Update mszostok/codeowners-validator action to v0.7.4 #320
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
added
dependencies
dependencies-ci
dependencies-minor
dependencies-ci-minor
labels
renovate
bot
force-pushed
the
renovate/mszostok-codeowners-validator-0.x
branch
from
d2b65b4
to
dbe1746
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/mszostok-codeowners-validator-0.x
branch
from
dbe1746
to
7177315
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/mszostok-codeowners-validator-0.x
branch
from
7177315
to
9a28e6f
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/mszostok-codeowners-validator-0.x
branch
7 times, most recently
from
ce45309
to
66b0dff
Compare
renovate
bot
force-pushed
the
renovate/mszostok-codeowners-validator-0.x
branch
3 times, most recently
from
41748d8
to
a8f5ae5
Compare
renovate
bot
force-pushed
the
renovate/mszostok-codeowners-validator-0.x
branch
2 times, most recently
from
e26166f
to
cfdba9c
Compare
renovate
bot
force-pushed
the
renovate/mszostok-codeowners-validator-0.x
branch
from
cfdba9c
to
0e0b331
Compare
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?s=60&v=4){kind=small}
trafico-bot
bot
added
approved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.6.0->v0.7.4Release Notes
mszostok/codeowners-validator
v0.7.4Compare Source
🎉 GitHub Codeowners Validator 0.7.4 is now available!
Highlights
✨ New functionality
Support GitHub App authentication (#146) (@julienduchesne)
Now, you can use the GitHub App auth instead of private token. Read more here: https://github.com/mszostok/codeowners-validator/blob/main/docs/gh-token.md#github-app.
New experimental check: Avoid shadowing (#149) (@julienduchesne)
Reports if entries go from least specific to most specific. Otherwise, earlier entries are completely ignored.
For example:
First entry
Shadows - reported as error
OK
🔧 Bug Fixes
not-ownedchecker (#148) (@mszostok)Added to solve problem whttps://github.com/actions/checkout/issues/766/766.
Changelog
7dfc6dc: Support Github App authentication (#146) (@julienduchesne)0e995bc: New experimental check: Avoid shadowing (#149) (@julienduchesne)d1be488: Apply hot fix to resolve issue with untrusted git repository fornot-ownedchecker (#148) (@mszostok)cfa4033: Update main README.md (#153) (@mszostok)7f3f5e2: Adjust docs and GitHub action for v0.7.4 release (#154) (@mszostok)v0.7.3Compare Source
🎉 GitHub Codeowners Validator 0.7.3 is now available!
Highlights
✨ New functionality
Now you can specify against which subdirectories the
not-ownedcheck should be executed. To configure that, use theNOT_OWNED_CHECKER_SUBDIRECTORIESenvironment variable. In the default mode, it works as previously, where all files are checked.🔧 Bug Fixes
The previous release informs the user about the internal error, but the exit code was not properly propagated. Now, besides the error message, the exit code is also set.
Changelog
a16e4b9: not-owned-checker: Add git-ls-tree implementation with subdirectory support (#141) (@jeremycohen)2ae5a4b: Add token validation when necessary, fmt shell code, enable 'gocritics' (#143) (@mszostok)4e0aa9d: Prepare for release v0.7.3 (#144) (@mszostok)436c7ac: Fix scope and internal error handling (#145) (@mszostok)v0.7.2Compare Source
🎉 GitHub Codeowners Validator 0.7.2 is now available!
Highlights
🔧 Bug Fixes
This fixes a tech debt where
codeowners-validatoronly logged the internal error and excited with0status code. Now, if there is any error, a proper exit code is returned.Recently, GitHub allowed comments in CODEOWNERS files to appear at the end of a line, not just on their own line. As a result, a validation rule was removed to conform with a new syntax.
✨ New checks
Now you can enable more strict rule and specify that only teams are allowed as owners of files.
🛡️ Security
Installation
See the Installation section for more installation options.
Docker images
ghcr.io:
docker pull ghcr.io/mszostok/codeowners-validator:stabledocker pull ghcr.io/mszostok/codeowners-validator:v0docker pull ghcr.io/mszostok/codeowners-validator:v0.7docker pull ghcr.io/mszostok/codeowners-validator:v0.7.2Changelog 🚀
d95ed83: Allow comments in pattern line, update golangci-lint (#129) (@mszostok)d7b92b1: Handle internal err, return issue with empty codeowners or git dirty state (#130) (@mszostok)bcdcc57: Bump dependencies (#135) (@mszostok)3315c00: Add a flag to only allow teams as owners (#127) (@seveas)5b87d6b: Add missing cfg in action.yml, add missing test for 'OwnersMustBeTeams' check (#137) (@mszostok)127e9a8: Bump alpine from 3.15.3 to 3.15.4 (#136) (@dependabot[bot])f555ba6: Prepare for release v0.7.2 (#138) (@mszostok)v0.7.1Compare Source
🔧 Bug fix release for 0.7.1 is now available!
