Skip to content

chore(deps): update github-actions#284

Merged
rhuanbarreto merged 1 commit into
mainfrom
renovate/github-actions
May 9, 2026
Merged

chore(deps): update github-actions#284
rhuanbarreto merged 1 commit into
mainfrom
renovate/github-actions

Conversation

@renovate

@renovate renovate Bot commented May 8, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change Pending OpenSSF
github/codeql-action action patch v4.35.2v4.35.3 v4.35.4 OpenSSF Scorecard
slsa-framework/slsa-github-generator action pinDigest f7dd8c5 OpenSSF Scorecard

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

github/codeql-action (github/codeql-action)

v4.35.3

Compare Source

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #​3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #​3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #​3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #​3852
  • Update default CodeQL bundle version to 2.25.3. #​3865

Configuration

📅 Schedule: (in timezone Europe/Oslo)

  • Branch creation
    • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
    • Only on Sunday and Saturday (* * * * 0,6)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot added the dependencies label May 8, 2026
@renovate renovate Bot requested a review from rhuanbarreto as a code owner May 8, 2026 21:41
@renovate renovate Bot added the dependencies label May 8, 2026
@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying archgate-cli with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4c2e44c
Status: ✅  Deploy successful!
Preview URL: https://4aae916d.archgate-cli.pages.dev
Branch Preview URL: https://renovate-github-actions.archgate-cli.pages.dev

View logs

@rhuanbarreto rhuanbarreto merged commit 7b76c63 into main May 9, 2026
10 of 11 checks passed
@rhuanbarreto rhuanbarreto deleted the renovate/github-actions branch May 9, 2026 19:02
rhuanbarreto added a commit that referenced this pull request May 18, 2026
Renovate PR #284 re-pinned the SLSA generator to a SHA digest,
breaking provenance generation on the v0.37.0 release. The SLSA
generator's generate-builder.sh rejects non-tag refs.

This is the same fix as #250. A Renovate exclusion rule has been
added to archgate/renovate-config (PR #10) to prevent recurrence.

Ref: slsa-framework/slsa-github-generator#150

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
@archgatebot archgatebot Bot mentioned this pull request May 18, 2026
rhuanbarreto added a commit that referenced this pull request May 19, 2026
* fix(ci): revert SLSA reusable workflow to tag pin

Renovate PR #284 re-pinned the SLSA generator to a SHA digest,
breaking provenance generation on the v0.37.0 release. The SLSA
generator's generate-builder.sh rejects non-tag refs.

This is the same fix as #250. A Renovate exclusion rule has been
added to archgate/renovate-config (PR #10) to prevent recurrence.

Ref: slsa-framework/slsa-github-generator#150
Signed-off-by: Rhuan Barreto <rhuan@barreto.work>

* test: improve code coverage from 63% to 74% (+179 tests)

Add comprehensive tests across 21 files covering previously untested
command action handlers, helper functions, and engine logic. Tests
follow existing conventions: bun:test, temp dirs, spyOn mocking,
globalThis.fetch replacement, and SPDX headers.

Phase 1 - Pure logic:
- rule-scanner: scanImportedRuleSource() AST analysis
- registry: detectTarget() and resolveSource() edge cases
- update-check: cache-miss write path and semver edge cases
- pack-recommend: recommendPacks() with mocked shallowClone

Phase 2 - Command integration:
- New: telemetry command (status/enable/disable)
- New: doctor command (--json, formatted output, WSL, errors)
- session-context: error paths for all 4 editors
- review-context: error handling and option forwarding
- login: status/logout/login action handlers
- adr/create: --files, --rules, --json non-interactive paths

Phase 3 - Helpers with I/O mocking:
- telemetry: CI detection, shell detection, track* functions
- platform: WSL paths return null on non-WSL, resolveCommand

Phase 4 - Complex commands:
- adr/sync: --check, --yes, --json, diff detection, source filter
- adr/import: --list, --dry-run, --yes, ID remapping, rules copy
- upgrade: formatBytes, already-up-to-date, fetch failure paths
- plugin/url: all --editor variants

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>

* fix(test): sort import test assertions to avoid filesystem ordering differences

The --dry-run --json and --yes --json tests assumed ADR files would be
read in alphabetical order, but Linux readdir returns them in a different
order than Windows. Sort the parsed arrays by ID before asserting.

Also compact comment blocks to stay under the 500-line oxlint limit.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>

* test: add WSL detection tests via env-var mocking on Linux CI

On the Linux CI runner, set WSL_DISTRO_NAME/WSL_INTEROP env vars to
exercise the WSL detection branches in platform.ts without needing a
real WSL environment. The wslpath/cmd.exe calls fail gracefully
(returning null), which covers the error paths too.

Also test the vscode-settings WSL fallback path: when WSL is detected
but cmd.exe is unavailable, getVscodeUserSettingsPath falls through
to the standard Linux ~/.config path.

Tests are gated with test.skipIf(!isNativeLinux) so they only run on
the Linux CI runner and are skipped on Windows/macOS.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>

* test: add remaining coverage improvements (Phases 3+4)

Add tests for 11 more files covering helpers with I/O mocking,
complex commands, and previously never-loaded modules.

Phase 3 - Helpers with I/O mocking:
- credential-store: gitCredentialFill timeout, clearCredentials
- telemetry-config: showFirstRunNoticeIfNeeded all branches
- install-info: getProjectContext edge cases, cache behavior
- vscode-settings: addMarketplaceToUserSettings, WSL fallback
- init-project: configureEditorSettings all editors, tryInstallPlugin
- binary-upgrade: checksum verify/mismatch, zip extraction, replaceBinary

Phase 4 - Complex commands and never-loaded files:
- plugin-install: URL builders, CLI checks, install/download functions
- plugin/install cmd: auth guard, editor paths, failure handling
- login-flow: full device flow, signup, TLS errors (all mocked)
- check cmd: registration + action handler via temp project fixtures
- formats/rules: RuleSet/RuleResult schema validation

Also fix mock.module cross-test pollution in plugin/install.test.ts
by converting findProjectRoot mock from mock.module to spyOn.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>

* fix(test): fix CI failures in credential-store and vscode-settings tests

- credential-store: gate saveCredentials tests that depend on OS
  credential helper behavior with test.skipIf(platform !== "win32").
  Fix round-trip test to set GIT_CONFIG_GLOBAL to point at the custom
  gitconfig with the store helper.
- vscode-settings: use a fresh nested subdir for the "creates directory
  structure" test so it doesn't fail when ~/.config/Code/ already exists
  on the CI runner.
- Re-add WSL fallback test that was lost during agent merge.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>

* fix(test): fix remaining CI failures on Linux

- vscode-settings: remove pre-condition assertion that settings dir
  doesn't exist (homedir() on Linux may not reflect HOME override,
  and ~/.config/Code/ may already exist on CI runner)
- credential-store: skip round-trip test entirely — git credential
  store helper interaction differs across platforms due to Bun.env
  snapshot timing. Remove unused isWindows import.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>

---------

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant