fb5a978260
fix(pr-lint): add token fallback, fix shellspec checksum ( #326 )
2025-10-31 15:09:46 +02:00
renovate[bot]
ca7fc1a5ff
chore(deps)!: update node (v22.21.0 → v24.11.0) ( #324 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-28 20:07:29 +02:00
42a40cfaf1
chore: update root readme, generation listing ( #322 )
...
* chore: update root readme, generation listing
* fix: grammar fix, example version from real date to example
* chore: add docstrings to `chore/update` (#323 )
Docstrings generation was requested by @ivuorinen .
* https://github.com/ivuorinen/actions/pull/322#issuecomment-3457571306
The following files were modified:
* `generate_listing.cjs`
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2025-10-28 19:18:26 +02:00
b06748cbef
fix(set-git-config): remove credentials cleaning, it's automatic ( #321 )
2025-10-28 18:35:58 +02:00
cbbb0c8b8c
fix: node-setup caching, validate-inputs optional_inputs type ( #320 )
...
* fix: node-setup caching, validate-inputs optional_inputs type
* test(validate-inputs): dict optional_inputs backward compatibility
Verify that legacy dict format for optional_inputs correctly generates
conventions from dict keys. Updates existing test to expect list type
for optional_inputs default.
2025-10-27 23:56:17 +02:00
renovate[bot]
1a8997715c
chore(deps)!: update actions/upload-artifact (v4.6.2 → v5.0.0) ( #316 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-27 14:15:31 +02:00
renovate[bot]
f50ab425b8
chore(deps)!: update actions/github-script (v7.1.0 → v8.0.0) ( #315 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-27 12:07:05 +02:00
github-actions[bot]
41b1778849
chore: update action references to v2025 ( 0fa9a68f07) ( #319 )
...
This commit updates all internal action references to point to the latest v2025 tag SHA.
2025-10-27 12:03:38 +02:00
renovate[bot]
bbb05559e6
chore(deps): update actions/github-script action (v7.0.1 → v7.1.0) ( #313 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-27 11:58:55 +02:00
renovate[bot]
7c18e12b06
chore(deps): update github/codeql-action action (v4.30.9 → v4.31.0) ( #318 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-27 09:11:49 +02:00
renovate[bot]
88053f4197
chore(deps): update pre-commit hook renovatebot/pre-commit-hooks (41.149.2 → 41.159.4) ( #306 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-26 22:49:50 +00:00
renovate[bot]
ee9a4877e8
chore(deps)!: update actions/download-artifact (v5.0.0 → v6.0.0) ( #314 )
2025-10-27 00:46:39 +02:00
renovate[bot]
c32f2813f0
chore(deps): update peter-evans/create-pull-request action (v7.0.5 → v7.0.8) ( #310 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-26 22:12:35 +00:00
renovate[bot]
e416c272b5
chore(deps): update astral-sh/setup-uv action (v7.1.1 → v7.1.2) ( #317 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-27 00:06:21 +02:00
74968d942f
chore: update action references for release v2025.10.26 ( #312 )
...
This commit updates all internal action references to point to the current
commit SHA in preparation for release v2025.10.26.
2025-10-27 00:00:02 +02:00
e2222afff1
fix(validate-inputs): add logic to skip undefined empty ( #311 )
...
* fix(validate-inputs): add logic to skip undefined empty
* chore: code review comments
2025-10-26 23:52:47 +02:00
Copilot
81f54fda92
feat: standardize validate-inputs parameter to action-type ( #309 )
2025-10-25 18:14:42 +03:00
a09e59aa7c
fix: test-actions security scan ( #307 )
2025-10-24 18:21:44 +03:00
2d8ff47548
fix: support INPUT_ACTION_TYPE and INPUT_ACTION ( #305 )
2025-10-24 15:55:09 +03:00
renovate[bot]
a3fb0bd8db
chore(deps): update pre-commit hook bridgecrewio/checkov (3.2.483 → 3.2.487) ( #304 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-24 11:46:52 +00:00
renovate[bot]
42312cdbe4
chore(deps): update pre-commit hook astral-sh/uv-pre-commit (0.9.2 → 0.9.5) ( #303 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-24 04:27:51 +00:00
renovate[bot]
222a2fa571
chore(deps): update pre-commit hook astral-sh/ruff-pre-commit (v0.14.0 → v0.14.2) ( #302 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-23 23:28:02 +03:00
6ebc5a21d5
fix: local references, release workflow ( #301 )
...