Issue
Reports
Team does not belong to organizationerror even if team is assigned to a proper GitHub organization. (https://github.com/mszostok/codeowners-validator/issues/121)Root cause
This was a side effect of https://github.com/mszostok/codeowners-validator/pull/78#issuecomment-941445181 where not only team was normalized. Unfortunately, it was not detected by the integration test, as I used only the gh-codeowners organization. As you can see, it's all lower-case.
To reproduce the problem, I created a new organization GitHubCODEOWNERS and executed the v0.7 against it and ran into the same problem: https://github.com/GitHubCODEOWNERS/codeowners-samples/runs/5173200010?check_suite_focus=true
I tested that further to check whether GitHub also is case-insensitive for Organization names:
As you can see, code owners were properly assigned.
Corrective and Preventative Measures
To fix that problem, I created this PR: https://github.com/mszostok/codeowners-validator/pull/122 and tested also against a newly created organization: https://github.com/GitHubCODEOWNERS/codeowners-samples/runs/5173279973?check_suite_focus=true
I also added new integration tests against new GitHubCODEOWNERS organization to ensure no regression in the future.
Additional Corrective and Preventative Measures
In this case it's a bit of revers engineering as I don't have access to GitHub code which is responsible for assigning owners. As a result, I will need to create yet another e2e test that will be executed periodically to:
@GiTHubCodeOwners/A-TeAmis specified and check whether GitHub is still case-insensitive and assigns@GitHubCodeowners/a-teamproperly.In this way, I will be notified when GitHub will change its behavior and I will be able to release a new version that will match a changed functionality.
Changelog
Please see: https://github.com/mszostok/codeowners-validator/releases/tag/v0.7.0
v0.7.0Compare Source
🎉 GitHub Codeowners Validator 0.7.0 is now available!
Highlights
🔧 Bug Fixes
Normalize team name before comparison (#78) (@mszostok)
GitHub is case-insensitive when assigning owners for a review. To match this approach now owners are normalized before checking if they exist under a given GitHub organization.
Allow unowned patterns by default with an option to change it (#113) (@mszostok)
GitHub allows you to define a pattern and left its owners empty. For example:
In version 0.6 this was reported as error (
Missing owner, at least one owner is required).In this release, this check was moved under
ownerchecker and made optional. As a result, validator may work in a picky mode when needed, see new option:true/infra/oncall-rotator/ @​sre-team/infra/oncall-rotator/oncall-config.ymlThe
/infra/oncall-rotator/oncall-config.ymlfile is not owned by anyone.Additionally, it is now reported as
warningnoterror:Fix spelling of brand GitHub (#106) (@jsoref)
0e709b4: Changed belongs to belong in error message, add integration tests(#108) (@kyleellman)✨ New checks
In v0.7 an error is reported when more than one CODEOWNERS file is detected.
📖 Docs
🛡️ Security
cc618b4) (@mszostok)5d8bce3) (@mszostok)Installation
See the Installation section for more installation options.
Docker images
ghcr.io:
docker pull ghcr.io/mszostok/codeowners-validator:stabledocker pull ghcr.io/mszostok/codeowners-validator:v0docker pull ghcr.io/mszostok/codeowners-validator:v0.7docker pull ghcr.io/mszostok/codeowners-validator:v0.7.0Docker Hub:
docker pull mszostok/codeowners-validator:latestdocker pull mszostok/codeowners-validator:v0.7.0docker pull mszostok/codeowners-validator:v0.7Changelog 🚀
0078c61: Add initial pull-request GitHub Action (@mszostok)8800a24: Migrate tests from TravisCI to GitHub Action (#66) (@mszostok)e490734: Fix shellcheck issues (#75) (@mszostok)d86b542: Add information how to configure GitHub action (#74) (@mszostok)cc618b4: Add CodeQL analysis GH job (@mszostok)5d8bce3: Create SECURITY.md (@mszostok)58fe8a3: Normalize team name before comparison (#78) (@mszostok)80f3ee0: Replace deprecated go get with go install (#79) (@mszostok)16266ad: Configure Dependabot for v2 (@mszostok)1b1093a: Update deps for Go and Dockerfile and switch to Go 1.17 (#89) (@mszostok)2044fb5: Apply fixes after branch rename (#92) (@mszostok)51f4627: Rename workflow branches (@mszostok)c907f36: Change dependabot interval from daily to monthly (@mszostok)ac35737: Bump dependencies (#110) (@mszostok)add91fe: Enforce only one CODEOWNERS file (#100) (@athtran)5367f8a: Allow unowned patterns by default with an option to change it (#113) (@mszostok)e933870: Fix spelling of brand GitHub (#106) (@jsoref)0e709b4: Changed belongs to belong in error message, add integration tests(#108) (@kyleellman)dcfa851: Update goreleaser, add release GitHub Action (@mszostok)c4754a1: Adjust docs and GitHub action for v0.7.0 release (#120) (@mszostok)5136b12: Ensure that git is not in dirty state after upx download (@mszostok)a74f7fa: Fix tar expression (@mszostok)623a681: Remove upx-3.96-amd64_linux.tar.xz archive before goreleaser execution (@mszostok)6bf04a9: Add login to Docker Hub (@mszostok)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.