From 01c0685475e34522f8db0e50d0b71097a33df2ba Mon Sep 17 00:00:00 2001 From: Cody Spath Date: Fri, 30 Jan 2026 13:50:07 -0500 Subject: [PATCH 1/2] chore: update CI to not try to publish unless a version changed --- .github/workflows/release.yml | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4851ee5..d518303 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,6 +3,12 @@ name: CI on: push: branches: [ main, beta, prerelease ] + paths: + - 'src/**' + - 'package.json' + - 'webpack.config.js' + - 'tsconfig.json' + - 'yarn.lock' workflow_dispatch: jobs: @@ -11,10 +17,29 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + with: + fetch-depth: 2 # Need previous commit to compare versions + - name: Extract branch name shell: bash - run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT id: extract_branch + + - name: Check if version changed + id: version_check + run: | + OLD_VERSION=$(git show HEAD~1:package.json 2>/dev/null | jq -r '.version' || echo "0.0.0") + NEW_VERSION=$(jq -r '.version' package.json) + echo "old_version=$OLD_VERSION" + echo "new_version=$NEW_VERSION" + if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then + echo "Version changed from $OLD_VERSION to $NEW_VERSION" + echo "changed=true" >> $GITHUB_OUTPUT + else + echo "Version unchanged ($NEW_VERSION)" + echo "changed=false" >> $GITHUB_OUTPUT + fi + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # 4.4.0 with: node-version: '22.13.0' @@ -26,21 +51,24 @@ jobs: - run: yarn run prettier:check - run: yarn run lint - name: Publish to Visual Studio Marketplace - if: ${{ steps.extract_branch.outputs.branch != 'prerelease' }} + if: ${{ (steps.version_check.outputs.changed == 'true' || github.event_name == 'workflow_dispatch') && steps.extract_branch.outputs.branch != 'prerelease' }} uses: HaaLeo/publish-vscode-extension@v1.5.0 with: pat: ${{ secrets.VS_MARKETPLACE_TOKEN }} registryUrl: https://marketplace.visualstudio.com yarn: true + - name: Publish to Visual Studio Marketplace for pre-release - if: ${{ steps.extract_branch.outputs.branch == 'prerelease' }} + if: ${{ (steps.version_check.outputs.changed == 'true' || github.event_name == 'workflow_dispatch') && steps.extract_branch.outputs.branch == 'prerelease' }} uses: HaaLeo/publish-vscode-extension@v1.5.0 with: pat: ${{ secrets.VS_MARKETPLACE_TOKEN }} registryUrl: https://marketplace.visualstudio.com yarn: true preRelease: true + - name: Publish to Open VSX Registry + if: ${{ steps.version_check.outputs.changed == 'true' || github.event_name == 'workflow_dispatch' }} uses: HaaLeo/publish-vscode-extension@v0 with: pat: ${{ secrets.OPEN_VSX_TOKEN }} From aae0f646f2a8c553293e1d26484bf8a5d28794c1 Mon Sep 17 00:00:00 2001 From: Cody Spath Date: Mon, 2 Feb 2026 12:29:49 -0500 Subject: [PATCH 2/2] chore: add SECURITY.md --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..10f1d1a --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Reporting and Fixing Security Issues + +Please report all security issues to the LaunchDarkly security team by submitting a bug bounty report to our [HackerOne program](https://hackerone.com/launchdarkly?type=team). LaunchDarkly will triage and address all valid security issues following the response targets defined in our program policy. Valid security issues may be eligible for a bounty. + +Please do not open issues or pull requests for security issues. This makes the problem immediately visible to everyone, including potentially malicious actors.