🩹[Patch]: Workflows improvements (#11)

This release primarily updates and improves the project's GitHub Actions
workflows and configuration files. The changes focus on increasing
security and maintainability by pinning action versions, updating
release processes, and cleaning up unnecessary configuration files.
There are also minor documentation and description corrections.

**GitHub Actions and Workflow Improvements:**

* Updated all GitHub Actions in workflow files (such as
`Action-Test.yml` and `Linter.yml`) to use pinned commit SHAs instead of
floating version tags, improving security and reproducibility. Also set
`persist-credentials: false` for checkout steps to reduce risk.
* Replaced the deprecated `.github/workflows/Auto-Release.yml` with a
new `.github/workflows/Release.yml` workflow that triggers on pull
requests to `main` and uses the `PSModule/Release-GHRepository` action,
ensuring a more robust and targeted release process.
* Updated the schedule for Dependabot updates from weekly to daily and
introduced a cooldown period to better manage dependency update
frequency.

**Configuration and Linting:**

* Removed the `.github/linters/.jscpd.json` configuration file and
disabled JSCPD validation in the linter workflow, simplifying the
linting setup.
* Updated linter workflow to use a pinned version of `super-linter` and
disabled certain validations for more control and consistency.

**Release and Documentation Updates:**

* Removed the `.github/release.yml` configuration for automatic release
note categorization, streamlining release management.
* Fixed a typo in the `description` field of `action.yml` and updated
script paths and action versions for better clarity and maintainability.

Author: MariusStorhaug

.github/dependabot.yml

@@ -11,4 +11,6 @@ updates:
       - dependencies
       - github-actions
     schedule:
-      interval: weekly
+      interval: daily
+    cooldown:
+      default-days: 7

.github/linters/.jscpd.json

@@ -23,43 +23,45 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       # Upload artifact from tests:
       - name: Upload artifact [PATH-Windows-TestResults]
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: PATH-Windows-TestResults
           path: ./tests/TestResults/PATH-Windows-TestResults
           retention-days: 1
           if-no-files-found: error
 
       - name: Upload artifact [PSModuleLint-Module-Windows-TestResults]
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: PSModuleLint-Module-Windows-TestResults
           path: ./tests/TestResults/PSModuleLint-Module-Windows-TestResults
           retention-days: 1
           if-no-files-found: error
 
       - name: Upload artifact [PSModuleLint-SourceCode-Windows-TestResults]
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: PSModuleLint-SourceCode-Windows-TestResults
           path: ./tests/TestResults/PSModuleLint-SourceCode-Windows-TestResults
           retention-days: 1
           if-no-files-found: error
 
       - name: Upload artifact [PSModuleTest-Module-Windows-TestResults]
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: PSModuleTest-Module-Windows-TestResults
           path: ./tests/TestResults/PSModuleTest-Module-Windows-TestResults
           retention-days: 1
           if-no-files-found: error
 
       - name: Upload artifact [PSModuleTest-SourceCode-Windows-TestResults]
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: PSModuleTest-SourceCode-Windows-TestResults
           path: ./tests/TestResults/PSModuleTest-SourceCode-Windows-TestResults

.github/release.yml

@@ -19,14 +19,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Lint code base
-        uses: super-linter/super-linter@latest
+        uses: super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 # v8.3.2
         env:
           GITHUB_TOKEN: ${{ github.token }}
+          VALIDATE_BIOME_FORMAT: false
+          VALIDATE_JSCPD: false
           VALIDATE_JSON_PRETTIER: false
           VALIDATE_MARKDOWN_PRETTIER: false
           VALIDATE_YAML_PRETTIER: false

.github/workflows/Action-Test.yml

@@ -0,0 +1,38 @@
+name: Release
+
+run-name: "Release - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}"
+
+on:
+  pull_request:
+    branches:
+      - main
+    types:
+      - closed
+      - opened
+      - reopened
+      - synchronize
+      - labeled
+    paths:
+      - 'action.yml'
+      - 'src/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write # Required to create releases
+  pull-requests: write # Required to create comments on the PRs
+
+jobs:
+  Release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Release
+        uses: PSModule/Release-GHRepository@88c70461c8f16cc09682005bcf3b7fca4dd8dc1a # v2.0.1
+

.github/workflows/Auto-Release.yml

@@ -1,5 +1,5 @@
 name: Get-PesterTestResults
-description: A GitHub Action that is used to gather testreulst for the PSModule process.
+description: A GitHub Action that is used to gather test results for the PSModule process.
 author: PSModule
 branding:
   icon: upload-cloud
@@ -39,7 +39,7 @@ runs:
   using: composite
   steps:
     - name: Get-PesterTestResults
-      uses: PSModule/GitHub-Script@v1
+      uses: PSModule/GitHub-Script@0097f3bbe3f413f3b577b9bcc600727b0ca3201a # v1.7.10
       env:
         PSMODULE_GET_PESTERTESTRESULTS_INPUT_SourceCodeTestSuites: ${{ inputs.SourceCodeTestSuites }}
         PSMODULE_GET_PESTERTESTRESULTS_INPUT_PSModuleTestSuites: ${{ inputs.PSModuleTestSuites }}
@@ -53,4 +53,4 @@ runs:
         WorkingDirectory: ${{ inputs.WorkingDirectory }}
         ShowInfo: false
         Script: |
-          ${{ github.action_path }}/scripts/main.ps1
+          ${{ github.action_path }}/src/main.ps1