Releases: CasperWA/push-protected
v2.15.0
Extend inputs & support GH Enterprise
GH Enterprise is supported by using a variable base URL for GH and the GH REST API.
New inputs:
acceptable_conclusions: Conclusion states that will not result in errors and a failure.fail_fast: Toggle failing as soon as a status check concludes in a state not part ofacceptable_conclusions.gh_rest_api_base_url: The GH REST API base URL, defaults tohttps://api.github.com. For more information about this value, see the GH docs.post_sleep: Set the seconds the action should sleep after waiting for status checks to conclude.
Changed inputs:
pre_sleep: Renamed input for the oldsleepinput.sleep: Deprecated. It is now calledpre_sleepinstead.
Changelog
v2.15.0 (2023-11-02)
Implemented enhancements:
Fixed bugs:
- Reinstate and deprecate the
sleepinput #209
Closed issues:
Merged pull requests:
- Reinstate, but deprecate, the 'sleep' input #210 (@CasperWA )
- Add 'post_sleep' input, rename 'sleep'->'pre_sleep' #208 (@CasperWA)
- Support GH Enterprise #205 (@CasperWA)
- Add custom acceptable job run conclusions #204 (@CasperWA)
* This Changelog was automatically generated by github_changelog_generator
Contributors
Assets 2
v2.14.0
Support GitHub App tokens
Instead of checking the user role, the protected key is expected to be available for all branches, providing support for GitHub App tokens, which do not have a user role per se.
This means if the response for checking a branch's protected key returns anything than a successful response with a protected key of value true, the branch will be considered non-protected, or it will raise, ending the action run due to insufficient rights.
This was brought up and tested by @Shahaed.
Changelog
v2.14.0 (2022-09-28)
Implemented enhancements:
- Allow using Github App Token #144
Merged pull requests:
- Update dependencies #146 (CasperWA)
- Expect the
protectedkey to always exist #145 (CasperWA) - Update dependencies #143 (CasperWA)
- Update dependencies #142 (CasperWA)
* This Changelog was automatically generated by github_changelog_generator
Contributors
Assets 2
v2.13.0
Git-LFS support
Added Git-LFS support, thanks to @jbcpollak.
Also added a "Sponsor" button and implemented minor development dependency updates.
Changelog
v2.13.0 (2022-08-15)
Merged pull requests:
- add git-lfs support #139 (jbcpollak)
- Update dependencies #138 (CasperWA)
- Create FUNDING.yml #137 (CasperWA)
- Update dependencies #135 (CasperWA)
* This Changelog was automatically generated by github_changelog_generator
Contributors
Assets 2
v2.12.0
Sleep after checks have finished
Sleep 5 seconds after all status checks have returned as "finished".
This value will be made a user input and will be released as a patch update.
Changelog
v2.12.0 (2022-07-11)
Merged pull requests:
* This Changelog was automatically generated by github_changelog_generator
v2.11.0
New input path
The input allows users to specify the working directory of the action relative to $GITHUB_WORKSPACE.
Changelog
v2.11.0 (2022-07-01)
Implemented enhancements:
- Add
pathinput #128
Merged pull requests:
- New
pathinput - no moreactions/checkoutv1 testing #129 (CasperWA) - Update dependencies #127 (CasperWA)
- Update dependencies #126 (CasperWA)
- Update dependencies #122 (CasperWA)
- Update dependencies #120 (CasperWA)
- Update dependencies #118 (CasperWA)
- Update dependencies #116 (CasperWA)
* This Changelog was automatically generated by github_changelog_generator
v2.10.0
Hot-fix for multi-user vulnerability
As reported by @juris in #114, the implemented fix for a multi-user vulnerability (CVE-2022-24765) left the action without the rights to change or manipulate the checked out files and folders. This release fixes this issue by adding the root workspace directory as a git safe directory.
Changelog
v2.10.0 (2022-04-14)
Fixed bugs:
- GH GraphQL variable update for auto-merge workflow #100
Closed issues:
- Looks like git update for CVE-2022-24765 broke the action #114
Merged pull requests:
- Add `/github/workspace/ to git safe.directory #115 (CasperWA)
- Update dependencies #113 (CasperWA)
- Update dependencies #112 (CasperWA)
- Update dependencies #110 (CasperWA)
- Update dependencies #106 (CasperWA)
- Update dependencies #104 (CasperWA)
- Update dependencies #103 (CasperWA)
- Use
ID!type instead ofString!#101 (CasperWA) - Update dependencies #98 (CasperWA)
- Update dependencies #97 (CasperWA)
* This Changelog was automatically generated by github_changelog_generator
Contributors
Assets 2
v2.9.0
Check user (PAT) permissions
The API call to check whether a branch is protected or not has been updated, and can be done with the lowest of permission rights, however, at the same time, if the branch is protected, it is checked whether the user (PAT) has "admin" permission, since this is the only level that allows toggling review-protected branches, as well as getting the information about which checks are currently running.
