Merge branch 'elated-felidae' into ITHD-239408

Author: Doug Dyreng

.github/workflows/build-and-review-pr.yml

@@ -38,6 +38,7 @@ jobs:
 
     steps:
       - name: Checkout
+        uses: actions/checkout@v4
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
@@ -257,7 +258,7 @@ jobs:
           ref: main
           repository: ${{ env.TESTING_REPO }}
           ssh-key: ${{ secrets.SSH_KEY_TESTING_REPO }}
-          # fetch-depth: 0  # Do not use this because we want to test what happens when fetch-depth is not set
+          fetch-depth: 0
 
       - name: Setup - Checkout this action (git-version-lite) into a 'gvl' subdirectory
         if: always()
@@ -326,10 +327,7 @@ jobs:
       - name: '-------------------------------------------------------------------------------------------------------'
         run: echo ""
 
-      - name: When a repo has all of its tags locally
-        run: git fetch -t
-
-      - name: And a new version is requested with fallback-to-no-prefix set
+      - name: When a new version is requested with fallback-to-no-prefix set
         if: always()
         uses: ./gvl
         id: fallback

.github/workflows/increment-version-on-merge.yml

@@ -1,120 +1,120 @@
-name: Increment Version on Merge
-run-name: "${{ github.event.pull_request.merged && 'Increment version for' || 'Closing' }} PR #${{ github.event.pull_request.number }}"
-on:
-  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
-  # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
-  #
-  # GitHub's standard pull_request workflow trigger prevents write permissions and
-  # secrets access when the PR is from a public fork.  PRs from branches and forks of
-  # internal/private repos are not limited the same way for the pull_request trigger.
-  #
-  # The pull_request_target trigger (which this workflow is using) relaxes some of those
-  # restrictions and allows PRs from public forks to have write permissions through the
-  # GH_TOKEN which we need in order to push new tags to the repo through this workflow.
-  #
-  # For this workflow, the elevated permissions should not be a problem because:
-  # • This workflow is only triggered when a PR is closed and the reusable workflow it
-  #   calls only executes if it has been merged to the default branch.  This means the PR
-  #   has been reviewed and approved by a CODEOWNER and merged by someone with Write
-  #   access before this workflow with its elevated permissions gets executed.  Any code
-  #   that doesn't meet our standards should be caught before it gets to this point.
-  # • The "Require approval for all outside collaborators" setting is set at the org-level.
-  #   Before a workflow can execute for a PR generated by an outside collaborator, a user
-  #   with Write access must manually approve the request to execute the workflow run.
-  #   Prior to doing so they should have had a chance to review any changes in the PR
-  pull_request_target:
-    types: [closed]
-  # paths:
-  #   Do not include specific paths here.  reusable-increment-version-on-merge.yml will decide
-  #   if this action should be incremented and if new tags should be pushed to the repo based
-  #   on the same criteria used in the build-and-review-pr.yml workflow.
-
-
-# ------------------------------------------------------------------------------------
-# NOTE: This repo duplicates the reusable increment workflow in im-open/.github that
-#       the rest of the actions use.  If changes are needed in this workflow they 
-#       should also be made in im-open/.github.  This workflow is duplicated because
-#       it uses the local copy of itself in the workflow which allows us to test the
-#       increment build with git-version-lite changes before we merge those changes.
-# ------------------------------------------------------------------------------------
-
-jobs:
-  increment-version:
-    runs-on: ubuntu-latest
-    env:
-      MERGE_TO_MAIN: 'false'
-
-    steps:
-      - name: Check if merge to default branch
-        id: merge
-        uses: actions/github-script@v6
-        with:
-          script: |
-            const defaultBranch = 'main';
-            const baseRef = '${{ github.event.pull_request.base.ref }}';
-            const merged = ${{ github.event.pull_request.merged }};
-
-            if (!merged){
-              console.log('PR is not merged.  Skipping subsequent steps.');
-              core.exportVariable('MERGE_TO_MAIN', false);
-              return;
-            }
-            if (baseRef !== defaultBranch){
