From 2567f0ae8bff0939b083ec6b912585d42e7ba81a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julian=20T=C3=B6lle?= <julian.toelle97@gmail.com>
Date: Sun, 25 Aug 2024 17:16:43 +0200
Subject: [PATCH 1/2] ci: run on pr updates from main branch (#30)

With `pull_request`, we run in the context of the pull request branch.

- This means we run with the code from the PR branch, possibly breaking
  the current release PR for this repo with in-progress, unreviewed changes.
- This means that the secret is not available on Pull Requests from
  forks.

Switching to `pull_request_target` means we always run in the scope of
the original repository. The secret is available and the code is checked
out from our main branch.

`pull_request_target` has security considerations, but they do not apply
here as we do not check out or run code from the (external, malicious) PR.
---
 .github/workflows/releaser-pleaser.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/releaser-pleaser.yaml b/.github/workflows/releaser-pleaser.yaml
index 0406d41..ff1c0fa 100644
--- a/.github/workflows/releaser-pleaser.yaml
+++ b/.github/workflows/releaser-pleaser.yaml
@@ -3,8 +3,8 @@ name: releaser-pleaser
 on:
   push:
     branches: [main]
-  # TODO: use pull_request_target to avoid tainting the actual release PR with code from open feature pull requests
-  pull_request:
+  # Using pull_request_target to avoid tainting the actual release PR with code from open feature pull requests
+  pull_request_target:
     types:
       - edited
       - labeled
@@ -14,10 +14,13 @@ permissions: {}
 
 jobs:
   releaser-pleaser:
+    # TODO: if: push or pull_request.closed
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: main
 
       - name: Set up Go
         uses: actions/setup-go@v5

From 0190e46c7296465e08fb29c33a912a6cf5b38af9 Mon Sep 17 00:00:00 2001
From: releaser-pleaser <>
Date: Sun, 25 Aug 2024 15:17:52 +0000
Subject: [PATCH 2/2] chore(main): release v0.2.0

---
 CHANGELOG.md | 12 ++++++++++++
 action.yml   |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f3e7084..e26396b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Changelog
 
+## [v0.2.0](https://github.com/apricote/releaser-pleaser/releases/tag/v0.2.0)
+### Features
+
+- update version references in any files (#14)
+- **cli**: add --version flag (#29)
+
+### Bug Fixes
+
+- **ci**: building release image fails (#21)
+- **ci**: ko pipeline permissions (#23)
+- **action**: invalid quoting for extra-files arg (#25)
+
 ## [v0.2.0-beta.2](https://github.com/apricote/releaser-pleaser/releases/tag/v0.2.0-beta.2)
 ### Features
 
diff --git a/action.yml b/action.yml
index 2033394..cbba8d5 100644
--- a/action.yml
+++ b/action.yml
@@ -19,7 +19,7 @@ inputs:
 outputs: {}
 runs:
   using: 'docker'
-  image: ghcr.io/apricote/releaser-pleaser:v0.2.0-beta.2 # x-releaser-pleaser-version
+  image: ghcr.io/apricote/releaser-pleaser:v0.2.0 # x-releaser-pleaser-version
   args:
     - run
     - --forge=github