chore(deps): bump the github-actions-dependencies group across 1 directory with 3 updates

Bumps the github-actions-dependencies group with 3 updates in the / directory:
- [hoverkraft-tech/ci-github-nodejs](https://github.com/hoverkraft-tech/ci-github-nodejs)
- [github/codeql-action](https://github.com/github/codeql-action).

Updates `hoverkraft-tech/ci-github-nodejs` from 0.14.1 to 0.15.0
- [Release notes](https://github.com/hoverkraft-tech/ci-github-nodejs/releases)
- [Commits](hoverkraft-tech/ci-github-nodejs@1d00c9e...4b87508)

Updates `github/codeql-action` from 4.30.7 to 4.30.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@e296a93...f443b60)

---
updated-dependencies:
- dependency-name: hoverkraft-tech/ci-github-nodejs
  dependency-version: 0.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: github/codeql-action
  dependency-version: 4.30.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>

Author: dependabot[bot]

.github/workflows/__test-action-matrix-outputs.yml

@@ -17,6 +17,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - id: set-matrix-output
         uses: ./actions/set-matrix-output
@@ -30,10 +32,12 @@ jobs:
         run: |
           EXPECTED_ARTIFACT_NAME="$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER-test-matrix-outputs-${{ matrix.os }}"
 
-          if [ "${{ steps.set-matrix-output.outputs.artifact-name }}" != "$EXPECTED_ARTIFACT_NAME" ]; then
+          if [ "${STEPS_SET_MATRIX_OUTPUT_OUTPUTS_ARTIFACT_NAME}" != "$EXPECTED_ARTIFACT_NAME" ]; then
             echo "Set matrix output 1 result is not valid"
             exit 1
           fi
+        env:
+          STEPS_SET_MATRIX_OUTPUT_OUTPUTS_ARTIFACT_NAME: ${{ steps.set-matrix-output.outputs.artifact-name }}
 
   tests-2:
     name: Arrange - Set empty output
@@ -45,6 +49,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - uses: ./actions/set-matrix-output
         with:
@@ -61,6 +67,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - uses: ./actions/set-matrix-output
         with:
@@ -79,6 +87,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - id: get-matrix-outputs
         uses: ./actions/get-matrix-outputs
@@ -88,8 +98,6 @@ jobs:
       - name: Check matrix outputs
         shell: bash
         run: |
-          OUTPUT_RESULT='${{ steps.get-matrix-outputs.outputs.result }}'
-
           # Output result must be a json array of 2 entries
           if [ "$(echo "$OUTPUT_RESULT" | jq -e '. | length')" != "2" ]; then
             echo "Get matrix outputs result is not valid"
@@ -101,6 +109,8 @@ jobs:
             echo "Get matrix outputs result is not valid"
             exit 1
           fi
+        env:
+          OUTPUT_RESULT: ${{ steps.get-matrix-outputs.outputs.result }}
 
       - name: Check artifacts have been deleted
         shell: bash

.github/workflows/__test-action-repository-owner-is-organization.yml

@@ -12,13 +12,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - id: repository-owner-is-organization
         uses: ./actions/repository-owner-is-organization
 
       - name: Check repository-owner-is-organization outputs
         run: |
-          if [ "${{ steps.repository-owner-is-organization.outputs.is-organization }}" != 'true' ]; then
+          if [ "${STEPS_REPOSITORY_OWNER_IS_ORGANIZATION_OUTPUTS_IS_ORGANIZATION}" != 'true' ]; then
             echo "repository-owner-is-organization outputs result is not valid"
             exit 1
           fi
+        env:
+          STEPS_REPOSITORY_OWNER_IS_ORGANIZATION_OUTPUTS_IS_ORGANIZATION: ${{ steps.repository-owner-is-organization.outputs.is-organization }}

.github/workflows/__test-action-slugify.yml

@@ -12,6 +12,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - id: slugify
         uses: ./actions/slugify
@@ -20,7 +22,9 @@ jobs:
 
       - name: Check slugify outputs
         run: |
-          if [ "${{ steps.slugify.outputs.result }}" != 'test-content' ]; then
+          if [ "${STEPS_SLUGIFY_OUTPUTS_RESULT}" != 'test-content' ]; then
             echo "Slugify outputs result is not valid"
             exit 1
           fi
+        env:
+          STEPS_SLUGIFY_OUTPUTS_RESULT: ${{ steps.slugify.outputs.result }}

