From f15bbc9393869b38b59e23119cc7707b6558848d Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Tue, 10 Jun 2025 20:55:34 +0200
Subject: [PATCH 1/2] tools: edit commit-queue workflow file

PR-URL: https://github.com/nodejs/node-private/pull/1
---
 .github/workflows/commit-queue.yml | 37 +++++++++++++++---------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/commit-queue.yml b/.github/workflows/commit-queue.yml
index e9e151ba3d2..e6ee8b05d88 100644
--- a/.github/workflows/commit-queue.yml
+++ b/.github/workflows/commit-queue.yml
@@ -1,6 +1,6 @@
 # This action requires the following secrets to be set on the repository:
-#   GH_USER_NAME: GitHub user whose Jenkins and GitHub token are defined below
 #   GH_USER_TOKEN: GitHub user token, to be used by ncu and to push changes
+#   JENKINS_USER: GitHub user whose Jenkins token is defined below
 #   JENKINS_TOKEN: Jenkins token, to be used to check CI status
 
 name: Commit Queue
@@ -25,7 +25,7 @@ jobs:
   get_mergeable_prs:
     permissions:
       pull-requests: read
-    if: github.repository == 'nodejs/node'
+    if: github.repository == 'nodejs/node-auto-test'
     runs-on: ubuntu-latest
     outputs:
       numbers: ${{ steps.get_mergeable_prs.outputs.numbers }}
@@ -34,16 +34,16 @@ jobs:
         id: get_mergeable_prs
         run: |
           prs=$(gh pr list \
-                  --repo ${{ github.repository }} \
-                  --base ${{ github.ref_name }} \
+                  --repo "$GITHUB_REPOSITORY" \
+                  --base "$GITHUB_REF_NAME" \
                   --label 'commit-queue' \
                   --json 'number' \
                   --search "created:<=$(date --date="2 days ago"  +"%Y-%m-%dT%H:%M:%S%z") -label:blocked" \
                   -t '{{ range . }}{{ .number }} {{ end }}' \
                   --limit 100)
           fast_track_prs=$(gh pr list \
-                  --repo ${{ github.repository }} \
-                  --base ${{ github.ref_name }} \
+                  --repo "$GITHUB_REPOSITORY" \
+                  --base "$GITHUB_REF_NAME" \
                   --label 'commit-queue' \
                   --label 'fast-track' \
                   --search "-label:blocked" \
@@ -51,24 +51,24 @@ jobs:
                   -t '{{ range . }}{{ .number }} {{ end }}' \
                   --limit 100)
           numbers=$(echo $prs' '$fast_track_prs | jq -r -s 'unique | join(" ")')
-          echo "numbers=$numbers" >> $GITHUB_OUTPUT
+          echo "numbers=$numbers" >> "$GITHUB_OUTPUT"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   commitQueue:
     needs: get_mergeable_prs
     if: needs.get_mergeable_prs.outputs.numbers != ''
+    permissions:
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
-          # Needs the whole git history for ncu to work
-          # See https://github.com/nodejs/node-core-utils/pull/486
-          fetch-depth: 0
           # A personal token is required because pushing with GITHUB_TOKEN will
           # prevent commits from running CI after they land. It needs
           # to be set here because `checkout` configures GitHub authentication
           # for push as well.
-          token: ${{ secrets.GH_USER_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       # Install dependencies
       - name: Install Node.js
@@ -80,24 +80,23 @@ jobs:
 
       - name: Set variables
         run: |
-          echo "REPOSITORY=$(echo ${{ github.repository }} | cut -d/ -f2)" >> $GITHUB_ENV
-          echo "OWNER=${{ github.repository_owner }}" >> $GITHUB_ENV
+          echo "REPOSITORY=$(echo "$GITHUB_REPOSITORY" | cut -d/ -f2)" >> "$GITHUB_ENV"
 
       - name: Configure @node-core/utils
         run: |
-          ncu-config set branch ${GITHUB_REF_NAME}
+          ncu-config set branch "${GITHUB_REF_NAME}"
           ncu-config set upstream origin
           ncu-config set username "$USERNAME"
-          ncu-config set token "$GH_TOKEN"
+          ncu-config set token "$GITHUB_TOKEN"
           ncu-config set jenkins_token "$JENKINS_TOKEN"
           ncu-config set repo "${REPOSITORY}"
-          ncu-config set owner "${OWNER}"
+          ncu-config set owner "${GITHUB_REPOSITORY_OWNER}"
         env:
           USERNAME: ${{ secrets.JENKINS_USER }}
-          GH_TOKEN: ${{ secrets.GH_USER_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           JENKINS_TOKEN: ${{ secrets.JENKINS_TOKEN }}
 
       - name: Start the Commit Queue
-        run: ./tools/actions/commit-queue.sh ${{ env.OWNER }} ${{ env.REPOSITORY }} ${{ needs.get_mergeable_prs.outputs.numbers }}
+        run: ./tools/actions/commit-queue.sh "${GITHUB_REPOSITORY_OWNER}" "${REPOSITORY}" ${{ needs.get_mergeable_prs.outputs.numbers }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From d96d2e6c90c374b034e7422e18c72b8cb2cf6d9a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Dec 2025 18:07:19 +0000
Subject: [PATCH 2/2] meta: bump peter-evans/create-pull-request from 7.0.8 to
 7.0.9

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 7.0.9.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/271a8d0340265f705b14b6d32b9829c1cb33d45e...84ae59a2cdc2258d6fa0732dd66352dddae2a412)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/tools.yml     | 2 +-
 .github/workflows/update-v8.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml
index e6bb4cef52c..a2a5b056a8d 100644
--- a/.github/workflows/tools.yml
+++ b/.github/workflows/tools.yml
@@ -305,7 +305,7 @@ jobs:
         if: env.COMMIT_MSG == '' && (github.event_name == 'schedule' || inputs.id == 'all' || inputs.id == matrix.id)
         run: |
           echo "COMMIT_MSG=${{ matrix.subsystem }}: update ${{ matrix.id }} to ${{ env.NEW_VERSION }}" >> "$GITHUB_ENV"
-      - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e  # v7.0.8
+      - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412  # v7.0.9
         if: github.event_name == 'schedule' || inputs.id == 'all' || inputs.id == matrix.id
         # Creates a PR or update the Action's existing PR, or
         # no-op if the base branch is already up-to-date.
diff --git a/.github/workflows/update-v8.yml b/.github/workflows/update-v8.yml
index 0b290e41ada..b68c06039a3 100644
--- a/.github/workflows/update-v8.yml
+++ b/.github/workflows/update-v8.yml
@@ -45,7 +45,7 @@ jobs:
             cat temp-output
             tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
             rm temp-output
-      - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e  # v7.0.8
+      - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412  # v7.0.9
         # Creates a PR or update the Action's existing PR, or
         # no-op if the base branch is already up-to-date.
         with: