diff --git a/.github/actions/create-check/action.yml b/.github/actions/create-check/action.yml index aa24a5b0..d1220c90 100644 --- a/.github/actions/create-check/action.yml +++ b/.github/actions/create-check/action.yml @@ -25,7 +25,7 @@ runs: with: result-encoding: string script: | - const { repo: { owner, repo}, runId, serverUrl } = context + const { repo: { owner, repo}, runId, serverUrl } = context const { JOB_NAME, SHA } = process.env const job = await github.rest.actions.listJobsForWorkflowRun({ diff --git a/.github/actions/install-latest-npm/action.yml b/.github/actions/install-latest-npm/action.yml index 8339dbf0..580603dd 100644 --- a/.github/actions/install-latest-npm/action.yml +++ b/.github/actions/install-latest-npm/action.yml @@ -44,7 +44,7 @@ runs: MATCH=$SPEC echo "Found compatible version: npm@$MATCH" break - fi + fi done if [ -z $MATCH ]; then diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index a7ebe12d..1ea8693c 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -49,7 +49,7 @@ jobs: id: flags run: | dependabot_dir="${{ steps.metadata.outputs.directory }}" - if [[ "$dependabot_dir" == "/" ]]; then + if [[ "$dependabot_dir" == "/" || "$dependabot_dir" == "/main" ]]; then echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a diff --git a/SECURITY.md b/SECURITY.md index 9cd2deaf..4fe06a2a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). -If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). diff --git a/lib/content/SECURITY-md.hbs b/lib/content/SECURITY-md.hbs index 2a877aa8..79276315 100644 --- a/lib/content/SECURITY-md.hbs +++ b/lib/content/SECURITY-md.hbs @@ -1,6 +1,6 @@ GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). -If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). diff --git a/lib/content/action-create-check-yml.hbs b/lib/content/action-create-check-yml.hbs index 1ac91f97..fe8f10dc 100644 --- a/lib/content/action-create-check-yml.hbs +++ b/lib/content/action-create-check-yml.hbs @@ -23,7 +23,7 @@ runs: with: result-encoding: string script: | - const { repo: { owner, repo}, runId, serverUrl } = context + const { repo: { owner, repo}, runId, serverUrl } = context const { JOB_NAME, SHA } = process.env const job = await github.rest.actions.listJobsForWorkflowRun({ diff --git a/lib/content/action-install-latest-npm-yml.hbs b/lib/content/action-install-latest-npm-yml.hbs index ee423487..c986c18e 100644 --- a/lib/content/action-install-latest-npm-yml.hbs +++ b/lib/content/action-install-latest-npm-yml.hbs @@ -42,7 +42,7 @@ runs: MATCH=$SPEC echo "Found compatible version: npm@$MATCH" break - fi + fi done if [ -z $MATCH ]; then diff --git a/lib/content/post-dependabot-yml.hbs b/lib/content/post-dependabot-yml.hbs index 46cfdc58..6842e490 100644 --- a/lib/content/post-dependabot-yml.hbs +++ b/lib/content/post-dependabot-yml.hbs @@ -26,7 +26,7 @@ jobs: id: flags run: | dependabot_dir="$\{{ steps.metadata.outputs.directory }}" - if [[ "$dependabot_dir" == "/" ]]; then + if [[ "$dependabot_dir" == "/" || "$dependabot_dir" == "/{{ releaseBranch }}" ]]; then echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a @@ -64,7 +64,7 @@ jobs: run: | git commit -am "$\{{ steps.apply.outputs.message }}" git push - + # If the previous step failed, then reset the commit and remove any workflow changes # and attempt to commit and push again. This is helpful because we will have a commit # with the correct prefix that we can then --amend with @npmcli/stafftools later. @@ -98,4 +98,3 @@ jobs: echo "This PR has a breaking change. Run 'npx -p @npmcli/stafftools gh template-oss-fix'" echo "for more information on how to fix this with a BREAKING CHANGE footer." exit 1 - diff --git a/lib/util/dependabot.js b/lib/util/dependabot.js index 38f4dd8e..5e0df40c 100644 --- a/lib/util/dependabot.js +++ b/lib/util/dependabot.js @@ -1,7 +1,7 @@ const { name: NAME } = require('../../package.json') const { minimatch } = require('minimatch') -const parseDependabotConfig = v => (typeof v === 'string' ? { strategy: v } : v ?? {}) +const parseDependabotConfig = v => (typeof v === 'string' ? { strategy: v } : (v ?? {})) module.exports = (config, defaultConfig, branches) => { const { dependabot } = config diff --git a/tap-snapshots/test/apply/source-snapshots.js.test.cjs b/tap-snapshots/test/apply/source-snapshots.js.test.cjs index 27e0be01..667ebcf9 100644 --- a/tap-snapshots/test/apply/source-snapshots.js.test.cjs +++ b/tap-snapshots/test/apply/source-snapshots.js.test.cjs @@ -72,7 +72,7 @@ runs: with: result-encoding: string script: | - const { repo: { owner, repo}, runId, serverUrl } = context + const { repo: { owner, repo}, runId, serverUrl } = context const { JOB_NAME, SHA } = process.env const job = await github.rest.actions.listJobsForWorkflowRun({ @@ -146,7 +146,7 @@ runs: MATCH=$SPEC echo "Found compatible version: npm@$MATCH" break - fi + fi done if [ -z $MATCH ]; then @@ -725,7 +725,7 @@ jobs: id: flags run: | dependabot_dir="\${{ steps.metadata.outputs.directory }}" - if [[ "$dependabot_dir" == "/" ]]; then + if [[ "$dependabot_dir" == "/" || "$dependabot_dir" == "/main" ]]; then echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a @@ -1414,7 +1414,7 @@ SECURITY.md GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). -If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). @@ -1512,7 +1512,7 @@ runs: with: result-encoding: string script: | - const { repo: { owner, repo}, runId, serverUrl } = context + const { repo: { owner, repo}, runId, serverUrl } = context const { JOB_NAME, SHA } = process.env const job = await github.rest.actions.listJobsForWorkflowRun({ @@ -1586,7 +1586,7 @@ runs: MATCH=$SPEC echo "Found compatible version: npm@$MATCH" break - fi + fi done if [ -z $MATCH ]; then @@ -2383,7 +2383,7 @@ jobs: id: flags run: | dependabot_dir="\${{ steps.metadata.outputs.directory }}" - if [[ "$dependabot_dir" == "/" ]]; then + if [[ "$dependabot_dir" == "/" || "$dependabot_dir" == "/main" ]]; then echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a @@ -3099,7 +3099,7 @@ SECURITY.md GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub). -If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. +If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). @@ -3300,7 +3300,7 @@ runs: with: result-encoding: string script: | - const { repo: { owner, repo}, runId, serverUrl } = context + const { repo: { owner, repo}, runId, serverUrl } = context const { JOB_NAME, SHA } = process.env const job = await github.rest.actions.listJobsForWorkflowRun({ @@ -3374,7 +3374,7 @@ runs: MATCH=$SPEC echo "Found compatible version: npm@$MATCH" break - fi + fi done if [ -z $MATCH ]; then @@ -3907,7 +3907,7 @@ jobs: id: flags run: | dependabot_dir="\${{ steps.metadata.outputs.directory }}" - if [[ "$dependabot_dir" == "/" ]]; then + if [[ "$dependabot_dir" == "/" || "$dependabot_dir" == "/main" ]]; then echo "workspace=-iwr" >> $GITHUB_OUTPUT else # strip leading slash from directory so it works as a