Use release-drafter/release-drafter GitHub Action to label our PRs
#4868
Commits on Sep 24, 2023
-
ci(release-draft): limit GITHUB_TOKEN permissions
Limit the `GITHUB_TOKEN` permissions for `toolmantim/release-drafter` to the minimum required permissions.
-
ci(pr-labeler): limit GITHUB_TOKEN permissions
Limit the `GITHUB_TOKEN` permissions for `TimonVS/pr-labeler-action` to the minimum required permissions.
-
ci(release-drafter): remove unused
branchconfig`branch` is not a valid configuration option for release-drafter, see https://github.com/release-drafter/release-drafter#configuration-options There's is a similar [`references` option][1], but it does nothing when using GitHub Actions (it's only there for GitHub apps). There's also `commitish`, but it defaults to the target/branch the GitHub Action job runs on, so we don't need to set that. [1]: https://github.com/release-drafter/release-drafter#references
-
-
docs(ci/pr-labeler): warn about security issues
Using `pull_request_target` is pretty dangerous, since it heavily increases the risk of malicious PRs getting access to the mermaid-js repo. What we're doing currently is safe, but we should add a warning message just to ensure that we're very careful when we make changes. See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
-
style(pr-labeler): format .github/pr-labeler.yml
Change the formatting of .github/pr-labeler.yml to make `git diff`'s easier to understand in a future commit.
-
ci(pr-labeler): replace TimonVS/pr-labeler-action
Replace the `TimonVS/pr-labeler-action` with `release-drafter/release-drafter` as it has an [`autolabeler`][1] option that can autolabel PRs for us. This should fix labeling PRs from forks, see TimonVS/pr-labeler-action#25. I've kept the `.github/pr-labeler.yml` configuration file, so that links to it from the https://mermaid.js.org website continue to work. I've also kept everything in the same `.github/workflows/pr-labeler.yml` GitHub Actions workflow to make the `git diff` easier to review, and to keep the GitHub Actions permissions the same. [1]: https://github.com/release-drafter/release-drafter/blob/ff929b5ceb21bf2646a216e916f9a8bb507d48a3/README.md#autolabeler
Commits on Sep 25, 2023
-
ci(pr-labeler): add required
templateoptionThis value is unused, but it's required, so we have to add it. Fixes: a1673d3
Commits on Nov 15, 2023
-
Merge branch 'develop' into other/remove-pr-labeler-action
* develop: (164 commits) Update all patch dependencies Fix docs Update packages/mermaid/src/docs/community/questions-and-suggestions.md Update packages/mermaid/src/diagrams/class/classRenderer-v2.ts update edge ids draw top actors with lines first followed by messages Bump GitHub workflow actions to latest versions Update docs Documentation: clarify sentence Fix lint Fix typo fix typo Add new Atlassian integrations chore(deps): update all patch dependencies Update demos/sequence.html chore: release v10.6.1 fix fix fix: render the participants in same order as they are created fix(flow): fix invalid ellipseText regex ...
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.