chore: @npmcli/template-oss@4.11.0

npm · Dec 12, 2022 · fdd5ad5 · fdd5ad5
1 parent 72b4956
commit fdd5ad5
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 73 deletions.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -33,5 +33,7 @@ jobs:
  run: npm -v
  - name: Install Dependencies
  run: npm i --ignore-scripts --no-audit --no-fund --package-lock
- - name: Run Audit
- run: npm audit
+ - name: Run Production Audit
+ run: npm audit --omit=dev
+ - name: Run Full Audit
+ run: npm audit --audit-level=none
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
@@ -3,6 +3,12 @@
 name: CI - Release
 
 on:
+ workflow_dispatch:
+ inputs:
+ ref:
+ required: true
+ type: string
+ default: main
  workflow_call:
  inputs:
  ref:
@@ -23,7 +29,7 @@ jobs:
  steps:
  - name: Get Workflow Job
  uses: actions/github-script@v6
-
+ if: inputs.check-sha
  id: check-output
  env:
  JOB_NAME: "Lint All"
@@ -57,7 +63,7 @@ jobs:
  - name: Create Check
  uses: LouisBrunner/checks-action@v1.3.1
  id: check
-
+ if: inputs.check-sha
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  status: in_progress
@@ -88,7 +94,7 @@ jobs:
  run: npm run postlint --ignore-scripts
  - name: Conclude Check
  uses: LouisBrunner/checks-action@v1.3.1
- if: always()
+ if: steps.check.outputs.check_id && always()
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  conclusion: ${{ job.status }}
@@ -124,7 +130,7 @@ jobs:
  steps:
  - name: Get Workflow Job
  uses: actions/github-script@v6
-
+ if: inputs.check-sha
  id: check-output
  env:
  JOB_NAME: "Test All"
@@ -158,7 +164,7 @@ jobs:
  - name: Create Check
  uses: LouisBrunner/checks-action@v1.3.1
  id: check
-
+ if: inputs.check-sha
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  status: in_progress
@@ -203,7 +209,7 @@ jobs:
  run: npm test --ignore-scripts
  - name: Conclude Check
  uses: LouisBrunner/checks-action@v1.3.1
- if: always()
+ if: steps.check.outputs.check_id && always()
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  conclusion: ${{ job.status }}

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -14,56 +14,6 @@ on:
  - cron: "0 9 * * 1"
 
 jobs:
- engines:
- name: Engines - ${{ matrix.platform.name }} - ${{ matrix.node-version }}
- if: github.repository_owner == 'npm'
- strategy:
- fail-fast: false
- matrix:
- platform:
- - name: Linux
- os: ubuntu-latest
- shell: bash
- node-version:
- - 14.17.0
- - 16.13.0
- - 18.0.0
- runs-on: ${{ matrix.platform.os }}
- defaults:
- run:
- shell: ${{ matrix.platform.shell }}
- steps:
- - name: Checkout
- uses: actions/checkout@v3
- - name: Setup Git User
- run: |
- git config --global user.email "npm-cli+bot@github.com"
- git config --global user.name "npm CLI robot"
- - name: Setup Node
- uses: actions/setup-node@v3
- with:
- node-version: ${{ matrix.node-version }}
- - name: Update Windows npm
- # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows
- if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.'))
- run: |
- curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz
- tar xf npm-7.5.4.tgz
- cd package
- node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz
- cd ..
- rmdir /s /q package
- - name: Install npm@7
- if: startsWith(matrix.node-version, '10.')
- run: npm i --prefer-online --no-fund --no-audit -g npm@7
- - name: Install npm@latest
- if: ${{ !startsWith(matrix.node-version, '10.') }}
- run: npm i --prefer-online --no-fund --no-audit -g npm@latest
- - name: npm Version
- run: npm -v
- - name: Install Dependencies
- run: npm i --ignore-scripts --no-audit --no-fund --engines-strict
-
  lint:
  name: Lint
  if: github.repository_owner == 'npm'

diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml
@@ -66,10 +66,10 @@ jobs:
  # This only sets the conventional commit prefix. This workflow can't reliably determine
  # what the breaking change is though. If a BREAKING CHANGE message is required then
  # this PR check will fail and the commit will be amended with stafftools
- if [[ "${{ steps.dependabot-metadata.outputs.update-type }}" == "version-update:semver-major" ]]; then
+ if [[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-major" ]]; then
  prefix='feat!'
  else
- prefix='chore!'
+ prefix='chore'
  fi
  echo "::set-output name=message::$prefix: postinstall for dependabot template-oss PR"
 
