Skip to content

Backport: Make security-check informational only (#36681)#36852

Merged
lunny merged 5 commits intorelease/v1.25from
copilot/backport-security-check-informational
Mar 6, 2026
Merged

Backport: Make security-check informational only (#36681)#36852
lunny merged 5 commits intorelease/v1.25from
copilot/backport-security-check-informational

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 6, 2026
edited
Loading

Backport of #36681 to release/v1.25.

security-check (govulncheck) was failing CI on all PRs whenever vulnerabilities existed in dependencies. Since https://github.com/go-gitea/gitea/security/dependabot already surfaces this information, the check should be informational only.

  • Makefile: Append || true to the security-check target so govulncheck output is preserved but non-zero exits no longer break CI.

Note: release/v1.25 does not have the GOEXPERIMENT= prefix on this line (added later in main), so only || true was appended.

Original prompt

Create a backport pull request targeting release/v1.25 that applies the changes from merged PR #36681 ("Make security-check informational only") in go-gitea/gitea.

Context:

Requirements:

  1. Identify the exact commits and file changes introduced by PR Make security-check informational only #36681.
  2. Cherry-pick or re-apply those changes onto a new branch off release/v1.25.
  3. Resolve any merge conflicts cleanly and keep behavior identical to PR Make security-check informational only #36681, adapted only as necessary for compatibility with 1.25.
  4. Ensure existing CI checks pass (or document any expected differences).
  5. Open a PR against release/v1.25 with a clear title like: "Backport: Make security-check informational only".
  6. In the PR description:

Notes:

  • The change is expected to affect the security-check workflow/job to be informational-only (i.e., not failing the overall workflow / not blocking merges).
  • Follow repository conventions for backports (labels, branch naming, and PR template usage if present).

This pull request was created from Copilot chat.

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 6, 2026
@GiteaBot GiteaBot added this to the 1.25.5 milestone Mar 6, 2026
@silverwind
Backport: Make security-check informational only (#36681)
b40292a 
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Copilot AI changed the title [WIP] Backport: Make security-check informational only Backport: Make security-check informational only (#36681) Mar 6, 2026
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Mar 6, 2026
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 6, 2026
@lunny lunny marked this pull request as ready for review March 6, 2026 18:35
@lunny lunny enabled auto-merge (squash) March 6, 2026 19:07
@silverwind silverwind added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Mar 6, 2026
@lunny lunny merged commit b3290b6 into release/v1.25 Mar 6, 2026
30 checks passed
@lunny lunny deleted the copilot/backport-security-check-informational branch March 6, 2026 22:54
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Mar 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lunny lunny lunny approved these changes

+1 more reviewer

@silverwind silverwind silverwind approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@silverwind silverwind

Copilot code review Copilot

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/internal

Projects

None yet

Milestone

1.25.5

Development

Successfully merging this pull request may close these issues.

4 participants

@lunny @silverwind @GiteaBot