🩹[Patch]: Workflow improvements (#18)
This release primarily updates and improves the workflows, focusing on enhanced security, reliability, and maintainability. Key changes include pinning all GitHub Action dependencies to specific commit SHAs, updating and renaming the release workflow, removing unused linter configuration, and refining scheduling and validation settings.
Workflow and Dependency Management Improvements:
- All GitHub Actions in workflow files (
Action-Test.yml,Linter.yml,Release.yml) are now pinned to specific commit SHAs for improved security and reproducibility. - The release workflow was renamed from
.github/workflows/Auto-Release.ymlto.github/workflows/Release.yml, with corresponding job and step name updates, and now uses thePSModule/Release-GHRepositoryaction instead ofPSModule/Auto-Release. - The release workflow now triggers on
pull_requestevents (instead ofpull_request_target), and is further scoped to only run when files inaction.ymlorsrc/**are changed.
Linter and Validation Configuration:
- The unused
.github/linters/.jscpd.jsonconfiguration file was removed, and JSCPD validation is now explicitly disabled in the linter workflow. - Additional linter validations (such as
VALIDATE_BIOME_FORMAT) are now disabled to streamline linting.
Scheduling and Workflow Behavior:
- Dependabot update checks are now scheduled to run daily (instead of weekly), with a 7-day cooldown between updates.
Other Improvements:
- Minor improvements to the
action.ymlmetadata, including a clearer description and updating the script path for the main PowerShell script.