@@ -90,7 +90,7 @@ jobs:
  # and attempt to commit and push again. This is helpful because we will have a commit
  # with the correct prefix that we can then --amend with @npmcli/stafftools later.
  - name: Push All Changes Except Workflows
- if: steps.apply.outputs.changes && steps.push-all.outcome == 'failure'
+ if: steps.apply.outputs.changes && steps.push.outcome == 'failure'
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  run: |

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,6 +8,7 @@ on:
  branches:
  - main
  - latest
+ - release/v*
 
 permissions:
  contents: write
@@ -73,9 +74,9 @@ jobs:
  const comments = await github.paginate(github.rest.issues.listComments, issue)
  let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id
 
- body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Rerun for This Release\n\n`
+ body += `Release workflow run: ${workflow.html_url}\n\n#### Force CI to Update This Release\n\n`
  body += `This PR will be updated and CI will run for every non-\`chore:\` commit that is pushed to \`main\`. `
- body += `To force CI to rerun, run this command:\n\n`
+ body += `To force CI to update this PR, run this command:\n\n`
  body += `\`\`\`\ngh workflow run release.yml -r ${REF_NAME}\n\`\`\``
 
  if (commentId) {
@@ -88,7 +89,7 @@ jobs:
  return commentId
  - name: Get Workflow Job
  uses: actions/github-script@v6
- if: steps.release.outputs.pr-number
+ if: steps.release.outputs.pr-sha
  id: check-output
  env:
  JOB_NAME: "Release"
@@ -122,7 +123,7 @@ jobs:
  - name: Create Check
  uses: LouisBrunner/checks-action@v1.3.1
  id: check
- if: steps.release.outputs.pr-number
+ if: steps.release.outputs.pr-sha
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  status: in_progress
@@ -167,7 +168,7 @@ jobs:
  RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }}
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  run: |
- npm exec --offline -- template-oss-release-manager
+ npm exec --offline -- template-oss-release-manager --lockfile=false
  npm run rp-pull-request --ignore-scripts --if-present
  - name: Commit
  id: commit
@@ -179,7 +180,7 @@ jobs:
  echo "::set-output name=sha::$(git rev-parse HEAD)"
  - name: Get Workflow Job
  uses: actions/github-script@v6
-
+ if: steps.commit.outputs.sha
  id: check-output
  env:
  JOB_NAME: "Update - Release"
@@ -213,7 +214,7 @@ jobs:
  - name: Create Check
  uses: LouisBrunner/checks-action@v1.3.1
  id: check
-
+ if: steps.commit.outputs.sha
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  status: in_progress
@@ -222,7 +223,7 @@ jobs:
  output: ${{ steps.check-output.outputs.result }}
  - name: Conclude Check
  uses: LouisBrunner/checks-action@v1.3.1
- if: always()
+ if: needs.release.outputs.check-id && always()
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  conclusion: ${{ job.status }}
@@ -260,7 +261,7 @@ jobs:
  echo "::set-output name=result::$result"
  - name: Conclude Check
  uses: LouisBrunner/checks-action@v1.3.1
- if: always()
+ if: needs.update.outputs.check-id && always()
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  conclusion: ${{ steps.needs-result.outputs.result }}

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,3 +1,14 @@
 <!-- This file is automatically added by @npmcli/template-oss. Do not edit. -->
 
-Please send vulnerability reports through [hackerone](https://hackerone.com/github).
+GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
+
+If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. 
+
+If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
+
+If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award.
+
+**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+Thanks for helping make GitHub safe for everyone.
+
diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
  "main": "lib/index.js",
  "devDependencies": {
  "@npmcli/eslint-config": "^4.0.0",
- "@npmcli/template-oss": "4.6.0",
+ "@npmcli/template-oss": "4.11.0",
  "tap": "^16.3.0"
  },
  "scripts": {
@@ -47,6 +47,6 @@
  },
  "templateOSS": {
  "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
- "version": "4.6.0"
+ "version": "4.11.0"
  }
 }