflow file in paths to trigger workflow
3. Checkout the default branch explicitly
 2025-08-01 15:36:55 -04:00
Babak K. Shandiz
be67a350b8
ci: use help wanted label link in comment 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:42:30 +01:00
Babak K. Shandiz
f1996cd571
ci: anchor regexp for help wanted label 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:42:27 +01:00
Babak K. Shandiz
3d5675f5f7
Improve spam detection evals (#11419) 
* ci: improve spam detection evals

Signed-off-by: Babak K. Shandiz <babakks@github.com>

* ci: make test case names consistent

Signed-off-by: Babak K. Shandiz <babakks@github.com>

* ci: remove ill-indented/redundant test case

Signed-off-by: Babak K. Shandiz <babakks@github.com>

---------

Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:24:08 +01:00
Babak K. Shandiz
6cce077a83
docs(ci): delete obsolete comment 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-28 11:38:50 +01:00
Andy Feller
99516d64ba Regenerate third-party licenses on trunk pushes 
Fixes #11270

This commit refactors the work done in #11047 of blocking pull requests for manual `third-party` license updates to having GitHub Actions automatically update it on pushes to `trunk`.

This will allow maintainers to streamline Dependabot PR reviews while reducing contributor friction when changing dependencies.
 2025-07-23 15:29:32 -04:00
Andy Feller
13a7498279
Merge pull request #11298 from cli/dependabot/github_actions/advanced-security/filter-sarif-1.0.1 
chore(deps): bump advanced-security/filter-sarif from 1.0.0 to 1.0.1
 2025-07-23 14:06:26 -04:00
Andy Feller
7dffc39c33
Merge pull request #11332 from cli/andyfeller/11209-automate-govulncheck 
Incorporate govulncheck into workflows
 2025-07-23 10:56:51 -04:00
Kynan Ware
b2348f8386
Merge pull request #11316 from cli/babakks/automate-spam-issue-detection 
Automate spam issue detection
 2025-07-21 17:49:12 -06:00
Andy Feller
aa955e1fe6
Update .github/workflows/scripts/spam-detection/generate-sys-prompt.sh 2025-07-21 15:56:11 -04:00
Andy Feller
0c105aff8a Use gh go templating for user prompt 
`gh` has Go templating support built in, so let's use it.
 2025-07-21 15:51:48 -04:00
Andy Feller
f7448c10e6 Update eval script comments 2025-07-21 15:26:35 -04:00
Andy Feller
03cc1d8311 Remove unnecessary file for heredoc 2025-07-21 15:21:01 -04:00