oats-center / isoblue

ISOBlue Hardware, Avena software, and Deployment Files
MIT License
20 stars 9 forks source link

Bump mszostok/codeowners-validator from 0.6.0 to 0.7.1 #176

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps mszostok/codeowners-validator from 0.6.0 to 0.7.1.

Release notes

Sourced from mszostok/codeowners-validator's releases.

v0.7.1

🔧 Bug fix release for 0.7.0 is now available!

Issue

Reports Team does not belong to organization error even if team is assigned to a proper GitHub organization. (mszostok/codeowners-validator#121)

Root cause

This was a side effect of mszostok/codeowners-validator#78 where not only team was normalized. Unfortunately, it was not detected by the integration test, as I used only the gh-codeowners organization. As you can see, it's all lower-case.

To reproduce the problem, I created a new organization GitHubCODEOWNERS and executed the v0.7 against it and ran into the same problem: https://github.com/GitHubCODEOWNERS/codeowners-samples/runs/5173200010?check_suite_focus=true

I tested that further to check whether GitHub also is case-insensitive for Organization names:

Corrective and Preventative Measures

To fix that problem, I created this PR: mszostok/codeowners-validator#122 and tested also against a newly created organization: https://github.com/GitHubCODEOWNERS/codeowners-samples/runs/5173279973?check_suite_focus=true

I also added new integration tests against new GitHubCODEOWNERS organization to ensure no regression in the future.

Additional Corrective and Preventative Measures

In this case it's a bit of revers engineering as I don't have access to GitHub code which is responsible for assigning owners. As a result, I will need to create yet another e2e test that will be executed periodically to:

  • Create a sample PR against files where @GiTHubCodeOwners/A-TeAm is specified and check whether GitHub is still case-insensitive and assigns @GitHubCodeowners/a-team properly.

In this way, I will be notified when GitHub will change its behavior and I will be able to release a new version that will match a changed functionality.

Changelog

Please see: https://github.com/mszostok/codeowners-validator/releases/tag/v0.7.0

v0.7.0

🎉 GitHub Codeowners Validator 0.7.0 is now available!

Highlights

🔧 Bug Fixes

  • Normalize team name before comparison (#78) (@​mszostok) GitHub is case-insensitive when assigning owners for a review. To match this approach now owners are normalized before checking if they exist under a given GitHub organization.
  • Allow unowned patterns by default with an option to change it (#113) (@​mszostok) GitHub allows you to define a pattern and left its owners empty. For example:
    /apps/ @octocat
    /apps/github 
    
    In version 0.6 this was reported as error (Missing owner, at least one owner is required). In this release, this check was moved under owner checker and made optional. As a result, validator may work in a picky mode when needed, see new option:

... (truncated)

Commits
  • 2f478ec Prepare for release v0.7.1 (#123)
  • a4545a8 Make the org comparison case-insensitive too (#122)
  • 6bf04a9 Add login to Docker Hub
  • 623a681 Remove upx-3.96-amd64_linux.tar.xz archive before goreleaser execution
  • a74f7fa Fix tar expression
  • 5136b12 Ensure that git is not in dirty state after upx download
  • c4754a1 Adjust docs and GitHub action for v0.7.0 release (#120)
  • dcfa851 Update goreleaser, add release GitHub Action
  • 0e709b4 Changed belongs to belong in error message, add integration tests(#108)
  • e933870 Fix spelling of brand GitHub (#106)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #184.