-              console.log(`PR is merged to ${baseRef} and not ${defaultBranch}.  Skipping subsequent steps.`);
-              core.exportVariable('MERGE_TO_MAIN', false);
-              return;
-            }
-            console.log(`PR is merged to ${defaultBranch}.  Proceed with subsequent steps.`);
-            core.exportVariable('MERGE_TO_MAIN', true);
-
-      - name: Checkout
-        if: env.MERGE_TO_MAIN == 'true'
-        uses: actions/checkout@v3
-
-      - name: If PR is merged to main - Check for code changes to the action source code
-        if: env.MERGE_TO_MAIN == 'true'
-        id: source-code
-        uses: im-open/did-custom-action-code-change@v1
-        with:
-          files-with-code: 'action.yml,package.json,package-lock.json'
-          folders-with-code: 'src,dist'
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: If PR is merged to main - Print whether Action Source Code Changed (open for details)
-        if: env.MERGE_TO_MAIN == 'true'
-        run: |
-          if [ "${{ steps.source-code.outputs.HAS_CHANGES }}" == "true" ]; then
-            echo "This PR changes the action's source code.  Proceed with subsequent steps."
-          else
-            echo "This PR does not change the action's source code.  Skipping subsequent steps."
-          fi
-
-      - name: If PR is merged to main & PR has source code changes - Checkout
-        if: env.MERGE_TO_MAIN == 'true' && steps.source-code.outputs.HAS_CHANGES == 'true'
-        uses: actions/checkout@v3
-        with:
-          ref: main
-          fetch-depth: 0
-
-      - name: If PR is merged to main & PR has source code changes - Get the next version for the repo
-        if: env.MERGE_TO_MAIN == 'true' && steps.source-code.outputs.HAS_CHANGES == 'true'
-        id: version
-        uses: ./
-
-      - name: If PR is merged to main & PR has source code changes - Print action version (${{ steps.version.outputs.NEXT_VERSION || 'N/A'}})
-        if: env.MERGE_TO_MAIN == 'true' && steps.source-code.outputs.HAS_CHANGES == 'true'
-        run: echo "The next action version will be - ${{ steps.version.outputs.NEXT_VERSION }}"
-
-      - name: If PR is merged to main & PR has source code changes - Push tags to repo
-        if: env.MERGE_TO_MAIN == 'true' && steps.source-code.outputs.HAS_CHANGES == 'true'
-        run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
-
-          git tag ${{ steps.version.outputs.NEXT_VERSION }} ${{ github.sha }}
-          git tag -f ${{ steps.version.outputs.NEXT_MAJOR_VERSION }} ${{ github.sha }}
-          git tag -f ${{ steps.version.outputs.NEXT_MINOR_VERSION }} ${{ github.sha }}
-
-          git push origin ${{ steps.version.outputs.NEXT_VERSION }}
-          git push origin ${{ steps.version.outputs.NEXT_MAJOR_VERSION }} -f
-          git push origin ${{ steps.version.outputs.NEXT_MINOR_VERSION }} -f
+name: Increment Version on Merge
+run-name: "${{ github.event.pull_request.merged && 'Increment version for' || 'Closing' }} PR #${{ github.event.pull_request.number }}"
+on:
+  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
+  #
+  # GitHub's standard pull_request workflow trigger prevents write permissions and
+  # secrets access when the PR is from a public fork.  PRs from branches and forks of
+  # internal/private repos are not limited the same way for the pull_request trigger.
+  #
+  # The pull_request_target trigger (which this workflow is using) relaxes some of those
+  # restrictions and allows PRs from public forks to have write permissions through the
+  # GH_TOKEN which we need in order to push new tags to the repo through this workflow.
+  #
+  # For this workflow, the elevated permissions should not be a problem because:
+  # • This workflow is only triggered when a PR is closed and the reusable workflow it
+  #   calls only executes if it has been merged to the default branch.  This means the PR
+  #   has been reviewed and approved by a CODEOWNER and merged by someone with Write
+  #   access before this workflow with its elevated permissions gets executed.  Any code
+  #   that doesn't meet our standards should be caught before it gets to this point.
+  # • The "Require approval for all outside collaborators" setting is set at the org-level.
+  #   Before a workflow can execute for a PR generated by an outside collaborator, a user
+  #   with Write access must manually approve the request to execute the workflow run.
+  #   Prior to doing so they should have had a chance to review any changes in the PR
+  pull_request_target:
+    types: [closed]
+  # paths:
