This label is planned to replace lifecycle/frozen, as the language is a
bit more clear.

Refs: #1333
Change-Id: Ided8be62e9faaecbe901f235d18d218e05a33ece

This change refactors how issue title changes from gitlab events are
detected, fixing an issue (due to upstream changing the format of the
event body from markdown-esque to html), and improving on error
handling.

The error boiled down to a change in the issue title format. Gitlab
changed this on April 17 2025 with the release of version 17.11 [0],
although the only place a reference to this change exists is in the
changelog [1], which is not linked to from the releases page.

To account for the potential future in which other fields need to be
parsed in this way, an internal parser library was introduced at
`//bridge/gitlab/parser:parser.go` with initial support for parsing
title change messages.

An issue was opened with the Gitlab team discussing the fact that this
was a breaking change [2]. This may lead to moving title changes (or
maybe all changes) to `resource_*_events`, which would likely provide a
smoother experience for our use case.

Debugging this issue surfaced a few pain points with this bridge:

- Errors are few and far between, and when they do exist and are
  managed, they are often not propagated, often existing as simple
  `fmt.Printf` calls
- Inconsistent and uninformative logging structure when there _are_
  errors, leading to challenges in debugging unexpected behavior
- Fragility: we are parsing random text from event fields (for title
  changes and more). This will likely lead to future breakage should
  Gitlab change the format of other fields. Ideally, the gitlab SDK
  would start classifying notes and have fields like `type`, `old`,
  `new`... but this is unlikely to happen in the short term

[0]: https://about.gitlab.com/releases/2025/04/17/gitlab-17-11-released/
[1]:
https://gitlab.com/gitlab-org/gitlab/-/commit/b3e1fdcf45f8b18110a2f5217b9964a11616d316#ab09011fa121d0a2bb9fa4ca76094f2482b902b7_5_232
[2]: https://gitlab.com/gitlab-org/gitlab/-/issues/536827

Closes: #1367
Change-Id: I3bd7fa1c39a9e4dd2176d6e482e30ab68965f6e7

This reverts commit cc3b7c328dd4e4ad51de15919962d62f1146ca51,
effectively disabling Dependabot. This is being done primarily due to
git-bug/git-bug#1367, but also because the implementation of this bot is
noisy and often broken (failing to run `go mod tidy`, resulting in a CI
error that requires manual intervention to fix).

Automatically updating dependencies is helpful, but not a priority right
now. In the future, it is possible to revert this commit, however, I
would suggest looking at renovate [0] as an alternative approach, as I
personally find it to be far less invasive/noisy (see #1247).

[0]: https://docs.renovatebot.com/

Change-Id: I32f06381e1abf66a2655b5b6ba5c96cca6124720

`main.go` is and always has been the conventional entrypoint for
binaries (this is actually true for libraries as well, e.g. some
internal
`//foo` package would typically have an entrypoint of `//foo:foo.go`)

Change-Id: Ic75db640b06dc5c39a8c88db0d9d73d78f39d772

This change refactors the call to `git-describe` made in `//:Makefile`,
such that if the call made to populate the `GitLastTag` build argument
fails for any reason, the value is an empty string.

This resolves a fairly common situation in CI, and reproducible
elsewhere, if the local repository does not have any tags.

Change-Id: Ie8e06360d5a4016596b96c6371ce4e32ad6a8afb

Just running `go get -u github.com/go-git/go-git/v5@master`

Fixes: https://github.com/git-bug/git-bug/issues/1156

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: jingchanglu <jingchanglu@outlook.com>

The old room has a message from sudoforge saying

> 👋 hi there! this is just a friendly message noting that the source of
truth for the community is moving off of gitter's server, onto the
matrix foundation's public server. the address for that room is:
[git-bug](https://matrix.to/#/#git-bug:matrix.org)

And the new room has:

> 👋 hey folks. this [matrix.org](http://matrix.org/) room is going to
become the source of truth for the git-bug community. let me know if you
have any questions!

