Skip to content

🩹[Patch]: Configure Dependabot and rename Auto-Release to Release-GHRepository #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MariusStorhaug wants to merge 7 commits into
base: main
Choose a base branch
from
Open

🩹[Patch]: Configure Dependabot and rename Auto-Release to Release-GHRepository #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
4f65a03
Configure Dependabot for daily schedule with 7-day cooldown
MariusStorhaug Jan 22, 2026
4fc5705
🩹 [Patch]: Update action dependencies to specific versions for stability
MariusStorhaug Jan 22, 2026
2bbf7b4
feat: Add GitHub Actions workflow for release automation
MariusStorhaug Jan 25, 2026
f093fb0
fix: Add persist-credentials: false to checkout actions
MariusStorhaug Jan 25, 2026
b005a9a
Disable JSCPD linter and remove configuration file
MariusStorhaug Jan 25, 2026
e9a6a49
Rename Auto-Release to Release-GHRepository
MariusStorhaug Jan 25, 2026
7d1be2f
Fix version comment to use patch level
MariusStorhaug Jan 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,6 @@ updates:
- dependencies
- github-actions
schedule:
interval: weekly
interval: daily
cooldown:
default-days: 7
Comment on lines +15 to +16
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cooldown configuration option does not exist in GitHub's Dependabot configuration schema. According to GitHub's documentation (as of my knowledge cutoff in January 2025), Dependabot supports options like schedule, open-pull-requests-limit, target-branch, reviewers, assignees, labels, milestone, versioning-strategy, commit-message, rebase-strategy, ignore, allow, insecure-external-code-execution, registries, and groups, but not cooldown. This configuration will likely be ignored or cause Dependabot to fail validation. If you want to delay updates, you should use the schedule option with interval: weekly or use the ignore option with update-types to skip certain updates temporarily.

Suggested change
cooldown:
default-days: 7

Copilot uses AI. Check for mistakes.
11 changes: 0 additions & 11 deletions .github/linters/.jscpd.json
View file
Open in desktop

This file was deleted.

18 changes: 0 additions & 18 deletions .github/release.yml
View file
Open in desktop

This file was deleted.

4 changes: 3 additions & 1 deletion .github/workflows/Action-Test-Src-Default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,9 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repo
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Action-Test
uses: ./
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/Action-Test-Src-WithManifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,9 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repo
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Action-Test
uses: ./
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/Action-Test-outputs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,9 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repo
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Action-Test
uses: ./
Expand Down
34 changes: 0 additions & 34 deletions .github/workflows/Auto-Release.yml
View file
Open in desktop

This file was deleted.

7 changes: 5 additions & 2 deletions .github/workflows/Linter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The updates to GitHub Actions (actions/checkout, super-linter/super-linter, PSModule/Auto-Release) are not mentioned in the PR description. The PR description states only changes to the Dependabot configuration schedule and cooldown settings. These action updates appear to be actual dependency updates that should either be in a separate PR or explicitly mentioned in the description if they're part of demonstrating the new Dependabot configuration.

Copilot uses AI. Check for mistakes.
with:
fetch-depth: 0
persist-credentials: false

- name: Lint code base
uses: super-linter/super-linter@latest
uses: super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 # v8.3.2
env:
GITHUB_TOKEN: ${{ github.token }}
VALIDATE_BIOME_FORMAT: false
VALIDATE_JSCPD: false
VALIDATE_JSON_PRETTIER: false
VALIDATE_MARKDOWN_PRETTIER: false
VALIDATE_YAML_PRETTIER: false
39 changes: 39 additions & 0 deletions .github/workflows/Release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Release

run-name: "Release - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}"

on:
Comment on lines +1 to +5
Copy link

Copilot AI Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR description focuses on Dependabot + renaming the release action, but this PR also adds a new internal test harness under src/ and removes .github/release.yml / .github/linters/.jscpd.json. Please update the PR description to reflect these additional changes (or split them) so reviewers know what's being shipped.

Copilot uses AI. Check for mistakes.
pull_request:
branches:
- main
types:
- closed
- opened
- reopened
- synchronize
- labeled
paths:
- 'action.yml'
- 'src/**'

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: write
pull-requests: write

jobs:
Release:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Release
uses: PSModule/Release-GHRepository@88c70461c8f16cc09682005bcf3b7fca4dd8dc1a # v2.0.1
with:
IncrementalPrerelease: false
6 changes: 3 additions & 3 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,7 @@
using: composite
steps:
- name: Install-PSModuleHelpers
uses: PSModule/Install-PSModuleHelpers@v1
uses: PSModule/Install-PSModuleHelpers@d60d63e4be477d1ca0c67c6085101fb109bce8f1 # v1.0.6

- name: Get test paths
shell: pwsh
Expand All @@ -278,10 +278,10 @@
PSMODULE_TEST_PSMODULE_INPUT_Settings: ${{ inputs.Settings }}
run: |
# Get test paths
${{ github.action_path }}/scripts/main.ps1
${{ github.action_path }}/src/main.ps1

Check warning

Code scanning / CodeQL

Code injection Medium

Potential code injection in
${ github.action_path }
Loading
, which may be controlled by an external user.