* fix: local references, release workflow
* chore: apply cr comments
2025-10-23 23:24:20 +03:00
renovate[bot]
020a8fd26c
chore(deps): update astral-sh/setup-uv action (v7.1.0 → v7.1.1) ( #300 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-20 12:50:38 +03:00
7061aafd35
chore: add tests, update docs and actions ( #299 )
...
* docs: update documentation
* feat: validate-inputs has it's own pyproject
* security: mask DOCKERHUB_PASSWORD
* chore: add tokens, checkout, recrete docs, integration tests
* fix: add `statuses: write` permission to pr-lint
2025-10-18 13:09:19 +03:00
renovate[bot]
d3c2de1bd1
chore(deps): update pre-commit hook renovatebot/pre-commit-hooks (41.148.2 → 41.149.2) ( #298 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-16 06:10:12 +00:00
renovate[bot]
f48f914224
chore(deps): update image python to v3.14.0 ( #297 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-16 09:06:43 +03:00
renovate[bot]
5f14fd7ed3
chore(deps)!: update node (20.19.5 → 22.20.0) ( #295 )
2025-10-15 23:08:43 +03:00
renovate[bot]
277d5edf5c
chore(deps)!: update image ubuntu to v24 ( #294 )
2025-10-15 22:07:11 +03:00
57cbd83dc6
chore: update docs, vscode settings ( #296 )
2025-10-15 14:49:18 +03:00
33631ad911
chore: setup-node v6; add monthly metrics; extend validator inputs title ( #293 )
...
* feat: add montly issue stats
* chore: update actions
* fix(stale): use validate-inputs
2025-10-15 14:38:07 +03:00
78fdad69e5
feat: fixes, tweaks, new actions, linting ( #186 )
...
* feat: fixes, tweaks, new actions, linting
* fix: improve docker publish loops and dotnet parsing (#193 )
* fix: harden action scripts and version checks (#191 )
* refactor: major repository restructuring and security enhancements
Add comprehensive development infrastructure:
- Add Makefile with automated documentation generation, formatting, and linting tasks
- Add TODO.md tracking self-containment progress and repository improvements
- Add .nvmrc for consistent Node.js version management
- Create python-version-detect-v2 action for enhanced Python detection
Enhance all GitHub Actions with standardized patterns:
- Add consistent token handling across 27 actions using standardized input patterns
- Implement bash error handling (set -euo pipefail) in all shell steps
- Add comprehensive input validation for path traversal and command injection protection
- Standardize checkout token authentication to prevent rate limiting
- Remove relative action dependencies to ensure external usability
Rewrite security workflow for PR-focused analysis:
- Transform security-suite.yml to PR-only security analysis workflow
- Remove scheduled runs, repository issue management, and Slack notifications
- Implement smart comment generation showing only sections with content
- Add GitHub Actions permission diff analysis and new action detection
- Integrate OWASP, Semgrep, and TruffleHog for comprehensive PR security scanning
Improve version detection and dependency management:
- Simplify version detection actions to use inline logic instead of shared utilities
- Fix Makefile version detection fallback to properly return 'main' when version not found
- Update all external action references to use SHA-pinned versions
- Remove deprecated run.sh in favor of Makefile automation
Update documentation and project standards:
- Enhance CLAUDE.md with self-containment requirements and linting standards
- Update README.md with improved action descriptions and usage examples
- Standardize code formatting with updated .editorconfig and .prettierrc.yml
- Improve GitHub templates for issues and security reporting
This refactoring ensures all 40 actions are fully self-contained and can be used independently when
referenced as ivuorinen/actions/action-name@main, addressing the critical requirement for external
usability while maintaining comprehensive security analysis and development automation.
