STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9857 commits 87 branches 0 tags 160 MiB
Commit graph

294 commits

Author SHA1 Message Date
Kynan Ware
030bf8a68f Improve CodeQL workflow with SARIF filtering 
Adds SARIF filtering for Go analysis to exclude third-party code from results and updates the workflow to upload filtered SARIF files. This enhances the accuracy of security reports by ignoring irrelevant files.
 2025-07-11 13:39:20 -06:00
Babak K. Shandiz
b97a1a0113
ci: quote map entry value 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-10 17:00:38 +01:00
Babak K. Shandiz
ebba64f1f5
ci: automate closing stale issues 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-10 16:53:02 +01:00
William Martin
268b11efc9 Ensure go directive is always .0 version 
This is because go mod tidy will always add the final minor version so
we might as well handle it in the script ahead of time.
 2025-07-09 17:12:11 +02:00
William Martin
9f18c7dbe9 Add setup-go to bump-go 
Ideally, this will ensure that we have an up to date version when we run
go mod tidy.
 2025-07-06 07:04:14 +02:00
William Martin
00cb1efe83 Ensure go mod tidy is run in bump-go 
This is because go mod tidy seems to add minor version to the go mod
directive when it is missing.
 2025-07-05 13:17:00 +02:00
William Martin
e29723d0f3 Inject token into bump-go workflow 2025-07-05 12:07:53 +02:00
William Martin
12b9865a90 Ensure bump go script has git user configured 2025-07-04 14:41:22 +02:00
William Martin
c58a88a217
Merge pull request #11189 from cli/wm/automate-go-bump 
Add workflow to automate go version bumping
 2025-07-01 12:21:01 +02:00
William Martin
12aeb1fed2 Add workflow to automate go version bumping 2025-07-01 12:10:22 +02:00
Kynan Ware
8a5302ec6e Remove unused GH_TOKEN env variable from workflow 
The GH_TOKEN environment variable was set but not used in the pr-vars-dispatch step. This commit removes it for clarity and to avoid confusion.
 2025-06-30 10:55:10 -06:00
Kynan Ware
45c8c827c5
Add workflow_dispatch support to PR Help Wanted check (#11179) 
* Add workflow_dispatch support to PR Help Wanted check

This update allows the PR Help Wanted workflow to be triggered manually via workflow_dispatch with a specified PR URL. It adds logic to fetch PR details using the GitHub CLI for manual runs and unifies variable handling for both event types.

* Update workflow to use PR number instead of URL

Changed the workflow_dispatch input from 'pr_url' to 'pr_number' and updated the script to construct the PR URL from the number.

* Move help-wanted check for draft PRs into script

* Don't prefix URL with `#`

* Invert draft checking logic

Inverting this logic because anything other than "false" means we should skip it.

* Move PR draft status check to shell script

The logic for checking if a pull request is a draft has been moved from the GitHub Actions workflow YAML to the check-help-wanted.sh script. This simplifies the workflow file and centralizes the draft status check within the script.
 2025-06-30 12:51:54 -04:00
Andy Feller
728e973a20 Ensure automation uses pinned go-licenses version 2025-06-23 13:22:27 -04:00
Andy Feller
11e8a8127d Use make for license generation and checks 2025-06-20 16:53:11 -04:00
Andy Feller
98ea250ede Merge branch 'trunk' into andyfeller/9422-license-compliance 2025-06-20 16:23:00 -04:00
Kynan Ware
50e4a4ad15 Fix step order for CodeQL workflow 2025-06-17 08:41:14 -06:00
William Martin
86c251154e
Merge pull request #11121 from cli/11101-use-golangci-lint-version-2 
Bump golangci-lint to v2
 2025-06-17 11:43:14 +02:00
Andy Feller
14c2673d27 Merge branch 'trunk' into andyfeller/9422-license-compliance 2025-06-16 15:27:28 -04:00
Kynan Ware
9e161cda4e
Apply suggestion from @Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-16 13:20:20 -06:00
Kynan Ware
fa3402f783 Improve help wanted check skipping logic 2025-06-16 13:11:37 -06:00
William Martin
8e5ed00ad7
Merge pull request #11133 from cli/wm/execute-gh 
Ensure gh executes in workflow check script
 2025-06-16 21:02:50 +02:00
William Martin
31b3dc1ba6 Ensure gh executes in workflow check script 2025-06-16 20:46:24 +02:00
Kynan Ware
2609b4e283
Merge branch 'trunk' into kw/fix-file-not-found-in-help-wanted-workflow-2 2025-06-16 11:59:31 -06:00
Kynan Ware
7d1b5d2ce0 Fix repo checkout in help-wanted check 2025-06-16 11:47:48 -06:00
Andy Feller
8532997a4b
Merge pull request #11127 from cli/andyfeller/11126-ghas-ignore-3rd-party-source 
Exclude 3rd party license compliance content from GHAS scanning
 2025-06-16 13:45:42 -04:00
Andy Feller
c7b1afd293 Fixes #11126 
These changes will cause GitHub Advanced Security to ignore the auto-generated content around 3rd party dependencies used by `cli/cli` from static code analysis and secret scanning.

