v0.12.0

Find pr number with commit hash @tocy1 (#28)

Adds support for commenting on PR without PR number, if commit sha is avialable

v0.11.5

🚀 Enhancements

Update actions/checkout action to v3 @renovate (#38)

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v2 -> v3

---

Release Notes

actions/checkout

v3

Compare Source

• Add input set-safe-directory

---

v0.11.4

🚀 Enhancements

Update mszostok/codeowners-validator action to v0.7.4 @renovate (#41)

This PR contains the following updates:

Package	Type	Update	Change
mszostok/codeowners-validator	action	patch	v0.7.1 -> v0.7.4

---

Release Notes

mszostok/codeowners-validator

v0.7.4

Compare Source

🎉 GitHub Codeowners Validator 0.7.4 is now available!

Highlights

✨ New functionality

• Support GitHub App authentication (#​146) (@​julienduchesne)
  Now, you can use the GitHub App auth instead of private token. Read more here: https://github.com/mszostok/codeowners-validator/blob/main/docs/gh-token.md#github-app.

• New experimental check: Avoid shadowing (#​149) (@​julienduchesne)
  Reports if entries go from least specific to most specific. Otherwise, earlier entries are completely ignored.

  For example:

First entry

 /build/logs/ @​octocat

Shadows - reported as error

 * @​s1
 /b*/logs @​s5

OK

 /b*/other @​o1
 /script/* @​o2
 ```

🔧 Bug Fixes

• Apply hot fix to resolve issue with untrusted git repository for not-owned checker (#​148) (@​mszostok)
  Added to solve problem whttps://github.com/actions/checkout/issues/766/766.

Changelog

• 7dfc6dc: Support Github App authentication (#​146) (@​julienduchesne)
• 0e995bc: New experimental check: Avoid shadowing (#​149) (@​julienduchesne)
• d1be488: Apply hot fix to resolve issue with untrusted git repository for not-owned checker (#​148) (@​mszostok)
• cfa4033: Update main README.md (#​153) (@​mszostok)
• 7f3f5e2: Adjust docs and GitHub action for v0.7.4 release (#​154) (@​mszostok)

v0.7.3

Compare Source

🎉 GitHub Codeowners Validator 0.7.3 is now available!

Highlights

✨ New functionality

• not-owned-checker: Add git-ls-tree implementation with subdirectory support (#​141) (@​jeremycohen)
  Now you can specify against which subdirectories the not-owned check should be executed. To configure that, use the NOT_OWNED_CHECKER_SUBDIRECTORIES environment variable. In the default mode, it works as previously, where all files are checked.
• Add GitHub token validation to get rid of misleading error checks (#​143)

🔧 Bug Fixes

• Fix scope and internal error handling (#​145) (@​mszostok)
  The previous release informs the user about the internal error, but the exit code was not properly propagated. Now, besides the error message, the exit code is also set.

Changelog

• a16e4b9: not-owned-checker: Add git-ls-tree implementation with subdirectory support (#​141) (@​jeremycohen)
• 2ae5a4b: Add token validation when necessary, fmt shell code, enable 'gocritics' (#​143) (@​mszostok)
• 4e0aa9d: Prepare for release v0.7.3 (#​144) (@​mszostok)
• 436c7ac: Fix scope and internal error handling (#​145) (@​mszostok)

v0.7.2

Compare Source

🎉 GitHub Codeowners Validator 0.7.2 is now available!

Highlights

🔧 Bug Fixes

• Handle internal err, return issue with empty codeowners or git dirty state (#​130)
  This fixes a tech debt where codeowners-validator only logged the internal error and excited with 0 status code. Now, if there is any error, a proper exit code is returned.
• Allow comments in pattern line, update golangci-lint (#​129) (@​mszostok)
  Recently, GitHub allowed comments in CODEOWNERS files to appear at the end of a line, not just on their own line. As a result, a validation rule was removed to conform with a new syntax.

✨ New checks

• Add a flag to only allow teams as owners (#​127) (@​seveas)
  Now you can enable more strict rule and specify that only teams are allowed as owners of files.

🛡️ Security

• Bump dependencies (#​135) (@​mszostok)
• Bump alpine from 3.15.3 to 3.15.4 (#​136) (@​dependabot[bot])

Installation

See the Installation section for more installation options.

Docker images

ghcr.io:

• docker pull ghcr.io/mszostok/codeowners-validator:stable
• docker pull ghcr.io/mszostok/codeowners-validator:v0
• docker pull ghcr.io/mszostok/codeowners-validator:v0.7
• docker pull ghcr.io/mszostok/codeowners-validator:v0.7.2

Changelog 🚀

• d95ed83: Allow comments in pattern line, update golangci-lint (#​129) (@​mszostok)
• d7b92b1: Handle internal err, return issue with empty codeowners or git dirty state (#​130) (@​mszostok)
• bcdcc57: Bump dependencies (#​135) (@​mszostok)
• 3315c00: Add a flag to only allow teams as owners (#​127) (@​seveas)
• 5b87d6b: Add missing cfg in action.yml, add missing test for 'OwnersMustBeTeams' check (#​137) (@​mszostok)
• 127e9a8: Bump alpine from 3.15.3 to 3.15.4 (#​136) ([@​dependabot](https://togithub.com/dependabo...

