Compare commits

..

15 Commits

Author SHA1 Message Date
Patrick Ellis 1dbfe1ba55 Merge pull request #276 from actions/releases/v1.1.1
Update package.json version to v1.2.0
2023-09-27 15:48:35 -04:00
Patrick Ellis 15b3c5fd4d 1.2.0 2023-09-27 15:28:33 -04:00
Patrick Ellis 75f2492c00 Merge pull request #275 from actions/pje/upgrade-codeql-actions-to-v2
Upgrade codeql actions to v2
2023-09-27 15:27:00 -04:00
Patrick Ellis cc18bea05f Upgrade codeql actions to v2
Currently we're using v1, and there have been some important changes since then.

In particular, the latest version, v2.14.4, contains an important security patch:

> The CodeQL CLI no longer supports the `SEMMLE_JAVA_ARGS` environment variable. All previous versions of the CodeQL CLI perform command substitution on the `SEMMLE_JAVA_ARGS` value (for example, replacing `'$(echo foo)'` with `'foo'`) when starting a new Java virtual machine, which, depending on the execution environment, may have security implications. Users are advised to check their environments for possible `SEMMLE_JAVA_ARGS` misuse.

See the [codeql-action release notes](https://github.com/github/codeql-cli-binaries/releases/tag/v2.14.4) for full details.
2023-09-27 15:11:26 -04:00
Cory Miller 64bdb23066 Merge pull request #105 from actions/users/cory-miller/add-first-interaction
Use first-interaction in the repository
2022-10-06 14:39:13 -04:00
Cory Miller ba7d609515 Use first-interaction in the repository 2022-10-06 14:08:49 -04:00
Cory Miller 1d8459ca65 Merge pull request #104 from actions/releases/v1.1.1
Update package version
2022-10-06 11:37:18 -04:00
Cory Miller 6a9caa2f7b Merge branch 'main' of github.com:actions/first-interaction 2022-10-06 11:32:46 -04:00
Cory Miller 92b352189b 1.1.1 2022-10-06 11:31:15 -04:00
Thomas Boop 51a6bff8bc Merge pull request #103 from thyeggman/thyeggman/fix-octokit-error
Updating bundled toolkit packages and fix error
2022-10-06 10:30:15 -04:00
Jacob Wallraff 01781a83e5 Update licenses 2022-10-03 16:16:46 -07:00
Jacob Wallraff 6b06292965 Updating bundled toolkit packages and fix error 2022-10-03 15:23:34 -07:00
Tingluo Huang dafa9ae191 Merge pull request #73 from actions/TingluoHuang-patch-1
Create codeql-analysis.yml to enable code scan
2022-03-30 13:57:38 -04:00
Tingluo Huang 07f2b50de7 Create codeql-analysis.yml 2022-03-30 13:51:26 -04:00
Ross Brodbeck 55b296e932 Create CODEOWNERS 2021-02-04 12:26:21 -05:00
21 changed files with 149 additions and 36 deletions
+71
View File
@@ -0,0 +1,71 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '31 5 * * 5'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
source-root: src
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
+27
View File
@@ -0,0 +1,27 @@
name: first-interaction
on:
issues:
types: [opened]
pull_request:
branches: [main]
types: [opened]
jobs:
check_for_first_interaction:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/first-interaction@main
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
issue-message: |
Hello! Thank you for filing an issue.
If this is a bug report, please include relevant logs to help us debug the problem.
pr-message: |
Hello! Thank you for your contribution.
If you are fixing a bug, please reference the issue number in the description.
If you are implementing a feature request, please check with the maintainers that the feature will be accepted first.
+1 -1
View File
@@ -1,6 +1,6 @@
---
name: "@actions/core"
version: 0.0.0
version: 1.10.0
type: npm
summary: Actions core lib
homepage: https://github.com/actions/toolkit/tree/master/packages/core
+1 -1
View File
@@ -1,6 +1,6 @@
---
name: "@actions/exec"
version: 0.0.0
version: 1.1.1
type: npm
summary: Actions exec lib
homepage: https://github.com/actions/toolkit/tree/master/packages/exec
+1 -1
View File
@@ -1,6 +1,6 @@
---
name: "@actions/github"
version: 0.0.0
version: 5.1.1
type: npm
summary: Actions github lib
homepage: https://github.com/actions/toolkit/tree/master/packages/github
+1 -1
View File
@@ -1,6 +1,6 @@
---
name: "@actions/io"
version: 0.0.0
version: 1.1.2
type: npm
summary: Actions io lib
homepage: https://github.com/actions/toolkit/tree/master/packages/io
+1 -1
View File
@@ -1,6 +1,6 @@
---
name: "@actions/tool-cache"
version: 0.0.0
version: 2.0.1
type: npm
summary: Actions tool-cache lib
homepage: https://github.com/actions/toolkit/tree/master/packages/exec
+1
View File
@@ -0,0 +1 @@
* @actions/actions-runtime
+30 -16
View File
@@ -1,19 +1,32 @@
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
const core = __importStar(require("@actions/core"));
const github = __importStar(require("@actions/github"));
@@ -26,7 +39,7 @@ function run() {
throw new Error('Action must have at least one of issue-message or pr-message set');
}
// Get client and context
const client = new github.GitHub(core.getInput('repo-token', { required: true }));
