STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10422 commits 87 branches 0 tags 160 MiB
Commit graph

342 commits

Author SHA1 Message Date
Kynan Ware
e627f0132e
Merge pull request #11612 from cli/dependabot/github_actions/actions/attest-build-provenance-3.0.0 
chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0
 2025-10-17 14:51:03 -06:00
Kynan Ware
fd651e9adc
Update .github/workflows/govulncheck.yml 2025-10-17 11:29:37 -06:00
dependabot[bot]
af0905efeb
chore(deps): bump github/codeql-action from 3 to 4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-08 14:03:20 +00:00
Babak K. Shandiz
986b952aaa
ci: pin release runner to Windows 2022 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-09-23 17:31:35 +01:00
Kynan Ware
aecbf992ee
Merge pull request #11662 from cli/dependabot/github_actions/actions/setup-go-6 
chore(deps): bump actions/setup-go from 5 to 6
 2025-09-04 11:17:16 -06:00
dependabot[bot]
615b3ccb6c
chore(deps): bump actions/stale from 9 to 10 
Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9...v10)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 14:52:56 +00:00
dependabot[bot]
4f37579efa
chore(deps): bump actions/setup-go from 5 to 6 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 14:48:13 +00:00
dependabot[bot]
325743e78b
chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](e8998f9491...977bb373ed)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-29 14:02:11 +00:00
dependabot[bot]
6710bbc2be
chore(deps): bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-14 15:35:09 +00:00
Kynan Ware
245484cc51
Merge pull request #11458 from cli/dependabot/github_actions/actions/download-artifact-5 
chore(deps): bump actions/download-artifact from 4 to 5
 2025-08-14 09:33:54 -06:00
Kynan Ware
3f55855e8b Update govulncheck workflow to scan source code 
Changed govulncheck to run on all source files (./...) instead of the built binary. This fixes uploading to GitHub Code Scanning as the location data will be valid, so it will get accepted.
 2025-08-08 16:10:22 -06:00
dependabot[bot]
ce527971d1
chore(deps): bump actions/download-artifact from 4 to 5 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-06 14:35:09 +00:00
Andy Feller
cf7c2b9b8c
Merge pull request #11435 from cli/andyfeller/11408-close-suspected-spam-issues 
Update spam detection to comment on and close issue
 2025-08-04 08:40:41 -04:00
Andy Feller
ccc1b4f8c7
Apply suggestion from @Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-08-04 08:30:16 -04:00
Andy Feller
1e69d8a1a0
Update .github/workflows/scripts/spam-detection/process-issue.sh 
Co-authored-by: Babak K. Shandiz <babakks@github.com>
 2025-08-04 08:30:04 -04:00
Andy Feller
60fdb7ec2b Update spam detection to comment on and close issue 
Fixes #11408

These changes enhance the GitHub CLI spam detection logic to automatically comment on and close suspected spam based on the past weeks of usage.

Additionally, there were a few minor enhancements to the script, allowing it to be executed from anywhere rather than the root of the local repository.
 2025-08-01 16:50:55 -04:00
Andy Feller
24f502ba1f
Merge pull request #11370 from cli/andyfeller/11270-improve-dependabot-pr-thirdparty-checks 
Regenerate third-party licenses on trunk pushes
 2025-08-01 16:05:02 -04:00
Andy Feller
8037c61827 Update permissions and events for workflow 
This commit makes a few notable changes:

1. Use the GitHub Actions automatic token for committing changes
2. Include workflow file in paths to trigger workflow
3. Checkout the default branch explicitly
 2025-08-01 15:36:55 -04:00
Babak K. Shandiz
be67a350b8
ci: use help wanted label link in comment 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:42:30 +01:00
Babak K. Shandiz
f1996cd571
ci: anchor regexp for help wanted label 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:42:27 +01:00
Babak K. Shandiz
3d5675f5f7
Improve spam detection evals (#11419) 
* ci: improve spam detection evals

Signed-off-by: Babak K. Shandiz <babakks@github.com>

* ci: make test case names consistent

Signed-off-by: Babak K. Shandiz <babakks@github.com>

* ci: remove ill-indented/redundant test case

Signed-off-by: Babak K. Shandiz <babakks@github.com>

---------

Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:24:08 +01:00
Babak K. Shandiz
6cce077a83
docs(ci): delete obsolete comment 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-28 11:38:50 +01:00
Andy Feller
99516d64ba Regenerate third-party licenses on trunk pushes 
Fixes #11270

This commit refactors the work done in #11047 of blocking pull requests for manual `third-party` license updates to having GitHub Actions automatically update it on pushes to `trunk`.

This will allow maintainers to streamline Dependabot PR reviews while reducing contributor friction when changing dependencies.
 2025-07-23 15:29:32 -04:00
Andy Feller
13a7498279
Merge pull request #11298 from cli/dependabot/github_actions/advanced-security/filter-sarif-1.0.1 
chore(deps): bump advanced-security/filter-sarif from 1.0.0 to 1.0.1
 2025-07-23 14:06:26 -04:00
Andy Feller
7dffc39c33
Merge pull request #11332 from cli/andyfeller/11209-automate-govulncheck 
Incorporate govulncheck into workflows
 2025-07-23 10:56:51 -04:00
Kynan Ware
b2348f8386
Merge pull request #11316 from cli/babakks/automate-spam-issue-detection 
Automate spam issue detection
 2025-07-21 17:49:12 -06:00
Andy Feller
aa955e1fe6
Update .github/workflows/scripts/spam-detection/generate-sys-prompt.sh 2025-07-21 15:56:11 -04:00
Andy Feller
0c105aff8a Use gh go templating for user prompt 
`gh` has Go templating support built in, so let's use it.
 2025-07-21 15:51:48 -04:00
Andy Feller
f7448c10e6 Update eval script comments 2025-07-21 15:26:35 -04:00
Andy Feller
03cc1d8311 Remove unnecessary file for heredoc 2025-07-21 15:21:01 -04:00
Andy Feller
8610d8ba8a First pass to optimize and improve 2025-07-21 15:01:22 -04:00
Andy Feller
4da24b8a0c Limit permissions of govulncheck workflow 2025-07-21 08:44:58 -04:00
Andy Feller
bd6b862b63 Incorporate govulncheck into workflows 2025-07-18 17:03:39 -04:00
Andy Feller
db24646e70 Run Lint and Tests on push to trunk branch 
This change causes the "Lint" and "Unit and Integration Tests" workflows to only run on `push` events on the default branch (`trunk`).

This should avoid running redundant set of jobs on pull requests.
 2025-07-17 15:18:31 -04:00
Andy Feller
08303d91e6
Merge pull request #11299 from cli/kw/feature-request-comment 
Add automated feature request response workflow
 2025-07-17 14:20:10 -04:00
Kynan Ware
e35a974892
Update .github/workflows/feature-request-comment.yml 2025-07-17 12:11:30 -06:00
Kynan Ware
f06c46de95 Potential fix for code scanning alert no. 169: Workflow does not contain permissions 
Co-Authored-By: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2025-07-17 11:02:20 -06:00
Babak K. Shandiz
8a235ecbef
ci: echo spam detection result 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 22:41:26 +01:00
Babak K. Shandiz
6a5fbdd44f
ci: add models: read permission 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 22:31:31 +01:00
Babak K. Shandiz
1779103a04
ci: correct sed usage to remove Markdown front matter 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 21:57:33 +01:00
Babak K. Shandiz
9aae4a525d
docs: fix typo in script docs 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 21:54:02 +01:00
Babak K. Shandiz
7996a6cdb9
ci: fix potentially confusing typo in system prompt 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 21:53:44 +01:00
Babak K. Shandiz
1447400c0a
ci: use issue.html_url instead of issue.url 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 21:46:36 +01:00
Babak K. Shandiz
e90336a331
ci: remove unused env vars 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 21:20:12 +01:00
Babak K. Shandiz
43e1634816
ci: add spam issue detection workflow 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 21:02:56 +01:00
Babak K. Shandiz
c7c68920d8
ci: add spam issue detection scripts 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-16 21:02:53 +01:00
Kynan Ware
7a691e4c44 feat(comment): add automated feature request response 2025-07-14 15:14:48 -06:00
dependabot[bot]
fe8884f351
chore(deps): bump advanced-security/filter-sarif from 1.0.0 to 1.0.1 
Bumps [advanced-security/filter-sarif](https://github.com/advanced-security/filter-sarif) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/advanced-security/filter-sarif/releases)
- [Commits](bc96d9fb93...f3b8118a93)

---
updated-dependencies:
- dependency-name: advanced-security/filter-sarif
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 17:30:21 +00:00
Kynan Ware
030bf8a68f Improve CodeQL workflow with SARIF filtering 
Adds SARIF filtering for Go analysis to exclude third-party code from results and updates the workflow to upload filtered SARIF files. This enhances the accuracy of security reports by ignoring irrelevant files.
 2025-07-11 13:39:20 -06:00
Babak K. Shandiz
b97a1a0113
ci: quote map entry value 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-10 17:00:38 +01:00