v0.11.3

🚀 Enhancements

Update docker/build-push-action action to v3 @renovate (#43)

This PR contains the following updates:

Package	Type	Update	Change
docker/build-push-action	action	major	v2 -> v3

---

Release Notes

docker/build-push-action

v3

Compare Source

---

v0.11.2

🚀 Enhancements

Update docker/login-action action to v2 @renovate (#44)

This PR contains the following updates:

Package	Type	Update	Change
docker/login-action	action	major	v1 -> v2

---

Release Notes

docker/login-action

v2

Compare Source

---

v0.11.1

🚀 Enhancements

Update docker/setup-buildx-action action to v2 @renovate (#48)

This PR contains the following updates:

Package	Type	Update	Change
docker/setup-buildx-action	action	major	v1 -> v2

---

Release Notes

docker/setup-buildx-action

v2

Compare Source

---

v0.11.0

Update Go versions. Update GitHub workflows. Update Dockerfile @aknysh (#50)

what

• Update Go versions
• Update GitHub workflows
• Update Dockerfile

why

• Keep up to date

git.io->cloudposse.tools update @dylanbannon (#42)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

• DEV-143

Update mszostok/codeowners-validator action to v0.7.1 @renovate (#35)

This PR contains the following updates:

Package	Type	Update	Change
mszostok/codeowners-validator	action	minor	v0.5.0 -> v0.7.1

---

Release Notes

mszostok/codeowners-validator

v0.7.1

Compare Source

🔧 Bug fix release for 0.7.0 is now available!

Issue

Reports Team does not belong to organization error even if team is assigned to a proper GitHub organization. (https://github.com/mszostok/codeowners-validator/issues/121)

Root cause

This was a side effect of https://github.com/mszostok/codeowners-validator/pull/78#issuecomment-941445181 where not only team was normalized. Unfortunately, it was not detected by the integration test, as I used only the gh-codeowners organization. As you can see, it's all lower-case.

To reproduce the problem, I created a new organization GitHubCODEOWNERS and executed the v0.7 against it and ran into the same problem: https://github.com/GitHubCODEOWNERS/codeowners-samples/runs/5173200010?check_suite_focus=true

I tested that further to check whether GitHub also is case-insensitive for Organization names:

• CODEOWNERS: https://github.com/GitHubCODEOWNERS/codeowners-samples/blob/happy-path/CODEOWNERS#L10-L11
• Example PR: GitHubCODEOWNERS/codeowners-samples#1
  As you can see, code owners were properly assigned.

Corrective and Preventative Measures

To fix that problem, I created this PR: https://github.com/mszostok/codeowners-validator/pull/122 and tested also against a newly created organization: https://github.com/GitHubCODEOWNERS/codeowners-samples/runs/5173279973?check_suite_focus=true

I also added new integration tests against new GitHubCODEOWNERS organization to ensure no regression in the future.

Additional Corrective and Preventative Measures

In this case it's a bit of revers engineering as I don't have access to GitHub code which is responsible for assigning owners. As a result, I will need to create yet another e2e test that will be executed periodically to:

• Create a sample PR against files where @GiTHubCodeOwners/A-TeAm is specified and check whether GitHub is still case-insensitive and assigns @GitHubCodeowners/a-team properly.

In this way, I will be notified when GitHub will change its behavior and I will be able to release a new version that will match a changed functionality.

Changelog

Please see: https://github.com/mszostok/codeowners-validator/releases/tag/v0.7.0

v0.7.0

Compare Source

🎉 GitHub Codeowners Validator 0.7.0 is now available!

Highlights

🔧 Bug Fixes

• Normalize team name before comparison (#​78) (@​mszostok)
  GitHub is case-insensitive when assigning owners for a review. To match this approach now owners are normalized before checking if they exist under a given GitHub organization.

• Allow unowned patterns by default with an option to change it (#​113) (@​mszostok)
  GitHub allows you to define a pattern and left its owners empty. For example:

  /apps/ @​octocat
  /apps/github 
  

  In version 0.6 this was reported as error (Missing owner, at least one owner is required).
  In this release, this check was moved under owner checker and made optional. As a result, validator may work in a picky mode when needed, see new option:

  Name	Default	Description
  OWNER_CHECKER_ALLOW_UNOWNED_PATTERNS	true	Specifies whether CODEOWNERS may have unowned files. For example: /infra/oncall-rotator/ @​sre-team /infra/oncall-rotator/oncall-config.yml The /infra/oncall-rotator/oncall-config.yml file is not owned by anyone.
  To enable strict mode on GitHub Action specify:

        - name: GitHub CODEOWNERS Validator
          uses: mszostok/[email protected]
          with:
            owner_checker_allow_unowned_patterns: "false"

