Convert release-branches.py and update-required-checks.sh to TypeScript

[mbg]

Converts release-branches.py and update-required-checks.sh to TypeScript, similarly to what we have done for sync.py and sync_back.py recently.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Environments:

• Testing/None - This change does not impact any CodeQL workflows in production.

How did/will you validate this change?

• Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
• End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Development/testing only - This change cannot cause any failures in production.

How will you know if something goes wrong after this change is released?

• Other - Please provide details.

Are there any special considerations for merging or releasing this change?

• No special considerations - This change can be merged at any time.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull request overview

This PR migrates internal release/maintenance scripts from Python/Shell to TypeScript under pr-checks, aligning with the recent TS conversions in the same area of the repo.

Changes:

• Add TypeScript equivalents for release-branch backport targeting and required-checks syncing (pr-checks/release-branches.ts, pr-checks/sync-checks.ts) plus unit tests.
• Introduce shared config (pr-checks/config.ts) and an exclusions YAML for required-check filtering.
• Update release composite actions and docs to invoke the new TS script and reference the new config location.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
pr-checks/sync-checks.ts	New TS script to compute/apply required checks and exclude configured checks.
pr-checks/sync-checks.test.ts	Unit tests for exclusion filtering logic.
pr-checks/release-branches.ts	New TS script to compute backport source/target branches and set outputs.
pr-checks/release-branches.test.ts	Unit tests for backport branch computation.
pr-checks/config.ts	New constant for oldest supported major version used by TS scripts.
pr-checks/excluded.yml	New configuration file for required-check exclusions.
pr-checks/package.json	Add devDependencies needed for the new TS scripts.
package-lock.json	Lockfile updates for the new pr-checks devDependencies.
CONTRIBUTING.md	Documentation update to point to pr-checks/config.ts for OLDEST_SUPPORTED_MAJOR_VERSION.
.github/actions/release-initialise/action.yml	Add Node setup to support running TS tooling during release workflows.
.github/actions/release-branches/action.yml	Switch from Python script invocation to npx tsx running the TS script.

Comments suppressed due to low confidence (1)

pr-checks/sync-checks.test.ts:51

• These assertions use Array.prototype.includes with freshly-created objects from toCheckInfo(...). Because includes checks referential equality for objects, these checks will always pass even if the item is present, making the test ineffective. Compare on a stable key (e.g., .some(c => c.context === ...)) or assert the retained contexts instead.

    assert.equal(retained.length, 2);
    assert.ok(!retained.includes(toCheckInfo("https://example.com")));
    assert.ok(!retained.includes(toCheckInfo("PR Check - Foo")));
  });

[Copilot]

Pull request overview

This PR migrates internal release/PR-check maintenance scripts from Python/bash to TypeScript under pr-checks, and updates the release automation to run the new TS implementations.

Changes:

• Added TypeScript implementations + unit tests for release-branch backport targeting and required-checks syncing logic.
• Introduced shared pr-checks/config.ts and an excluded.yml config for filtering required checks.
• Updated release composite actions and ESLint config to support running/linting the new pr-checks TypeScript code.

Reviewed changes

Copilot reviewed 23 out of 24 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
pr-checks/sync-checks.ts	New TS script to compute/apply required checks from check-runs API + exclusions.
pr-checks/sync-checks.test.ts	Unit tests for removeExcluded.
pr-checks/release-branches.ts	New TS logic to compute backport source/targets for releases.
pr-checks/release-branches.test.ts	Unit tests for computeBackportBranches.
pr-checks/package.json	Adds dependencies needed to run the new TS scripts in the pr-checks workspace.
pr-checks/excluded.yml	Centralized config of check names/patterns to exclude from required checks.
pr-checks/config.ts	New shared config (including OLDEST_SUPPORTED_MAJOR_VERSION).
package-lock.json	Lockfile updates for the added pr-checks dependencies.
eslint.config.mjs	ESLint updates to correctly resolve workspace deps and lint pr-checks TS using its tsconfig.
CONTRIBUTING.md	Documentation update pointing OLDEST_SUPPORTED_MAJOR_VERSION to pr-checks/config.ts.
.github/actions/release-initialise/action.yml	Adds Node setup (Node 20 + npm cache) for release jobs.
.github/actions/release-branches/action.yml	Switches release-branch computation from Python to the new TS script (runs npm ci + npx tsx).
lib/upload-sarif-action.js	Generated bundle changes due to dependency graph adjustments.
lib/upload-sarif-action-post.js	Generated bundle changes due to dependency graph adjustments.
lib/upload-lib.js	Generated bundle changes due to dependency graph adjustments.
lib/start-proxy-action.js	Generated bundle changes due to dependency graph adjustments.
lib/start-proxy-action-post.js	Generated bundle changes due to dependency graph adjustments.
lib/setup-codeql-action.js	Generated bundle changes due to dependency graph adjustments.
lib/resolve-environment-action.js	Generated bundle changes due to dependency graph adjustments.
lib/init-action.js	Generated bundle changes due to dependency graph adjustments.
lib/init-action-post.js	Generated bundle changes due to dependency graph adjustments.
lib/autobuild-action.js	Generated bundle changes due to dependency graph adjustments.
lib/analyze-action.js	Generated bundle changes due to dependency graph adjustments.
lib/analyze-action-post.js	Generated bundle changes due to dependency graph adjustments.

[Copilot]

@octokit/plugin-paginate-rest is specified with an open-ended version range (>=9.2.2), while the other dependencies use bounded ranges (e.g. ^x.y.z). Using >= can allow unintended major upgrades when regenerating the lockfile, which can break the scripts. Consider pinning to a bounded range (e.g. ^14.0.0) and rely on the root overrides/Dependabot for security bumps.

Suggested change

	"@octokit/plugin-paginate-rest": ">=9.2.2",
	"@octokit/plugin-paginate-rest": "^9.2.2",

[Copilot]

Pull request overview

Copilot reviewed 26 out of 27 changed files in this pull request and generated 5 comments.