* feat: add automated action catalog generation system
- Create generate_listing.cjs script for comprehensive action catalog
- Add package.json with development tooling and npm scripts
- Implement automated README.md catalog section with --update flag
- Generate markdown reference-style links for all 40 actions
- Add categorized tables with features, language support matrices
- Replace static reference links with auto-generated dynamic links
- Enable complete automation of action documentation maintenance
* feat: enhance actions with improved documentation and functionality
- Add comprehensive README files for 12 actions with usage examples
- Implement new utility actions (go-version-detect, dotnet-version-detect)
- Enhance node-setup with extensive configuration options
- Improve error handling and validation across all actions
- Update package.json scripts for better development workflow
- Expand TODO.md with detailed roadmap and improvement plans
- Standardize action structure with consistent inputs/outputs
* feat: add comprehensive output handling across all actions
- Add standardized outputs to 15 actions that previously had none
- Implement consistent snake_case naming convention for all outputs
- Add build status and test results outputs to build actions
- Add files changed and status outputs to lint/fix actions
- Add test execution metrics to php-tests action
- Add stale/closed counts to stale action
- Add release URLs and IDs to github-release action
- Update documentation with output specifications
- Mark comprehensive output handling task as complete in TODO.md
* feat: implement shared cache strategy across all actions
- Add caching to 10 actions that previously had none (Node.js, .NET, Python, Go)
- Standardize 4 existing actions to use common-cache instead of direct actions/cache
- Implement consistent cache-hit optimization to skip installations when cache available
- Add language-specific cache configurations with appropriate key files
- Create unified caching approach using ivuorinen/actions/common-cache@main
- Fix YAML syntax error in php-composer action paths parameter
- Update TODO.md to mark shared cache strategy as complete
* feat: implement comprehensive retry logic for network operations
- Create new common-retry action for standardized retry patterns with configurable strategies
- Add retry logic to 9 actions missing network retry capabilities
- Implement exponential backoff, custom timeouts, and flexible error handling
- Add max-retries input parameter to all network-dependent actions (Node.js, .NET, Python, Go)
- Standardize existing retry implementations to use common-retry utility
- Update action catalog to include new common-retry action (41 total actions)
- Update documentation with retry configuration examples and parameters
- Mark retry logic implementation as complete in TODO.md roadmap
* feat: enhance Node.js support with Corepack and Bun
- Add Corepack support for automatic package manager version management
- Add Bun package manager support across all Node.js actions
- Improve Yarn Berry/PnP support with .yarnrc.yml detection
- Add Node.js feature detection (ESM, TypeScript, frameworks)
- Update package manager detection priority and lockfile support
- Enhance caching with package-manager-specific keys
- Update eslint, prettier, and biome actions for multi-package-manager support
* fix: resolve critical runtime issues across multiple actions
- Fix token validation by removing ineffective literal string comparisons
- Add missing @microsoft/eslint-formatter-sarif dependency for SARIF output
- Fix Bash variable syntax errors in username and changelog length checks
- Update Dockerfile version regex to handle tags with suffixes (e.g., -alpine)
- Simplify version selection logic with single grep command
- Fix command execution in retry action with proper bash -c wrapper
- Correct step output references using .outcome instead of .outputs.outcome
- Add missing step IDs for version detection actions
- Include go.mod in cache key files for accurate invalidation
- Require minor version in all version regex patterns
- Improve Bun installation security by verifying script before execution
- Replace bc with sort -V for portable PHP version comparison
- Remove non-existent pre-commit output references
These fixes ensure proper runtime behavior, improved security, and better
cross-platform compatibility across all affected actions.
* fix: resolve critical runtime and security issues across actions
- Fix biome-fix files_changed calculation using git diff instead of git status delta
- Fix compress-images output description and add absolute path validation
- Remove csharp-publish token default and fix token fallback in push commands
- Add @microsoft/eslint-formatter-sarif to all package managers in eslint-check
- Fix eslint-check command syntax by using variable assignment
- Improve node-setup Bun installation security and remove invalid frozen-lockfile flag
- Fix pre-commit token validation by removing ineffective literal comparison
- Fix prettier-fix token comparison and expand regex for all GitHub token types
- Add version-file-parser regex validation safety and fix csproj wildcard handling
These fixes address security vulnerabilities, runtime errors, and functional issues
to ensure reliable operation across all affected GitHub Actions.