  Additionally, it is now reported as warning not error:

  ==> Executing Valid Owner Checker (1.2s)
      [war] line 23: Missing owner, at least one owner is required
  

• Fix spelling of brand GitHub (#​106) (@​jsoref)

• 0e709b4: Changed belongs to belong in error message, add integration tests(#​108) (@​kyleellman)

✨ New checks

• Enforce only one CODEOWNERS file (#​100) (@​athtran)
  In v0.7 an error is reported when more than one CODEOWNERS file is detected.

📖 Docs

• Add information how to configure GitHub action (#​74) (@​mszostok)

🛡️ Security

• Add CodeQL analysis GH job (cc618b4) (@​mszostok)
• Create SECURITY.md (5d8bce3) (@​mszostok)
• Fix shellcheck issues (#​75) (@​mszostok)

Installation

See the Installation section for more installation options.

Docker images

ghcr.io:

• docker pull ghcr.io/mszostok/codeowners-validator:stable
• docker pull ghcr.io/mszostok/codeowners-validator:v0
• docker pull ghcr.io/mszostok/codeowners-validator:v0.7
• docker pull ghcr.io/mszostok/codeowners-validator:v0.7.0

Docker Hub:

NOTE: Pushing to docker Hub will be deprecated and removed soon.

• docker pull mszostok/codeowners-validator:latest
• docker pull mszostok/codeowners-validator:v0.7.0
• docker pull mszostok/codeowners-validator:v0.7

Changelog 🚀

• 0078c61: Add initial pull-request GitHub Action (@​mszostok)
• 8800a24: Migrate tests from TravisCI to GitHub Action (#​66) (@​mszostok)
• e490734: Fix shellcheck issues (#​75) (@​mszostok)
• d86b542: Add info...

v0.10.1

🚀 Enhancements

Configure Renovate @renovate (#22)

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• Dockerfile (dockerfile)
• .github/workflows/auto-release.yml (github-actions)
• .github/workflows/docker.yml (github-actions)
• .github/workflows/go.yml (github-actions)
• .github/workflows/validate-codeowners.yml (github-actions)
• go.mod (gomod)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Enable Renovate Dependency Dashboard creation
• If semantic commits detected, use semantic commit type fix for dependencies and chore for all others
• Ignore node_modules, bower_components, vendor and various test/tests directories
• Autodetect whether to pin dependencies or maintain ranges
• Rate limit PR creation to a maximum of two per hour
• Limit to maximum 10 open PRs at any time
• Group known monorepo packages together
• Use curated list of recommended non-monorepo package groupings
• Fix some problems with very old Maven commons versions
• Ignore spring cloud 1.x releases
• Ignore web3j 5.0.0 release
• Ignore http4s digest-based 1.x milestones
• Use node versioning for @types/node
• Limit concurrent requests to reduce load on Repology servers until we can fix this properly, see issue 10133

🔡 Would you like to change the way Renovate is upgrading your dependencies? Simply edit the renovate.json in this branch with your custom config and the list of Pull Requests in the "What to Expect" section below will be updated the next time Renovate runs.

---

What to Expect

With your current configuration, Renovate will create 3 Pull Requests:

Update cloudposse/actions action to v0.30.0

• Schedule: ["at any time"]
• Branch name: renovate/cloudposse-actions-0.x
• Merge into: master
• Upgrade cloudposse/actions to 0.30.0

Update mszostok/codeowners-validator action to v0.6.0

• Schedule: ["at any time"]
• Branch name: renovate/mszostok-codeowners-validator-0.x
• Merge into: master
• Upgrade mszostok/codeowners-validator to v0.6.0

Update module github.com/Masterminds/sprig to v3

• Schedule: ["at any time"]
• Branch name: renovate/github.com-masterminds-sprig-3.x
• Merge into: master
• Upgrade github.com/Masterminds/sprig to v3.2.2

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or spam the project. See docs for prhourlylimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.10.0

Update Go versions. Update GitHub workflows @aknysh (#30)

what

• Update Go versions
• Update GitHub workflows

why

• Go versions before 1.17.x generate critical, high and medium Prisma security vulnerabilities
• Latest Github actions and workflows

v0.9.0

add -edit-comment-regex flag to edit existing comments @joemiller (#26)

New flag `-edit-comment-regex`. Similar to `-delete-comment-regex` but edit existing comment(s) instead of deleting / recreating.

If there are no matching comments a new comment is created so that the call is idempotent. Users can run the same command in a CI pipeline to create or update comments.

I updated the readme.yaml but did not commit a regenerated README.md. There were too many differences (like missing badges) that I thought something might be wrong w/ my local setup.

I updated the google/go-github lib to the latest v34.0.0 to fix what I thought was a bug but turned out not to be. The code should work fine on v17.0.0 if that needs to be backed out.

closes #24