The assumption is that if a pull request exists on a main branch, it was usually
created by mistake and then closed, and showing it serves no purpose and is only
distracting.
We keep showing open pull requests for main branches though, because this allows
you to notice that there is one that you probably want to close.
This only affects the display (in the branches list and in the main view);
opening the PR in the browser using shift-G is still possible, as is copying its
URL to the clipboard.
### PR Description
Close#5494
Normalizes the repository owner to lowercase during the PR mapping.
This ensures that PR icons and integration features work correctly even
when the local git remote URL casing differs from the official
repository casing on GitHub.
Normalizes the repository owner to lowercase during the PR
mapping.
This ensures that PR icons and integration features work correctly even
when the local git remote URL casing differs from the official
repository casing on GitHub.
Just (https://just.systems/) works better than make for running
commands. For example, passing arguments to `make integration-test-cli`
requires a `--` between make's arguments and the cli test runner's
arguments (e.g. -sandbox), and will also result in weird errors. Just
doesn't have any of these problems.
I chose different target names than we use in the Makefile; the goal is
to have better tab completion, where the most commonly used commands can
be completed after typing a single letter. That's why I use "e2e" for
integration tests, which is not a term we use anywhere else.
Keeping the Makefile around for those who are used to it, and are too
lazy to install just.
Just (https://just.systems/) works better than make for running commands. For
example, passing arguments to `make integration-test-cli` requires a `--`
between make's arguments and the cli test runner's arguments (e.g. -sandbox),
and will also result in weird errors. Just doesn't have any of these problems.
I chose different target names than we use in the Makefile; the goal is to have
better tab completion, where the most commonly used commands can be completed
after typing a single letter. That's why I use "e2e" for integration tests,
which is not a term we use anywhere else.
Keeping the Makefile around for those who are used to it, and are too lazy to
install just.
## Summary
Fix high severity security issue in `.github/workflows/release.yml`.
## Vulnerability
| Field | Value |
|-------|-------|
| **ID** |
yaml.github-actions.security.run-shell-injection.run-shell-injection |
| **Severity** | HIGH |
| **Scanner** | semgrep |
| **Rule** |
`yaml.github-actions.security.run-shell-injection.run-shell-injection` |
| **File** | `.github/workflows/release.yml:113` |
**Description**: Using variable interpolation `${{...}}` with `github`
context data in a `run:` step could allow an attacker to inject their
own code into the runner. This would allow them to steal secrets and
code. `github` context data can have arbitrary user input and should be
treated as untrusted. Instead, use an intermediate environment variable
with `env:` to store the data and use the environment variable in the
`run:` script. Be sure to use double-quotes the environment variable,
like this: "$ENVVAR".
## Changes
- `.github/workflows/release.yml`
## Verification
- [x] Build passes
- [x] Scanner re-scan confirms fix
- [x] LLM code review passed
---
*Automated security fix by [OrbisAI Security](https://orbisappsec.com)*
When building multi-step custom command forms, some prompts are only
relevant depending on earlier answers. Without conditional logic, users
must dismiss irrelevant prompts manually.
Prompts now accept a `condition` field with a template expression
evaluated against prior form values. Skipped prompts default to an empty
string.
When building multi-step custom command forms, some prompts are only
relevant depending on earlier answers. Without conditional logic,
users must dismiss irrelevant prompts manually.
Prompts now accept a `condition` field with a template expression
evaluated against prior form values. Skipped prompts default to
an empty string.
The template expression is a string pre- and suffixed with double curly
braces - {{}}.
Form keys can be reused, a guard ensures that skipped prompts do not
reset already set form keys with an empty string. This allows the
conditional flow to remind a user to set a key that was left empty
because additional conditions want that key to be set. This removes the
need to have additional if checks in the command that uses the form
keys.
This makes it easier to recover them if they were deleted accidentally.
We only do this for local branches for now, we don't bother for remote
branches; it would be trickier there, because the branch on the server
might not actually point to the same hash as our local remote tracking
branch does.
Fixes#2468.
This makes it easier to recover them if they were deleted accidentally.
We only do this for local branches for now, we don't bother for remote branches;
it would be trickier there, because the branch on the server might not actually
point to the same hash as our local remote tracking branch does.
