STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10537 commits 87 branches 0 tags 160 MiB
Commit graph

465 commits

Author SHA1 Message Date
Kynan Ware
cc178cf5e4
Update .github/workflows/lint.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-07 09:31:36 -07:00
Kynan Ware
b917c4cd50 Annotate go-licenses install with version tag 
Added a comment specifying the installed go-licenses commit corresponds to v2.0.1 for clarity in the lint workflow.
 2025-11-07 09:27:40 -07:00
Kynan Ware
9eb019ae56 Integrate license checks back into lint workflow 
Reverts https://github.com/cli/cli/pull/11370
 2025-11-06 11:57:51 -07:00
Kynan Ware
c0d5f164f2
Merge pull request #12089 from cli/kw/use-source-govulncheck-scan-lint 
CI: Update lint govulncheck to use source mode
 2025-11-03 13:18:27 -07:00
Kynan Ware
52391ff0f8
Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-03 13:08:16 -07:00
Kynan Ware
b151f53d02 Add note on govulncheck source mode for Go 1.25 2025-11-03 13:05:33 -07:00
Kynan Ware
6c1d1c4f49 Update lint govulncheck to use source mode 
Replaces binary mode scan of 'bin/gh' with source mode scan of all packages using govulncheck.
 2025-11-03 12:55:13 -07:00
Babak K. Shandiz
eaddf5baf9
chore: add workflow_dispatch to govulncheck triggers 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-11-03 19:43:01 +00:00
Babak K. Shandiz
38c280ec8a
docs: update go version 1.25 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-10-31 12:22:48 +00:00
Babak K. Shandiz
594e210581
ci: bump Golangci-lint to v2.6.0 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-10-30 12:27:12 +00:00
Kynan Ware
eb79e4a2f2
Merge pull request #12032 from cli/dependabot/github_actions/actions/download-artifact-6 
chore(deps): bump actions/download-artifact from 5 to 6
 2025-10-27 09:33:52 -06:00
dependabot[bot]
ac8eafd51e
chore(deps): bump actions/download-artifact from 5 to 6 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 15:10:59 +00:00
dependabot[bot]
366169500f
chore(deps): bump actions/upload-artifact from 4 to 5 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 15:01:02 +00:00
Kynan Ware
a30277b9d0
Merge pull request #11750 from cli/dependabot/github_actions/mislav/bump-homebrew-formula-action-3.6 
chore(deps): bump mislav/bump-homebrew-formula-action from 3.4 to 3.6
 2025-10-22 10:17:14 -06:00
dependabot[bot]
3b4d6e9f1e
chore(deps): bump mislav/bump-homebrew-formula-action from 3.4 to 3.6 
Bumps [mislav/bump-homebrew-formula-action](https://github.com/mislav/bump-homebrew-formula-action) from 3.4 to 3.6.
- [Release notes](https://github.com/mislav/bump-homebrew-formula-action/releases)
- [Commits](8e2baa47da...56a283fa15)

---
updated-dependencies:
- dependency-name: mislav/bump-homebrew-formula-action
  dependency-version: '3.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 16:06:26 +00:00
dependabot[bot]
c7bf1b0a18
chore(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](9c156ee8a1...e435ccd777)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 16:01:40 +00:00
Kynan Ware
e627f0132e
Merge pull request #11612 from cli/dependabot/github_actions/actions/attest-build-provenance-3.0.0 
chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0
 2025-10-17 14:51:03 -06:00
Kynan Ware
fd651e9adc
Update .github/workflows/govulncheck.yml 2025-10-17 11:29:37 -06:00
dependabot[bot]
af0905efeb
chore(deps): bump github/codeql-action from 3 to 4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-08 14:03:20 +00:00
Babak K. Shandiz
986b952aaa
ci: pin release runner to Windows 2022 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-09-23 17:31:35 +01:00
Kynan Ware
aecbf992ee
Merge pull request #11662 from cli/dependabot/github_actions/actions/setup-go-6 
chore(deps): bump actions/setup-go from 5 to 6
 2025-09-04 11:17:16 -06:00
dependabot[bot]
615b3ccb6c
chore(deps): bump actions/stale from 9 to 10 
Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9...v10)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 14:52:56 +00:00
dependabot[bot]
4f37579efa
chore(deps): bump actions/setup-go from 5 to 6 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 14:48:13 +00:00
dependabot[bot]
325743e78b
chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.4.0 to 3.0.0.
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](e8998f9491...977bb373ed)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-29 14:02:11 +00:00
dependabot[bot]
6710bbc2be
chore(deps): bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-14 15:35:09 +00:00
Kynan Ware
245484cc51
Merge pull request #11458 from cli/dependabot/github_actions/actions/download-artifact-5 
chore(deps): bump actions/download-artifact from 4 to 5
 2025-08-14 09:33:54 -06:00
Kynan Ware
1b083c2005
Merge pull request #11482 from cli/kw/fix-govulncheck-sarif-upload 
Update govulncheck workflow to scan source code
 2025-08-11 15:18:55 -06:00
Kynan Ware
3f55855e8b Update govulncheck workflow to scan source code 
Changed govulncheck to run on all source files (./...) instead of the built binary. This fixes uploading to GitHub Code Scanning as the location data will be valid, so it will get accepted.
 2025-08-08 16:10:22 -06:00
Andy Feller
5811b267bf Update docs on contributing new install methods 
Now that our installation docs more clearly delineate official and unofficial installation methods, the maintainers are more open to contributions from communities.
 2025-08-07 20:39:04 -04:00
dependabot[bot]
ce527971d1
chore(deps): bump actions/download-artifact from 4 to 5 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-06 14:35:09 +00:00
Andy Feller
cf7c2b9b8c
Merge pull request #11435 from cli/andyfeller/11408-close-suspected-spam-issues 
Update spam detection to comment on and close issue
 2025-08-04 08:40:41 -04:00
Andy Feller
ccc1b4f8c7
Apply suggestion from @Copilot 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-08-04 08:30:16 -04:00
Andy Feller
1e69d8a1a0
Update .github/workflows/scripts/spam-detection/process-issue.sh 
Co-authored-by: Babak K. Shandiz <babakks@github.com>
 2025-08-04 08:30:04 -04:00
Andy Feller
60fdb7ec2b Update spam detection to comment on and close issue 
Fixes #11408

These changes enhance the GitHub CLI spam detection logic to automatically comment on and close suspected spam based on the past weeks of usage.

Additionally, there were a few minor enhancements to the script, allowing it to be executed from anywhere rather than the root of the local repository.
 2025-08-01 16:50:55 -04:00
Andy Feller
24f502ba1f
Merge pull request #11370 from cli/andyfeller/11270-improve-dependabot-pr-thirdparty-checks 
Regenerate third-party licenses on trunk pushes
 2025-08-01 16:05:02 -04:00
Andy Feller
8037c61827 Update permissions and events for workflow 
This commit makes a few notable changes:

1. Use the GitHub Actions automatic token for committing changes
2. Include workflow file in paths to trigger workflow
3. Checkout the default branch explicitly
 2025-08-01 15:36:55 -04:00
Babak K. Shandiz
be67a350b8
ci: use help wanted label link in comment 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:42:30 +01:00
Babak K. Shandiz
f1996cd571
ci: anchor regexp for help wanted label 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:42:27 +01:00
Babak K. Shandiz
3d5675f5f7
Improve spam detection evals (#11419) 
* ci: improve spam detection evals

Signed-off-by: Babak K. Shandiz <babakks@github.com>

* ci: make test case names consistent

Signed-off-by: Babak K. Shandiz <babakks@github.com>

* ci: remove ill-indented/redundant test case

Signed-off-by: Babak K. Shandiz <babakks@github.com>

---------

Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-31 15:24:08 +01:00
Babak K. Shandiz
6cce077a83
docs(ci): delete obsolete comment 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2025-07-28 11:38:50 +01:00
Andy Feller
99516d64ba Regenerate third-party licenses on trunk pushes 
Fixes #11270

This commit refactors the work done in #11047 of blocking pull requests for manual `third-party` license updates to having GitHub Actions automatically update it on pushes to `trunk`.

This will allow maintainers to streamline Dependabot PR reviews while reducing contributor friction when changing dependencies.
 2025-07-23 15:29:32 -04:00
Andy Feller
13a7498279
Merge pull request #11298 from cli/dependabot/github_actions/advanced-security/filter-sarif-1.0.1 
chore(deps): bump advanced-security/filter-sarif from 1.0.0 to 1.0.1
 2025-07-23 14:06:26 -04:00
Andy Feller
7dffc39c33
Merge pull request #11332 from cli/andyfeller/11209-automate-govulncheck 
Incorporate govulncheck into workflows
 2025-07-23 10:56:51 -04:00
Kynan Ware
b2348f8386
Merge pull request #11316 from cli/babakks/automate-spam-issue-detection 
Automate spam issue detection
 2025-07-21 17:49:12 -06:00
Andy Feller
aa955e1fe6
Update .github/workflows/scripts/spam-detection/generate-sys-prompt.sh 2025-07-21 15:56:11 -04:00
Andy Feller
0c105aff8a Use gh go templating for user prompt 
`gh` has Go templating support built in, so let's use it.
 2025-07-21 15:51:48 -04:00
Andy Feller
f7448c10e6 Update eval script comments 2025-07-21 15:26:35 -04:00
Andy Feller
03cc1d8311 Remove unnecessary file for heredoc 2025-07-21 15:21:01 -04:00
Andy Feller
8610d8ba8a First pass to optimize and improve 2025-07-21 15:01:22 -04:00
Andy Feller
4da24b8a0c Limit permissions of govulncheck workflow 2025-07-21 08:44:58 -04:00