To avoid CVE-2024-45337 ("Misuse of ServerConfig.PublicKeyCallback may
cause authorization bypass in golang.org/x/crypto")

Related is also moving from the abandoned github.com/xanzy/go-gitlab to
the maintained gitlab.com/gitlab-org/api/client-go.

Co-authored-by: zachvalenta <zvalenta@cappusa.com>

Bumps
[github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) from
5.5.0 to 5.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-git/go-billy/releases">github.com/go-git/go-billy/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Adding support for wasm/wasip1 by <a
href="https://github.com/tryggvil"><code>@​tryggvil</code></a> in <a
href="https://redirect.github.com/go-git/go-billy/pull/36">go-git/go-billy#36</a></li>
<li><code>Memory.ReadDir()</code> should return an error when path isn't
found. by <a
href="https://github.com/weberc2-tempus"><code>@​weberc2-tempus</code></a>
in <a
href="https://redirect.github.com/go-git/go-billy/pull/38">go-git/go-billy#38</a></li>
<li>Adding support for WriteAt by <a
href="https://github.com/sfc-gh-thardie"><code>@​sfc-gh-thardie</code></a>
in <a
href="https://redirect.github.com/go-git/go-billy/pull/39">go-git/go-billy#39</a></li>
<li>Update memfs.New() to create root directory by <a
href="https://github.com/onee-only"><code>@​onee-only</code></a> in <a
href="https://redirect.github.com/go-git/go-billy/pull/45">go-git/go-billy#45</a></li>
<li>Fix symlink by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-billy/pull/46">go-git/go-billy#46</a></li>
<li>Close via defer by <a
href="https://github.com/spennymac"><code>@​spennymac</code></a> in <a
href="https://redirect.github.com/go-git/go-billy/pull/47">go-git/go-billy#47</a></li>
<li>General improvements to memfs by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-billy/pull/50">go-git/go-billy#50</a></li>
<li>boundos:insideBaseDirEval: return true if baseDir is &quot;/&quot;
by <a href="https://github.com/rminnich"><code>@​rminnich</code></a> in
<a
href="https://redirect.github.com/go-git/go-billy/pull/48">go-git/go-billy#48</a></li>
<li>Add wrapper for io/fs by <a
href="https://github.com/evankanderson"><code>@​evankanderson</code></a>
in <a
href="https://redirect.github.com/go-git/go-billy/pull/81">go-git/go-billy#81</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/dependabot"><code>@​dependabot</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-git/go-billy/pull/35">go-git/go-billy#35</a></li>
<li><a href="https://github.com/tryggvil"><code>@​tryggvil</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-git/go-billy/pull/36">go-git/go-billy#36</a></li>
<li><a
href="https://github.com/weberc2-tempus"><code>@​weberc2-tempus</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-git/go-billy/pull/38">go-git/go-billy#38</a></li>
<li><a
href="https://github.com/sfc-gh-thardie"><code>@​sfc-gh-thardie</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-git/go-billy/pull/39">go-git/go-billy#39</a></li>
<li><a href="https://github.com/onee-only"><code>@​onee-only</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-git/go-billy/pull/45">go-git/go-billy#45</a></li>
<li><a href="https://github.com/spennymac"><code>@​spennymac</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-git/go-billy/pull/47">go-git/go-billy#47</a></li>
<li><a href="https://github.com/rminnich"><code>@​rminnich</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-git/go-billy/pull/48">go-git/go-billy#48</a></li>
<li><a
href="https://github.com/evankanderson"><code>@​evankanderson</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-git/go-billy/pull/81">go-git/go-billy#81</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-git/go-billy/compare/v5.5.0...v5.6.0">https://github.com/go-git/go-billy/compare/v5.5.0...v5.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-git/go-billy/commit/371e232676ac6807a104d8d2d3373b2327840aff"><code>371e232</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-billy/issues/85">#85</a>
from go-git/dependabot/github_actions/github/codeql-ac...</li>
<li><a
href="https://github.com/go-git/go-billy/commit/5087c4c251600ff8cc1acc24550fda2198df78a0"><code>5087c4c</code></a>
build: bump github/codeql-action from 3.26.10 to 3.26.11</li>
<li><a
href="https://github.com/go-git/go-billy/commit/5f263c9795347f5aee705461a94508e07b91ca9e"><code>5f263c9</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-billy/issues/84">#84</a>
from go-git/dependabot/github_actions/github/codeql-ac...</li>
<li><a
href="https://github.com/go-git/go-billy/commit/18ec09879c80c3f00ec2127ed6d4740bb07ab4f4"><code>18ec098</code></a>
build: bump github/codeql-action from 3.26.8 to 3.26.10</li>
<li><a
href="https://github.com/go-git/go-billy/commit/c1ee0b97d109c16ed86df17914d3273cb4273176"><code>c1ee0b9</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-billy/issues/81">#81</a>
from evankanderson/iofs</li>
<li><a
href="https://github.com/go-git/go-billy/commit/b50bc97051ea4bdfef26dd45fdc00d6611483f0b"><code>b50bc97</code></a>
Rename Wrap to New</li>
<li><a
href="https://github.com/go-git/go-billy/commit/9745bbbd34318edf62e9108ec7132a73376094e0"><code>9745bbb</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-billy/issues/83">#83</a>
from go-git/dependabot/github_actions/github/codeql-ac...</li>
<li><a
href="https://github.com/go-git/go-billy/commit/d864d47c2c6c8f7d0f0774ed85f84fc01ac1eab9"><code>d864d47</code></a>
build: bump github/codeql-action from 3.26.7 to 3.26.8</li>
<li><a
href="https://github.com/go-git/go-billy/commit/b8c5b1bd59024b0644aaef23ed43177ca8301f7f"><code>b8c5b1b</code></a>
Prevent test failures on Windows, address feedback from pjbgf</li>
<li><a
href="https://github.com/go-git/go-billy/commit/28f6c4986d403626559b92aa275cac0ceeda6439"><code>28f6c49</code></a>
Fix test handling on go &lt; 1.23</li>
<li>Additional commits viewable in <a
href="https://github.com/go-git/go-billy/compare/v5.5.0...v5.6.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-billy/v5&package-manager=go_modules&previous-version=5.5.0&new-version=5.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Also: use gqlgen directives to help the type auto-binding