The README has been updated with information about these permissions needed for certain use cases.
Furthermore, a debug parameter has been added to toggle set -x in the entrypoint.sh script. This is only intended for debugging purposes.
Changelog
v2.9.0 (2022-01-17)
Implemented enhancements:
Closed issues:
- Not clear which scope should I use to enable
unprotect_reviewsoption #60
Merged pull requests:
* This Changelog was automatically generated by github_changelog_generator
v2.8.0
From master to main
The default branch of the repository has been changed to main. As has the the default value for the branch parameter.
To keep some backwards compatibility for users who exploit that master was the default branch parameter value up to now, this is a last resort fallback value for the branch parameter, should the main branch not exist on the remote (in the target GitHub repository).
This fallback implementation also leeds to an intrinsic sanity check for whether or not the specified target branch exists on the remote (in the target GitHub repository) at all. Should this not be the case, the action will fail immediately.
IMPORTANT: If you are using master as the default branch for your repository and not defining either of the branch or ref parameters, while also having a main branch in your repository, this action will not work as you expect from this version and onwards. There is an easy fix for this, however; specify the branch parameter to be master:
name: Pushing to protected 'master' branch
uses: CasperWA/push-protected@v2
with:
token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }}
branch: master # This parameter should be explicitly set, to make sure the `master` branch is the target branch.Again, if you are in the above situation, but do not have a main branch in your repository, then the action will keep working as it always has. However, it is highly recommended to either change you default branch name to main or explicitly set either the branch or ref parameter.
Changelog
v2.8.0 (2022-01-03)
Implemented enhancements:
Fixed bugs:
Merged pull requests:
- Force update
mastertag #89 (CasperWA) - Fix CI runs for
mainupdates #87 (CasperWA) - Finish update to
mainwithmastertag #85 (CasperWA) - Update dependencies #82 (CasperWA)
- Use
mainas defaultbranchvalue instead ofmaster#81 (CasperWA)
* This Changelog was automatically generated by github_changelog_generator
v2.7.0
New ref argument
A new ref argument has been added. It is mutually exclusive with the branch argument, meaning one cannot specify both. If neither are specified the action has the same behavior as previously, using the default for branch ("master").
The value for ref is a git ref for a branch, e.g., refs/heads/master.
The changelog generation has also been optimized, avoiding vMAJOR versions as well as the ci_test test tag.
Changelog
v2.7.0 (2021-12-15)
Implemented enhancements:
- Consider adding
ref#61
Fixed bugs:
- Finding the "previous version" for adding changelog info to release not working #77
Merged pull requests:
* This Changelog was automatically generated by github_changelog_generator
v2.6.0
Automation, more dev tools & better console printing
Automation for dependency inclusion and more have been improved with several workflows.
Pylint, Mypy, bandit and safety have been added as CI developer tools for an improved Python code base.
When printing to the console from Python, the buffer is immediately flushed, having the effect that the GitHub Actions console immediately receives the printed statements (configuration overview and status updates) as they happen, instead of printing everything when the Python code exits.
Changelog
v2.6.0 (2021-12-08)
Implemented enhancements:
- Immediately show print statements #75 (CasperWA)
- Update pre-commit #58 (CasperWA)
- Automate dependabot more #57 (CasperWA)
Fixed bugs:
- Correct target branch for dependabot #71
actions/checkout@v1still checking out wrong commit SHA #67- Not properly reset to HEAD commit of remote branch #63
- unprotect_reviews not doing its job #54
Closed issues:
Merged pull requests:
- Update dependencies #76 (CasperWA)
- Update dependencies #73 (CasperWA)
- Change dependabot PRs target to ci/dependabot-updates #72 (CasperWA)
- Use v1 for resetting in v1 CI section #68 (CasperWA)
- Update dependencies #66 (CasperWA)
- Use GITHUB_REF instead of github.sha #65 (CasperWA)
- Solve issue with checkout v1 action #64 (CasperWA)
- Update dependencies #62 (CasperWA)
- Extend scope and rights mentions in README #56 (CasperWA)
* This Changelog was automatically generated by github_changelog_generator