+  #   Do not include specific paths here.  reusable-increment-version-on-merge.yml will decide
+  #   if this action should be incremented and if new tags should be pushed to the repo based
+  #   on the same criteria used in the build-and-review-pr.yml workflow.
+
+
+# ------------------------------------------------------------------------------------
+# NOTE: This repo duplicates the reusable increment workflow in im-open/.github that
+#       the rest of the actions use.  If changes are needed in this workflow they 
+#       should also be made in im-open/.github.  This workflow is duplicated because
+#       it uses the local copy of itself in the workflow which allows us to test the
+#       increment build with git-version-lite changes before we merge those changes.
+# ------------------------------------------------------------------------------------
+
+jobs:
+  increment-version:
+    runs-on: ubuntu-latest
+    env:
+      MERGE_TO_MAIN: 'false'
+
+    steps:
+      - name: Check if merge to default branch
+        id: merge
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const defaultBranch = 'main';
+            const baseRef = '${{ github.event.pull_request.base.ref }}';
+            const merged = ${{ github.event.pull_request.merged }};
+
+            if (!merged){
+              console.log('PR is not merged.  Skipping subsequent steps.');
+              core.exportVariable('MERGE_TO_MAIN', false);
+              return;
+            }
+            if (baseRef !== defaultBranch){
+              console.log(`PR is merged to ${baseRef} and not ${defaultBranch}.  Skipping subsequent steps.`);
+              core.exportVariable('MERGE_TO_MAIN', false);
+              return;
+            }
+            console.log(`PR is merged to ${defaultBranch}.  Proceed with subsequent steps.`);
+            core.exportVariable('MERGE_TO_MAIN', true);
+
+      - name: Checkout
+        if: env.MERGE_TO_MAIN == 'true'
+        uses: actions/checkout@v4
+
+      - name: If PR is merged to main - Check for code changes to the action source code
+        if: env.MERGE_TO_MAIN == 'true'
+        id: source-code
+        uses: im-open/did-custom-action-code-change@v1
+        with:
+          files-with-code: 'action.yml,package.json,package-lock.json'
+          folders-with-code: 'src,dist'
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: If PR is merged to main - Print whether Action Source Code Changed (open for details)
+        if: env.MERGE_TO_MAIN == 'true'
+        run: |
+          if [ "${{ steps.source-code.outputs.HAS_CHANGES }}" == "true" ]; then
+            echo "This PR changes the action's source code.  Proceed with subsequent steps."
+          else
+            echo "This PR does not change the action's source code.  Skipping subsequent steps."
+          fi
+
+      - name: If PR is merged to main & PR has source code changes - Checkout
+        if: env.MERGE_TO_MAIN == 'true' && steps.source-code.outputs.HAS_CHANGES == 'true'
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: 0
+
+      - name: If PR is merged to main & PR has source code changes - Get the next version for the repo
+        if: env.MERGE_TO_MAIN == 'true' && steps.source-code.outputs.HAS_CHANGES == 'true'
+        id: version
+        uses: ./
+
+      - name: If PR is merged to main & PR has source code changes - Print action version (${{ steps.version.outputs.NEXT_VERSION || 'N/A'}})
+        if: env.MERGE_TO_MAIN == 'true' && steps.source-code.outputs.HAS_CHANGES == 'true'
+        run: echo "The next action version will be - ${{ steps.version.outputs.NEXT_VERSION }}"
+
+      - name: If PR is merged to main & PR has source code changes - Push tags to repo
+        if: env.MERGE_TO_MAIN == 'true' && steps.source-code.outputs.HAS_CHANGES == 'true'
+        run: |
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+
+          git tag ${{ steps.version.outputs.NEXT_VERSION }} ${{ github.sha }}
+          git tag -f ${{ steps.version.outputs.NEXT_MAJOR_VERSION }} ${{ github.sha }}
+          git tag -f ${{ steps.version.outputs.NEXT_MINOR_VERSION }} ${{ github.sha }}
+
+          git push origin ${{ steps.version.outputs.NEXT_VERSION }}
+          git push origin ${{ steps.version.outputs.NEXT_MAJOR_VERSION }} -f
+          git push origin ${{ steps.version.outputs.NEXT_MINOR_VERSION }} -f

README.md

@@ -110,7 +110,7 @@ jobs:
       NEXT_VERSION: ${{ steps.get-version.outputs.NEXT_VERSION }}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0                        # Includes all history for all branches and tags