* feat: enhance Docker actions with advanced multi-architecture support
Major enhancement to Docker build and publish actions with comprehensive
multi-architecture capabilities and enterprise-grade features.
Added features:
- Advanced buildx configuration (version control, cache modes, build contexts)
- Auto-detect platforms for dynamic architecture discovery
- Performance optimizations with enhanced caching strategies
- Security scanning with Trivy and image signing with Cosign
- SBOM generation in multiple formats with validation
- Verbose logging and dry-run modes for debugging
- Platform-specific build args and fallback mechanisms
Enhanced all Docker actions:
- docker-build: Core buildx features and multi-arch support
- docker-publish-gh: GitHub Packages with security features
- docker-publish-hub: Docker Hub with scanning and signing
- docker-publish: Orchestrator with unified configuration
Updated documentation across all modified actions.
* fix: resolve documentation generation placeholder issue
Fixed Makefile and package.json to properly replace placeholder tokens in generated documentation, ensuring all README files show correct repository paths instead of ***PROJECT***@***VERSION***.
* chore: simplify github token validation
* chore(lint): optional yamlfmt, config and fixes
* feat: use relative `uses` names
* feat: comprehensive testing infrastructure and Python validation system
- Migrate from tests/ to _tests/ directory structure with ShellSpec framework
- Add comprehensive validation system with Python-based input validation
- Implement dual testing approach (ShellSpec + pytest) for complete coverage
- Add modern Python tooling (uv, ruff, pytest-cov) and dependencies
- Create centralized validation rules with automatic generation system
- Update project configuration and build system for new architecture
- Enhance documentation to reflect current testing capabilities
This establishes a robust foundation for action validation and testing
with extensive coverage across all GitHub Actions in the repository.
* chore: remove Dockerfile for now
* chore: code review fixes
* feat: comprehensive GitHub Actions restructuring and tooling improvements
This commit represents a major restructuring of the GitHub Actions monorepo
with improved tooling, testing infrastructure, and comprehensive PR #186
review implementation.
## Major Changes
### 🔧 Development Tooling & Configuration
- **Shellcheck integration**: Exclude shellspec test files from linting
- Updated .pre-commit-config.yaml to exclude _tests/*.sh from shellcheck/shfmt
- Modified Makefile shellcheck pattern to skip shellspec files
- Updated CLAUDE.md documentation with proper exclusion syntax
- **Testing infrastructure**: Enhanced Python validation framework
- Fixed nested if statements and boolean parameter issues in validation.py
- Improved code quality with explicit keyword arguments
- All pre-commit hooks now passing
### 🏗️ Project Structure & Documentation
- **Added Serena AI integration** with comprehensive project memories:
- Project overview, structure, and technical stack documentation
- Code style conventions and completion requirements
- Comprehensive PR #186 review analysis and implementation tracking
- **Enhanced configuration**: Updated .gitignore, .yamlfmt.yml, pyproject.toml
- **Improved testing**: Added integration workflows and enhanced test specs
### 🚀 GitHub Actions Improvements (30+ actions updated)
- **Centralized validation**: Updated 41 validation rule files
- **Enhanced actions**: Improvements across all action categories:
- Setup actions (node-setup, version detectors)
- Utility actions (version-file-parser, version-validator)
- Linting actions (biome, eslint, terraform-lint-fix major refactor)
- Build/publish actions (docker-build, npm-publish, csharp-*)
- Repository management actions
### 📝 Documentation Updates
- **README consistency**: Updated version references across action READMEs
- **Enhanced documentation**: Improved action descriptions and usage examples
- **CLAUDE.md**: Updated with current tooling and best practices
## Technical Improvements
- **Security enhancements**: Input validation and sanitization improvements
- **Performance optimizations**: Streamlined action logic and dependencies
- **Cross-platform compatibility**: Better Windows/macOS/Linux support
- **Error handling**: Improved error reporting and user feedback
## Files Changed
- 100 files changed