Bumps [github.com/spkg/bom](https://github.com/spkg/bom) from
0.0.0-20160624110644-59b7046e48ad to 1.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spkg/bom/releases">github.com/spkg/bom's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.1</h2>
<p>Update to later version of go, remove CI that no longer works</p>
<h2>v1.0.0</h2>
<p>Add support for Go modules.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/spkg/bom/commits/v1.0.1">compare view</a></li>
</ul>
</details>
<br />
Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.4.0 to
0.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/adrg/xdg/releases">github.com/adrg/xdg's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.3</h2>
<h3>Changelog</h3>
<ul>
<li>Updated <code>xdg.SearchRuntimeFile</code> to also look in the
operating system's temporary directory for runtime files.
This covers unlikely cases in which runtime files cannot be written
relative to the base runtime directory either because it does not exist
or it is not accessible, so <code>xdg.RuntimeFile</code> suggests the
operating system's temporary directory as a suitable fallback
location.</li>
</ul>
<h3>Internal</h3>
<ul>
<li>Improved package testing.</li>
</ul>
<h2>v0.5.2</h2>
<h3>Changelog</h3>
<ul>
<li>
<p>Updated logic of <code>xdg.RuntimeFile</code>: due to the special
nature of the <code>runtime directory</code>, the function no longer
attempts to create it if it does not exist. If that's the case, the
function uses the operating system's <code>temporary directory</code> as
a fallback. The function still creates subdirectories relative to the
base runtime directory or its fallback.</p>
<p>Justification: the creation of the runtime directory is not in the
scope of this package as it has special requirements defined by the <a
href="https://specifications.freedesktop.org/basedir-spec/latest">XDG
Base Directory Specification</a>. Relevant excerpt:</p>
<blockquote>
<p>The lifetime of the directory MUST be bound to the user being logged
in. It MUST be created when the user first logs in and if the user fully
logs out the directory MUST be removed. If the user logs in more than
once they should get pointed to the same directory, and it is mandatory
that the directory continues to exist from their first login to their
last logout on the system, and not removed in between. Files in the
directory MUST not survive reboot or a full logout/login cycle.</p>
</blockquote>
<p>Also, on <code>Linux</code>, the parent directories of the default
user runtime directory are owned by the root user so they cannot be
created by a regular user. <a
href="https://www.freedesktop.org/software/systemd/man/latest/pam_systemd.html">pam_systemd</a>
is usually responsible for creating the runtime directory
(<code>/run/user/$UID</code>).</p>
</li>
</ul>
<h2>v0.5.1</h2>
<h3>Changelog</h3>
<ul>
<li>Added support for the non-standard <code>XDG_BIN_HOME</code> base
directory.
See <a
href="https://github.com/adrg/xdg?tab=readme-ov-file#xdg-base-directory">XDG
base directories</a> README section for more details.</li>
<li>Added more config and data search locations on <code>macOS</code>.
<ul>
<li>Added <code>~/.config</code> at the end of the list of default
locations for <code>XDG_CONFIG_DIRS</code>.</li>
<li>Added <code>~/.local/share</code> at the end of the list of default
locations for <code>XDG_DATA_DIRS</code>.</li>
</ul>
</li>
<li>Added more application search locations on <code>Windows</code>:
<ul>
<li><code>%ProgramFiles%</code></li>
<li><code>%ProgramFiles%\Common Files</code></li>
<li><code>%LOCALAPPDATA%\Programs</code></li>
<li><code>%LOCALAPPDATA%\Programs\Common</code></li>
</ul>
</li>
</ul>
<h3>Internal</h3>
<ul>
<li>Updated <code>golang.org/x/sys</code> dependency to the latest
version.</li>
<li>Improved package testing.</li>
</ul>
<h2>v0.5.0</h2>
<h3>Changelog</h3>
<ul>
<li><code>user-dirs.dirs</code> config file is now parsed on Unix-like
operating systems (except for macOS and Plan 9).
