Skip to content

🩹[Patch]: Workflows improvements #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MariusStorhaug merged 9 commits into from
Jan 26, 2026
Merged

🩹[Patch]: Workflows improvements #11

MariusStorhaug merged 9 commits into from
Jan 26, 2026

Conversation

@MariusStorhaug
Copy link
Member

@MariusStorhaug MariusStorhaug commented Jan 22, 2026
edited
Loading

This release primarily updates and improves the project's GitHub Actions workflows and configuration files. The changes focus on increasing security and maintainability by pinning action versions, updating release processes, and cleaning up unnecessary configuration files. There are also minor documentation and description corrections.

GitHub Actions and Workflow Improvements:

  • Updated all GitHub Actions in workflow files (such as Action-Test.yml and Linter.yml) to use pinned commit SHAs instead of floating version tags, improving security and reproducibility. Also set persist-credentials: false for checkout steps to reduce risk.
  • Replaced the deprecated .github/workflows/Auto-Release.yml with a new .github/workflows/Release.yml workflow that triggers on pull requests to main and uses the PSModule/Release-GHRepository action, ensuring a more robust and targeted release process.
  • Updated the schedule for Dependabot updates from weekly to daily and introduced a cooldown period to better manage dependency update frequency.

Configuration and Linting:

  • Removed the .github/linters/.jscpd.json configuration file and disabled JSCPD validation in the linter workflow, simplifying the linting setup.
  • Updated linter workflow to use a pinned version of super-linter and disabled certain validations for more control and consistency.

Release and Documentation Updates:

  • Removed the .github/release.yml configuration for automatic release note categorization, streamlining release management.
  • Fixed a typo in the description field of action.yml and updated script paths and action versions for better clarity and maintainability.

Copilot AI review requested due to automatic review settings January 22, 2026 18:17
Copilot AI reviewed Jan 22, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates GitHub Actions workflows to pin actions to specific commit SHAs and adjusts Dependabot’s configuration to run daily with a 7‑day cooldown for GitHub Actions updates.

Changes:

  • Pin actions/checkout and super-linter/super-linter in the linter workflow to specific commit SHAs with version comments.
  • Pin actions/checkout and PSModule/Auto-Release in the auto-release workflow to specific commit SHAs with version comments.
  • Pin actions/checkout and actions/upload-artifact in the action test workflow to specific commit SHAs with version comments.
  • Remove .github/release.yml (GitHub’s auto-generated release notes configuration).
  • Update .github/dependabot.yml to use a daily schedule and add a cooldown block with default-days: 7 for the github-actions ecosystem.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
.github/workflows/Linter.yml Pins checkout and super-linter actions to specific commit SHAs to improve reproducibility and align with Dependabot-managed actions.
.github/workflows/Auto-Release.yml Pins checkout and Auto-Release actions to specific commit SHAs for more controlled updates.
.github/workflows/Action-Test.yml Pins checkout and upload-artifact actions to specific commit SHAs, including a major-version bump for upload-artifact.
.github/release.yml Removes the configuration for GitHub’s automatically generated release notes, reverting behavior to GitHub defaults.
.github/dependabot.yml Switches Dependabot GitHub Actions updates to a daily interval and adds a 7‑day cooldown configuration.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MariusStorhaug MariusStorhaug changed the title 🩹 Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch] Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch] Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown 🩹 [Patch] Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹 [Patch] Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug self-assigned this Jan 22, 2026
Copilot AI review requested due to automatic review settings January 25, 2026 17:33
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings January 25, 2026 20:45
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 8 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown 🩹 [Patch]: Standardize workflows with SHA pinning and daily Dependabot Jan 25, 2026
Copilot AI review requested due to automatic review settings January 25, 2026 21:31
@MariusStorhaug MariusStorhaug changed the title 🩹 [Patch]: Standardize workflows with SHA pinning and daily Dependabot 🩹[Patch]: Configure Dependabot and rename Auto-Release to Release-GHRepository Jan 25, 2026
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 9 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings January 25, 2026 22:05
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 9 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Configure Dependabot and rename Auto-Release to Release-GHRepository 🩹[Patch]: Workflows improvements Jan 26, 2026
@MariusStorhaug MariusStorhaug merged commit 6163879 into main Jan 26, 2026
26 checks passed
@MariusStorhaug MariusStorhaug deleted the dependabot-daily-cooldown branch January 26, 2026 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@MariusStorhaug MariusStorhaug

Labels

Patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MariusStorhaug