For more information:

- https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning
- https://docs.github.com/en/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning
 2025-06-16 13:36:37 -04:00
Andy Feller
f652fd76dc
Merge pull request #11125 from cli/kw/fix-file-not-found-in-help-wanted-workflow 
Fix script path for help-wanted check
 2025-06-16 13:14:18 -04:00
Kynan Ware
7fa213251c Fix script path for help-wanted check 2025-06-16 10:14:38 -06:00
William Martin
c7baa7a555 Quote workflow conditional 2025-06-16 17:54:24 +02:00
William Martin
35e95a42c9
Merge pull request #11107 from cli/dependabot/github_actions/actions/attest-build-provenance-2.4.0 
chore(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0
 2025-06-16 17:09:33 +02:00
William Martin
928a326cee
Add workflow to check help wanted labelling (#11105) 
Co-authored-by: Kynan Ware <47394200+BagToad@users.noreply.github.com>
Co-authored-by: Babak K. Shandiz <babakks@github.com>
Co-authored-by: Andy Feller <andyfeller@github.com>
 2025-06-16 17:09:04 +02:00
dependabot[bot]
f8a3133003
chore(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](db473fddc0...e8998f9491)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-12 14:33:02 +00:00
dependabot[bot]
2266c7a5b5
chore(deps): bump mislav/bump-homebrew-formula-action from 3.2 to 3.4 
Bumps [mislav/bump-homebrew-formula-action](https://github.com/mislav/bump-homebrew-formula-action) from 3.2 to 3.4.
- [Release notes](https://github.com/mislav/bump-homebrew-formula-action/releases)
- [Commits](942e550c63...8e2baa47da)

---
updated-dependencies:
- dependency-name: mislav/bump-homebrew-formula-action
  dependency-version: '3.4'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-03 14:57:13 +00:00
Andy Feller
b30101c496 Avoid analyzing 3rd party license content with CodeQL 
With these changes, `cli/cli` will be redistributing code as-is due to license compliance, which we will not change or address issues around.  Without these changes, our pull requests are getting a bunch of false positive annotations we cannot and will not fix directly.
 2025-05-30 13:22:42 -04:00
Andy Feller
bd24865076 Adopt license compliance scripts into workflows, docs 
This commit introduces the use of `go-licenses` within CI/CD and manual processes for generating / updating the license information used by GitHub CLI including the code required by license to be redistributed.

During GitHub CLI pull requests, the `lint` workflow will notify users if this information is not updated.
 2025-05-30 12:46:51 -04:00
dependabot[bot]
9bb89de87c
chore(deps): bump actions/attest-build-provenance from 2.2.2 to 2.3.0 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.2.2 to 2.3.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](bd77c07785...db473fddc0)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-28 15:44:19 +00:00
Kynan Ware
e21243fe9b ci: pin third party actions to commit sha 2025-04-04 21:45:54 -06:00
Tyler McGoffin
e0533f9f73 Change issueauto and prauto actions to use the cli-automation env 2025-03-07 12:04:59 -08:00
Tyler McGoffin
824acc86dd Add environment to prauto and issueauto workflows 2025-03-06 11:20:39 -08:00
Tyler McGoffin
09b233746c Add cli-discuss-automation environment to triage.md 
Previously, we were getting the token from repository secrets. We have
moved the token to its own environment secret in the
cli-discuss-automation environment. It is in its own environment so that
we don't inject our other secrets into this workflow as we don't need
them here.
 2025-03-06 11:13:01 -08:00
Kynan Ware
601c3e448c Fix(ci): base64 decode GPG passphrase 2025-03-05 12:43:44 -07:00
dependabot[bot]
b83a1a06ef
Bump actions/attest-build-provenance from 2.2.0 to 2.2.2 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.2.0 to 2.2.2.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](520d128f16...bd77c07785)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-28 14:52:41 +00:00
Michael Hoffman
4c1a9215c9
Merge branch 'trunk' into remove-project-automation 2025-01-30 14:45:07 -05:00
Andy Feller
df250a2b53
Update deployment.yml 
Fix failing tag validate job
 2025-01-30 13:07:21 -05:00
Michael Hoffman
d1b5facb48 Remove unused env var, PRID 2025-01-30 12:59:29 -05:00
Michael Hoffman
077f064f4a Remove v1 project 'add to board' automation from prauto workflow 2025-01-29 10:21:11 -05:00
Tyler McGoffin
7fcb4453ed
Merge pull request #10121 from cli/jtmcg/add-tagname-enforcement-to-deployment-workflow 
Add job to deployment workflow to validate the tag name for a given release
 2025-01-24 14:31:59 -08:00
Andy Feller
c23a2834c7
Merge pull request #10297 from dennisameling/windows-arm64-msi 
Enable MSI building for Windows arm64
 2025-01-24 08:04:35 -05:00
dependabot[bot]
fe3d18c96a
Bump actions/attest-build-provenance from 2.1.0 to 2.2.0 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](7668571508...520d128f16)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-23 14:53:49 +00:00
Dennis Ameling
d4aebb1cbb Enable MSI building for Windows arm64 2025-01-22 18:06:40 +01:00