Skip to content
This repository has been archived by the owner on Apr 19, 2024. It is now read-only.

Latest commit

 

History

History
87 lines (58 loc) · 2.71 KB

README.md

File metadata and controls

87 lines (58 loc) · 2.71 KB

Tidelift Issue Toolbox

build status

This github action has been created to help maintainers organize and address issues. This project is still under beta, and we welcome any feedback to improve issue management.

Maintainers have reported responding to multiple issues regarding the same disclosed security issue, and these actions aim to reduce this workload. Maintainers who have partnered with Tidelift are responding to Common Vulnerabilities and Exposures (CVE) with workarounds and when users are affected.

Adding this action will allow Tidelift to automatically respond to an issue referencing a particular CVE or NPM audit alert with this previously provided data. This action will also label the issue with the CVE identifier for users to find similar topics, and link users referencing the same vulnerability to one ticket, to highlight potential duplicates.

Generated from actions/typescript-action

Usage

Retrieve your Tidelift user API key and add it as TIDELIFT_API_KEY to your project secrets.

Add a workflow to your project.

# .github/workflow/tidelift_issues.yml

name: Tidelift Issue Toolbox
on:
  issues:
    types: [opened, edited]

jobs:
  scan_issues:
    runs-on: ubuntu-latest
    steps:
      - uses: tidelift/issue-toolbox@V1
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          tidelift-api-key: ${{ secrets.TIDELIFT_API_KEY }}
          # ignore-if-assigned: 'false'
          # disable-recommendations: 'false'
          # disable-labels: 'false'

After testing you can create a v1 tag to reference the stable and latest V1 action

Developing

Install the dependencies

npm install

Run full lint, test, build

npm run all

Run the tests ✔️

npm test

Run the linter ✔️

npm run lint

GITHUB_TOKEN and TIDELIFT_API_KEY can be provided from the environment or .env file.

Publish to a distribution branch

Actions are run from GitHub repos so we will checkin the packed dist folder.

Then run ncc and push the results:

npm run package
git add dist
git commit -a -m "prod dependencies"
git push origin releases/v1

Note: We recommend using the --license option for ncc, which will create a license file for all of the production node modules used in your project.

Your action is now published! 🚀

See the versioning documentation