Skip to content

chore: Cherry-picked changes from upstream #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Raj-StepSecurity merged 3 commits into from
Dec 29, 2025
Merged

chore: Cherry-picked changes from upstream #38

Raj-StepSecurity merged 3 commits into from
Dec 29, 2025
+30 −0

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 24, 2025

Cherry-picked changes from upstream.

@github-actions
Copy link
Contributor Author

github-actions bot commented Dec 24, 2025

🚀 PR Updated!

The PR has been updated with the latest cherry-picked commits.

@step-security/maintained-actions-dev Please review and approve the changes.

📦 Target Release Version: v0.2.20
📋 Previous Release Version: v0.2.19

⚠️ Completely Skipped Commits Due to only modifying files in: package.json, package-lock.json, yarn.lock, node_modules/, dist/, or .gitignore

  • 7382be55111a5c3bb4959f0ceca86a06ddb8f99d

❗ Missing Files:

  • tests/fixtures/git-status.out-2

🛑 Workflow Files (Cannot be auto-applied by GitHub Actions):

  • .github/workflows/ci.yaml from commit 031086fccab25c63c05ca86ef20ec79042fa5608
  • .github/workflows/licensing.yaml from commit 031086fccab25c63c05ca86ef20ec79042fa5608
  • .github/workflows/release.yaml from commit 031086fccab25c63c05ca86ef20ec79042fa5608
  • .github/workflows/self-test.yaml from commit 031086fccab25c63c05ca86ef20ec79042fa5608
  • .github/workflows/validate-renovate.yml from commit 031086fccab25c63c05ca86ef20ec79042fa5608
  • .github/workflows/release.yaml from commit 186dd9959356800921d41f5398c0e1d39fe5f177

❌ Conflicting Files:

  • Dockerfile from commit 25309d8005ac7c3bcd61d3fe19b69e0fe47dbdde

@github-actions
Copy link
Contributor Author

github-actions bot commented Dec 24, 2025

🔍 Cherry-Pick Verification Report

📦 Upstream Changes: v0.2.19...v0.2.20

📋 File-by-File Analysis:

.github/workflows/ci.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

.github/workflows/licensing.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

.github/workflows/release.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 3 additions, 3 deletions)

.github/workflows/self-test.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

.github/workflows/validate-renovate.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

Dockerfile

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

entrypoint.sh

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+4 -0)

tests/entrypoint.bats

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+23 -0)

tests/fixtures/git-status.out-2

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 3 additions, 0 deletions)

📊 Summary:

  • Total files changed upstream: 9
  • Files present in PR: 2/9
  • Files with matching changes: 2/9

Overall Status: 🔴 INCOMPLETE - Missing files or changes

@github-actions
Copy link
Contributor Author

github-actions bot commented Dec 24, 2025

🔍 Cherry-Pick Verification Report

📦 Upstream Changes: v0.2.19...v0.2.20

📋 File-by-File Analysis:

.github/workflows/ci.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

.github/workflows/licensing.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

.github/workflows/release.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 3 additions, 3 deletions)

.github/workflows/self-test.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

.github/workflows/validate-renovate.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

Dockerfile

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

entrypoint.sh

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+4 -0)

tests/entrypoint.bats

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+23 -0)

tests/fixtures/git-status.out-2

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+3 -0)

📊 Summary:

  • Total files changed upstream: 9
  • Files present in PR: 3/9
  • Files with matching changes: 3/9

Overall Status: 🔴 INCOMPLETE - Missing files or changes

@Raj-StepSecurity Raj-StepSecurity added the review required Claude review required for PR. label Dec 29, 2025
@claude
Copy link

claude bot commented Dec 29, 2025
edited
Loading

Claude finished @github-actions[bot]'s task —— View job

🔍 Comprehensive PR Review

Reviewing cherry-picked changes for completeness, consistency, and security vulnerabilities.

Review Checklist:

  • Analyze changed files for security vulnerabilities
  • Review cherry-pick completeness based on verification reports
  • Examine code changes in entrypoint.sh
  • Review test changes in tests/entrypoint.bats
  • Check new test fixture tests/fixtures/git-status.out-2
  • Assess missing files impact
  • Provide comprehensive feedback and recommendations

✅ Security Analysis - PASSED

All code changes are secure with no vulnerabilities detected:

  • Input validation and error handling properly implemented (entrypoint.sh:25-29)
  • No code injection risks in git status parsing logic
  • File path handling uses safe bash practices with proper quoting
  • No sensitive data exposure or logging concerns

✅ Code Quality Analysis - PASSED

entrypoint.sh:72-74 - New untracked files handling:

# handle untracked files (??):
# https://github.com/planetscale/ghcommit-action/issues/43#issuecomment-1950986790
[[ "$tree_status" == "?" && "$index_status" == "?" ]] && adds+=("$filename")

Good: Addresses issue #43, properly handles untracked files with status code "??"

tests/entrypoint.bats:81-102 - New test coverage:
Good: Comprehensive test for untracked files functionality

tests/fixtures/git-status.out-2 - Test fixture:
Good: Realistic test data with mixed file statuses

❌ Cherry-Pick Completeness - INCOMPLETE

Critical Issue: Only 3 out of 9 upstream files successfully included in this PR.

Missing Files (6/9):

  • .github/workflows/ci.yaml - ❌ Cannot auto-apply (GitHub Actions security restriction)
  • .github/workflows/licensing.yaml - ❌ Cannot auto-apply (GitHub Actions security restriction)
  • .github/workflows/release.yaml - ❌ Cannot auto-apply (GitHub Actions security restriction)
  • .github/workflows/self-test.yaml - ❌ Cannot auto-apply (GitHub Actions security restriction)
  • .github/workflows/validate-renovate.yml - ❌ Cannot auto-apply (GitHub Actions security restriction)
  • Dockerfile - ❌ Conflicting changes detected

📋 Recommendations

  1. Manual Workflow Updates Required: The 5 missing workflow files need manual review and application since GitHub Actions cannot modify workflow files for security reasons.

  2. Dockerfile Conflicts: Investigate and resolve the conflicting changes in the Dockerfile from upstream.

  3. Incomplete Release: This PR should not be merged until all upstream changes are properly applied to ensure version consistency.

  4. Action Items:

    • Manually apply workflow file changes from upstream v0.2.19...v0.2.20
    • Resolve Dockerfile conflicts
    • Re-run verification to ensure 9/9 files are successfully applied

🚨 Recommendation: DO NOT MERGE

This cherry-pick is incomplete and missing critical components from the upstream release.

@github-actions
Copy link
Contributor Author

github-actions bot commented Dec 29, 2025

🔍 Cherry-Pick Verification Report

📦 Upstream Changes: v0.2.19...v0.2.20

📋 File-by-File Analysis:

.github/workflows/ci.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

.github/workflows/licensing.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

.github/workflows/release.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 3 additions, 3 deletions)

.github/workflows/self-test.yaml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

.github/workflows/validate-renovate.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

Dockerfile

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

entrypoint.sh

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+4 -0)

tests/entrypoint.bats

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+23 -0)

tests/fixtures/git-status.out-2

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+3 -0)

📊 Summary:

  • Total files changed upstream: 9
  • Files present in PR: 3/9
  • Files with matching changes: 3/9

Overall Status: 🔴 INCOMPLETE - Missing files or changes

@Raj-StepSecurity Raj-StepSecurity merged commit 6b5d830 into main Dec 29, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amanstep amanstep amanstep approved these changes

Assignees

No one assigned

Labels

review required Claude review required for PR. review-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amanstep @Raj-StepSecurity