Merge branch 'main' into parkerbxyz/dependabot-multi-ecosystem-groups

Author: parkerbxyz

.github/workflows/publish-immutable-action.yml

@@ -12,6 +12,6 @@ jobs:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Publish Immutable Action
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/release.yml

@@ -3,7 +3,9 @@ name: release
 on:
   push:
     branches:
+      - "*.x"
       - main
+      - beta
 
 permissions:
   contents: write
@@ -16,14 +18,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # build local version to create token
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           persist-credentials: false
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
-          node-version-file: .node-version
-          cache: 'npm'
+          node-version-file: package.json
 
       - run: npm ci
       - run: npm run build

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+# This workflow warns and then closes issues that have had no activity for a specified amount of time.
+# https://github.com/actions/stale
+
+name: Stale
+
+on:
+  workflow_dispatch:
+  schedule:
+    # 00:00 UTC on Mondays
+    - cron: '0 0 * * 1'
+
+permissions:
+  issues: write
+  pull-requests: write
+
+env:
+  DAYS_BEFORE_STALE: 180
+  DAYS_BEFORE_CLOSE: 60
+  STALE_LABEL: 'stale'
+  STALE_LABEL_URL: ${{github.server_url}}/${{github.repository}}/labels/stale
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v10
+        with:
+          operations-per-run: 100
+          days-before-stale: ${{ env.DAYS_BEFORE_STALE }}
+          days-before-close: ${{ env.DAYS_BEFORE_CLOSE }}
+          stale-issue-label: ${{ env.STALE_LABEL }}
+          stale-pr-label: ${{ env.STALE_LABEL }}
+          stale-issue-message: 'This issue has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this issue if it is no longer needed. If this issue is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'
+          stale-pr-message: 'This pull request has been marked ${{ env.STALE_LABEL_URL }} because it has been open for ${{ env.DAYS_BEFORE_STALE }} days with no activity. Please close this pull request if it is no longer needed. If this pull request is still relevant and you would like it to remain open, simply update it within the next ${{ env.DAYS_BEFORE_CLOSE }} days.'

.github/workflows/test.yml

@@ -4,7 +4,9 @@ on:
   push:
     branches:
       - main
+      - beta
   pull_request:
+  merge_group:
   workflow_dispatch:
 
 concurrency:
@@ -16,30 +18,28 @@ permissions:
 
 jobs:
   integration:
-    name: Integration
+    name: integration
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
-          node-version-file: .node-version
-          cache: 'npm'
+          node-version-file: package.json
 
       - run: npm ci
       - run: npm test
 
   end-to-end:
-    name: End-to-End
+    name: end-to-end
     runs-on: ubuntu-latest
     # do not run from forks, as forks don’t have access to repository secrets
-    if: github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          node-version: 20
-          cache: "npm"
+          node-version-file: package.json
       - run: npm ci
       - run: npm run build
       - uses: ./ # Uses the action in the root directory
@@ -54,3 +54,28 @@ jobs:
         with:
           route: GET /installation/repositories
       - run: echo '${{ steps.get-repository.outputs.data }}'
+
+  end-to-end-proxy:
+    name: end-to-end with unreachable proxy
+    runs-on: ubuntu-latest
+    # do not run from forks, as forks don’t have access to repository secrets
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
+        with:
+          node-version-file: package.json
+          cache: 'npm'
+      - run: npm ci
+      - run: npm run build
+      - uses: ./ # Uses the action in the root directory
+        continue-on-error: true
+        id: test
+        env:
+          NODE_USE_ENV_PROXY: "1"
+          https_proxy: http://127.0.0.1:9
+        with:
+          app-id: ${{ vars.TEST_APP_ID }}
+          private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
+      - name: Assert action failed through unreachable proxy
+        run: test "${{ steps.test.outcome }}" = "failure"

.github/workflows/update-permission-inputs.yml

@@ -13,21 +13,30 @@ concurrency:
 
 permissions:
   contents: write
+  pull-requests: write
 
 jobs:
   update-permission-inputs:
     runs-on: ubuntu-latest
+    env:
+      COMMIT_MESSAGE: 'feat: update permission inputs'
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          node-version-file: .node-version
-          cache: 'npm'
+          node-version-file: package.json
       - name: Install dependencies
         run: npm ci
       - name: Run permission inputs update script
         run: node scripts/update-permission-inputs.js
       - name: Commit changes
-        uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
+        id: auto-commit
+        uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
         with:
-          commit_message: 'feat: update permission inputs'
+          commit_message: ${{ env.COMMIT_MESSAGE }}
+      - name: Update PR title
+        if: github.event_name == 'pull_request' && steps.auto-commit.outputs.changes_detected == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr edit ${{ github.event.pull_request.number }} --title "${{ env.COMMIT_MESSAGE }}"