See <a
href="https://github.com/adrg/xdg?tab=readme-ov-file#xdg-user-directories">XDG
user directories</a> README section for more details.</li>
<li>Updated <code>golang.org/x/sys</code> dependency to the latest
version.</li>
</ul>
<h4>Internal</h4>
<ul>
<li>Moved all path related functionality in internal
<code>pathutil</code> package.</li>
<li>Added internal <code>userdirs</code> package:
<ul>
<li>Moved <code>xdg.UserDirectories</code> to
<code>userdirs.Directories</code>.</li>
<li>Added parsing functions for <code>user-dirs.dirs</code> config
file.</li>
</ul>
</li>
<li>Improved package testing.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/adrg/xdg/commit/aa865a51a1b35fd06925fd6b8604991e79e3167e"><code>aa865a5</code></a>
Merge pull request <a
href="https://redirect.github.com/adrg/xdg/issues/101">#101</a> from
adrg/update-search-runtime-file</li>
<li><a
href="https://github.com/adrg/xdg/commit/71a81eccf3e9ac9ebf03e8c11ca3ed60a06eac7f"><code>71a81ec</code></a>
Minor xdg.SearchRuntimeFile function documentation update</li>
<li><a
href="https://github.com/adrg/xdg/commit/88111eba52ac2a211b97194266db5207c975c266"><code>88111eb</code></a>
Minor example update in README.md and doc.go</li>
<li><a
href="https://github.com/adrg/xdg/commit/d9f76be86d944bf2b9bdb8544952111e2533f3ad"><code>d9f76be</code></a>
Improve non-existent runtime directory test case</li>
<li><a
href="https://github.com/adrg/xdg/commit/800775a49c0a7877af5dca22104b90dc7e788cd0"><code>800775a</code></a>
Update xdg.SearchRuntimeFile to also look in temporary directory</li>
<li><a
href="https://github.com/adrg/xdg/commit/2335a687b19a49dafb193856d64d911d33c4b3c1"><code>2335a68</code></a>
Merge pull request <a
href="https://redirect.github.com/adrg/xdg/issues/99">#99</a> from
adrg/improve-runtime-file</li>
<li><a
href="https://github.com/adrg/xdg/commit/221e50698e5b31d277289e971f645299279efdd5"><code>221e506</code></a>
Minor non-existent runtime directory test case fix on macOS</li>
<li><a
href="https://github.com/adrg/xdg/commit/9bbb6024b2e9ee213bbed1f63ae8ea6063767d5b"><code>9bbb602</code></a>
Minor error format improvement in pathutil.Create and
pathutil.Search</li>
<li><a
href="https://github.com/adrg/xdg/commit/987b3ce5c440036b799a21a633a699be91530d0a"><code>987b3ce</code></a>
Minor README.md update</li>
<li><a
href="https://github.com/adrg/xdg/commit/3c39d559725cf005c392630100f4f338b49daf24"><code>3c39d55</code></a>
Add non-existent runtime directory test case</li>
<li>Additional commits viewable in <a
href="https://github.com/adrg/xdg/compare/v0.4.0...v0.5.3">compare
view</a></li>
</ul>
</details>
<br />
- **PR Description**
If the user has `gh` installed and is logged in (`gh auth login`),
lazygit shows GitHub PR icons next to the names of branches that have an
associated PR, colored by the PR's status (green=open, red=closed,
purple=merged).
Selecting a branch and pressing `shift-G` opens the PR in the browser.
For esthetic reasons, checking out a branch (or other ref) blocks the UI until
the refresh is done, so it's important that the refresh doesn't do unnecessary
work. Refreshing pull requests is unnecessary (but costly, when waiting for it)
when a branch is checked out that already existed locally. However, it is
required when checking out a remote branch for the first time, so that the PR
icon appears immediately when there is one.
For the branches panel we might consider unifying it with the existing `o`
command for creating a PR: it could check if there is a PR already, and open it
if so, or create a new one if not.
However, I also want the command in the local commits panel for the checked out
branch, and there's no existing "Create PR" command there; and the `o` command
opens the selected commit in the browser, so it's unrelated.
Add GitHubCommands struct with GraphQL-based PR fetching, and
GithubPullRequest model. Wire HostingService and GitHub command
structs into GitCommand.
Co-authored-by: Stefan Haller <stefan@haller-berlin.de>
Extract parseRemoteUrl helper to avoid duplication between
getRepoURLFromRemoteURL and new getRepoNameFromRemoteURL.
Add repoNameTemplate to ServiceDefinition and GetRepoName() to
HostingServiceMgr. Add GetRepoInfoFromURL for callers that need
owner/repo without a full service lookup.
The only information that this carries is whether an entry is a real branch or a
detached head. Detached heads can only be at the top, and they are easy to tell
apart from the other branches by their name, so the icon is not really very
useful.
We are going to show PR icons in this column.
Stefan Haller
Bradly Chang
Ubuntu
Martin T.
dependabot[bot]
Jesse Duffield