const client = github.getOctokit(core.getInput('repo-token', { required: true }));
const context = github.context;
if (context.payload.action !== 'opened') {
console.log('No issue or PR was opened, skipping');
@@ -66,7 +79,7 @@ function run() {
// Add a comment to the appropriate place
console.log(`Adding message: ${message} to ${issueType} ${issue.number}`);
if (isIssue) {
yield client.issues.createComment({
yield client.rest.issues.createComment({
owner: issue.owner,
repo: issue.repo,
issue_number: issue.number,
@@ -74,7 +87,7 @@ function run() {
});
}
else {
yield client.pulls.createReview({
yield client.rest.pulls.createReview({
owner: issue.owner,
repo: issue.repo,
pull_number: issue.number,
@@ -91,7 +104,7 @@ function run() {
}
function isFirstIssue(client, owner, repo, sender, curIssueNumber) {
return __awaiter(this, void 0, void 0, function* () {
const { status, data: issues } = yield client.issues.listForRepo({
const { status, data: issues } = yield client.rest.issues.listForRepo({
owner: owner,
repo: repo,
creator: sender,
@@ -113,10 +126,11 @@ function isFirstIssue(client, owner, repo, sender, curIssueNumber) {
}
// No way to filter pulls by creator
function isFirstPull(client, owner, repo, sender, curPullNumber, page = 1) {
var _a;
return __awaiter(this, void 0, void 0, function* () {
// Provide console output if we loop for a while.
console.log('Checking...');
const { status, data: pulls } = yield client.pulls.list({
const { status, data: pulls } = yield client.rest.pulls.list({
owner: owner,
repo: repo,
per_page: 100,
@@ -130,7 +144,7 @@ function isFirstPull(client, owner, repo, sender, curPullNumber, page = 1) {
return true;
}
for (const pull of pulls) {
const login = pull.user.login;
const login = (_a = pull.user) === null || _a === void 0 ? void 0 : _a.login;
if (login === sender && pull.number < curPullNumber) {
return false;
}
+6 -6
View File
@@ -1,6 +1,6 @@
{
"name": "first-interaction-action",
"version": "1.0.0",
"version": "1.2.0",
"description": "An action for greeting first time contributors.",
"main": "lib/main.js",
"scripts": {
@@ -26,11 +26,11 @@
},
"homepage": "https://github.com/actions/first-interaction#readme",
"dependencies": {
"@actions/core": "file:toolkit/actions-core-0.0.0.tgz",
"@actions/exec": "file:toolkit/actions-exec-0.0.0.tgz",
"@actions/github": "file:toolkit/actions-github-0.0.0.tgz",
"@actions/io": "file:toolkit/actions-io-0.0.0.tgz",
"@actions/tool-cache": "file:toolkit/actions-tool-cache-0.0.0.tgz"
"@actions/core": "file:toolkit/actions-core-1.10.0.tgz",
"@actions/exec": "file:toolkit/actions-exec-1.1.1.tgz",
"@actions/github": "file:toolkit/actions-github-5.1.1.tgz",
"@actions/io": "file:toolkit/actions-io-1.1.2.tgz",
"@actions/tool-cache": "file:toolkit/actions-tool-cache-2.0.1.tgz"
},
"devDependencies": {
"@types/jest": "^24.0.13",
+9 -9
View File
@@ -11,7 +11,7 @@ async function run() {
);
}
// Get client and context
const client: github.GitHub = new github.GitHub(
const client = github.getOctokit(
core.getInput('repo-token', {required: true})
);
const context = github.context;
@@ -71,14 +71,14 @@ async function run() {
// Add a comment to the appropriate place
console.log(`Adding message: ${message} to ${issueType} ${issue.number}`);
if (isIssue) {
await client.issues.createComment({
await client.rest.issues.createComment({
owner: issue.owner,
repo: issue.repo,
issue_number: issue.number,
body: message
});
} else {
await client.pulls.createReview({
await client.rest.pulls.createReview({
owner: issue.owner,
repo: issue.repo,
pull_number: issue.number,
@@ -87,19 +87,19 @@ async function run() {
});
}
} catch (error) {
core.setFailed(error.message);
core.setFailed((error as any).message);
return;
}
}
async function isFirstIssue(
client: github.GitHub,
client: ReturnType<typeof github.getOctokit>,
owner: string,
repo: string,
sender: string,
curIssueNumber: number
): Promise<boolean> {
const {status, data: issues} = await client.issues.listForRepo({
const {status, data: issues} = await client.rest.issues.listForRepo({
owner: owner,
repo: repo,
creator: sender,
@@ -125,7 +125,7 @@ async function isFirstIssue(
// No way to filter pulls by creator
async function isFirstPull(
client: github.GitHub,
client: ReturnType<typeof github.getOctokit>,
owner: string,
repo: string,
sender: string,
@@ -134,7 +134,7 @@ async function isFirstPull(
): Promise<boolean> {
// Provide console output if we loop for a while.
console.log('Checking...');
const {status, data: pulls} = await client.pulls.list({
const {status, data: pulls} = await client.rest.pulls.list({
owner: owner,
repo: repo,
per_page: 100,
@@ -151,7 +151,7 @@ async function isFirstPull(
}
for (const pull of pulls) {
const login: string = pull.user.login;
const login = pull.user?.login;
if (login === sender && pull.number < curPullNumber) {
return false;
}
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.