From e171163bf08c81b431834732c85e2364515cb321 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Fri, 7 Mar 2025 22:39:01 +0100 Subject: [PATCH 1/5] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Remove=20GITHUB?= =?UTF-8?q?=5FTOKEN=20environment=20variable=20from=20Auto-Release=20(#35)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description This pull request includes a small change to the `.github/workflows/Auto-Release.yml` file. The change removes the `env` section which contained the `GITHUB_TOKEN` used for GitHub CLI authentication. * [`.github/workflows/Auto-Release.yml`](diffhunk://#diff-d3f6900ee5159d4bc4ba6d893e2dd8443c2691b0490d7351cffbd7a37ed8d95aL33-L34): Removed the `env` section with the `GITHUB_TOKEN` used for GitHub CLI authentication. ## Type of change - [ ] 📖 [Docs] - [ ] 🪲 [Fix] - [x] 🩹 [Patch] - [ ] ⚠️ [Security fix] - [ ] 🚀 [Feature] - [ ] 🌟 [Breaking change] ## Checklist - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas --- .github/workflows/Auto-Release.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml index ec157c9..680da5c 100644 --- a/.github/workflows/Auto-Release.yml +++ b/.github/workflows/Auto-Release.yml @@ -30,7 +30,5 @@ jobs: - name: Auto-Release uses: PSModule/Auto-Release@v1 - env: - GITHUB_TOKEN: ${{ github.token }} # Used for GitHub CLI authentication with: IncrementalPrerelease: false From 9c8923892169d017c2d937b82d1967bed1685e0d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 23:03:11 +0200 Subject: [PATCH 2/5] Bump actions/checkout from 4 to 5 (#36) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/Action-Test.yml | 2 +- .github/workflows/Auto-Release.yml | 2 +- .github/workflows/Linter.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index f228b0d..fd90333 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -24,7 +24,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Action-Test uses: ./ diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml index 680da5c..50a5a41 100644 --- a/.github/workflows/Auto-Release.yml +++ b/.github/workflows/Auto-Release.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Auto-Release uses: PSModule/Auto-Release@v1 diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 1f677cb..94f34b0 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 From 1cf7fcdb49fb6b8fbb4cbd8f59739a7b033c8f89 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 5 Oct 2025 12:23:50 +0200 Subject: [PATCH 3/5] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Update=20Dependab?= =?UTF-8?q?ot=20configuration=20to=20include=20labels=20for=20GitHub=20Act?= =?UTF-8?q?ions=20(#37)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description This pull request makes a small configuration improvement to the Dependabot settings. Dependabot will now automatically apply the `dependencies` and `github-actions` labels to its pull requests for GitHub Actions updates. * Added `dependencies` and `github-actions` labels to Dependabot PRs for GitHub Actions updates in `.github/dependabot.yml`. --- .github/dependabot.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f57e1e9..53188fe 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,5 +7,8 @@ version: 2 updates: - package-ecosystem: github-actions # See documentation for possible values directory: / # Location of package manifests + labels: + - dependencies + - github-actions schedule: interval: weekly From 0629f92709cf348cd074f95709fb0a20945e0bb0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 11:19:09 +0100 Subject: [PATCH 4/5] Bump actions/checkout from 5 to 6 (#38) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