- 13 new Serena memory files documenting project state
- 41 validation rules updated for consistency
- 30+ GitHub Actions and READMEs improved
- Core tooling configuration enhanced
* feat: comprehensive GitHub Actions improvements and PR review fixes
Major Infrastructure Improvements:
- Add comprehensive testing framework with 17+ ShellSpec validation tests
- Implement Docker-based testing tools with automated test runner
- Add CodeRabbit configuration for automated code reviews
- Restructure documentation and memory management system
- Update validation rules for 25+ actions with enhanced input validation
- Modernize CI/CD workflows and testing infrastructure
Critical PR Review Fixes (All Issues Resolved):
- Fix double caching in node-setup (eliminate redundant cache operations)
- Optimize shell pipeline in version-file-parser (single awk vs complex pipeline)
- Fix GitHub expression interpolation in prettier-check cache keys
- Resolve terraform command order issue (validation after setup)
- Add missing flake8-sarif dependency for Python SARIF output
- Fix environment variable scope in pr-lint (export to GITHUB_ENV)
Performance & Reliability:
- Eliminate duplicate cache operations saving CI time
- Improve shell script efficiency with optimized parsing
- Fix command execution dependencies preventing runtime failures
- Ensure proper dependency installation for all linting tools
- Resolve workflow conditional logic issues
Security & Quality:
- All input validation rules updated with latest security patterns
- Cross-platform compatibility improvements maintained
- Comprehensive error handling and retry logic preserved
- Modern development tooling and best practices adopted
This commit addresses 100% of actionable feedback from PR review analysis,
implements comprehensive testing infrastructure, and maintains high code
quality standards across all 41 GitHub Actions.
* feat: enhance expression handling and version parsing
- Fix node-setup force-version expression logic for proper empty string handling
- Improve version-file-parser with secure regex validation and enhanced Python detection
- Add CodeRabbit configuration for CalVer versioning and README review guidance
* feat(validate-inputs): implement modular validation system
- Add modular validator architecture with specialized validators
- Implement base validator classes for different input types
- Add validators: boolean, docker, file, network, numeric, security, token, version
- Add convention mapper for automatic input validation
- Add comprehensive documentation for the validation system
- Implement PCRE regex support and injection protection
* feat(validate-inputs): add validation rules for all actions
- Add YAML validation rules for 42 GitHub Actions
- Auto-generated rules with convention mappings
- Include metadata for validation coverage and quality indicators
- Mark rules as auto-generated to prevent manual edits
* test(validate-inputs): add comprehensive test suite for validators
- Add unit tests for all validator modules
- Add integration tests for the validation system
- Add fixtures for version test data
- Test coverage for boolean, docker, file, network, numeric, security, token, and version validators
- Add tests for convention mapper and registry
* feat(tools): add validation scripts and utilities
- Add update-validators.py script for auto-generating rules
- Add benchmark-validator.py for performance testing
- Add debug-validator.py for troubleshooting
- Add generate-tests.py for test generation
- Add check-rules-not-manually-edited.sh for CI validation
- Add fix-local-action-refs.py tool for fixing action references
* feat(actions): add CustomValidator.py files for specialized validation
- Add custom validators for actions requiring special validation logic
- Implement validators for docker, go, node, npm, php, python, terraform actions
- Add specialized validation for compress-images, common-cache, common-file-check
- Implement version detection validators with language-specific logic
- Add validation for build arguments, architectures, and version formats
* test: update ShellSpec test framework for Python validation
- Update all validation.spec.sh files to use Python validator
- Add shared validation_core.py for common test utilities
- Remove obsolete bash validation helpers
- Update test output expectations for Python validator format
- Add codeql-analysis test suite
