Skip to content

🩹[Patch]: Workflow improvements #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MariusStorhaug merged 8 commits into from
Jan 27, 2026
Merged

🩹[Patch]: Workflow improvements #106

MariusStorhaug merged 8 commits into from
Jan 27, 2026

Conversation

@MariusStorhaug
Copy link
Member

@MariusStorhaug MariusStorhaug commented Jan 22, 2026
edited
Loading

This release makes several updates to the project's GitHub workflows and configuration files, focusing on improving reliability, security, and maintainability. Key changes include pinning GitHub Action dependencies to specific commit hashes, updating workflow schedules and cooldowns, removing or replacing configuration files for release and linters, and updating references to scripts and modules for better consistency.

GitHub Actions and Workflow Improvements:

  • All workflows now pin the actions/checkout and other GitHub Actions to specific commit SHAs for improved security and reproducibility, and set persist-credentials: false to enhance security.
  • Updated the linter workflow to use a specific version of super-linter, and disabled certain validations for improved performance and compatibility.

Release Process Updates:

  • Removed the old Auto-Release.yml workflow and replaced it with a new Release.yml workflow that uses a different release action and is triggered on pull requests affecting release-relevant files.
  • Deleted the .github/release.yml configuration for auto-generated release notes, centralizing release configuration in the workflow.

Configuration and Scheduling Changes:

  • Changed the Dependabot update schedule from weekly to daily, and introduced a 7-day cooldown to avoid excessive update PRs.
  • Removed the .github/linters/.jscpd.json configuration file, likely because duplicate code detection is now disabled or managed elsewhere.

Script and Module Reference Updates:

  • Updated references in action.yml to use specific commit SHAs for external modules and changed script paths from scripts/main.ps1 to src/main.ps1 for consistency.

@MariusStorhaug MariusStorhaug requested a review from a team as a code owner January 22, 2026 18:19
Copilot AI review requested due to automatic review settings January 22, 2026 18:19
Copilot AI reviewed Jan 22, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to configure Dependabot to check for updates daily while implementing a 7-day cooldown period. However, the PR includes several changes beyond what's described in the title and description.

Changes:

  • Modified .github/dependabot.yml to use daily scheduling and attempted to add a cooldown configuration
  • Updated GitHub Actions to pinned versions with commit hashes (actions/checkout, super-linter/super-linter, PSModule/Auto-Release)
  • Deleted .github/release.yml file that configures automated release notes

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
.github/dependabot.yml Changed schedule from weekly to daily and added cooldown configuration (invalid option)
.github/workflows/Linter.yml Updated actions/checkout to v6.0.2 and super-linter to v8.3.2 with commit hash pinning
.github/workflows/Auto-Release.yml Updated actions/checkout to v6.0.2 and PSModule/Auto-Release to v1.9.5 with commit hash pinning
.github/workflows/Action-Test-outputs.yml Updated actions/checkout to v6.0.2 with commit hash pinning
.github/workflows/Action-Test-Src-WithManifest.yml Updated actions/checkout to v6.0.2 with commit hash pinning
.github/workflows/Action-Test-Src-Default.yml Updated actions/checkout to v6.0.2 with commit hash pinning
.github/release.yml Deleted release notes configuration file (not mentioned in PR description)
Comments suppressed due to low confidence (1)

.github/release.yml:1

  • The deletion of the .github/release.yml file is not mentioned in the PR description, which only references changes to .github/dependabot.yml. This file configures automatically generated release notes for GitHub releases. Its removal will affect how release notes are generated and categorized (breaking changes, new features, etc.). If this deletion is intentional, it should be documented in the PR description. If it's accidental, the file should be restored.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MariusStorhaug MariusStorhaug changed the title 🩹 Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch] Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch] Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown 🩹 [Patch] Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug changed the title 🩹 [Patch] Configure Dependabot for daily schedule with 7-day cooldown 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown Jan 22, 2026
@MariusStorhaug MariusStorhaug self-assigned this Jan 22, 2026
@MariusStorhaug
feat: Add GitHub Actions workflow for release automation
2bbf7b4 
- Created a new GitHub Actions workflow (`Release.yml`) to automate the release process on pull request events.
- Added a main script (`main.ps1`) to handle module name resolution and test path setup.
- Introduced configuration files for module and source code tests.
- Implemented test scripts for module and source code, including validation for module imports and manifest checks.
- Updated test configuration to enable detailed output and code coverage.
- Removed obsolete `SourceCode.Configuration.ps1` file from tests.
Copilot AI review requested due to automatic review settings January 25, 2026 20:32
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 25, 2026
View reviewed changes
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 16 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown 🩹 [Patch]: Standardize workflows with SHA pinning and daily Dependabot Jan 25, 2026
Copilot AI review requested due to automatic review settings January 25, 2026 21:01
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 17 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MariusStorhaug MariusStorhaug changed the title 🩹 [Patch]: Standardize workflows with SHA pinning and daily Dependabot 🩹[Patch]: Configure Dependabot and rename Auto-Release to Release-GHRepository Jan 25, 2026
Copilot AI review requested due to automatic review settings January 25, 2026 21:44
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 10 out of 17 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 27, 2026
View reviewed changes
@MariusStorhaug MariusStorhaug changed the title 🩹[Patch]: Configure Dependabot and rename Auto-Release to Release-GHRepository 🩹[Patch]: Workflow improvements Jan 27, 2026
@MariusStorhaug MariusStorhaug merged commit d4d6d1d into main Jan 27, 2026
26 checks passed
@MariusStorhaug MariusStorhaug deleted the dependabot-daily-cooldown branch January 27, 2026 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@MariusStorhaug MariusStorhaug

Labels

Patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MariusStorhaug