V5.0.1

V5.0.0

V4.3.1

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/Action-Test.yml | 2 +- .github/workflows/Auto-Release.yml | 2 +- .github/workflows/Linter.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index fd90333..081bf6d 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -24,7 +24,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout repo - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Action-Test uses: ./ diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml index 50a5a41..976b40c 100644 --- a/.github/workflows/Auto-Release.yml +++ b/.github/workflows/Auto-Release.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Auto-Release uses: PSModule/Auto-Release@v1 diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 94f34b0..1962629 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 From 26f53025a2f2e4a8102bfa9a398134142a5173f7 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Tue, 27 Jan 2026 00:18:21 +0100 Subject: [PATCH 5/5] =?UTF-8?q?=F0=9F=A9=B9[Patch]:=20Workflow=20improveme?= =?UTF-8?q?nts=20(#39)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This release makes several updates to the GitHub Actions configuration, focusing on improving workflow reliability, release management, and linter settings. It also removes obsolete configuration files and fixes minor documentation errors. The most important changes are grouped below: **Release and Workflow Improvements:** * Added a new `Release.yml` workflow that triggers on relevant pull request events and uses the `PSModule/Release-GHRepository` action for managing releases, replacing the previous `Auto-Release.yml` workflow, which has been removed. This change also introduces path-based filtering to only trigger releases for changes to `action.yml` and `src/**`. * Updated the `Action-Test.yml` and `Linter.yml` workflows to use pinned versions of actions (by commit SHA) for improved security and reliability, and set `persist-credentials: false` during checkout. * Updated the linter step to use a specific version of `super-linter` and disabled certain validations for performance and relevance. **Dependency and Automation Configuration:** * Changed the Dependabot update schedule from weekly to daily and introduced a cooldown period to reduce noise from frequent updates. **Code and Documentation Clean-up:** * Removed the `.jscpd.json` linter configuration file and the `.github/release.yml` release notes configuration, streamlining configuration management. * Fixed typos and improved naming consistency in `README.md`. * Updated references in `action.yml` to use pinned action versions and corrected the script path from `scripts/main.ps1` to `src/main.ps1`. --- .github/dependabot.yml | 4 ++- .github/linters/.jscpd.json | 10 -------- .github/release.yml | 18 -------------- .github/workflows/Action-Test.yml | 4 ++- .github/workflows/Auto-Release.yml | 34 -------------------------- .github/workflows/Linter.yml | 7 ++++-- .github/workflows/Release.yml | 39 ++++++++++++++++++++++++++++++ README.md | 6 ++--- action.yml | 4 +-- {scripts => src}/main.ps1 | 0 10 files changed, 55 insertions(+), 71 deletions(-) delete mode 100644 .github/linters/.jscpd.json delete mode 100644 .github/release.yml delete mode 100644 .github/workflows/Auto-Release.yml create mode 100644 .github/workflows/Release.yml rename {scripts => src}/main.ps1 (100%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 53188fe..0da2fac 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,4 +11,6 @@ updates: - dependencies - github-actions schedule: - interval: weekly + interval: daily + cooldown: + default-days: 7 diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json deleted file mode 100644 index 23970e8..0000000 --- a/.github/linters/.jscpd.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "threshold": 0, - "reporters": [ - "consoleFull" - ], - "ignore": [ - "**/tests/**" - ], - "absolute": true -} diff --git a/.github/release.yml b/.github/release.yml deleted file mode 100644 index 35c6ae8..0000000 --- a/.github/release.yml +++ /dev/null @@ -1,18 +0,0 @@ -# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes - -changelog: - exclude: - labels: - - NoRelease - categories: - - title: 🌟 Breaking Changes - labels: - - Major - - Breaking - - title: 🚀 New Features - labels: - - Minor - - Feature - - title: Other Changes - labels: - - '*' diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 081bf6d..2878be7 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -24,7 +24,9 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Action-Test uses: ./ diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml deleted file mode 100644 index 976b40c..0000000 --- a/.github/workflows/Auto-Release.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Auto-Release - -run-name: "Auto-Release - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}" - -on: - pull_request_target: - branches: - - main - types: - - closed - - opened - - reopened - - synchronize - - labeled - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -permissions: - contents: write - pull-requests: write - -jobs: - Auto-Release: - runs-on: ubuntu-latest - steps: - - name: Checkout Code - uses: actions/checkout@v6 - - - name: Auto-Release - uses: PSModule/Auto-Release@v1 - with: - IncrementalPrerelease: false diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 1962629..3a07190 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -19,14 +19,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + persist-credentials: false - name: Lint code base - uses: super-linter/super-linter@latest + uses: super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 # v8.3.2 env: GITHUB_TOKEN: ${{ github.token }} + VALIDATE_BIOME_FORMAT: false + VALIDATE_JSCPD: false VALIDATE_JSON_PRETTIER: false VALIDATE_MARKDOWN_PRETTIER: false VALIDATE_YAML_PRETTIER: false diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml new file mode 100644 index 0000000..15ea61e --- /dev/null +++ b/.github/workflows/Release.yml @@ -0,0 +1,39 @@ +name: Release + +run-name: "Release - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}" + +on: + pull_request: + branches: + - main + types: + - closed + - opened + - reopened + - synchronize + - labeled + paths: + - 'action.yml' + - 'src/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: write + pull-requests: write + +jobs: + Release: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Release + uses: PSModule/Release-GHRepository@88c70461c8f16cc09682005bcf3b7fca4dd8dc1a # v2.0.1 + with: + IncrementalPrerelease: false diff --git a/README.md b/README.md index e08a0b0..268dc04 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,11 @@ This GitHub Action is a part of the [PSModule framework](https://github.com/PSMo ## Specifications and practices -Initiate-PSModule follows: +Initialize-PSModule follows: - [SemVer 2.0.0 specifications](https://semver.org) - [GitHub Flow specifications](https://docs.github.com/en/get-started/using-github/github-flow) -- [Continiuous Delivery practices](https://en.wikipedia.org/wiki/Continuous_delivery) +- [Continuous Delivery practices](https://en.wikipedia.org/wiki/Continuous_delivery) ... and supports the following practices in the PSModule framework: @@ -40,7 +40,7 @@ The Initialize-PSModule action will prepare the runner for the PSModule framewor | `Verbose` | Enable verbose output. | `false` | `'false'` | | `Version` | Specifies the version of the GitHub module to be installed. The value must be an exact version. | `false` | | | `Prerelease` | Allow prerelease versions if available. | `false` | `'false'` | -| `WorkingDirectory` | The working directory where the script runs. | `false` | `${{ github.workspace }}` | +| `WorkingDirectory` | The working directory where the script runs. | `false` | `${{ github.workspace }}` | ## Example diff --git a/action.yml b/action.yml index aac4d86..031f043 100644 --- a/action.yml +++ b/action.yml @@ -30,7 +30,7 @@ runs: using: composite steps: - name: Initialize-PSModule - uses: PSModule/GitHub-Script@v1 + uses: PSModule/GitHub-Script@0097f3bbe3f413f3b577b9bcc600727b0ca3201a # v1.7.10 with: Debug: ${{ inputs.Debug }} Prerelease: ${{ inputs.Prerelease }} @@ -39,4 +39,4 @@ runs: WorkingDirectory: ${{ inputs.WorkingDirectory }} Script: | # Initialize-PSModule - ${{ github.action_path }}/scripts/main.ps1 + ${{ github.action_path }}/src/main.ps1 diff --git a/scripts/main.ps1 b/src/main.ps1 similarity index 100% rename from scripts/main.ps1 rename to src/main.ps1