- Refactor framework utilities for Python integration
- Remove deprecated test files
* feat(actions): update action.yml files to use validate-inputs
- Replace inline bash validation with validate-inputs action
- Standardize validation across all 42 actions
- Add new codeql-analysis action
- Update action metadata and branding
- Add validation step as first step in composite actions
- Maintain backward compatibility with existing inputs/outputs
* ci: update GitHub workflows for enhanced security and testing
- Add new codeql-new.yml workflow
- Update security scanning workflows
- Enhance dependency review configuration
- Update test-actions workflow for new validation system
- Improve workflow permissions and security settings
- Update action versions to latest SHA-pinned releases
* build: update build configuration and dependencies
- Update Makefile with new validation targets
- Add Python dependencies in pyproject.toml
- Update npm dependencies and scripts
- Enhance Docker testing tools configuration
- Add targets for validator updates and local ref fixes
- Configure uv for Python package management
* chore: update linting and documentation configuration
- Update EditorConfig settings for consistent formatting
- Enhance pre-commit hooks configuration
- Update prettier and yamllint ignore patterns
- Update gitleaks security scanning rules
- Update CodeRabbit review configuration
- Update CLAUDE.md with latest project standards and rules
* docs: update Serena memory files and project metadata
- Remove obsolete PR-186 memory files
- Update project overview with current architecture
- Update project structure documentation
- Add quality standards and communication guidelines
- Add modular validator architecture documentation
- Add shellspec testing framework documentation
- Update project.yml with latest configuration
* feat: moved rules.yml to same folder as action, fixes
* fix(validators): correct token patterns and fix validator bugs
- Fix GitHub classic PAT pattern: ghp_ + 36 chars = 40 total
- Fix GitHub fine-grained PAT pattern: github_pat_ + 71 chars = 82 total
- Initialize result variable in convention_mapper to prevent UnboundLocalError
- Fix empty URL validation in network validator to return error
- Add GitHub expression check to docker architectures validator
- Update docker-build CustomValidator parallel-builds max to 16
* test(validators): fix test fixtures and expectations
- Fix token lengths in test data: github_pat 71 chars, ghp/gho 36 chars
- Update integration tests with correct token lengths
- Fix file validator test to expect absolute paths rejected for security
- Rename TestGenerator import to avoid pytest collection warning
- Update custom validator tests with correct input names
- Change docker-build tests: platforms->architectures, tags->tag
- Update docker-publish tests to match new registry enum validation
* test(shellspec): fix token lengths in test helpers and specs
- Fix default token lengths in spec_helper.sh to use correct 40-char format
- Update csharp-publish default tokens in 4 locations
- Update codeql-analysis default tokens in 2 locations
- Fix codeql-analysis test tokens to correct lengths (40 and 82 chars)
- Fix npm-publish fine-grained token test to use 82-char format
* feat(actions): add permissions documentation and environment variable usage
- Add permissions comments to all action.yml files documenting required GitHub permissions
- Convert direct input usage to environment variables in shell steps for security
- Add validation steps with proper error handling
- Update input descriptions and add security notes where applicable
- Ensure all actions follow consistent patterns for input validation
* chore(workflows): update GitHub Actions workflow versions
- Update workflow action versions to latest
- Improve workflow consistency and maintainability
* docs(security): add comprehensive security policy
- Document security features and best practices
- Add vulnerability reporting process
- Include audit history and security testing information
* docs(memory): add GitHub workflow reference documentation
- Add GitHub Actions workflow commands reference
- Add GitHub workflow expressions guide
- Add secure workflow usage patterns and best practices
* chore: token optimization, code style conventions
* chore: cr fixes
* fix: trivy reported Dockerfile problems
* fix(security): more security fixes
* chore: dockerfile and make targets for publishing