Missing:
- namespace mutations
- adapt the webUI queries

This change renames references to the repository used to test the github
bridge from `git-bug-test-github-bridge` to `test-github-bridge`,
dropping the `git-bug` prefix as it is extraneous now that it is under
the `git-bug` organization.

Change-Id: I5795bd39cc3b2e81774c4d9676ae5cbabfba8f1c

This will be useful for Board, and likely code review support later

Closes: #1209
Change-Id: Id19d5013b04ef5c99a99d367bbf3d618b8be068b

The repository was recently moved to the git-bug organization on github.
This change refactors references to the repository to ensure that they
use the updated owner URI.

Closes: #1243
Change-Id: I799712354c6ba25cdd8b06286275850c52efe6ff

This change adds `delve`, the de facto debugger for go, to the
development shell..

Change-Id: I0bcda2b3569926dc16d8cbd653845f371ef33452

This change adds support for using the [Merge Queue][0] merge method.
This still needs to be enforced at the repository level.

[0]: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue

Change-Id: I4b464818c0cd82d1d56c4dd7f807f6cfc5dfa913

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/sync/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Change-Id: I02c6e1f183e4b6ee67c0a4d0dcb7c5fbeff361ac

Change-Id: Ic2ae23a886e9352b3b379f7e36c384a2d8956cea

This change refactors the automatic lifecycle management workflow that
uses the `stale-bot` action library, such that neither issues nor pull
requests will be closed.

An additional label of `lifecycle/rotten` has been added to indicate
issues or pull requests which have been inactive for 180 days or more.

Change-Id: Ia748552c91ada43b4a762879db469132131956f0

Bumps [github.com/vbauerster/mpb/v8](https://github.com/vbauerster/mpb) from 8.7.4 to 8.7.5.
- [Release notes](https://github.com/vbauerster/mpb/releases)
- [Commits](https://github.com/vbauerster/mpb/compare/v8.7.4...v8.7.5)

---
updated-dependencies:
- dependency-name: github.com/vbauerster/mpb/v8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

This reverts commit c67d75faaa432889caa4deafc7e58d4099fac2cd.

This change is just a simple run of `go get -u` followed by `go mod
tidy`.

Change-Id: Icb0e31b811efaafa95ef400d961ca413e63a0da4

commit 5eabe549e4f7fc98bbdf4e7b285cec00e5da4e99 refactored the workflows
so that they were orchestrated with reusable workflows. an unintended
side-effect of the rules that were created prevents the presubmit
pipeline from executing for pull requests made against this repository.

this change refactors this, so that the presubmit pipeline will _only_
run for pull requests against the default tree of this repository. we
explicitly remove the `on: push` event for it, in order to avoid overlap
that will occur for commits made in this repository that are also part
of a PR.

Change-Id: I56abc35c98cc40a06066952f2b6ed9194b1ab903

Signed-off-by: guoguangwu <guoguangwug@gmail.com>

chore: remove refs to deprecated io/ioutil

Signed-off-by: guoguangwu <guoguangwug@gmail.com>

This seems to be necessary in order to support the advanced
configuration.

Change-Id: Ia5303123b3dcc22f77cdde4d514b484f29c60ca6

Change-Id: Ic4809ab33cc9fd9e7e6e3e6eba1dd933e1ba585b

This change refactors the build, test, and benchmarking pipelines to a
`presubmit` and `trunk` parent workflow which invokes other reusable
workflows. This simplifies the deluge of pipelines that are executed,
allowing for better orchestration and reduced noise on failures (only
one email will be sent instead of several).

Closes: michaelmure/git-bug#1198
Change-Id: I52407c39366bb9fbfd8fc1455a4f4a1d94f04897

Removes [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). It's no longer used after updating ancestor dependency [@graphql-tools/prisma-loader](https://github.com/ardatan/graphql-tools/tree/HEAD/packages/loaders/prisma). These dependencies need to be updated together.


Removes `jsonwebtoken`

Updates `@graphql-tools/prisma-loader` from 7.2.24 to 7.2.72
- [Release notes](https://github.com/ardatan/graphql-tools/releases)
- [Changelog](https://github.com/ardatan/graphql-tools/blob/master/packages/loaders/prisma/CHANGELOG.md)
- [Commits](https://github.com/ardatan/graphql-tools/commits/@graphql-tools/prisma-loader@7.2.72/packages/loaders/prisma)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: indirect
- dependency-name: "@graphql-tools/prisma-loader"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](https://github.com/salesforce/tough-cookie/compare/v4.1.2...v4.1.3)

---
updated-dependencies:
- dependency-name: tough-cookie
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.106.0 to 0.107.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.106.0...v0.107.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [graphql](https://github.com/graphql/graphql-js) from 16.6.0 to 16.8.1.
- [Release notes](https://github.com/graphql/graphql-js/releases)
- [Commits](https://github.com/graphql/graphql-js/compare/v16.6.0...v16.8.1)

---
updated-dependencies:
- dependency-name: graphql
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [undici](https://github.com/nodejs/undici) from 5.11.0 to 5.28.4.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.11.0...v5.28.4)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.19.3 to 7.24.8.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.8/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/99designs/gqlgen](https://github.com/99designs/gqlgen) from 0.17.36 to 0.17.49.
- [Release notes](https://github.com/99designs/gqlgen/releases)
- [Changelog](https://github.com/99designs/gqlgen/blob/master/CHANGELOG.md)
- [Commits](https://github.com/99designs/gqlgen/compare/v0.17.36...v0.17.49)

---
updated-dependencies:
- dependency-name: github.com/99designs/gqlgen
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/dvsekhvalnov/jose2go](https://github.com/dvsekhvalnov/jose2go) from 1.5.0 to 1.6.0.
- [Commits](https://github.com/dvsekhvalnov/jose2go/compare/v1.5...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/dvsekhvalnov/jose2go
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v5.7.1...v5.7.2)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>