Copilot Autofix

AI about 15 hours ago

In general, to fix this class of problem in GitHub Actions, you assign the expression (${{ ... }}) to an environment variable in env: and then reference that variable using the shell’s native syntax inside the run: block. This prevents accidental interpretation of expression output as shell code and aligns with GitHub’s secure usage guidance.

Here, we should define an environment variable (for example ACTION_PATH) set to ${{ github.action_path }} in the Get test paths step, and then change the PowerShell script so it uses $env:ACTION_PATH instead of interpolating ${{ github.action_path }} directly. Concretely, in action.yml around line 276–282, add an ACTION_PATH entry under env: and modify the run: script line from ${{ github.action_path }}/src/main.ps1 to $env:ACTION_PATH/src/main.ps1. No other behavior changes: it still points to the same path; we just route the value through an environment variable and access it with PowerShell syntax.

Suggested changeset 1
action.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/action.yml b/action.yml
--- a/action.yml
+++ b/action.yml
@@ -276,9 +276,10 @@
       env:
         PSMODULE_TEST_PSMODULE_INPUT_Name: ${{ inputs.Name }}
         PSMODULE_TEST_PSMODULE_INPUT_Settings: ${{ inputs.Settings }}
+        ACTION_PATH: ${{ github.action_path }}
       run: |
         # Get test paths
-        ${{ github.action_path }}/src/main.ps1
+        $env:ACTION_PATH/src/main.ps1
 
     - name: Invoke-Pester
       uses: PSModule/Invoke-Pester@882994cbe1ff07c3fc8afdac52404c940f99b331 # v4.2.2
EOF
@@ -276,9 +276,10 @@
env:
PSMODULE_TEST_PSMODULE_INPUT_Name: ${{ inputs.Name }}
PSMODULE_TEST_PSMODULE_INPUT_Settings: ${{ inputs.Settings }}
ACTION_PATH: ${{ github.action_path }}
run: |
# Get test paths
${{ github.action_path }}/src/main.ps1
$env:ACTION_PATH/src/main.ps1

- name: Invoke-Pester
uses: PSModule/Invoke-Pester@882994cbe1ff07c3fc8afdac52404c940f99b331 # v4.2.2
Copilot is powered by AI and may make mistakes. Always verify output.
Comment on lines 279 to 282
Copy link

Copilot AI Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description focuses on workflow pinning/Dependabot/release config, but this PR also adds a new action entrypoint script (src/main.ps1) and a new Pester test suite/config under src/tests/**. Please update the PR description (or split the PR) so reviewers understand the additional functional changes to the action.

Copilot uses AI. Check for mistakes.
- name: Invoke-Pester
uses: PSModule/Invoke-Pester@v4
uses: PSModule/Invoke-Pester@882994cbe1ff07c3fc8afdac52404c940f99b331 # v4.2.2
id: test
env:
LocalTestPath: ${{ steps.paths.outputs.LocalTestPath }}
Expand Down
0 scripts/main.ps1 → src/main.ps1
View file
Open in desktop
File renamed without changes.
0 ...pts/tests/Module/Module.Configuration.ps1 → src/tests/Module/Module.Configuration.ps1
View file
Open in desktop
File renamed without changes.
0 ...ts/Module/PSModule/PSModule.Container.ps1 → ...ts/Module/PSModule/PSModule.Container.ps1
View file
Open in desktop
File renamed without changes.
0 .../tests/Module/PSModule/PSModule.Tests.ps1 → src/tests/Module/PSModule/PSModule.Tests.ps1
View file
Open in desktop
File renamed without changes.
0 ...ourceCode/PSModule/PSModule.Container.ps1 → ...ourceCode/PSModule/PSModule.Container.ps1
View file
Open in desktop
File renamed without changes.
0 ...ts/SourceCode/PSModule/PSModule.Tests.ps1 → ...ts/SourceCode/PSModule/PSModule.Tests.ps1
View file
Open in desktop
File renamed without changes.
0 ...s/SourceCode/SourceCode.Configuration.ps1 → ...s/SourceCode/SourceCode.Configuration.ps1
View file
Open in desktop
File renamed without changes.