* fix(ci): add creds to test-actions workflow
* fix: security fix and checkout step to codeql-new
* chore: test fixes
* fix(security): codeql detected issues
* chore: code review fixes, ReDos protection
* style: apply MegaLinter fixes
* fix(ci): missing packages read permission
* fix(ci): add missing working directory setting
* chore: linting, add validation-regex to use regex_pattern
* chore: code review fixes
* chore(deps): update actions
* fix(security): codeql fixes
* chore(cr): apply cr comments
* chore: improve POSIX compatibility
* chore(cr): apply cr comments
* fix: codeql warning in Dockerfile, build failures
* chore(cr): apply cr comments
* fix: docker-testing-tools/Dockerfile
* chore(cr): apply cr comments
* fix(docker): update testing-tools image for GitHub Actions compatibility
* chore(cr): apply cr comments
* feat: add more tests, fix issues
* chore: fix codeql issues, update actions
* chore(cr): apply cr comments
* fix: integration tests
* chore: deduplication and fixes
* style: apply MegaLinter fixes
* chore(cr): apply cr comments
* feat: dry-run mode for generate-tests
* fix(ci): kcov installation
* chore(cr): apply cr comments
* chore(cr): apply cr comments
* chore(cr): apply cr comments
* chore(cr): apply cr comments, simplify action testing, use uv
* fix: run-tests.sh action counting
* chore(cr): apply cr comments
* chore(cr): apply cr comments
2025-10-14 13:37:58 +03:00
renovate[bot]
d3cc8d4790
chore(deps): update pre-commit hook renovatebot/pre-commit-hooks (41.132.5 → 41.146.0) ( #291 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-12 18:54:09 +03:00
renovate[bot]
dc895c40ff
chore(deps): update ivuorinen/actions action (25.9.21 → 25.10.6) ( #285 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-07 19:16:21 +00:00
renovate[bot]
0b6f65379c
chore(deps): update pre-commit hook bridgecrewio/checkov (3.2.473 → 3.2.474) ( #288 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-07 13:51:18 +00:00
renovate[bot]
0a78a1131a
chore(deps): update ossf/scorecard-action action (v2.4.2 → v2.4.3) ( #287 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-07 09:51:43 +00:00
renovate[bot]
7314e5ae00
chore(deps): update softprops/action-gh-release action (v2.3.3 → v2.4.0) ( #289 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-07 08:25:55 +03:00
renovate[bot]
9df3b0bff7
chore(deps): update actions/stale action (v10.0.0 → v10.1.0) ( #283 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-06 09:38:03 +00:00
renovate[bot]
0a227e6673
chore(deps): update github/codeql-action action (v3.30.5 → v3.30.6) ( #282 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-06 04:54:19 +00:00
renovate[bot]
da961c5cf7
chore(deps): update docker/login-action action (v3.5.0 → v3.6.0) ( #284 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-06 06:46:56 +03:00
renovate[bot]
646169c13f
chore(deps): update actions/dependency-review-action action (v4.7.3 → v4.8.0) ( #276 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-01 18:30:34 +00:00
renovate[bot]
e47a7c4077
chore(deps): update pre-commit hook renovatebot/pre-commit-hooks (41.115.2 → 41.132.5) ( #277 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-01 11:54:33 +03:00
renovate[bot]
8b4edff06b
chore(deps): update pre-commit hook bridgecrewio/checkov (3.2.471 → 3.2.473) ( #275 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-09-30 23:29:01 +03:00
renovate[bot]
240334baad
chore(deps): update oxsecurity/megalinter action (v9.0.0 → v9.0.1) ( #263 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-09-29 17:54:28 +00:00
renovate[bot]
db9915d73f
chore(deps): update ivuorinen/actions action (25.9.15 → 25.9.21) ( #266 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-09-29 16:08:25 +00:00
renovate[bot]
27df3acbcf
chore(deps): update github/codeql-action action (v3.30.3 → v3.30.5) ( #271 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-09-29 15:57:38 +00:00
renovate[bot]
1e4637971d
chore(deps): update actions/cache action (v4.2.4 → v4.3.0) ( #272 )
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-09-29 18:50:53 +03:00
renovate[bot]
4a3c30cceb
chore(deps)!: update oxsecurity/megalinter (v8.8.0 → v9.0.0) ( #260 )
2025-09-21 03:56:22 +03:00
renovate[bot]
4b6870953c
chore(deps)!: update actions/stale (v9.1.0 → v10.0.0) ( #249 )
2025-09-19 22:20:07 +03:00
renovate[bot]
55bc98d6df
chore(deps)!: update actions/setup-node (v4.4.0 → v5.0.0) ( #247 )
2025-09-19 01:57:00 +03:00