.github/workflows/linter.yml

@@ -67,24 +67,23 @@ jobs:
         if: inputs.lint-all && github.ref_name != github.event.repository.default_branch
         with:
           ref: "${{ github.event.repository.default_branch }}"
+          persist-credentials: false
 
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: "${{ inputs.lint-all && 1 || 0 }}"
+          persist-credentials: false
 
       - if: ${{ inputs.linter-env }}
+        env:
+          LINTER_ENV: ${{ inputs.linter-env }}
         run: |
-          LINTER_ENV=$(cat <<EOF
-          ${{ inputs.linter-env }}
-          EOF
-          )
-
           echo "$LINTER_ENV" | while IFS= read -r line; do
             if [ -z "$line" ]; then continue; fi
             echo "$line" >> "$GITHUB_ENV"
           done
 
-      # FIXME: superlinter should auto iunstall required dependencies. See https://github.com/super-linter/super-linter/issues/6089.
+      # FIXME: superlinter should auto install required dependencies. See https://github.com/super-linter/super-linter/issues/6089.
       - id: has-prettier-plugins
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
@@ -99,7 +98,7 @@ jobs:
                 return;
               }
             }
-      - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@1d00c9eb280acbee5df4b4a2087f786e66b13d87 # 0.14.1
+      - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@4b87508052fc8b08a44a5d2d7d5f0636deb6ea3e # 0.15.0
         if: ${{ steps.has-prettier-plugins.outputs.package-json-dir }}
         with:
           working-directory: ${{ steps.has-prettier-plugins.outputs.package-json-dir }}
@@ -126,12 +125,14 @@ jobs:
         language: ${{ fromJSON(inputs.codeql-languages) }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
-      - uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
+      - uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8
         with:
           languages: ${{ matrix.language }}
 
-      - uses: github/codeql-action/analyze@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
+      - uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8
         with:
           category: "/language:${{matrix.language}}"
 
@@ -143,6 +144,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: "${{ inputs.lint-all && 1 || 0 }}"
+          persist-credentials: false
 
       - id: changed-files
         uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
@@ -153,18 +155,21 @@ jobs:
 
       - id: get-files-to-lint
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        env:
+          CHANGED_FILES: ${{ toJSON(steps.changed-files.outputs.all_changed_and_modified_files) }};
+          ACTION_FILES_INPUT: ${{ toJSON(inputs.action-files) }}
         with:
           script: |
             const fs = require("node:fs");
             const path = require("node:path");
 
-            const changedFiles = ${{ toJSON(steps.changed-files.outputs.all_changed_and_modified_files) }};
+            const changedFiles = process.env.CHANGED_FILES;
 
             let actionFiles = [];
             if (changedFiles !== null) {
               actionFiles = changedFiles.split(" ").filter(file => file && fs.existsSync(file));
             } else {
-              const actionFilesInput = ${{ toJson(inputs.action-files) }};
+              const actionFilesInput = process.env.ACTION_FILES_INPUT;
 
               for (const actionFile of actionFilesInput.split("\n")) {
                 let sanitizedActionFile = actionFile.trim();

.github/workflows/need-fix-to-issue.yml

@@ -43,6 +43,8 @@ jobs:
     runs-on: ${{ inputs.runs-on && fromJson(inputs.runs-on) || 'ubuntu-latest' }}
     steps:
       - uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: "TODO to Issue"
         uses: "alstr/todo-to-issue-action@c45b007d85c8edf3365b139a9d4c65793e7c674f" # v5.1.13

Makefile

@@ -13,7 +13,9 @@ lint-fix: ## Execute linting and fix
 		-e FIX_YAML_PRETTIER=true \
 		-e FIX_MARKDOWN=true \
 		-e FIX_MARKDOWN_PRETTIER=true \
-		-e FIX_NATURAL_LANGUAGE=true)
+		-e FIX_NATURAL_LANGUAGE=true \
+		-e FIX_SHELL_SHFMT=true \
+	)
 
 define run_linter
 	DEFAULT_WORKSPACE="$(CURDIR)"; \